Update PSA API specification to 1.0.0

Generated from the PSA Crypto API Dockerfile at tag psa-crypto-api-1.0.0
diff --git a/docs/html/.buildinfo b/docs/html/.buildinfo
index 379f371..e0308de 100644
--- a/docs/html/.buildinfo
+++ b/docs/html/.buildinfo
@@ -1,4 +1,4 @@
 # Sphinx build info version 1
 # This file hashes the configuration used when building these files. When it is not found, a full rebuild will be done.
-config: 3c0fcdd2bdf4eedd64fc44c41889daf2
+config: ed1725312cdaeb274fa374ba1db47888
 tags: 645f666f9bcd5a90fca523b33c5a78b7
diff --git a/docs/html/_sources/api/keys/algorithms.rst.txt b/docs/html/_sources/api/keys/algorithms.rst.txt
new file mode 100644
index 0000000..ea18185
--- /dev/null
+++ b/docs/html/_sources/api/keys/algorithms.rst.txt
@@ -0,0 +1,220 @@
+.. _algorithms:
+
+Algorithms
+==========
+
+Algorithm categories
+--------------------
+
+.. macro:: PSA_ALG_NONE
+    :definition: ((psa_algorithm_t)0)
+
+    .. summary::
+        An invalid algorithm identifier value.
+
+    Zero is not the encoding of any algorithm.
+
+.. macro:: PSA_ALG_IS_HASH
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Whether the specified algorithm is a hash algorithm.
+
+    .. param:: alg
+        An algorithm identifier (value of type `psa_algorithm_t`).
+
+    .. return::
+        ``1`` if ``alg`` is a hash algorithm, ``0`` otherwise. This macro can return either ``0`` or ``1`` if ``alg`` is not a supported algorithm identifier.
+
+    See :title:`hash-algorithms` for a list of defined hash algorithms.
+
+.. macro:: PSA_ALG_IS_MAC
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Whether the specified algorithm is a MAC algorithm.
+
+    .. param:: alg
+        An algorithm identifier (value of type `psa_algorithm_t`).
+
+    .. return::
+        ``1`` if ``alg`` is a MAC algorithm, ``0`` otherwise. This macro can return either ``0`` or ``1`` if ``alg`` is not a supported algorithm identifier.
+
+    See :title:`mac-algorithms` for a list of defined MAC algorithms.
+
+.. macro:: PSA_ALG_IS_CIPHER
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Whether the specified algorithm is a symmetric cipher algorithm.
+
+    .. param:: alg
+        An algorithm identifier (value of type `psa_algorithm_t`).
+
+    .. return::
+        ``1`` if ``alg`` is a symmetric cipher algorithm, ``0`` otherwise. This macro can return either ``0`` or ``1`` if ``alg`` is not a supported algorithm identifier.
+
+    See :title:`cipher-algorithms` for a list of defined cipher algorithms.
+
+.. macro:: PSA_ALG_IS_AEAD
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Whether the specified algorithm is an authenticated encryption with associated data (AEAD) algorithm.
+
+    .. param:: alg
+        An algorithm identifier (value of type `psa_algorithm_t`).
+
+    .. return::
+        ``1`` if ``alg`` is an AEAD algorithm, ``0`` otherwise. This macro can return either ``0`` or ``1`` if ``alg`` is not a supported algorithm identifier.
+
+    See :title:`aead-algorithms` for a list of defined AEAD algorithms.
+
+.. macro:: PSA_ALG_IS_SIGN
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Whether the specified algorithm is a public-key signature algorithm.
+
+    .. param:: alg
+        An algorithm identifier (value of type `psa_algorithm_t`).
+
+    .. return::
+        ``1`` if ``alg`` is a public-key signature algorithm, ``0`` otherwise. This macro can return either ``0`` or ``1`` if ``alg`` is not a supported algorithm identifier.
+
+    See :title:`sign-algorithms` for a list of defined signature algorithms.
+
+.. macro:: PSA_ALG_IS_ASYMMETRIC_ENCRYPTION
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Whether the specified algorithm is a public-key encryption algorithm.
+
+    .. param:: alg
+        An algorithm identifier (value of type `psa_algorithm_t`).
+
+    .. return::
+        ``1`` if ``alg`` is a public-key encryption algorithm, ``0`` otherwise. This macro can return either ``0`` or ``1`` if ``alg`` is not a supported algorithm identifier.
+
+    See :title:`asymmetric-encryption-algorithms` for a list of defined asymmetric encryption algorithms.
+
+.. macro:: PSA_ALG_IS_KEY_AGREEMENT
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Whether the specified algorithm is a key agreement algorithm.
+
+    .. param:: alg
+        An algorithm identifier (value of type `psa_algorithm_t`).
+
+    .. return::
+        ``1`` if ``alg`` is a key agreement algorithm, ``0`` otherwise. This macro can return either ``0`` or ``1`` if ``alg`` is not a supported algorithm identifier.
+
+    See :title:`key-agreement-algorithms` for a list of defined key agreement algorithms.
+
+.. macro:: PSA_ALG_IS_KEY_DERIVATION
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Whether the specified algorithm is a key derivation algorithm.
+
+    .. param:: alg
+        An algorithm identifier (value of type `psa_algorithm_t`).
+
+    .. return::
+        ``1`` if ``alg`` is a key derivation algorithm, ``0`` otherwise. This macro can return either ``0`` or ``1`` if ``alg`` is not a supported algorithm identifier.
+
+    See :title:`key-derivation-algorithms` for a list of defined key derivation algorithms.
+
+.. macro:: PSA_ALG_IS_WILDCARD
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Whether the specified algorithm encoding is a wildcard.
+
+    .. param:: alg
+        An algorithm identifier (value of type `psa_algorithm_t`).
+
+    .. return::
+        ``1`` if ``alg`` is a wildcard algorithm encoding.
+
+        ``0`` if ``alg`` is a non-wildcard algorithm encoding that is suitable for an operation.
+
+        This macro can return either ``0`` or ``1`` if ``alg`` is not a supported algorithm identifier.
+
+    Wildcard algorithm values can only be used to set the usage algorithm field in a policy, wildcard values cannot be used to perform an operation.
+
+    See `PSA_ALG_ANY_HASH` for example of how a wildcard algorithm can be used in a key policy.
+
+.. macro:: PSA_ALG_GET_HASH
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Get the hash used by a composite algorithm.
+
+    .. param:: alg
+        An algorithm identifier (value of type `psa_algorithm_t`).
+
+    .. return::
+        The underlying hash algorithm if ``alg`` is a composite algorithm that uses a hash algorithm.
+
+        `PSA_ALG_NONE` if ``alg`` is not a composite algorithm that uses a hash.
+
+    The following composite algorithms require a hash algorithm:
+
+    - `PSA_ALG_ECDSA()`
+    - `PSA_ALG_HKDF()`
+    - `PSA_ALG_HMAC()`
+    - `PSA_ALG_RSA_OAEP()`
+    - `PSA_ALG_IS_RSA_PKCS1V15_SIGN()`
+    - `PSA_ALG_RSA_PSS()`
+    - `PSA_ALG_TLS12_PRF()`
+    - `PSA_ALG_TLS12_PSK_TO_MS()`
+
+Attribute accessors
+-------------------
+
+.. function:: psa_set_key_algorithm
+
+    .. summary::
+        Declare the permitted algorithm policy for a key.
+
+    .. param:: psa_key_attributes_t * attributes
+        The attribute object to write to.
+    .. param:: psa_algorithm_t alg
+        The permitted algorithm policy to write.
+
+    .. return:: void
+
+    The permitted algorithm policy of a key encodes which algorithm or algorithms are permitted to be used with this key. The following algorithm policies are supported:
+
+    * `PSA_ALG_NONE` does not allow any cryptographic operation with the key. The key can still be used for non-cryptographic actions such as exporting, if permitted by the usage flags.
+    * An algorithm value permits this particular algorithm.
+    * An algorithm wildcard built from `PSA_ALG_ANY_HASH` allows the specified signature scheme with any hash algorithm.
+
+    This function overwrites any algorithm policy previously set in ``attributes``.
+
+    .. admonition:: Implementation note
+
+        This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:
+
+        - This function can be declared as ``static`` or ``inline``, instead of using the default external linkage.
+        - This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.
+
+.. function:: psa_get_key_algorithm
+
+    .. summary::
+        Retrieve the algorithm policy from key attributes.
+
+    .. param:: const psa_key_attributes_t * attributes
+        The key attribute object to query.
+
+    .. return:: psa_algorithm_t
+        The algorithm stored in the attribute object.
+
+    .. admonition:: Implementation note
+
+        This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:
+
+        - This function can be declared as ``static`` or ``inline``, instead of using the default external linkage.
+        - This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.
diff --git a/docs/html/_sources/api/keys/attributes.rst.txt b/docs/html/_sources/api/keys/attributes.rst.txt
new file mode 100644
index 0000000..1f849cf
--- /dev/null
+++ b/docs/html/_sources/api/keys/attributes.rst.txt
@@ -0,0 +1,237 @@
+.. _key-attributes:
+
+Key attributes
+==============
+
+Attribute types
+---------------
+
+.. typedef:: uint32_t psa_key_lifetime_t
+
+    .. summary::
+        Encoding of key lifetimes.
+
+    The lifetime of a key indicates where it is stored and which application and system actions will create and destroy it.
+
+    Keys with the lifetime `PSA_KEY_LIFETIME_VOLATILE` are automatically destroyed when the application terminates or on a power reset.
+
+    Keys with a lifetime other than `PSA_KEY_LIFETIME_VOLATILE` are said to be *persistent*. Persistent keys are preserved if the application or the system restarts. Persistent keys have a key identifier of type `psa_key_id_t`.
+
+    See :title:`key-locations` for a list of defined key lifetimes.
+
+.. typedef:: uint32_t psa_key_id_t
+
+    .. summary::
+        Key identifier.
+
+    A key identifiers can be a permanent name for a persistent key, or a transient reference to volatile key. The range of identifier values is divided as follows:
+
+    :code:`PSA_KEY_ID_NULL`
+        Reserved as an invalid key identifier.
+    :code:`PSA_KEY_ID_USER_MIN - PSA_KEY_ID_USER_MAX`
+        Applications can freely choose persistent key identifiers in this range.
+    :code:`PSA_KEY_ID_VENDOR_MIN - PSA_KEY_ID_VENDOR_MAX`
+        Implementations can define additional persistent key identifiers in this
+        range, and allocate key identifiers for volatile keys from this range.
+
+    Key identifiers outside these ranges are reserved for future use.
+
+    See also :title:`key-ids`.
+
+.. typedef:: uint16_t psa_key_type_t
+
+    .. summary::
+        Encoding of a key type.
+
+    This is a structured bitfield that identifies the category and type of key. The range of key type values is divided as follows:
+
+    :code:`PSA_KEY_TYPE_NONE == 0`
+        Reserved as an invalid key type.
+    :code:`0x0001 - 0x7fff`
+        Specification-defined key types.
+        Key types defined by this standard always have bit 15 clear.
+        Unallocated key type values in this range are reserved for future use.
+    :code:`0x8000 - 0xffff`
+        Implementation-defined key types.
+        Implementations that define additional key types must use an encoding with bit 15 set.
+        The related support macros will be easier to write if these key encodings also respect the bitwise structure used by standard encodings.
+
+    See :title:`key-types` for a complete list of key types.
+
+.. typedef:: uint32_t psa_key_usage_t
+
+    .. summary::
+        Encoding of permitted usage on a key.
+
+    See :title:`key-usage` for a full list of key usage policies.
+
+.. typedef:: uint32_t psa_algorithm_t
+
+    .. summary::
+        Encoding of a cryptographic algorithm.
+
+    This is a structured bitfield that identifies the category and type of algorithm. The range of algorithm identifier values is divided as follows:
+
+    :code:`0x00000000`
+        Reserved as an invalid algorithm identifier.
+    :code:`0x00000001 - 0x7fffffff`
+        Specification-defined algorithm identifiers.
+        Algorithm identifiers defined by this standard always have bit 31 clear.
+        Unallocated algorithm identifier values in this range are reserved for future use.
+    :code:`0x80000000 - 0xffffffff`
+        Implementation-defined algorithm identifiers.
+        Implementations that define additional algorithms must use an encoding with bit 31 set.
+        The related support macros will be easier to write if these algorithm identifier encodings also respect the bitwise structure used by standard encodings.
+
+    For algorithms that can be applied to multiple key types, this identifier does not encode the key type. For example, for symmetric ciphers based on a block cipher, `psa_algorithm_t` encodes the block cipher mode and the padding mode while the block cipher itself is encoded via `psa_key_type_t`.
+
+    See :title:`algorithms` for a full list of algorithm identifiers.
+
+Managing attributes
+-------------------
+
+.. typedef:: /* implementation-defined type */ psa_key_attributes_t
+
+    .. summary::
+        The type of an object containing key attributes.
+
+    This is the object that represents the metadata of a key object. Metadata that can be stored in attributes includes:
+
+    * The location of the key in storage, indicated by its key identifier and its lifetime.
+    * The key's policy, comprising usage flags and a specification of the permitted algorithm(s).
+    * Information about the key itself: the key type and its size.
+    * Implementations can define additional attributes.
+
+    The actual key material is not considered an attribute of a key. Key attributes do not contain information that is generally considered highly confidential.
+
+    .. note::
+        Implementations are recommended to define the attribute object as a simple data structure, with fields corresponding to the individual key attributes. In such an implementation, each function ``psa_set_key_xxx()`` sets a field and the corresponding function ``psa_get_key_xxx()`` retrieves the value of the field.
+
+        An implementations can report attribute values that are equivalent to the original one, but have a different encoding. For example, an implementation can use a more compact representation for types where many bit-patterns are invalid or not supported, and store all values that it does not support as a special marker value. In such an implementation, after setting an invalid value, the corresponding get function returns an invalid value which might not be the one that was originally stored.
+
+    This is an implementation-defined type. Applications that make assumptions about the content of this object will result in in implementation-specific behavior, and are non-portable.
+
+    An attribute object can contain references to auxiliary resources, for example pointers to allocated memory or indirect references to pre-calculated values. In order to free such resources, the application must call `psa_reset_key_attributes()`. As an exception, calling `psa_reset_key_attributes()` on an attribute object is optional if the object has only been modified by the following functions since it was initialized or last reset with `psa_reset_key_attributes()`:
+
+    * `psa_set_key_id()`
+    * `psa_set_key_lifetime()`
+    * `psa_set_key_type()`
+    * `psa_set_key_bits()`
+    * `psa_set_key_usage_flags()`
+    * `psa_set_key_algorithm()`
+
+    Before calling any function on a key attribute object, the application must initialize it by any of the following means:
+
+    * Set the object to all-bits-zero, for example:
+
+      .. autocode::
+          psa_key_attributes_t attributes;
+          memset(&attributes, 0, sizeof(attributes));
+
+    * Initialize the object to logical zero values by declaring the object as static or global without an explicit initializer, for example:
+
+      .. autocode::
+          static psa_key_attributes_t attributes;
+
+    * Initialize the object to the initializer `PSA_KEY_ATTRIBUTES_INIT`, for example:
+
+      .. autocode::
+          psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+    * Assign the result of the function `psa_key_attributes_init()` to the object, for example:
+
+      .. autocode::
+          psa_key_attributes_t attributes;
+          attributes = psa_key_attributes_init();
+
+    A freshly initialized attribute object contains the following values:
+
+    .. tabularcolumns:: LL
+
+    ==============  =======
+    Attribute       Value
+    ==============  =======
+    lifetime        `PSA_KEY_LIFETIME_VOLATILE`.
