Initial updates to support vendor defined keys
diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index d5e713e..38deb03 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -3584,8 +3584,37 @@
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
-psa_status_t psa_generate_random(uint8_t *output,
-                                 size_t output_size);
+psa_status_t psa_generate_random(uint8_t * output, size_t output_size);
+
+/**
+ * \brief Generate symmetric key of vendor defined format.
+ *
+ * \warning This function **can** fail! Callers MUST check the return status
+ *          and MUST NOT use the content of the output buffer if the return
+ *          status is not #PSA_SUCCESS.
+ *
+ * \note    This function has to be defined by the vendor.
+ *          A weakly liniked version is provided by default and returns
+ *          PSA_ERROR_NOT_SUPPORTED. Do not use this function directlyu;
+ *          to generate a key, use psa_generate_key() instead.
+ *
+ * \param[in] type          Type of symmetric key to be generated.
+ * \param[out] output       Output buffer for the generated data.
+ * \param[out] output_size  Number of bytes to generate and output.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ *         The library has not been previously initialized by psa_crypto_init().
+ *         It is implementation-dependent whether a failure to initialize
+ *         results in this error code.
+ */
+psa_status_t psa_generate_vendor_symmetric(psa_key_type_t type, uint8_t * output, size_t output_size);
 
 /**
  * \brief Generate a key or key pair.
diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index b53e1c7..f2c34f3 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -364,21 +364,29 @@
  * HMAC keys should generally have the same size as the underlying hash.
  * This size can be calculated with #PSA_HASH_SIZE(\c alg) where
  * \c alg is the HMAC algorithm or the underlying hash algorithm. */
-#define PSA_KEY_TYPE_HMAC                       ((psa_key_type_t)0x51000000)
+#define PSA_KEY_TYPE_HMAC ((psa_key_type_t)0x51000000)
 
 /** A secret for key derivation.
  *
  * The key policy determines which key derivation algorithm the key
  * can be used for.
  */
-#define PSA_KEY_TYPE_DERIVE                     ((psa_key_type_t)0x52000000)
+#define PSA_KEY_TYPE_DERIVE ((psa_key_type_t)0x52000000)
 
 /** Key for a cipher, AEAD or MAC algorithm based on the AES block cipher.
  *
  * The size of the key can be 16 bytes (AES-128), 24 bytes (AES-192) or
  * 32 bytes (AES-256).
  */
-#define PSA_KEY_TYPE_AES                        ((psa_key_type_t)0x40000001)
+#define PSA_KEY_TYPE_AES ((psa_key_type_t)0x40000001)
+
+/** Vendor defined Key format for a cipher, AEAD or MAC algorithm based
+ *  on the AES block cipher.
+ *
+ * The size of the key can be 16 bytes (AES-128), 24 bytes (AES-192) or
+ * 32 bytes (AES-256).
+ */
+#define PSA_KEY_TYPE_VENDOR_AES ((psa_key_type_t)0xC0000001)
 
 /** Key for a cipher or MAC algorithm based on DES or 3DES (Triple-DES).
  *
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index a80f13d..42b3e0a 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -5402,6 +5402,30 @@
 }
 #endif /* MBEDTLS_RSA_C && MBEDTLS_GENPRIME */
 