+    key identifier  `PSA_KEY_ID_NULL` - which is not a valid key identifier.
+    type            `PSA_KEY_TYPE_NONE` - meaning that the type is unspecified.
+    key size        ``0`` - meaning that the size is unspecified.
+    usage flags     ``0`` - which allows no usage except exporting a public key.
+    algorithm       `PSA_ALG_NONE` - which does not allow cryptographic usage, but allows exporting.
+    ==============  =======
+
+    .. rubric:: Usage
+
+    A typical sequence to create a key is as follows:
+
+    #. Create and initialize an attribute object.
+    #. If the key is persistent, call `psa_set_key_id()`. Also call `psa_set_key_lifetime()` to place the key in a non-default location.
+    #. Set the key policy with `psa_set_key_usage_flags()` and `psa_set_key_algorithm()`.
+    #. Set the key type with `psa_set_key_type()`. Skip this step if copying an existing key with `psa_copy_key()`.
+    #. When generating a random key with `psa_generate_key()` or deriving a key with `psa_key_derivation_output_key()`, set the desired key size with `psa_set_key_bits()`.
+    #. Call a key creation function: `psa_import_key()`, `psa_generate_key()`, `psa_key_derivation_output_key()` or `psa_copy_key()`. This function reads the attribute object, creates a key with these attributes, and outputs an identifier for the newly created key.
+    #. Optionally call `psa_reset_key_attributes()`, now that the attribute object is no longer needed. Currently this call is not required as the attributes defined in this specification do not require additional resources beyond the object itself.
+
+    A typical sequence to query a key's attributes is as follows:
+
+    #. Call `psa_get_key_attributes()`.
+    #. Call ``psa_get_key_xxx()`` functions to retrieve the required attribute(s).
+    #. Call `psa_reset_key_attributes()` to free any resources that can be used by the attribute object.
+
+    Once a key has been created, it is impossible to change its attributes.
+
+.. macro:: PSA_KEY_ATTRIBUTES_INIT
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        This macro returns a suitable initializer for a key attribute object of type `psa_key_attributes_t`.
+
+.. function:: psa_key_attributes_init
+
+    .. summary::
+        Return an initial value for a key attribute object.
+
+    .. return:: psa_key_attributes_t
+
+.. function:: psa_get_key_attributes
+
+    .. summary::
+        Retrieve the attributes of a key.
+
+    .. param:: psa_key_id_t key
+        Identifier of the key to query.
+    .. param:: psa_key_attributes_t * attributes
+        On entry, ``*attributes`` must be in a valid state. On successful return, it contains the attributes of the key. On failure, it is equivalent to a freshly-initialized attribute object.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+    .. retval:: PSA_ERROR_INVALID_HANDLE
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_STORAGE_FAILURE
+    .. retval:: PSA_ERROR_DATA_CORRUPT
+    .. retval:: PSA_ERROR_DATA_INVALID
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    This function first resets the attribute object as with `psa_reset_key_attributes()`. It then copies the attributes of the given key into the given attribute object.
+
+    .. note::
+        This function clears any previous content from the attribute object and therefore expects it to be in a valid state. In particular, if this function is called on a newly allocated attribute object, the attribute object  must be initialized before calling this function.
+
+    .. note::
+        This function might allocate memory or other resources. Once this function has been called on an attribute object, `psa_reset_key_attributes()` must be called to free these resources.
+
+.. function:: psa_reset_key_attributes
+
+    .. summary::
+        Reset a key attribute object to a freshly initialized state.
+
+    .. param:: psa_key_attributes_t * attributes
+        The attribute object to reset.
+
+    .. return:: void
+
+    The attribute object must be initialized as described in the documentation of the type `psa_key_attributes_t` before calling this function. Once the object has been initialized, this function can be called at any time.
+
+    This function frees any auxiliary resources that the object might contain.
diff --git a/docs/html/_sources/api/keys/index.rst.txt b/docs/html/_sources/api/keys/index.rst.txt
new file mode 100644
index 0000000..934dac9
--- /dev/null
+++ b/docs/html/_sources/api/keys/index.rst.txt
@@ -0,0 +1,14 @@
+..  _key-management:
+
+~~~~~~~~~~~~~~~~~~~~~~~~
+Key management reference
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. toctree::
+
+    attributes
+    locations
+    types
+    usage
+    algorithms
+    management
diff --git a/docs/html/_sources/api/keys/locations.rst.txt b/docs/html/_sources/api/keys/locations.rst.txt
new file mode 100644
index 0000000..9f71fef
--- /dev/null
+++ b/docs/html/_sources/api/keys/locations.rst.txt
@@ -0,0 +1,149 @@
+.. _key-locations:
+
+Key locations
+=============
+
+Key lifetimes
+-------------
+
+.. macro:: PSA_KEY_LIFETIME_VOLATILE
+    :definition: ((psa_key_lifetime_t)0x00000000)
+
+    .. summary::
+        A lifetime value that indicates a volatile key.
+
+    A volatile key only exists as long as the identifier to it is not destroyed.
+
+    The key material is guaranteed to be erased on a power reset.
+
+.. macro:: PSA_KEY_LIFETIME_PERSISTENT
+    :definition: ((psa_key_lifetime_t)0x00000001)
+
+    .. summary::
+        The default storage area for persistent keys.
+
+    A persistent key remains in storage until it is explicitly destroyed or until the corresponding storage area is wiped. This specification does not define any mechanism to wipe a storage area. Implementations are permitted to provide their own mechanism, for example, to perform a factory reset, to prepare for device refurbishment, or to uninstall an application.
+
+    This lifetime value is the default storage area for the calling application. Implementations can offer other storage areas designated by other lifetime values as implementation-specific extensions.
+
+.. _key_identifiers:
+
+Key identifiers
+---------------
+
+.. macro:: PSA_KEY_ID_NULL
+    :definition: ((psa_key_id_t)0)
+
+    .. summary::
+        The null key identifier.
+
+    The null key identifier is always invalid, except when used without in a call to `psa_destroy_key()` which will return `PSA_SUCCESS`.
+
+.. macro:: PSA_KEY_ID_USER_MIN
+    :definition: ((psa_key_id_t)0x00000001)
+
+    .. summary::
+        The minimum value for a key identifier chosen by the application.
+
+.. macro:: PSA_KEY_ID_USER_MAX
+    :definition: ((psa_key_id_t)0x3fffffff)
+
+    .. summary::
+        The maximum value for a key identifier chosen by the application.
+
+.. macro:: PSA_KEY_ID_VENDOR_MIN
+    :definition: ((psa_key_id_t)0x40000000)
+
+    .. summary::
+        The minimum value for a key identifier chosen by the implementation.
+
+.. macro:: PSA_KEY_ID_VENDOR_MAX
+    :definition: ((psa_key_id_t)0x7fffffff)
+
+    .. summary::
+        The maximum value for a key identifier chosen by the implementation.
+
+Attribute accessors
+-------------------
+
+.. function:: psa_set_key_lifetime
+
+    .. summary::
+        Set the location of a persistent key.
+
+    .. param:: psa_key_attributes_t * attributes
+        The attribute object to write to.
+    .. param:: psa_key_lifetime_t lifetime
+        The lifetime for the key. If this is `PSA_KEY_LIFETIME_VOLATILE`, the key will be volatile, and the key identifier attribute is reset to `PSA_KEY_ID_NULL`.
+
+    .. return:: void
+
+    To make a key persistent, give it a persistent key identifier by using `psa_set_key_id()`. By default, a key that has a persistent identifier is stored in the default storage area identifier by `PSA_KEY_LIFETIME_PERSISTENT`. Call this function to choose a storage area, or to explicitly declare the key as volatile.
+
+    This function does not access storage, it merely stores the given value in the attribute object. The persistent key will be written to storage when the attribute object is passed to a key creation function such as `psa_import_key()`, `psa_generate_key()`, `psa_key_derivation_output_key()` or `psa_copy_key()`.
+
+    .. admonition:: Implementation note
+
+        This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:
+
+        - This function can be declared as ``static`` or ``inline``, instead of using the default external linkage.
+        - This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.
+
+.. function:: psa_get_key_lifetime
+
+    .. summary::
+        Retrieve the lifetime from key attributes.
+
+    .. param:: const psa_key_attributes_t * attributes
+        The key attribute object to query.
+
+    .. return:: psa_key_lifetime_t
+        The lifetime value stored in the attribute object.
+
+    .. admonition:: Implementation note
+
+        This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:
+
+        - This function can be declared as ``static`` or ``inline``, instead of using the default external linkage.
+        - This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.
+
+.. function:: psa_set_key_id
+
+    .. summary::
+        Declare a key as persistent and set its key identifier.
+
+    .. param:: psa_key_attributes_t * attributes
+        The attribute object to write to.
+    .. param:: psa_key_id_t id
+        The persistent identifier for the key.
+
+    .. return:: void
+
+    If the attribute object currently declares the key as volatile, which is the default lifetime of an attribute object, this function sets the lifetime attribute to `PSA_KEY_LIFETIME_PERSISTENT`.
+
+    This function does not access storage, it merely stores the given value in the attribute object. The persistent key will be written to storage when the attribute object is passed to a key creation function such as `psa_import_key()`, `psa_generate_key()`, `psa_key_derivation_output_key()` or `psa_copy_key()`.
+
+    .. admonition:: Implementation note
+
+        This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:
+
+        - This function can be declared as ``static`` or ``inline``, instead of using the default external linkage.
+        - This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.
+
+.. function:: psa_get_key_id
+
+    .. summary::
+        Retrieve the key identifier from key attributes.
+
+    .. param:: const psa_key_attributes_t * attributes
+        The key attribute object to query.
+
+    .. return:: psa_key_id_t
+        The persistent identifier stored in the attribute object. This value is unspecified if the attribute object declares the key as volatile.
+
+    .. admonition:: Implementation note
+
+        This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:
+
+        - This function can be declared as ``static`` or ``inline``, instead of using the default external linkage.
+        - This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.
diff --git a/docs/html/_sources/api/keys/management.rst.txt b/docs/html/_sources/api/keys/management.rst.txt
new file mode 100644
index 0000000..e03e570
--- /dev/null
+++ b/docs/html/_sources/api/keys/management.rst.txt
@@ -0,0 +1,496 @@
+Key management functions
+========================
+
+.. _key-creation:
+
+Key creation
+------------
+
+.. function:: psa_import_key
+
+    .. summary::
+        Import a key in binary format.
+
+    .. param:: const psa_key_attributes_t * attributes
+        The attributes for the new key. The key size is always determined from the ``data`` buffer. If the key size in ``attributes`` is nonzero, it must be equal to the size from ``data``.
+    .. param:: const uint8_t * data
+        Buffer containing the key data.
+        The content of this buffer is interpreted according to the type declared in ``attributes``.
+        All implementations must support at least the format described in the documentation of `psa_export_key()` or `psa_export_public_key()` for the chosen type.
+        Implementations can support other formats, but be conservative in interpreting the key data: it is recommended that implementations reject content if it might be erroneous, for example, if it is the wrong type or is truncated.
+    .. param:: size_t data_length
+        Size of the ``data`` buffer in bytes.
+    .. param:: psa_key_id_t * key
+        On success, an identifier for the newly created key. `PSA_KEY_ID_NULL` on failure.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+        Success. If the key is persistent, the key material and the key's metadata have been saved to persistent storage.
+    .. retval:: PSA_ERROR_ALREADY_EXISTS
+        This is an attempt to create a persistent key, and there is already a persistent key with the given identifier.
+    .. retval:: PSA_ERROR_NOT_SUPPORTED
+        The key type or key size is not supported, either by the implementation in general or in this particular persistent location.
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+        The key attributes, as a whole, are invalid.
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+        The key data is not correctly formatted.
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+        The size in ``attributes`` is nonzero and does not match the size of the key data.
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_INSUFFICIENT_STORAGE
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_STORAGE_FAILURE
+    .. retval:: PSA_ERROR_DATA_CORRUPT
+    .. retval:: PSA_ERROR_DATA_INVALID
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    This function supports any output from `psa_export_key()`. Refer to the documentation of `psa_export_public_key()` for the format of public keys and to the documentation of `psa_export_key()` for the format for other key types.
+
+    The key data determines the key size. The attributes can optionally specify a key size; in this case it must match the size determined from the key data. A key size of ``0`` in ``attributes`` indicates that the key size is solely determined by the key data.
+
+    Implementations must reject an attempt to import a key of size ``0``.
+
+    This specification defines a single format for each key type. Implementations can optionally support other formats in addition to the standard format. It is recommended that implementations that support other formats ensure that the formats are clearly unambiguous, to minimize the risk that an invalid input is accidentally interpreted according to a different format.
+
+.. function:: psa_generate_key
+
+    .. summary::
+        Generate a key or key pair.
+
+    .. param:: const psa_key_attributes_t * attributes
+        The attributes for the new key.
+    .. param:: psa_key_id_t * key
+        On success, an identifier for the newly created key. `PSA_KEY_ID_NULL` on failure.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+        Success. If the key is persistent, the key material and the key's metadata have been saved to persistent storage.
+    .. retval:: PSA_ERROR_ALREADY_EXISTS
+        This is an attempt to create a persistent key, and there is already a persistent key with the given identifier.
+    .. retval:: PSA_ERROR_NOT_SUPPORTED
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_INSUFFICIENT_ENTROPY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_INSUFFICIENT_STORAGE
+    .. retval:: PSA_ERROR_STORAGE_FAILURE
+    .. retval:: PSA_ERROR_DATA_CORRUPT
+    .. retval:: PSA_ERROR_DATA_INVALID
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    The key is generated randomly. Its location, usage policy, type and size are taken from ``attributes``.
+
+    Implementations must reject an attempt to generate a key of size ``0``.
+
+    The following type-specific considerations apply:
+
+    * For RSA keys (`PSA_KEY_TYPE_RSA_KEY_PAIR`), the public exponent is 65537. The modulus is a product of two probabilistic primes between 2^{n-1} and 2^n where n is the bit size specified in the attributes.
+
+.. function:: psa_copy_key
+
+    .. summary::
+        Make a copy of a key.
+
+    .. param:: psa_key_id_t source_key
+        The key to copy.
+        It must allow the usage `PSA_KEY_USAGE_COPY`.
+        If a private or secret key is being copied outside of a secure element it must also allow `PSA_KEY_USAGE_EXPORT`.
+    .. param:: const psa_key_attributes_t * attributes
+        The attributes for the new key. They are used as follows:
+
+        * The key type and size can be ``0``. If either is nonzero, it must match the corresponding attribute of the source key.
+        * The key location (the lifetime and, for persistent keys, the key identifier) is used directly.
+        * The policy constraints (usage flags and algorithm policy) are combined from the source key and ``attributes`` so that both sets of restrictions apply, as described in the documentation of this function.
+
+    .. param:: psa_key_id_t * target_key
+        On success, an identifier for the newly created key. `PSA_KEY_ID_NULL` on failure.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+    .. retval:: PSA_ERROR_INVALID_HANDLE
+        ``source_key`` is invalid.
+    .. retval:: PSA_ERROR_ALREADY_EXISTS
+        This is an attempt to create a persistent key, and there is already a persistent key with the given identifier.
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+        The lifetime or identifier in ``attributes`` are invalid.
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+        The policy constraints on ``source_key`` and specified in ``attributes`` are incompatible.
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+        ``attributes`` specifies a key type or key size which does not match the attributes of ``source key``.
+    .. retval:: PSA_ERROR_NOT_PERMITTED
+        ``source_key`` does not have the `PSA_KEY_USAGE_COPY` usage flag.
+    .. retval:: PSA_ERROR_NOT_PERMITTED
+        ``source_key`` does not have the `PSA_KEY_USAGE_EXPORT` usage flag and its lifetime does not allow copying it to the target's lifetime.
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_INSUFFICIENT_STORAGE
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_STORAGE_FAILURE
+    .. retval:: PSA_ERROR_DATA_CORRUPT
+    .. retval:: PSA_ERROR_DATA_INVALID
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    Copy key material from one location to another.
+
+    This function is primarily useful to copy a key from one location to another, as it populates a key using the material from another key which can have a different lifetime.
+
+    This function can be used to share a key with a different party, subject to implementation-defined restrictions on key sharing.
+
+    The policy on the source key must have the usage flag `PSA_KEY_USAGE_COPY` set. This flag is sufficient to permit the copy if the key has the lifetime `PSA_KEY_LIFETIME_VOLATILE` or `PSA_KEY_LIFETIME_PERSISTENT`. Some secure elements do not provide a way to copy a key without making it extractable from the secure element. If a key is located in such a secure element, then the key must have both usage flags `PSA_KEY_USAGE_COPY` and `PSA_KEY_USAGE_EXPORT` in order to make a copy of the key outside the secure element.
+
+    The resulting key can only be used in a way that conforms to both the policy of the original key and the policy specified in the ``attributes`` parameter:
+
+    * The usage flags on the resulting key are the bitwise-and of the usage flags on the source policy and the usage flags in ``attributes``.
+    * If both allow the same algorithm or wildcard-based algorithm policy, the resulting key has the same algorithm policy.
+    * If either of the policies allows an algorithm and the other policy allows a wildcard-based algorithm policy that includes this algorithm, the resulting key allows the same algorithm.
+    * If the policies do not allow any algorithm in common, this function fails with the status `PSA_ERROR_INVALID_ARGUMENT`.
+
+    The effect of this function on implementation-defined attributes is implementation-defined.
+
+
+.. _key-destruction:
+
+Key destruction
+---------------
+
+.. function:: psa_destroy_key
+
+    .. summary::
+        Destroy a key.
+
+    .. param:: psa_key_id_t key
+        Identifier of the key to erase.
+        If this is `PSA_KEY_ID_NULL`, do nothing and return `PSA_SUCCESS`.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+        ``key`` was a valid key identifier and the key material that it referred to has been erased.
+        Alternatively, ``key`` is `PSA_KEY_ID_NULL`.
+    .. retval:: PSA_ERROR_NOT_PERMITTED
+        The key cannot be erased because it is read-only, either due to a policy or due to physical restrictions.
+    .. retval:: PSA_ERROR_INVALID_HANDLE
+        ``key`` is not a valid handle nor `PSA_KEY_ID_NULL`.
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+        There was an failure in communication with the cryptoprocessor. The key material might still be present in the cryptoprocessor.
+    .. retval:: PSA_ERROR_STORAGE_FAILURE
+        The storage operation failed. Implementations must make a best effort to erase key material even in this situation, however, it might be impossible to guarantee that the key material is not recoverable in such cases.
+    .. retval:: PSA_ERROR_DATA_CORRUPT
+        The storage is corrupted. Implementations must make a best effort to erase key material even in this situation, however, it might be impossible to guarantee that the key material is not recoverable in such cases.
+    .. retval:: PSA_ERROR_DATA_INVALID
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+        An unexpected condition which is not a storage corruption or a communication failure occurred. The cryptoprocessor might have been compromised.
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    This function destroys a key from both volatile memory and, if applicable, non-volatile storage. Implementations must make a best effort to ensure that that the key material cannot be recovered.
+
+    This function also erases any metadata such as policies and frees resources associated with the key.
+
+    Destroying the key makes the key identifier invalid, and the key identifier must not be used again by the application.
+
+    If a key is currently in use in a multi-part operation, then destroying the key will cause the multi-part operation to fail.
+
+.. function:: psa_purge_key
+
+    .. summary::
+        Remove non-essential copies of key material from memory.
+
+    .. param:: psa_key_id_t key
+        Identifier of the key to purge.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+        The key material will have been removed from memory if it is not currently required.
+    .. retval:: PSA_ERROR_INVALID_HANDLE
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_STORAGE_FAILURE
+    .. retval:: PSA_ERROR_DATA_CORRUPT
+    .. retval:: PSA_ERROR_DATA_INVALID
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    An implementation is permitted to make additional copies of key material
+    For keys that have been created with the `PSA_KEY_USAGE_CACHE` policy, an implementation is permitted to make additional copies of the key material that are not in storage and not for the purpose of ongoing operations.
+
+    This function will remove these extra copies of the key material from memory.
+
+    This function is not required to remove key material from memory in any of the following situations:
+
+    - The key is currently in use in a cryptographic operation.
+    - The key is volatile.
+
+    See also :title:`key-material`.
+
+
+.. _key-export:
+
+Key export
+----------
+
+.. function:: psa_export_key
+
+    .. summary::
+        Export a key in binary format.
+
+    .. param:: psa_key_id_t key
+        Identifier of the key to export.
+        It must allow the usage `PSA_KEY_USAGE_EXPORT`, unless it is a public key.
+    .. param:: uint8_t * data
+        Buffer where the key data is to be written.
+    .. param:: size_t data_size
+        Size of the ``data`` buffer in bytes.
+        This must be appropriate for the key:
+
+        * The required output size is :code:`PSA_EXPORT_KEY_OUTPUT_SIZE(type, bits)` where ``type`` is the key type and ``bits`` is the key size in bits.
+        * For asymmetric keys, `PSA_EXPORT_KEY_PAIR_MAX_SIZE` evaluates to the maximum output size of any supported public key or key pair.
+
+    .. param:: size_t * data_length
+        On success, the number of bytes that make up the key data.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+    .. retval:: PSA_ERROR_INVALID_HANDLE
+    .. retval:: PSA_ERROR_NOT_PERMITTED
+        The key does not have the `PSA_KEY_USAGE_EXPORT` flag.
+    .. retval:: PSA_ERROR_NOT_SUPPORTED
+    .. retval:: PSA_ERROR_BUFFER_TOO_SMALL
+        The size of the ``data`` buffer is too small.
+        `PSA_EXPORT_KEY_OUTPUT_SIZE()` or `PSA_EXPORT_KEY_PAIR_MAX_SIZE` can be used to determine the required buffer size.
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_STORAGE_FAILURE
+    .. retval:: PSA_ERROR_DATA_CORRUPT
+    .. retval:: PSA_ERROR_DATA_INVALID
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    The output of this function can be passed to `psa_import_key()` to create an equivalent object.
+
+    If the implementation of `psa_import_key()` supports other formats beyond the format specified here, the output from `psa_export_key()` must use the representation specified here, not the original representation.
+
+    For standard key types, the output format is as follows:
+
+    * For symmetric keys, including MAC keys, the format is the raw bytes of the key.
+
+    * For DES, the key data consists of 8 bytes. The parity bits must be correct.
+
+    * For Triple-DES, the format is the concatenation of the two or three DES keys.
+
+    * For RSA key pairs, with key type `PSA_KEY_TYPE_RSA_KEY_PAIR`, the format is the non-encrypted DER encoding of the representation defined by PKCS#1 in :RFC:`8017` as ``RSAPrivateKey``, version ``0``.
+
+      .. code:: none
+
+          RSAPrivateKey ::= SEQUENCE {
+              version             INTEGER,  -- must be 0
+              modulus             INTEGER,  -- n
+              publicExponent      INTEGER,  -- e
+              privateExponent     INTEGER,  -- d
+              prime1              INTEGER,  -- p
+              prime2              INTEGER,  -- q
+              exponent1           INTEGER,  -- d mod (p-1)
+              exponent2           INTEGER,  -- d mod (q-1)
+              coefficient         INTEGER,  -- (inverse of q) mod p
+          }
+
+    * For elliptic curve key pairs, with key types for which `PSA_KEY_TYPE_IS_ECC_KEY_PAIR()` is true, the format is a representation of the private value.
+
+      - For Weierstrass curve families ``PSA_ECC_FAMILY_SECT_XX``, ``PSA_ECC_FAMILY_SECP_XX``, `PSA_ECC_FAMILY_FRP` and `PSA_ECC_FAMILY_BRAINPOOL_P_R1`, the content of the ``privateKey`` field of the ``ECPrivateKey`` format defined by :RFC:`5915`. This is a ``ceiling(m/8)``-byte string in big-endian order where ``m`` is the key size in bits.
+
+      - For curve family `PSA_ECC_FAMILY_MONTGOMERY`, the scalar value of the 'private key' in little-endian order as defined by :RFC:`7748#6`. This is a ``ceiling(m/8)``-byte string where ``m`` is the key size in bits. This is 32 bytes for Curve25519, and 56 bytes for Curve448.
+
+    * For Diffie-Hellman key exchange key pairs, with key types for which `PSA_KEY_TYPE_IS_DH_KEY_PAIR()` is true, the format is the representation of the private key ``x`` as a big-endian byte string. The length of the byte string is the private key size in bytes, and leading zeroes are not stripped.
+
+    * For public keys, with key types for which `PSA_KEY_TYPE_IS_PUBLIC_KEY()` is true, the format is the same as for `psa_export_public_key()`.
+
+    The policy on the key must have the usage flag `PSA_KEY_USAGE_EXPORT` set.
+
+.. function:: psa_export_public_key
+
+    .. summary::
+        Export a public key or the public part of a key pair in binary format.
+
+    .. param:: psa_key_id_t key
+        Identifier of the key to export.
+    .. param:: uint8_t * data
+        Buffer where the key data is to be written.
+    .. param:: size_t data_size
+        Size of the ``data`` buffer in bytes.
+        This must be appropriate for the key:
+
+        * The required output size is :code:`PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(type, bits)` where ``type`` is the key type and ``bits`` is the key size in bits.
+        * `PSA_EXPORT_PUBLIC_KEY_MAX_SIZE` evaluates to the maximum output size of any supported public key or public part of a key pair.
+
+    .. param:: size_t * data_length
+        On success, the number of bytes that make up the key data.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+    .. retval:: PSA_ERROR_INVALID_HANDLE
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+        The key is neither a public key nor a key pair.
+    .. retval:: PSA_ERROR_NOT_SUPPORTED
+    .. retval:: PSA_ERROR_BUFFER_TOO_SMALL
+        The size of the ``data`` buffer is too small.
+        `PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE()` or `PSA_EXPORT_PUBLIC_KEY_MAX_SIZE` can be used to determine the required buffer size.
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_STORAGE_FAILURE
+    .. retval:: PSA_ERROR_DATA_CORRUPT
+    .. retval:: PSA_ERROR_DATA_INVALID
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    The output of this function can be passed to `psa_import_key()` to create an object that is equivalent to the public key.
+
+    If the implementation of `psa_import_key()` supports other formats beyond the format specified here, the output from `psa_export_public_key()` must use the representation specified here, not the original representation.
+
+    For standard key types, the output format is as follows:
+
+    * For RSA public keys, with key type `PSA_KEY_TYPE_RSA_PUBLIC_KEY`, the DER encoding of the representation defined by :RFC:`3279#2.3.1` as ``RSAPublicKey``.
+
+      .. code:: none
+
+          RSAPublicKey ::= SEQUENCE {
+             modulus            INTEGER,    -- n
+             publicExponent     INTEGER  }  -- e
+
+    * For elliptic curve key pairs, with key types for which `PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY()` is true, the format depends on the key family:
+
+      - For Weierstrass curve families ``PSA_ECC_FAMILY_SECT_XX``, ``PSA_ECC_FAMILY_SECP_XX``, `PSA_ECC_FAMILY_FRP` and `PSA_ECC_FAMILY_BRAINPOOL_P_R1`, the uncompressed representation defined by *Standards for Efficient Cryptography*, |SEC1|_ §2.3.3 as the content of an ``ECPoint``. If ``m`` is the bit size associated with the curve, i.e. the bit size of ``q`` for a curve over ``F_q``. The representation consists of:
+
+        * The byte ``0x04``;
+        * ``x_P`` as a ``ceiling(m/8)``-byte string, big-endian;
+        * ``y_P`` as a ``ceiling(m/8)``-byte string, big-endian.
+
+        .. |SEC1| replace:: *SEC 1: Elliptic Curve Cryptography*
+        .. _SEC1: https://www.secg.org/sec1-v2.pdf
+
+      - For curve family `PSA_ECC_FAMILY_MONTGOMERY`, the scalar value of the 'public key' in little-endian order as defined by :RFC:`7748#6`. This is a ``ceiling(m/8)``-byte string where ``m`` is the key size in bits.
+
+        * This is 32 bytes for Curve25519, computed as ``X25519(private_key, 9)``.
+        * This is 56 bytes for Curve448, computed as ``X448(private_key, 5)``.
+
+    * For Diffie-Hellman key exchange public keys, with key types for which `PSA_KEY_TYPE_IS_DH_PUBLIC_KEY` is true, the format is the representation of the public key ``y = g^x mod p`` as a big-endian byte string. The length of the byte string is the length of the base prime ``p`` in bytes.
+
+    Exporting a public key object or the public part of a key pair is always permitted, regardless of the key's usage flags.
+
+.. macro:: PSA_EXPORT_KEY_OUTPUT_SIZE
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        Sufficient output buffer size for `psa_export_key()`.
+
+    .. param:: key_type
+        A supported key type.
+    .. param:: key_bits
+        The size of the key in bits.
+
+    .. return::
+        If the parameters are valid and supported, return a buffer size in bytes that guarantees that `psa_export_key()` or `psa_export_public_key()` will not fail with `PSA_ERROR_BUFFER_TOO_SMALL`. If the parameters are a valid combination that is not supported by the implementation, this macro must return either a sensible size or ``0``. If the parameters are not valid, the return value is unspecified.
+
+    This macro returns a compile-time constant if its arguments are compile-time constants.
+
+    .. warning::
+        This function can evaluate its arguments multiple times or zero times. Providing arguments that have side effects will result in implementation-specific behavior, and is non-portable.
+
+    The following code illustrates how to allocate enough memory to export a key by querying the key type and size at runtime.
+
+    .. autocode::
+
+        psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+        psa_status_t status;
+        status = psa_get_key_attributes(key, &attributes);
+        if (status != PSA_SUCCESS)
+            handle_error(...);
+        psa_key_type_t key_type = psa_get_key_type(&attributes);
+        size_t key_bits = psa_get_key_bits(&attributes);
+        size_t buffer_size = PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits);
+        psa_reset_key_attributes(&attributes);
+        uint8_t *buffer = malloc(buffer_size);
+        if (buffer == NULL)
+            handle_error(...);
+        size_t buffer_length;
+        status = psa_export_key(key, buffer, buffer_size, &buffer_length);
+        if (status != PSA_SUCCESS)
+            handle_error(...);
+
+    See also `PSA_EXPORT_KEY_PAIR_MAX_SIZE` and `PSA_EXPORT_PUBLIC_KEY_MAX_SIZE`.
+
+.. macro:: PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        Sufficient output buffer size for `psa_export_public_key()`.
+
+    .. param:: key_type
+        A public key or key pair key type.
+    .. param:: key_bits
+        The size of the key in bits.
+
+    .. return::
+        If the parameters are valid and supported, return a buffer size in bytes that guarantees that `psa_export_public_key()` will not fail with `PSA_ERROR_BUFFER_TOO_SMALL`. If the parameters are a valid combination that is not supported by the implementation, this macro must return either a sensible size or ``0``. If the parameters are not valid, the return value is unspecified.