+// The weakly linked function "prepare_vendor_raw_data_slot_weak" which just returns "PSA_ERROR_NOT_SUPPORTED" will be linked if 
+// the vendor does not provide a definition for "prepare_vendor_raw_data_slot"
+psa_status_t prepare_vendor_raw_data_slot( psa_key_type_t type, size_t bits, struct raw_data *raw) __attribute__ ((weak, alias("prepare_vendor_raw_data_slot_weak")));
+psa_status_t prepare_vendor_raw_data_slot_weak( psa_key_type_t type, size_t bits, struct raw_data *raw);
+psa_status_t prepare_vendor_raw_data_slot_weak( psa_key_type_t type, size_t bits, struct raw_data *raw)
+{
+    (void)type;
+    (void)bits;
+    (void)raw;
+    return PSA_ERROR_NOT_SUPPORTED;
+}
+
+// The weakly linked function "psa_generate_vendor_symmetric_weak" which just returns "PSA_ERROR_NOT_SUPPORTED" will be linked if 
+// the vendor does not provide a definition for "psa_generate_vendor_symmetric"
+psa_status_t psa_generate_vendor_symmetric( psa_key_type_t type, uint8_t * output, size_t output_size) __attribute__ ((weak, alias("psa_generate_vendor_symmetric_weak")));
+psa_status_t psa_generate_vendor_symmetric_weak( psa_key_type_t type, uint8_t * output, size_t output_size);
+psa_status_t psa_generate_vendor_symmetric_weak( psa_key_type_t type, uint8_t * output, size_t output_size)
+{
+    (void)type;
+    (void)output;
+    (void)output_size;
+    return PSA_ERROR_NOT_SUPPORTED;
+}
+
 static psa_status_t psa_generate_key_internal(
     psa_key_slot_t *slot, size_t bits,
     const uint8_t *domain_parameters, size_t domain_parameters_size )
@@ -5414,18 +5438,31 @@
     if( key_type_is_raw_bytes( type ) )
     {
         psa_status_t status;
-        status = prepare_raw_data_slot( type, bits, &slot->data.raw );
-        if( status != PSA_SUCCESS )
-            return( status );
-        status = psa_generate_random( slot->data.raw.data,
-                                      slot->data.raw.bytes );
-        if( status != PSA_SUCCESS )
-            return( status );
-#if defined(MBEDTLS_DES_C)
-        if( type == PSA_KEY_TYPE_DES )
-            psa_des_set_key_parity( slot->data.raw.data,
-                                    slot->data.raw.bytes );
-#endif /* MBEDTLS_DES_C */
+        if (PSA_KEY_TYPE_IS_VENDOR_DEFINED(type))
+        {
+            status = prepare_vendor_raw_data_slot( type, bits, &slot->data.raw );
+            if( status != PSA_SUCCESS )
+                return( status );
+            status = psa_generate_vendor_symmetric( type, slot->data.raw.data,
+                                        slot->data.raw.bytes );
+            if( status != PSA_SUCCESS )
+                return( status );
+        }
+        else
+        {
+            status = prepare_raw_data_slot( type, bits, &slot->data.raw );
+            if( status != PSA_SUCCESS )
+                return( status );
+            status = psa_generate_random( slot->data.raw.data,
+                                        slot->data.raw.bytes );
+            if( status != PSA_SUCCESS )
+                return( status );
+            #if defined(MBEDTLS_DES_C)
+            if( type == PSA_KEY_TYPE_DES )
+                psa_des_set_key_parity( slot->data.raw.data,
+                                        slot->data.raw.bytes );
+            #endif /* MBEDTLS_DES_C */
+        }
     }
     else
 
diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h
index edf3ab6..507cb01 100644
--- a/library/psa_crypto_core.h
+++ b/library/psa_crypto_core.h
@@ -129,12 +129,42 @@
  * \param[in,out] slot  The key slot to modify.
  * \param mask          The mask of bits to clear.
  */
-static inline void psa_key_slot_clear_bits( psa_key_slot_t *slot,
-                                            uint16_t mask )
+static inline void psa_key_slot_clear_bits(psa_key_slot_t *slot,
+                                           uint16_t mask)
 {
     slot->attr.flags &= ~mask;
 }
 
+/**
+ * \brief Prepare a slot for vendor defined key type.
+ *
+ * \warning This function **can** fail! Callers MUST check the return status
+ *          and MUST NOT use the content of the output buffer if the return
+ *          status is not #PSA_SUCCESS.
+ *
+ * \note    This function has to be defined by the vendor.
+ *          A weakly linked version is provided by default and returns
+ *          PSA_ERROR_NOT_SUPPORTED. Do not use this function directly;
+ *          to generate a key, use psa_generate_key() instead.
+ *
+ * \param[in] type          Type of symmetric key to be generated.
+ * \param[out] output       Output buffer for the generated data.
+ * \param[out] output_size  Number of bytes to generate and output.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ *         The library has not been previously initialized by psa_crypto_init().
+ *         It is implementation-dependent whether a failure to initialize
+ *         results in this error code.
+ */
+psa_status_t prepare_vendor_raw_data_slot(psa_key_type_t type, size_t bits, struct raw_data *raw);
+
 /** Completely wipe a slot in memory, including its policy.
  *
  * Persistent storage is not affected.