+
+        If the parameters are valid and supported, it is recommended that this macro returns the same result as :code:`PSA_EXPORT_KEY_OUTPUT_SIZE(PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(key_type), key_bits)`.
+
+    This macro returns a compile-time constant if its arguments are compile-time constants.
+
+    .. warning::
+        This function can evaluate its arguments multiple times or zero times. Providing arguments that have side effects will result in implementation-specific behavior, and is non-portable.
+
+    The following code illustrates how to allocate enough memory to export a public key by querying the key type and size at runtime.
+
+    .. autocode::
+
+        psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+        psa_status_t status;
+        status = psa_get_key_attributes(key, &attributes);
+        if (status != PSA_SUCCESS)
+            handle_error(...);
+        psa_key_type_t key_type = psa_get_key_type(&attributes);
+        size_t key_bits = psa_get_key_bits(&attributes);
+        size_t buffer_size = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, key_bits);
+        psa_reset_key_attributes(&attributes);
+        uint8_t *buffer = malloc(buffer_size);
+        if (buffer == NULL)
+            handle_error(...);
+        size_t buffer_length;
+        status = psa_export_public_key(key, buffer, buffer_size, &buffer_length);
+        if (status != PSA_SUCCESS)
+            handle_error(...);
+
+    See also `PSA_EXPORT_PUBLIC_KEY_MAX_SIZE`.
+
+.. macro:: PSA_EXPORT_KEY_PAIR_MAX_SIZE
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        Sufficient buffer size for exporting any asymmetric key pair.
+
+    This macro must expand to a compile-time constant integer.
+    This value must be a sufficient buffer size when calling `psa_export_key()` to export any asymmetric key pair that is supported by the implementation, regardless of the exact key type and key size.
+
+    See also `PSA_EXPORT_KEY_OUTPUT_SIZE()`.
+
+.. macro:: PSA_EXPORT_PUBLIC_KEY_MAX_SIZE
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        Sufficient buffer size for exporting any asymmetric public key.
+
+    This macro must expand to a compile-time constant integer.
+    This value must be a sufficient buffer size when calling `psa_export_key()` or `psa_export_public_key()` to export any asymmetric public key that is supported by the implementation, regardless of the exact key type and key size.
+
+    See also `PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE()`.
diff --git a/docs/html/_sources/api/keys/types.rst.txt b/docs/html/_sources/api/keys/types.rst.txt
new file mode 100644
index 0000000..d33b32f
--- /dev/null
+++ b/docs/html/_sources/api/keys/types.rst.txt
@@ -0,0 +1,610 @@
+.. _key-types:
+
+Key types
+=========
+
+Key categories
+--------------
+
+.. macro:: PSA_KEY_TYPE_NONE
+    :definition: ((psa_key_type_t)0x0000)
+
+    .. summary::
+        An invalid key type value.
+
+    Zero is not the encoding of any key type.
+
+.. macro:: PSA_KEY_TYPE_IS_UNSTRUCTURED
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Whether a key type is an unstructured array of bytes.
+
+    .. param:: type
+        A key type (value of type `psa_key_type_t`).
+
+    This encompasses both symmetric keys and non-key data.
+
+    See :title:`symmetric-keys` for a list of symmetric key types.
+
+.. macro:: PSA_KEY_TYPE_IS_ASYMMETRIC
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Whether a key type is asymmetric: either a key pair or a public key.
+
+    .. param:: type
+        A key type (value of type `psa_key_type_t`).
+
+    See :title:`asymmetric-keys` for a list of asymmetric key types.
+
+.. macro:: PSA_KEY_TYPE_IS_PUBLIC_KEY
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Whether a key type is the public part of a key pair.
+
+    .. param:: type
+        A key type (value of type `psa_key_type_t`).
+
+.. macro:: PSA_KEY_TYPE_IS_KEY_PAIR
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Whether a key type is a key pair containing a private part and a public part.
+
+    .. param:: type
+        A key type (value of type `psa_key_type_t`).
+
+
+.. _symmetric-keys:
+
+Symmetric keys
+--------------
+
+.. macro:: PSA_KEY_TYPE_RAW_DATA
+    :definition: ((psa_key_type_t)0x1001)
+
+    .. summary::
+        Raw data.
+
+    A "key" of this type cannot be used for any cryptographic operation. Applications can use this type to store arbitrary data in the keystore.
+
+.. macro:: PSA_KEY_TYPE_HMAC
+    :definition: ((psa_key_type_t)0x1100)
+
+    .. summary::
+        HMAC key.
+
+    The key policy determines which underlying hash algorithm the key can be used for.
+
+    HMAC keys typically have the same size as the underlying hash. This size can be calculated with :code:`PSA_HASH_LENGTH(alg)` where ``alg`` is the HMAC algorithm or the underlying hash algorithm.
+
+.. macro:: PSA_KEY_TYPE_DERIVE
+    :definition: ((psa_key_type_t)0x1200)
+
+    .. summary::
+        A secret for key derivation.
+
+    The key policy determines which key derivation algorithm the key can be used for.
+
+.. macro:: PSA_KEY_TYPE_AES
+    :definition: ((psa_key_type_t)0x2400)
+
+    .. summary::
+        Key for a cipher, AEAD or MAC algorithm based on the AES block cipher.
+
+    The size of the key can be 16 bytes (AES-128), 24 bytes (AES-192) or 32 bytes (AES-256).
+
+.. macro:: PSA_KEY_TYPE_DES
+    :definition: ((psa_key_type_t)0x2301)
+
+    .. summary::
+        Key for a cipher or MAC algorithm based on DES or 3DES (Triple-DES).
+
+    The size of the key can be 8 bytes (single DES), 16 bytes (2-key 3DES) or 24 bytes (3-key 3DES).
+
+    .. warning::
+        Single DES and 2-key 3DES are weak and strongly deprecated and are only recommended for decrypting legacy data.
+
+        3-key 3DES is weak and deprecated and is only recommended for use in legacy protocols.
+
+.. macro:: PSA_KEY_TYPE_CAMELLIA
+    :definition: ((psa_key_type_t)0x2403)
+
+    .. summary::
+        Key for a cipher, AEAD or MAC algorithm based on the Camellia block cipher.
+
+.. macro:: PSA_KEY_TYPE_ARC4
+    :definition: ((psa_key_type_t)0x2002)
+
+    .. summary::
+        Key for the RC4 stream cipher.
+
+    Use algorithm `PSA_ALG_STREAM_CIPHER` to use this key with the ARC4 cipher.
+
+    .. warning::
+        The RC4 cipher is weak and deprecated and is only recommended for use in legacy protocols.
+
+    The ARC4 cipher does not use an initialization vector (IV). When using a multi-part cipher operation with the `PSA_ALG_STREAM_CIPHER` algorithm and an ARC4 key, `psa_cipher_generate_iv()` and `psa_cipher_set_iv()` must not be called.
+
+.. macro:: PSA_KEY_TYPE_CHACHA20
+    :definition: ((psa_key_type_t)0x2004)
+
+    .. summary::
+        Key for the ChaCha20 stream cipher or the Chacha20-Poly1305 AEAD algorithm.
+
+    ChaCha20 and the ChaCha20_Poly1305 construction are defined in :RFC:`7539`.
+
+    Variants of these algorithms are defined by the length of the nonce:
+
+    - Implementations must support a 12-byte nonce, as defined in :RFC:`7539`.
+    - Implementations can optionally support an 8-byte nonce, the original variant.
+    - It is recommended that implementations do not support other sizes of nonce.
+
+    Use algorithm `PSA_ALG_STREAM_CIPHER` to use this key with the ChaCha20 cipher for unauthenticated encryption.
+
+
+.. _asymmetric-keys:
+
+RSA keys
+--------
+
+.. macro:: PSA_KEY_TYPE_RSA_PUBLIC_KEY
+    :definition: ((psa_key_type_t)0x4001)
+
+    .. summary::
+        RSA public key.
+
+.. macro:: PSA_KEY_TYPE_RSA_KEY_PAIR
+    :definition: ((psa_key_type_t)0x7001)
+
+    .. summary::
+        RSA key pair: both the private and public key.
+
+.. macro:: PSA_KEY_TYPE_IS_RSA
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Whether a key type is an RSA key. This includes both key pairs and public keys.
+
+    .. param:: type
+        A key type (value of type `psa_key_type_t`).
+
+Elliptic Curve keys
+-------------------
+
+.. typedef:: uint8_t psa_ecc_family_t
+
+    .. summary::
+        The type of PSA elliptic curve family identifiers.
+
+    The curve identifier is required to create an ECC key using the `PSA_KEY_TYPE_ECC_KEY_PAIR()` or `PSA_KEY_TYPE_ECC_PUBLIC_KEY()` macros.
+
+    The specific ECC curve within a family is identified by the ``key_bits`` attribute of the key.
+
+    The range of Elliptic curve family identifier values is divided as follows:
+
+    :code:`0x00 - 0x7f`
+        ECC family identifiers defined by this standard.
+        Unallocated values in this range are reserved for future use.
+    :code:`0x80 - 0xff`
+        Implementations that define additional families must use an encoding in this range.
+
+.. macro:: PSA_KEY_TYPE_ECC_KEY_PAIR
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Elliptic curve key pair: both the private and public key.
+
+    .. param:: curve
+        A value of type `psa_ecc_family_t` that identifies the ECC curve family to be used.
+
+.. macro:: PSA_KEY_TYPE_ECC_PUBLIC_KEY
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Elliptic curve public key.
+
+    .. param:: curve
+        A value of type `psa_ecc_family_t` that identifies the ECC curve family to be used.
+
+
+.. macro:: PSA_ECC_FAMILY_SECP_K1
+    :definition: ((psa_ecc_family_t) 0x17)
+
+    .. summary::
+        SEC Koblitz curves over prime fields.
+
+    This family comprises the following curves:
+
+    - secp192k1 : ``key_bits = 192``
+    - secp224k1 : ``key_bits = 225``
+    - secp256k1 : ``key_bits = 256``
+
+    They are defined in *Standards for Efficient Cryptography*, |SEC2|_.
+
+    .. |SEC2| replace:: *SEC 2: Recommended Elliptic Curve Domain Parameters*
+    .. _SEC2: https://www.secg.org/sec2-v2.pdf
+
+.. macro:: PSA_ECC_FAMILY_SECP_R1
+    :definition: ((psa_ecc_family_t) 0x12)
+
+    .. summary::
+        SEC random curves over prime fields.
+
+    This family comprises the following curves:
+
+    - secp192r1 : ``key_bits = 192``
+    - secp224r1 : ``key_bits = 224``
+    - secp256r1 : ``key_bits = 256``
+    - secp384r1 : ``key_bits = 384``
+    - secp521r1 : ``key_bits = 512``
+
+    They are defined in *Standards for Efficient Cryptography*, |SEC2|_
+
+.. macro:: PSA_ECC_FAMILY_SECP_R2
+    :definition: ((psa_ecc_family_t) 0x1b)
+
+    .. summary::
+        .. warning::
+            This family of curves is weak and deprecated.
+
+    This family comprises the following curves:
+
+    - secp160r2 : ``key_bits = 160`` *(Deprecated)*
+
+    It is defined in the superseded |SEC2v1|_.
+
+    .. |SEC2v1| replace:: *SEC 2: Recommended Elliptic Curve Domain Parameters, Version 1.0*
+    .. _SEC2v1: https://www.secg.org/SEC2-Ver-1.0.pdf
+
+.. macro:: PSA_ECC_FAMILY_SECT_K1
+    :definition: ((psa_ecc_family_t) 0x27)
+
+    .. summary::
+        SEC Koblitz curves over binary fields.
+
+    This family comprises the following curves:
+
+    - sect163k1 : ``key_bits = 163`` *(Deprecated)*
+    - sect233k1 : ``key_bits = 233``
+    - sect239k1 : ``key_bits = 239``
+    - sect283k1 : ``key_bits = 283``
+    - sect409k1 : ``key_bits = 409``
+    - sect571k1 : ``key_bits = 571``
+
+    They are defined in *Standards for Efficient Cryptography*, |SEC2|_
+
+    .. warning::
+        The 163-bit curve sect163k1 is weak and deprecated and is only recommended for use in legacy protocols.
+
+.. macro:: PSA_ECC_FAMILY_SECT_R1
+    :definition: ((psa_ecc_family_t) 0x22)
+
+    .. summary::
+        SEC random curves over binary fields.
+
+    This family comprises the following curves:
+
+    - sect163r1 : ``key_bits = 163`` *(Deprecated)*
+    - sect233r1 : ``key_bits = 233``
+    - sect283r1 : ``key_bits = 283``
+    - sect409r1 : ``key_bits = 409``
+    - sect571r1 : ``key_bits = 571``
+
+    They are defined in *Standards for Efficient Cryptography*, |SEC2|_
+
+    .. warning::
+        The 163-bit curve sect163r1 is weak and deprecated and is only recommended for use in legacy protocols.
+
+.. macro:: PSA_ECC_FAMILY_SECT_R2
+    :definition: ((psa_ecc_family_t) 0x2b)
+
+    .. summary::
+        SEC additional random curves over binary fields.
+
+    This family comprises the following curves:
+
+    - sect163r2 : ``key_bits = 163`` *(Deprecated)*
+
+    It is defined in *Standards for Efficient Cryptography*, |SEC2|_
+
+    .. warning::
+        The 163-bit curve sect163r2 is weak and deprecated and is only recommended for use in legacy protocols.
+
+.. macro:: PSA_ECC_FAMILY_BRAINPOOL_P_R1
+    :definition: ((psa_ecc_family_t) 0x30)
+
+    .. summary::
+        Brainpool P random curves.
+
+    This family comprises the following curves:
+
+    - brainpoolP160r1 : ``key_bits = 160`` *(Deprecated)*
+    - brainpoolP192r1 : ``key_bits = 192``
+    - brainpoolP224r1 : ``key_bits = 224``
+    - brainpoolP256r1 : ``key_bits = 256``
+    - brainpoolP320r1 : ``key_bits = 320``
+    - brainpoolP384r1 : ``key_bits = 384``
+    - brainpoolP512r1 : ``key_bits = 512``
+
+    They are defined in :rfc:`5639`.
+
+    .. warning::
+        The 160-bit curve brainpoolP160r1 is weak and deprecated and is only recommended for use in legacy protocols.
+
+.. macro:: PSA_ECC_FAMILY_FRP
+    :definition: ((psa_ecc_family_t) 0x33)
+
+    .. summary::
+        Curve used primarily in France and elsewhere in Europe.
+
+    This family comprises one 256-bit curve:
+
+    - FRP256v1 : ``key_bits = 256``
+
+    This is defined by *Agence nationale de la sécurité des systèmes d'information* in |FRP|_, 21 November 2011.
+
+    .. |FRP| replace:: *Publication d'un paramétrage de courbe elliptique visant des applications de passeport électronique et de l'administration électronique française*
+    .. _FRP: https://www.ssi.gouv.fr/agence/publication/publication-dun-parametrage-de-courbe-elliptique-visant-des-applications-de-passeport-electronique-et-de-ladministration-electronique-francaise/
+
+.. macro:: PSA_ECC_FAMILY_MONTGOMERY
+    :definition: ((psa_ecc_family_t) 0x41)
+
+    .. summary::
+        Montgomery curves.
+
+    This family comprises the following Montgomery curves:
+
+    - Curve25519 : ``key_bits = 255``
+
+      This curve is defined in Bernstein et al., |Curve25519|_, LNCS 3958, 2006.
+
+      .. |Curve25519| replace:: *Curve25519: new Diffie-Hellman speed records*
+      .. _Curve25519: https://www.iacr.org/archive/pkc2006/39580209/39580209.pdf
+
+      The algorithm `PSA_ALG_ECDH` performs X25519 when used with this curve.
+
+    - Curve448 : ``key_bits = 448``
+
+      This curve is defined in Hamburg, |Ed448|_, NIST ECC Workshop, 2015.
+
+      .. |Ed448| replace:: *Ed448-Goldilocks, a new elliptic curve*
+      .. _Ed448: https://eprint.iacr.org/2015/625.pdf
+
+      The algorithm `PSA_ALG_ECDH` performs X448 when used with this curve.
+
+.. macro:: PSA_KEY_TYPE_IS_ECC
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Whether a key type is an elliptic curve key, either a key pair or a public key.
+
+    .. param:: type
+        A key type (value of type `psa_key_type_t`).
+
+.. macro:: PSA_KEY_TYPE_IS_ECC_KEY_PAIR
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Whether a key type is an elliptic curve key pair.
+
+    .. param:: type
+        A key type (value of type `psa_key_type_t`).
+
+.. macro:: PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Whether a key type is an elliptic curve public key.
+
+    .. param:: type
+        A key type (value of type `psa_key_type_t`).
+
+.. macro:: PSA_KEY_TYPE_ECC_GET_FAMILY
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Extract the curve family from an elliptic curve key type.
+
+    .. param:: type
+        An elliptic curve key type (value of type `psa_key_type_t` such that :code:`PSA_KEY_TYPE_IS_ECC(type)` is true).
+
+    .. return:: psa_ecc_family_t
+        The elliptic curve family id, if ``type`` is a supported elliptic curve key. Unspecified if ``type`` is not a supported elliptic curve key.
+
+Diffie Hellman keys
+-------------------
+
+.. typedef:: uint8_t psa_dh_family_t
+
+    .. summary::
+        The type of PSA Diffie-Hellman group family identifiers.
+
+    The group family identifier is required to create an Diffie-Hellman key using the `PSA_KEY_TYPE_DH_KEY_PAIR()` or `PSA_KEY_TYPE_DH_PUBLIC_KEY()` macros.
+
+    The specific Diffie-Hellman group within a family is identified by the ``key_bits`` attribute of the key.
+
+    The range of Diffie-Hellman group family identifier values is divided as follows:
+
+    :code:`0x00 - 0x7f`
+        DH group family identifiers defined by this standard.
+        Unallocated values in this range are reserved for future use.
+    :code:`0x80 - 0xff`
+        Implementations that define additional families must use an encoding in this range.
+
+.. macro:: PSA_KEY_TYPE_DH_KEY_PAIR
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Diffie-Hellman key pair: both the private key and public key.
+
+    .. param:: group
+        A value of type `psa_dh_family_t` that identifies the Diffie-Hellman group family to be used.
+
+.. macro:: PSA_KEY_TYPE_DH_PUBLIC_KEY
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Diffie-Hellman public key.
+
+    .. param:: group
+        A value of type `psa_dh_family_t` that identifies the Diffie-Hellman group family to be used.
+
+.. macro:: PSA_DH_FAMILY_RFC7919
+    :definition: ((psa_dh_family_t) 0x03)
+
+    .. summary::
+        Diffie-Hellman groups defined in :rfc:`7919#A`.
+
+    This family includes groups with the following key sizes (in bits): 2048, 3072, 4096, 6144, 8192.
+    An implementation can support all of these sizes or only a subset.
+
+.. macro:: PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY
+    :definition: /* specification-defined value */
+
+    .. summary::
+        The key pair type corresponding to a public key type.
+
+    .. param:: type
+        A public key type or key pair type.
+
+    .. return::
+        The corresponding key pair type. If ``type`` is not a public key or a key pair, the return value is undefined.
+
+    If ``type`` is a key pair type, it will be left unchanged.
+
+.. macro:: PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR
+    :definition: /* specification-defined value */
+
+    .. summary::
+        The public key type corresponding to a key pair type.
+
+    .. param:: type
+        A public key type or key pair type.
+
+    .. return::
+        The corresponding public key type. If ``type`` is not a public key or a key pair, the return value is undefined.
+
+    If ``type`` is a public key type, it will be left unchanged.
+
+.. macro:: PSA_KEY_TYPE_IS_DH
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Whether a key type is a Diffie-Hellman key, either a key pair or a public key.
+
+    .. param:: type
+        A key type (value of type `psa_key_type_t`).
+
+.. macro:: PSA_KEY_TYPE_IS_DH_KEY_PAIR
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Whether a key type is a Diffie-Hellman key pair.
+
+    .. param:: type
+        A key type (value of type `psa_key_type_t`).
+
+.. macro:: PSA_KEY_TYPE_IS_DH_PUBLIC_KEY
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Whether a key type is a Diffie-Hellman public key.
+
+    .. param:: type
+        A key type (value of type `psa_key_type_t`).
+
+.. macro:: PSA_KEY_TYPE_DH_GET_FAMILY
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Extract the group family from a Diffie-Hellman key type.
+
+    .. param:: type
+        A Diffie-Hellman key type (value of type `psa_key_type_t` such that :code:`PSA_KEY_TYPE_IS_DH(type)` is true).
+
+    .. return:: psa_dh_family_t
+        The Diffie-Hellman group family id, if ``type`` is a supported Diffie-Hellman key. Unspecified if ``type`` is not a supported Diffie-Hellman key.
+
+Attribute accessors
+-------------------
+
+.. function:: psa_set_key_type
+
+    .. summary::
+        Declare the type of a key.
+
+    .. param:: psa_key_attributes_t * attributes
+        The attribute object to write to.
+    .. param:: psa_key_type_t type
+        The key type to write. If this is `PSA_KEY_TYPE_NONE`, the key type in ``attributes`` becomes unspecified.
+
+    .. return:: void
+
+    This function overwrites any key type previously set in ``attributes``.
+
+    .. admonition:: Implementation note
+
+        This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:
+
+        - This function can be declared as ``static`` or ``inline``, instead of using the default external linkage.
+        - This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.
+
+.. function:: psa_get_key_type
+
+    .. summary::
+        Retrieve the key type from key attributes.
+
+    .. param:: const psa_key_attributes_t * attributes
+        The key attribute object to query.
+
+    .. return:: psa_key_type_t
+        The key type stored in the attribute object.
+
+    .. admonition:: Implementation note
+
+        This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:
+
+        - This function can be declared as ``static`` or ``inline``, instead of using the default external linkage.
+        - This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.
+
+.. function:: psa_get_key_bits
+
+    .. summary::
+        Retrieve the key size from key attributes.
+
+    .. param:: const psa_key_attributes_t * attributes
+        The key attribute object to query.
+
+    .. return:: size_t
+        The key size stored in the attribute object, in bits.
+
+    .. admonition:: Implementation note
+
+        This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:
+
+        - This function can be declared as ``static`` or ``inline``, instead of using the default external linkage.
+        - This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.
+
+.. function:: psa_set_key_bits
+
+    .. summary::
+        Declare the size of a key.
+
+    .. param:: psa_key_attributes_t * attributes
+        The attribute object to write to.
+    .. param:: size_t bits
+        The key size in bits. If this is ``0``, the key size in ``attributes`` becomes unspecified. Keys of size ``0`` are not supported.
+
+    .. return:: void
+
+    This function overwrites any key size previously set in ``attributes``.
+
+    .. admonition:: Implementation note
+
+        This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:
+
+        - This function can be declared as ``static`` or ``inline``, instead of using the default external linkage.
+        - This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.
diff --git a/docs/html/_sources/api/keys/usage.rst.txt b/docs/html/_sources/api/keys/usage.rst.txt
new file mode 100644
index 0000000..e41d6ab
--- /dev/null
+++ b/docs/html/_sources/api/keys/usage.rst.txt
@@ -0,0 +1,190 @@
+.. _key-usage:
+
+Key policies
+============
+
+Key usage flags
+---------------
+
+.. macro:: PSA_KEY_USAGE_EXPORT
+    :definition: ((psa_key_usage_t)0x00000001)
+
+    .. summary::
+        Permission to export the key.
+
+    This flag allows the use of `psa_export_key()` to export a key from the cryptoprocessor. A public key or the public part of a key pair can always be exported regardless of the value of this permission flag.
+
+    This flag can also be required to copy a key using `psa_copy_key()` outside of a secure element. See also `PSA_KEY_USAGE_COPY`.
+
+    If a key does not have export permission, implementations must not allow the key to be exported in plain form from the cryptoprocessor, whether through `psa_export_key()` or through a proprietary interface. The key might still be exportable in a wrapped form, i.e. in a form where it is encrypted by another key.
+
+.. macro:: PSA_KEY_USAGE_COPY
+    :definition: ((psa_key_usage_t)0x00000002)
+
+    .. summary::
+        Permission to copy the key.
+
+    This flag allows the use of `psa_copy_key()` to make a copy of the key with the same policy or a more restrictive policy.
+
+    For lifetimes for which the key is located in a secure element which enforce the non-exportability of keys, copying a key outside the secure element also requires the usage flag `PSA_KEY_USAGE_EXPORT`. Copying the key inside the secure element is permitted with just `PSA_KEY_USAGE_COPY` if the secure element supports it. For keys with the lifetime `PSA_KEY_LIFETIME_VOLATILE` or `PSA_KEY_LIFETIME_PERSISTENT`, the usage flag `PSA_KEY_USAGE_COPY` is sufficient to permit the copy.
+
+.. macro:: PSA_KEY_USAGE_CACHE
+    :definition: ((psa_key_usage_t)0x00000004)
+
+    .. summary::
+        Permission for the implementation to cache the key.
+
+    This flag allows the implementation to make additional copies of the key material that are not in storage and not for the purpose of an ongoing operation. Applications can use it as a hint to keep the key around for repeated access.
+
+    An application can request that cached key material is removed from memory by calling `psa_purge_key()`.
+
+    The presence of this key policy when creating a key is a hint:
+
+    - An implementation is not required to cache keys that have this policy.
+    - An implementation must not report an error if it does not cache keys.
+
+    If this key policy is not present, the implementation must ensure key material is removed from memory as soon as it is not required for an operation or for maintenance of a volatile key.
+
+    This flag must be preserved when reading back the attributes for all keys, regardless of key type or implementation behavior.
+
+    See also :title:`key-material`.
+
+.. macro:: PSA_KEY_USAGE_ENCRYPT
+    :definition: ((psa_key_usage_t)0x00000100)
+
+    .. summary::
+        Permission to encrypt a message with the key.
+
+    This flag allows the key to be used for a symmetric encryption operation, for an AEAD encryption-and-authentication operation, or for an asymmetric encryption operation, if otherwise permitted by the key's type and policy. The flag must be present on keys used with the following APIs:
+
+    * `psa_cipher_encrypt()`
+    * `psa_cipher_encrypt_setup()`
+    * `psa_aead_encrypt()`
+    * `psa_aead_encrypt_setup()`
+    * `psa_asymmetric_encrypt()`
+
+    For a key pair, this concerns the public key.
+
+.. macro:: PSA_KEY_USAGE_DECRYPT
+    :definition: ((psa_key_usage_t)0x00000200)
+
+    .. summary::
+        Permission to decrypt a message with the key.
+
+    This flag allows the key to be used for a symmetric decryption operation, for an AEAD decryption-and-verification operation, or for an asymmetric decryption operation, if otherwise permitted by the key's type and policy. The flag must be present on keys used with the following APIs:
+
+    * `psa_cipher_decrypt()`
+    * `psa_cipher_decrypt_setup()`
+    * `psa_aead_decrypt()`
+    * `psa_aead_decrypt_setup()`
+    * `psa_asymmetric_decrypt()`
+
+    For a key pair, this concerns the private key.
+
+.. macro:: PSA_KEY_USAGE_SIGN_MESSAGE
+    :definition: ((psa_key_usage_t)0x00000400)
+
+    .. summary::
+        Permission to sign a message with the key.
+
+    This flag allows the key to be used for a MAC calculation operation or for an asymmetric message signature operation, if otherwise permitted by the key's type and policy. The flag must be present on keys used with the following APIs:
+
+    * `psa_mac_compute()`
+    * `psa_mac_sign_setup()`
+    * `psa_sign_message()`
+
+    For a key pair, this concerns the private key.
+
+.. macro:: PSA_KEY_USAGE_VERIFY_MESSAGE
+    :definition: ((psa_key_usage_t)0x00000800)
+
+    .. summary::
+        Permission to verify a message signature with the key.
+
+    This flag allows the key to be used for a MAC verification operation or for an asymmetric message signature verification operation, if otherwise permitted by the key's type and policy. The flag must be present on keys used with the following APIs:
+
+    * `psa_mac_verify()`
+    * `psa_mac_verify_setup()`
+    * `psa_verify_message()`
+
+    For a key pair, this concerns the public key.
+
+.. macro:: PSA_KEY_USAGE_SIGN_HASH
+    :definition: ((psa_key_usage_t)0x00001000)
+
+    .. summary::
+        Permission to sign a message hash with the key.
+
+    This flag allows the key to be used to sign a message hash as part of an asymmetric signature operation, if otherwise permitted by the key's type and policy. The flag must be present on keys used when calling `psa_sign_hash()`.
+
+    This flag automatically sets `PSA_KEY_USAGE_SIGN_MESSAGE`: if an application sets the flag `PSA_KEY_USAGE_SIGN_HASH` when creating a key, then the key always has the permissions conveyed by `PSA_KEY_USAGE_SIGN_MESSAGE`, and the flag `PSA_KEY_USAGE_SIGN_MESSAGE` will also be present when the application queries the usage policy of the key.
+
+    For a key pair, this concerns the private key.
+
+.. macro:: PSA_KEY_USAGE_VERIFY_HASH
+    :definition: ((psa_key_usage_t)0x00002000)
+
+    .. summary::
+        Permission to verify a message hash with the key.
+
+    This flag allows the key to be used to verify a message hash as part of an asymmetric signature verification operation, if otherwise permitted by the key's type and policy. The flag must be present on keys used when calling `psa_verify_hash()`.
+
+    This flag automatically sets `PSA_KEY_USAGE_VERIFY_MESSAGE`: if an application sets the flag `PSA_KEY_USAGE_VERIFY_HASH` when creating a key, then the key always has the permissions conveyed by `PSA_KEY_USAGE_VERIFY_MESSAGE`, and the flag `PSA_KEY_USAGE_VERIFY_MESSAGE` will also be present when the application queries the usage policy of the key.
+
+    For a key pair, this concerns the public key.
+
+.. macro:: PSA_KEY_USAGE_DERIVE
+    :definition: ((psa_key_usage_t)0x00004000)
+
+    .. summary::
+        Permission to derive other keys from this key.
+
+    This flag allows the key to be used for a key derivation operation or for a key agreement operation, if otherwise permitted by by the key's type and policy. The flag must be present on keys used with the following APIs:
+
+    * `psa_key_derivation_input_key()`
+    * `psa_key_derivation_key_agreement()`
+    * `psa_raw_key_agreement()`
+
+Attribute accessors
+-------------------
+
+.. function:: psa_set_key_usage_flags
+
+    .. summary::
+        Declare usage flags for a key.
+
+    .. param:: psa_key_attributes_t * attributes
+        The attribute object to write to.
+    .. param:: psa_key_usage_t usage_flags
+        The usage flags to write.
+
+    .. return:: void
+
+    Usage flags are part of a key's usage policy. They encode what kind of operations are permitted on the key. For more details, refer to the documentation of the type `psa_key_usage_t`.
+
+    This function overwrites any usage flags previously set in ``attributes``.
+
+    .. admonition:: Implementation note
+
+        This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:
+
+        - This function can be declared as ``static`` or ``inline``, instead of using the default external linkage.
+        - This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.
+
+.. function:: psa_get_key_usage_flags
+
+    .. summary::
+        Retrieve the usage flags from key attributes.
+
+    .. param:: const psa_key_attributes_t * attributes
+        The key attribute object to query.
+
+    .. return:: psa_key_usage_t
+        The usage flags stored in the attribute object.
+
+    .. admonition:: Implementation note
+
+        This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:
+
+        - This function can be declared as ``static`` or ``inline``, instead of using the default external linkage.
+        - This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.
diff --git a/docs/html/_sources/api/library/index.rst.txt b/docs/html/_sources/api/library/index.rst.txt
new file mode 100644
index 0000000..be63207
--- /dev/null
+++ b/docs/html/_sources/api/library/index.rst.txt
@@ -0,0 +1,11 @@
+..  _api-reference:
+..  _library-management:
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Library management reference
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. toctree::
+
+    status
+    library
diff --git a/docs/html/_sources/api/library/library.rst.txt b/docs/html/_sources/api/library/library.rst.txt
new file mode 100644
index 0000000..8956282
--- /dev/null
+++ b/docs/html/_sources/api/library/library.rst.txt
@@ -0,0 +1,46 @@
+PSA Crypto library
+==================
+
+.. _api-version:
+
+API version
+-----------
+
+.. macro:: PSA_CRYPTO_API_VERSION_MAJOR
+    :definition: 1
+
+    .. summary::
+        The major version of this implementation of the PSA Crypto API.
+
+.. macro:: PSA_CRYPTO_API_VERSION_MINOR
+    :definition: 0
+
+    .. summary::
+        The minor version of this implementation of the PSA Crypto API.
+
+.. _library-init:
+
+Library initialization
+----------------------
+
+.. function:: psa_crypto_init
+
+    .. summary::
+        Library initialization.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_INSUFFICIENT_ENTROPY
+
+    Applications must call this function before calling any other function in this module.
+
+    Applications are permitted to call this function more than once. Once a call succeeds, subsequent calls are guaranteed to succeed.
+
+    If the application calls other functions before calling `psa_crypto_init()`, the behavior is undefined. In this situation:
+
+    * Implementations are encouraged to either perform the operation as if the library had been initialized or to return `PSA_ERROR_BAD_STATE` or some other applicable error.
+    * Implementations must not return a success status if the lack of initialization might have security implications, for example due to improper seeding of the random number generator.
diff --git a/docs/html/_sources/api/library/status.rst.txt b/docs/html/_sources/api/library/status.rst.txt
new file mode 100644
index 0000000..4d0c6a1
--- /dev/null
+++ b/docs/html/_sources/api/library/status.rst.txt
@@ -0,0 +1,250 @@
+.. _status-codes:
+
+PSA status codes
+================
+
+Status type
+-----------
+
+.. typedef:: int32_t psa_status_t
+
+    .. summary::
+        Function return status.
+
+    This is either `PSA_SUCCESS`, which is zero, indicating success; or a small negative value indicating that an error occurred. Errors are encoded as one of the ``PSA_ERROR_xxx`` values defined here.
+
+Success codes
+-------------
+
+.. macro:: PSA_SUCCESS
+    :definition: ((psa_status_t)0)
+
+    .. summary::
+        The action was completed successfully.
+
+Error codes
+-----------
+
+.. macro:: PSA_ERROR_GENERIC_ERROR
+    :definition: ((psa_status_t)-132)
+
+    .. summary::
+        An error occurred that does not correspond to any defined failure cause.
+
+    Implementations can use this error code if none of the other standard error codes are applicable.
+
+.. macro:: PSA_ERROR_NOT_SUPPORTED
+    :definition: ((psa_status_t)-134)
+
+    .. summary::
+        The requested operation or a parameter is not supported by this implementation.
+
+    It is recommended that implementations return this error code when an enumeration parameter such as a key type, algorithm, etc. is not recognized. If a combination of parameters is recognized and identified as not valid, return `PSA_ERROR_INVALID_ARGUMENT` instead.
+
+.. macro:: PSA_ERROR_NOT_PERMITTED
+    :definition: ((psa_status_t)-133)
+
+    .. summary::
+        The requested action is denied by a policy.
+
+    It is recommended that implementations return this error code when the parameters are recognized as valid and supported, and a policy explicitly denies the requested operation.
+
+    If a subset of the parameters of a function call identify a forbidden operation, and another subset of the parameters are not valid or not supported, it is unspecified whether the function returns `PSA_ERROR_NOT_PERMITTED`, `PSA_ERROR_NOT_SUPPORTED` or `PSA_ERROR_INVALID_ARGUMENT`.
+
+.. macro:: PSA_ERROR_BUFFER_TOO_SMALL
+    :definition: ((psa_status_t)-138)
+
+    .. summary::
+        An output buffer is too small.
+
+    Applications can call the ``PSA_xxx_SIZE`` macro listed in the function description to determine a sufficient buffer size.
+
+    It is recommended that implementations only return this error code in cases when performing the operation with a larger output buffer would succeed. However, implementations can also return this error if a function has invalid or unsupported parameters in addition to an insufficient output buffer size.
+
+.. macro:: PSA_ERROR_ALREADY_EXISTS
+    :definition: ((psa_status_t)-139)
+
+    .. summary::
+        Asking for an item that already exists.
+
+    It is recommended that implementations return this error code when attempting to write to a location where a key is already present.
+
+.. macro:: PSA_ERROR_DOES_NOT_EXIST
+    :definition: ((psa_status_t)-140)
+
+    .. summary::
+        Asking for an item that doesn't exist.
+
+    It is recommended that implementations return this error code if a requested key does not exist.
+
+.. macro:: PSA_ERROR_BAD_STATE
+    :definition: ((psa_status_t)-137)
+
+    .. summary::
+        The requested action cannot be performed in the current state.
+
+    Multi-part operations return this error when one of the functions is called out of sequence. Refer to the function descriptions for permitted sequencing of functions.
+
+    Implementations must not return this error code to indicate that a key either exists or not, but must instead return `PSA_ERROR_ALREADY_EXISTS` or `PSA_ERROR_DOES_NOT_EXIST` as applicable.
+
+    Implementations must not return this error code to indicate that a key identifier is invalid, but must return `PSA_ERROR_INVALID_HANDLE` instead.
+
+.. macro:: PSA_ERROR_INVALID_ARGUMENT
+    :definition: ((psa_status_t)-135)
+
+    .. summary::
+        The parameters passed to the function are invalid.
+
+    Implementations can return this error any time a parameter or combination of parameters are recognized as invalid.
+
+    Implementations must not return this error code to indicate that a key identifier is invalid, but must return `PSA_ERROR_INVALID_HANDLE` instead.
+
+.. macro:: PSA_ERROR_INSUFFICIENT_MEMORY
+    :definition: ((psa_status_t)-141)
+
+    .. summary::
+        There is not enough runtime memory.
+
+    If the action is carried out across multiple security realms, this error can refer to available memory in any of the security realms.
+
+.. macro:: PSA_ERROR_INSUFFICIENT_STORAGE
+    :definition: ((psa_status_t)-142)
+
+    .. summary::
+        There is not enough persistent storage.
+
+    Functions that modify the key storage return this error code if there is insufficient storage space on the host media. In addition, many functions that do not otherwise access storage might return this error code if the implementation requires a mandatory log entry for the requested action and the log storage space is full.
+
+.. macro:: PSA_ERROR_COMMUNICATION_FAILURE
+    :definition: ((psa_status_t)-145)
+
+    .. summary::
+        There was a communication failure inside the implementation.
+
+    This can indicate a communication failure between the application and an external cryptoprocessor or between the cryptoprocessor and an external volatile or persistent memory. A communication failure can be transient or permanent depending on the cause.
+
+    .. warning::
+        If a function returns this error, it is undetermined whether the requested action has completed. Returning `PSA_SUCCESS` is recommended on successful completion whenever possible, however functions can return `PSA_ERROR_COMMUNICATION_FAILURE` if the requested action was completed successfully in an external cryptoprocessor but there was a breakdown of communication before the cryptoprocessor could report the status to the application.
+
+.. macro:: PSA_ERROR_STORAGE_FAILURE
+    :definition: ((psa_status_t)-146)
+
+    .. summary::
+        There was a storage failure that might have led to data loss.
+
+    This error indicates that some persistent storage could not be read or written by the implementation. It does not indicate the following situations, which have specific error codes:
+
+    * A corruption of volatile memory - use `PSA_ERROR_CORRUPTION_DETECTED`.
+    * A communication error between the cryptoprocessor and its external storage - use `PSA_ERROR_COMMUNICATION_FAILURE`.
+    * When the storage is in a valid state but is full - use `PSA_ERROR_INSUFFICIENT_STORAGE`.
+    * When the storage or stored data is corrupted - use `PSA_ERROR_DATA_CORRUPT`.
+    * When the stored data is not valid - use `PSA_ERROR_DATA_INVALID`.
+
+    A storage failure does not indicate that any data that was previously read is invalid. However this previously read data might no longer be readable from storage.
+
+    When a storage failure occurs, it is no longer possible to ensure the global integrity of the keystore. Depending on the global integrity guarantees offered by the implementation, access to other data might fail even if the data is still readable but its integrity cannot be guaranteed.
+
+    It is recommended to only use this error code to report a permanent storage corruption. However application writers must keep in mind that transient errors while reading the storage might be reported using this error code.
+
+.. macro:: PSA_ERROR_DATA_CORRUPT
+    :definition: ((psa_status_t)-152)
+
+    .. summary::
+        Stored data has been corrupted.
+
+    This error indicates that some persistent storage has suffered corruption.  It does not indicate the following situations, which have specific error codes:
+
+    * A corruption of volatile memory - use `PSA_ERROR_CORRUPTION_DETECTED`.
+    * A communication error between the cryptoprocessor and its external storage - use `PSA_ERROR_COMMUNICATION_FAILURE`.
+    * When the storage is in a valid state but is full - use `PSA_ERROR_INSUFFICIENT_STORAGE`.
+    * When the storage fails for other reasons - use `PSA_ERROR_STORAGE_FAILURE`.
+    * When the stored data is not valid - use `PSA_ERROR_DATA_INVALID`.
+
+    Note that a storage corruption does not indicate that any data that was previously read is invalid. However this previously read data might no longer be readable from storage.
+
+    When a storage failure occurs, it is no longer possible to ensure the global integrity of the keystore. Depending on the global integrity guarantees offered by the implementation, access to other data might fail even if the data is still readable but its integrity cannot be guaranteed.
+
+    It is recommended to only use this error code to report when a storage component indicates that the stored data is corrupt, or fails an integrity check. For example, in situations that the PSA Internal Trusted Storage API reports `PSA_ERROR_DATA_CORRUPT` or `PSA_ERROR_INVALID_SIGNATURE`.
+
+.. macro:: PSA_ERROR_DATA_INVALID
+    :definition: ((psa_status_t)-153)
+
+    .. summary::
+        Data read from storage is not valid for the implementation.
+
+    This error indicates that some data read from storage does not have a valid format. It does not indicate the following situations, which have specific error codes:
+
+    * When the storage or stored data is corrupted - use `PSA_ERROR_DATA_CORRUPT`.
+    * When the storage fails for other reasons - use `PSA_ERROR_STORAGE_FAILURE`.
+    * An invalid argument to the API - use `PSA_ERROR_INVALID_ARGUMENT`.
+
+    This error is typically a result of an integration failure, where the implementation reading the data is not compatible with the implementation that stored the data.
+
+    It is recommended to only use this error code to report when data that is successfully read from storage is invalid.
+
+.. macro:: PSA_ERROR_HARDWARE_FAILURE
+    :definition: ((psa_status_t)-147)
+
+    .. summary::
+        A hardware failure was detected.
+
+    A hardware failure can be transient or permanent depending on the cause.
+
+.. macro:: PSA_ERROR_CORRUPTION_DETECTED
+    :definition: ((psa_status_t)-151)
+
+    .. summary::
+        A tampering attempt was detected.
+
+    If an application receives this error code, there is no guarantee that previously accessed or computed data was correct and remains confidential. In this situation, it is recommended that applications perform no further security functions and enter a safe failure state.
+
+    Implementations can return this error code if they detect an invalid state that cannot happen during normal operation and that indicates that the implementation's security guarantees no longer hold. Depending on the implementation architecture and on its security and safety goals, the implementation might forcibly terminate the application.
+
+    This error code is intended as a last resort when a security breach is detected and it is unsure whether the keystore data is still protected. Implementations must only return this error code to report an alarm from a tampering detector, to indicate that the confidentiality of stored data can no longer be guaranteed, or to indicate that the integrity of previously returned data is now considered compromised. Implementations must not use this error code to indicate a hardware failure that merely makes it impossible to perform the requested operation, instead use `PSA_ERROR_COMMUNICATION_FAILURE`, `PSA_ERROR_STORAGE_FAILURE`, `PSA_ERROR_HARDWARE_FAILURE`, `PSA_ERROR_INSUFFICIENT_ENTROPY` or other applicable error code.
+
+    This error indicates an attack against the application. Implementations must not return this error code as a consequence of the behavior of the application itself.
+
+.. macro:: PSA_ERROR_INSUFFICIENT_ENTROPY
+    :definition: ((psa_status_t)-148)
+
+    .. summary::
+        There is not enough entropy to generate random data needed for the requested action.
+
+    This error indicates a failure of a hardware random generator. Application writers must note that this error can be returned not only by functions whose purpose is to generate random data, such as key, IV or nonce generation, but also by functions that execute an algorithm with a randomized result, as well as functions that use randomization of intermediate computations as a countermeasure to certain attacks.
+
+    It is recommended that implementations do not return this error after `psa_crypto_init()` has succeeded. This can be achieved if the implementation generates sufficient entropy during initialization and subsequently a cryptographically secure pseudorandom generator (PRNG) is used. However, implementations might return this error at any time, for example, if a policy requires the PRNG to be reseeded during normal operation.
+
+.. macro:: PSA_ERROR_INVALID_SIGNATURE
+    :definition: ((psa_status_t)-149)
+
+    .. summary::
+        The signature, MAC or hash is incorrect.
+
+    Verification functions return this error if the verification calculations completed successfully, and the value to be verified was determined to be incorrect.
+
+    If the value to verify has an invalid size, implementations can return either `PSA_ERROR_INVALID_ARGUMENT` or `PSA_ERROR_INVALID_SIGNATURE`.
+
+.. macro:: PSA_ERROR_INVALID_PADDING
+    :definition: ((psa_status_t)-150)
+
+    .. summary::
+        The decrypted padding is incorrect.
+
+    .. warning::
+        In some protocols, when decrypting data, it is essential that the behavior of the application does not depend on whether the padding is correct, down to precise timing. Protocols that use authenticated encryption are recommended for use by applications, rather than plain encryption. If the application must perform a decryption of unauthenticated data, the application writer must take care not to reveal whether the padding is invalid.
+
+    Implementations must handle padding carefully, aiming to make it impossible for an external observer to distinguish between valid and invalid padding. In particular, it is recommended that the timing of a decryption operation does not depend on the validity of the padding.
+
+.. macro:: PSA_ERROR_INSUFFICIENT_DATA
+    :definition: ((psa_status_t)-143)
+
+    .. summary::
+        Return this error when there's insufficient data when attempting to read from a resource.
+
+.. macro:: PSA_ERROR_INVALID_HANDLE
+    :definition: ((psa_status_t)-136)
+
+    .. summary::
+        The key identifier is not valid.
+
+    See also :title:`key-ids`.
diff --git a/docs/html/_sources/api/ops/aead.rst.txt b/docs/html/_sources/api/ops/aead.rst.txt
new file mode 100644
index 0000000..162af7c
--- /dev/null
+++ b/docs/html/_sources/api/ops/aead.rst.txt
@@ -0,0 +1,945 @@
+.. _aead:
+
+Authenticated encryption with associated data (AEAD)
+====================================================
+
+.. _aead-algorithms:
+
+AEAD algorithms
+---------------
+
+.. macro:: PSA_ALG_CCM
+    :definition: ((psa_algorithm_t)0x05500100)
+
+    .. summary::
+        The CCM authenticated encryption algorithm.
+
+    The underlying block cipher is determined by the key type.
+
+.. macro:: PSA_ALG_GCM
+    :definition: ((psa_algorithm_t)0x05500200)
+
+    .. summary::
+        The GCM authenticated encryption algorithm.
+
+    The underlying block cipher is determined by the key type.
+
+.. macro:: PSA_ALG_CHACHA20_POLY1305
+    :definition: ((psa_algorithm_t)0x05100500)
+
+    .. summary::
+        The Chacha20-Poly1305 AEAD algorithm.
+
+    The ChaCha20_Poly1305 construction is defined in :RFC:`7539`.
+
+    Variants of this algorithm are defined by the length of the nonce:
+
+    - Implementations must support a 12-byte nonce, as defined in :RFC:`7539`.
+    - Implementations can optionally support an 8-byte nonce, the original variant.
+    - It is recommended that implementations do not support other sizes of nonce.
+
+    Implementations must support 16-byte tags. It is recommended that truncated tag sizes are rejected.
+
+.. macro:: PSA_ALG_AEAD_WITH_SHORTENED_TAG
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Macro to build a AEAD algorithm with a shortened tag.
+
+    .. param:: aead_alg
+        An AEAD algorithm identifier (value of type `psa_algorithm_t` such that :code:`PSA_ALG_IS_AEAD(alg)` is true).
+    .. param:: tag_length
+        Desired length of the authentication tag in bytes.
+
+    .. return::
+        The corresponding AEAD algorithm with the specified tag length.
+
+        Unspecified if ``alg`` is not a supported AEAD algorithm or if ``tag_length`` is not valid for the specified AEAD algorithm.
+
+    An AEAD algorithm with a shortened tag is similar to the corresponding AEAD algorithm, but has an authentication tag that consists of fewer bytes. Depending on the algorithm, the tag length might affect the calculation of the ciphertext.
+
+    The AEAD algorithm with a default length tag can be recovered using `PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG()`.
+
+Single-part AEAD functions
+--------------------------
+
+.. function:: psa_aead_encrypt
+
+    .. summary::
+        Process an authenticated encryption operation.
+
+    .. param:: psa_key_id_t key
+        Identifier of the key to use for the operation.
+        It must allow the usage `PSA_KEY_USAGE_ENCRYPT`.
+    .. param:: psa_algorithm_t alg
+        The AEAD algorithm to compute (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_AEAD(alg)` is true).
+    .. param:: const uint8_t * nonce
+        Nonce or IV to use.
+    .. param:: size_t nonce_length
+        Size of the ``nonce`` buffer in bytes. This must be appropriate for the selected algorithm. The default nonce size is :code:`PSA_AEAD_NONCE_LENGTH(key_type, alg)` where ``key_type`` is the type of ``key``.
+    .. param:: const uint8_t * additional_data
+        Additional data that will be authenticated but not encrypted.
+    .. param:: size_t additional_data_length
+        Size of ``additional_data`` in bytes.
+    .. param:: const uint8_t * plaintext
+        Data that will be authenticated and encrypted.
+    .. param:: size_t plaintext_length
+        Size of ``plaintext`` in bytes.
+    .. param:: uint8_t * ciphertext
+        Output buffer for the authenticated and encrypted data. The additional data is not part of this output. For algorithms where the encrypted data and the authentication tag are defined as separate outputs, the authentication tag is appended to the encrypted data.
+    .. param:: size_t ciphertext_size
+        Size of the ``ciphertext`` buffer in bytes. This must be appropriate for the selected algorithm and key:
+
+        * A sufficient output size is :code:`PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, plaintext_length)`  where ``key_type`` is the type of ``key``.
+        * :code:`PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(plaintext_length)` evaluates to the maximum ciphertext size of any supported AEAD encryption.
+
+    .. param:: size_t * ciphertext_length
+        On success, the size of the output in the ``ciphertext`` buffer.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+        Success.
+    .. retval:: PSA_ERROR_INVALID_HANDLE
+    .. retval:: PSA_ERROR_NOT_PERMITTED
+        The key does not have the `PSA_KEY_USAGE_ENCRYPT` flag, or it does not permit the requested algorithm.
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+        ``key`` is not compatible with ``alg``.
+    .. retval:: PSA_ERROR_NOT_SUPPORTED
+        ``alg`` is not supported or is not an AEAD algorithm.
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_BUFFER_TOO_SMALL
+        ``ciphertext_size`` is too small. `PSA_AEAD_ENCRYPT_OUTPUT_SIZE()` or `PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE()` can be used to determine the required buffer size.
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_STORAGE_FAILURE
+    .. retval:: PSA_ERROR_DATA_CORRUPT
+    .. retval:: PSA_ERROR_DATA_INVALID
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+.. function:: psa_aead_decrypt
+
+    .. summary::
+        Process an authenticated decryption operation.
+
+    .. param:: psa_key_id_t key
+        Identifier of the key to use for the operation.
+        It must allow the usage `PSA_KEY_USAGE_DECRYPT`.
+    .. param:: psa_algorithm_t alg
+        The AEAD algorithm to compute (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_AEAD(alg)` is true).
+    .. param:: const uint8_t * nonce
+        Nonce or IV to use.
+    .. param:: size_t nonce_length
+        Size of the ``nonce`` buffer in bytes. This must be appropriate for the selected algorithm. The default nonce size is :code:`PSA_AEAD_NONCE_LENGTH(key_type, alg)` where ``key_type`` is the type of ``key``.
+    .. param:: const uint8_t * additional_data
+        Additional data that has been authenticated but not encrypted.
+    .. param:: size_t additional_data_length
+        Size of ``additional_data`` in bytes.
+    .. param:: const uint8_t * ciphertext
+        Data that has been authenticated and encrypted. For algorithms where the encrypted data and the authentication tag are defined as separate inputs, the buffer must contain the encrypted data followed by the authentication tag.
+    .. param:: size_t ciphertext_length
+        Size of ``ciphertext`` in bytes.
+    .. param:: uint8_t * plaintext
+        Output buffer for the decrypted data.
+    .. param:: size_t plaintext_size
+        Size of the ``plaintext`` buffer in bytes. This must be appropriate for the selected algorithm and key:
+
+        * A sufficient output size is :code:`PSA_AEAD_DECRYPT_OUTPUT_SIZE(key_type, alg, ciphertext_length)`  where ``key_type`` is the type of ``key``.
+        * :code:`PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(ciphertext_length)` evaluates to the maximum plaintext size of any supported AEAD decryption.
+
+    .. param:: size_t * plaintext_length
+        On success, the size of the output in the ``plaintext`` buffer.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+        Success.
+    .. retval:: PSA_ERROR_INVALID_HANDLE
+    .. retval:: PSA_ERROR_INVALID_SIGNATURE
+        The ciphertext is not authentic.
+    .. retval:: PSA_ERROR_NOT_PERMITTED
+        The key does not have the `PSA_KEY_USAGE_DECRYPT` flag, or it does not permit the requested algorithm.
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+        ``key`` is not compatible with ``alg``.
+    .. retval:: PSA_ERROR_NOT_SUPPORTED
+        ``alg`` is not supported or is not an AEAD algorithm.
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_BUFFER_TOO_SMALL
+        ``plaintext_size`` is too small. `PSA_AEAD_DECRYPT_OUTPUT_SIZE()` or `PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE()` can be used to determine the required buffer size.
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_STORAGE_FAILURE
+    .. retval:: PSA_ERROR_DATA_CORRUPT
+    .. retval:: PSA_ERROR_DATA_INVALID
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+Multi-part AEAD operations
+--------------------------
+
+.. _aead-multi-part-warning:
+
+.. warning::
+    When decrypting using a multi-part AEAD operation, there is no guarantee that the input or output is valid until `psa_aead_verify()` has returned `PSA_SUCCESS`.
+
+    A call to `psa_aead_update()` or `psa_aead_update_ad()` returning `PSA_SUCCESS` **does not** indicate that the input and output is valid.
+
+    Until an application calls `psa_aead_verify()` and it has returned `PSA_SUCCESS`, the following rules apply to input and output data from a multi-part AEAD operation:
+
+    * Do not trust the input. If the application takes any action that depends on the input data, this action will need to be undone if the input turns out to be invalid.
+
+    * Store the output in a confidential location. In particular, the application must not copy the output to a memory or storage space which is shared.
+
+    * Do not trust the output. If the application takes any action that depends on the tentative decrypted data, this action will need to be undone if the input turns out to be invalid. Furthermore, if an adversary can observe that this action took place, for example, through timing, they might be able to use this fact as an oracle to decrypt any message encrypted with the same key.
+
+    An application that does not follow these rules might be vulnerable to maliciously constructed AEAD input data.
+
+
+.. typedef:: /* implementation-defined type */ psa_aead_operation_t
+
+    .. summary::
+        The type of the state object for multi-part AEAD operations.
+
+    Before calling any function on an AEAD operation object, the application must initialize it by any of the following means:
+
+    * Set the object to all-bits-zero, for example:
+
+      .. autocode::
+          psa_aead_operation_t operation;
+          memset(&operation, 0, sizeof(operation));
+
+    * Initialize the object to logical zero values by declaring the object as static or global without an explicit initializer, for example:
+
+      .. autocode::
+          static psa_aead_operation_t operation;
+
+    * Initialize the object to the initializer `PSA_AEAD_OPERATION_INIT`, for example:
+
+      .. autocode::
+          psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
+
+    * Assign the result of the function `psa_aead_operation_init()` to the object, for example:
+
+      .. autocode::
+          psa_aead_operation_t operation;
+          operation = psa_aead_operation_init();
+
+    This is an implementation-defined type. Applications that make assumptions about the content of this object will result in in implementation-specific behavior, and are non-portable.
+
+.. macro:: PSA_AEAD_OPERATION_INIT
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        This macro returns a suitable initializer for an AEAD operation object of type `psa_aead_operation_t`.
+
+.. function:: psa_aead_operation_init
+
+    .. summary::
+        Return an initial value for an AEAD operation object.
+
+    .. return:: psa_aead_operation_t
+
+.. function:: psa_aead_encrypt_setup
+
+    .. summary::
+        Set the key for a multi-part authenticated encryption operation.
+
+    .. param:: psa_aead_operation_t * operation
+        The operation object to set up. It must have been initialized as per the documentation for `psa_aead_operation_t` and not yet in use.
+    .. param:: psa_key_id_t key
+        Identifier of the key to use for the operation. It must remain valid until the operation terminates.
+        It must allow the usage `PSA_KEY_USAGE_ENCRYPT`.
+    .. param:: psa_algorithm_t alg
+        The AEAD algorithm to compute (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_AEAD(alg)` is true).
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+        Success.
+    .. retval:: PSA_ERROR_BAD_STATE
+        The operation state is not valid: it must be inactive.
+    .. retval:: PSA_ERROR_INVALID_HANDLE
+    .. retval:: PSA_ERROR_NOT_PERMITTED
+        The key does not have the `PSA_KEY_USAGE_ENCRYPT` flag, or it does not permit the requested algorithm.
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+        ``key`` is not compatible with ``alg``.
+    .. retval:: PSA_ERROR_NOT_SUPPORTED
+        ``alg`` is not supported or is not an AEAD algorithm.
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_STORAGE_FAILURE
+    .. retval:: PSA_ERROR_DATA_CORRUPT
+    .. retval:: PSA_ERROR_DATA_INVALID
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    The sequence of operations to encrypt a message with authentication is as follows:
+
+    #. Allocate an operation object which will be passed to all the functions listed here.
+    #. Initialize the operation object with one of the methods described in the documentation for `psa_aead_operation_t`, e.g. `PSA_AEAD_OPERATION_INIT`.
+    #. Call `psa_aead_encrypt_setup()` to specify the algorithm and key.
+    #. If needed, call `psa_aead_set_lengths()` to specify the length of the inputs to the subsequent calls to `psa_aead_update_ad()` and `psa_aead_update()`. See the documentation of `psa_aead_set_lengths()` for details.
+    #. Call either `psa_aead_generate_nonce()` or `psa_aead_set_nonce()` to generate or set the nonce. It is recommended to use `psa_aead_generate_nonce()` unless the protocol being implemented requires a specific nonce value.
+    #. Call `psa_aead_update_ad()` zero, one or more times, passing a fragment of the non-encrypted additional authenticated data each time.
+    #. Call `psa_aead_update()` zero, one or more times, passing a fragment of the message to encrypt each time.
+    #. Call `psa_aead_finish()`.
+
+    If an error occurs at any step after a call to `psa_aead_encrypt_setup()`, the operation will need to be reset by a call to `psa_aead_abort()`. The application can call `psa_aead_abort()` at any time after the operation has been initialized.
+
+    After a successful call to `psa_aead_encrypt_setup()`, the application must eventually terminate the operation. The following events terminate an operation:
+
+    * A successful call to `psa_aead_finish()`.
+    * A call to `psa_aead_abort()`.
+
+.. function:: psa_aead_decrypt_setup
+
+    .. summary::
+        Set the key for a multi-part authenticated decryption operation.
+
+    .. param:: psa_aead_operation_t * operation
+        The operation object to set up. It must have been initialized as per the documentation for `psa_aead_operation_t` and not yet in use.
+    .. param:: psa_key_id_t key
+        Identifier of the key to use for the operation. It must remain valid until the operation terminates.
+        It must allow the usage `PSA_KEY_USAGE_DECRYPT`.
+    .. param:: psa_algorithm_t alg
+        The AEAD algorithm to compute (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_AEAD(alg)` is true).
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+        Success.
+    .. retval:: PSA_ERROR_BAD_STATE
+        The operation state is not valid: it must be inactive.
+    .. retval:: PSA_ERROR_INVALID_HANDLE
+    .. retval:: PSA_ERROR_NOT_PERMITTED
+        The key does not have the `PSA_KEY_USAGE_DECRYPT` flag, or it does not permit the requested algorithm.
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+        ``key`` is not compatible with ``alg``.
+    .. retval:: PSA_ERROR_NOT_SUPPORTED
+        ``alg`` is not supported or is not an AEAD algorithm.
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_STORAGE_FAILURE
+    .. retval:: PSA_ERROR_DATA_CORRUPT
+    .. retval:: PSA_ERROR_DATA_INVALID
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    The sequence of operations to decrypt a message with authentication is as follows:
+
+    #. Allocate an operation object which will be passed to all the functions listed here.
+    #. Initialize the operation object with one of the methods described in the documentation for `psa_aead_operation_t`, e.g. `PSA_AEAD_OPERATION_INIT`.
+    #. Call `psa_aead_decrypt_setup()` to specify the algorithm and key.
+    #. If needed, call `psa_aead_set_lengths()` to specify the length of the inputs to the subsequent calls to `psa_aead_update_ad()` and `psa_aead_update()`. See the documentation of `psa_aead_set_lengths()` for details.
+    #. Call `psa_aead_set_nonce()` with the nonce for the decryption.
+    #. Call `psa_aead_update_ad()` zero, one or more times, passing a fragment of the non-encrypted additional authenticated data each time.
+    #. Call `psa_aead_update()` zero, one or more times, passing a fragment of the ciphertext to decrypt each time.
+    #. Call `psa_aead_verify()`.
+
+    If an error occurs at any step after a call to `psa_aead_decrypt_setup()`, the operation will need to be reset by a call to `psa_aead_abort()`. The application can call `psa_aead_abort()` at any time after the operation has been initialized.
+
+    After a successful call to `psa_aead_decrypt_setup()`, the application must eventually terminate the operation. The following events terminate an operation:
+
+    * A successful call to `psa_aead_verify()`.
+    * A call to `psa_aead_abort()`.
+
+.. function:: psa_aead_generate_nonce
+
+    .. summary::
+        Generate a random nonce for an authenticated encryption operation.
+
+    .. param:: psa_aead_operation_t * operation
+        Active AEAD operation.
+    .. param:: uint8_t * nonce
+        Buffer where the generated nonce is to be written.
+    .. param:: size_t nonce_size
+        Size of the ``nonce`` buffer in bytes. This must be at least :code:`PSA_AEAD_NONCE_LENGTH(key_type, alg)` where ``key_type`` and ``alg`` are type of key and the algorithm respectively that were used to set up the AEAD operation.
+    .. param:: size_t * nonce_length
+        On success, the number of bytes of the generated nonce.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+        Success.
+    .. retval:: PSA_ERROR_BAD_STATE
+        The operation state is not valid: it must be an active AEAD encryption operation, with no nonce set.
+    .. retval:: PSA_ERROR_BUFFER_TOO_SMALL
+        The size of the ``nonce`` buffer is too small. `PSA_AEAD_NONCE_LENGTH()` or `PSA_AEAD_NONCE_MAX_SIZE` can be used to determine the required buffer size.
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_STORAGE_FAILURE
+    .. retval:: PSA_ERROR_DATA_CORRUPT
+    .. retval:: PSA_ERROR_DATA_INVALID
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    This function generates a random nonce for the authenticated encryption operation with an appropriate size for the chosen algorithm, key type and key size.
+
+    The application must call `psa_aead_encrypt_setup()` before calling this function.
+
+    If this function returns an error status, the operation enters an error state and must be aborted by calling `psa_aead_abort()`.
+
+.. function:: psa_aead_set_nonce
+
+    .. summary::
+        Set the nonce for an authenticated encryption or decryption operation.
+
+    .. param:: psa_aead_operation_t * operation
+        Active AEAD operation.
+    .. param:: const uint8_t * nonce
+        Buffer containing the nonce to use.
+    .. param:: size_t nonce_length
+        Size of the nonce in bytes. This must be a valid nonce size for the chosen algorithm. The default nonce size is :code:`PSA_AEAD_NONCE_LENGTH(key_type, alg)` where ``key_type`` and ``alg`` are type of key and the algorithm respectively that were used to set up the AEAD operation.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+        Success.
+    .. retval:: PSA_ERROR_BAD_STATE
+        The operation state is not valid: it must be active, with no nonce set.
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+        The size of ``nonce`` is not acceptable for the chosen algorithm.
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_STORAGE_FAILURE
+    .. retval:: PSA_ERROR_DATA_CORRUPT
+    .. retval:: PSA_ERROR_DATA_INVALID
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    This function sets the nonce for the authenticated encryption or decryption operation.
+
+    The application must call `psa_aead_encrypt_setup()` or `psa_aead_decrypt_setup()` before calling this function.
+
+    If this function returns an error status, the operation enters an error state and must be aborted by calling `psa_aead_abort()`.
+
+    .. note::
+        When encrypting, `psa_aead_generate_nonce()` is recommended instead of using this function, unless implementing a protocol that requires a non-random IV.
+
+.. function:: psa_aead_set_lengths
+
+    .. summary::
+        Declare the lengths of the message and additional data for AEAD.
+
+    .. param:: psa_aead_operation_t * operation
+        Active AEAD operation.
+    .. param:: size_t ad_length
+        Size of the non-encrypted additional authenticated data in bytes.
+    .. param:: size_t plaintext_length
+        Size of the plaintext to encrypt in bytes.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+        Success.
+    .. retval:: PSA_ERROR_BAD_STATE
+        The operation state is not valid: it must be active, and `psa_aead_update_ad()` and `psa_aead_update()` must not have been called yet.
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+        At least one of the lengths is not acceptable for the chosen algorithm.
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    The application must call this function before calling `psa_aead_update_ad()` or `psa_aead_update()` if the algorithm for the operation requires it. If the algorithm does not require it, calling this function is optional, but if this function is called then the implementation must enforce the lengths.
+
+    This function can be called before or after setting the nonce with `psa_aead_set_nonce()` or `psa_aead_generate_nonce()`.
+
+    * For `PSA_ALG_CCM`, calling this function is required.
+    * For the other AEAD algorithms defined in this specification, calling this function is not required.
+    * For vendor-defined algorithm, refer to the vendor documentation.
+
+    If this function returns an error status, the operation enters an error state and must be aborted by calling `psa_aead_abort()`.
+
+.. function:: psa_aead_update_ad
+
+    .. summary::
+        Pass additional data to an active AEAD operation.
+
+    .. param:: psa_aead_operation_t * operation
+        Active AEAD operation.
+    .. param:: const uint8_t * input
+        Buffer containing the fragment of additional data.
+    .. param:: size_t input_length
+        Size of the ``input`` buffer in bytes.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+        Success.
+
+        .. warning::
+            When decrypting, do not trust the input until `psa_aead_verify()` succeeds.
+
+            See the :ref:`detailed warning <aead-multi-part-warning>`.
+
+    .. retval:: PSA_ERROR_BAD_STATE
+        The operation state is not valid: it must be active, have a nonce set, have lengths set if required by the algorithm, and `psa_aead_update()` must not have been called yet.
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+        The total input length overflows the additional data length that was previously specified with `psa_aead_set_lengths()`.
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_STORAGE_FAILURE
+    .. retval:: PSA_ERROR_DATA_CORRUPT
+    .. retval:: PSA_ERROR_DATA_INVALID
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    Additional data is authenticated, but not encrypted.
+
+    This function can be called multiple times to pass successive fragments of the additional data. This function must not be called after passing data to encrypt or decrypt with `psa_aead_update()`.
+
+    The following must occur before calling this function:
+
+    #. Call either `psa_aead_encrypt_setup()` or `psa_aead_decrypt_setup()`.
+    #. Set the nonce with `psa_aead_generate_nonce()` or `psa_aead_set_nonce()`.
+
+    If this function returns an error status, the operation enters an error state and must be aborted by calling `psa_aead_abort()`.
+
+.. function:: psa_aead_update
+
+    .. summary::
+        Encrypt or decrypt a message fragment in an active AEAD operation.
+
+    .. param:: psa_aead_operation_t * operation
+        Active AEAD operation.
+    .. param:: const uint8_t * input
+        Buffer containing the message fragment to encrypt or decrypt.
+    .. param:: size_t input_length
+        Size of the ``input`` buffer in bytes.
+    .. param:: uint8_t * output
+        Buffer where the output is to be written.
+    .. param:: size_t output_size
+        Size of the ``output`` buffer in bytes. This must be appropriate for the selected algorithm and key:
+
+        * A sufficient output size is :code:`PSA_AEAD_UPDATE_OUTPUT_SIZE(key_type, alg, input_length)` where ``key_type`` is the type of key and ``alg`` is the algorithm that were used to set up the operation.
+        * :code:`PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(input_length)` evaluates to the maximum output size of any supported AEAD algorithm.
+
+    .. param:: size_t * output_length
+        On success, the number of bytes that make up the returned output.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+        Success.
+
+        .. warning::
+            When decrypting, do not use the output until `psa_aead_verify()` succeeds.
+
+            See the :ref:`detailed warning <aead-multi-part-warning>`.
+
+    .. retval:: PSA_ERROR_BAD_STATE
+        The operation state is not valid: it must be active, have a nonce set, and have lengths set if required by the algorithm.
+    .. retval:: PSA_ERROR_BUFFER_TOO_SMALL
+        The size of the ``output`` buffer is too small. `PSA_AEAD_UPDATE_OUTPUT_SIZE()` or `PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE()` can be used to determine the required buffer size.
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+        The total length of input to `psa_aead_update_ad()` so far is less than the additional data length that was previously specified with `psa_aead_set_lengths()`.
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+        The total input length overflows the plaintext length that was previously specified with `psa_aead_set_lengths()`.
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_STORAGE_FAILURE
+    .. retval:: PSA_ERROR_DATA_CORRUPT
+    .. retval:: PSA_ERROR_DATA_INVALID
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    The following must occur before calling this function:
+
+    #. Call either `psa_aead_encrypt_setup()` or `psa_aead_decrypt_setup()`. The choice of setup function determines whether this function encrypts or decrypts its input.
+    #. Set the nonce with `psa_aead_generate_nonce()` or `psa_aead_set_nonce()`.
+    #. Call `psa_aead_update_ad()` to pass all the additional data.
+
+    If this function returns an error status, the operation enters an error state and must be aborted by calling `psa_aead_abort()`.
+
+    This function does not require the input to be aligned to any particular block boundary. If the implementation can only process a whole block at a time, it must consume all the input provided, but it might delay the end of the corresponding output until a subsequent call to `psa_aead_update()`, `psa_aead_finish()` or `psa_aead_verify()` provides sufficient input. The amount of data that can be delayed in this way is bounded by `PSA_AEAD_UPDATE_OUTPUT_SIZE()`.
+
+.. function:: psa_aead_finish
+
+    .. summary::
+        Finish encrypting a message in an AEAD operation.
+
+    .. param:: psa_aead_operation_t * operation
+        Active AEAD operation.
+    .. param:: uint8_t * ciphertext
+        Buffer where the last part of the ciphertext is to be written.
+    .. param:: size_t ciphertext_size
+        Size of the ``ciphertext`` buffer in bytes. This must be appropriate for the selected algorithm and key:
+
+        * A sufficient output size is :code:`PSA_AEAD_FINISH_OUTPUT_SIZE(key_type, alg)` where ``key_type`` is the type of key and ``alg`` is the algorithm that were used to set up the operation.
+        * `PSA_AEAD_FINISH_OUTPUT_MAX_SIZE` evaluates to the maximum output size of any supported AEAD algorithm.
+
+    .. param:: size_t * ciphertext_length
+        On success, the number of bytes of returned ciphertext.
+    .. param:: uint8_t * tag
+        Buffer where the authentication tag is to be written.
+    .. param:: size_t tag_size
+        Size of the ``tag`` buffer in bytes.
+        This must be appropriate for the selected algorithm and key:
+
+        * The exact tag size is :code:`PSA_AEAD_TAG_LENGTH(key_type, key_bits, alg)` where ``key_type`` and ``key_bits`` are the type and bit-size of the key, and ``alg`` is the algorithm that were used in the call to `psa_aead_encrypt_setup()`.
+        * `PSA_AEAD_TAG_MAX_SIZE` evaluates to the maximum tag size of any supported AEAD algorithm.
+
+    .. param:: size_t * tag_length
+        On success, the number of bytes that make up the returned tag.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+        Success.
+    .. retval:: PSA_ERROR_BAD_STATE
+        The operation state is not valid: it must be an active encryption operation with a nonce set.
+    .. retval:: PSA_ERROR_BUFFER_TOO_SMALL
+        The size of the ``ciphertext`` or ``tag`` buffer is too small.
+        `PSA_AEAD_FINISH_OUTPUT_SIZE()` or `PSA_AEAD_FINISH_OUTPUT_MAX_SIZE` can be used to determine the required ``ciphertext`` buffer size.
+        `PSA_AEAD_TAG_LENGTH()` or `PSA_AEAD_TAG_MAX_SIZE` can be used to determine the required ``tag`` buffer size.
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+        The total length of input to `psa_aead_update_ad()` so far is less than the additional data length that was previously specified with `psa_aead_set_lengths()`.
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+        The total length of input to `psa_aead_update()` so far is less than the plaintext length that was previously specified with `psa_aead_set_lengths()`.
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_STORAGE_FAILURE
+    .. retval:: PSA_ERROR_DATA_CORRUPT
+    .. retval:: PSA_ERROR_DATA_INVALID
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    The operation must have been set up with `psa_aead_encrypt_setup()`.
+
+    This function finishes the authentication of the additional data formed by concatenating the inputs passed to preceding calls to `psa_aead_update_ad()` with the plaintext formed by concatenating the inputs passed to preceding calls to `psa_aead_update()`.
+
+    This function has two output buffers:
+
+    * ``ciphertext`` contains trailing ciphertext that was buffered from preceding calls to `psa_aead_update()`.
+    * ``tag`` contains the authentication tag.
+
+    When this function returns successfully, the operation becomes inactive. If this function returns an error status, the operation enters an error state and must be aborted by calling `psa_aead_abort()`.
+
+.. function:: psa_aead_verify
+
+    .. summary::
+        Finish authenticating and decrypting a message in an AEAD operation.
+
+    .. param:: psa_aead_operation_t * operation
+        Active AEAD operation.
+    .. param:: uint8_t * plaintext
+        Buffer where the last part of the plaintext is to be written. This is the remaining data from previous calls to `psa_aead_update()` that could not be processed until the end of the input.
+    .. param:: size_t plaintext_size
+        Size of the ``plaintext`` buffer in bytes. This must be appropriate for the selected algorithm and key:
+
+        * A sufficient output size is :code:`PSA_AEAD_VERIFY_OUTPUT_SIZE(key_type, alg)` where ``key_type`` is the type of key and ``alg`` is the algorithm that were used to set up the operation.
+        * `PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE` evaluates to the maximum output size of any supported AEAD algorithm.
+
+    .. param:: size_t * plaintext_length
+        On success, the number of bytes of returned plaintext.
+    .. param:: const uint8_t * tag
+        Buffer containing the authentication tag.
+    .. param:: size_t tag_length
+        Size of the ``tag`` buffer in bytes.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+        Success.
+    .. retval:: PSA_ERROR_INVALID_SIGNATURE
+        The calculations were successful, but the authentication tag is not correct.
+    .. retval:: PSA_ERROR_BAD_STATE
+        The operation state is not valid: it must be an active decryption operation with a nonce set.
+    .. retval:: PSA_ERROR_BUFFER_TOO_SMALL
+        The size of the ``plaintext`` buffer is too small. `PSA_AEAD_VERIFY_OUTPUT_SIZE()` or `PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE` can be used to determine the required buffer size.
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+        The total length of input to `psa_aead_update_ad()` so far is less than the additional data length that was previously specified with `psa_aead_set_lengths()`.
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+        The total length of input to `psa_aead_update()` so far is less than the plaintext length that was previously specified with `psa_aead_set_lengths()`.
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_STORAGE_FAILURE
+    .. retval:: PSA_ERROR_DATA_CORRUPT
+    .. retval:: PSA_ERROR_DATA_INVALID
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    The operation must have been set up with `psa_aead_decrypt_setup()`.
+
+    This function finishes the authenticated decryption of the message components:
+
+    * The additional data consisting of the concatenation of the inputs passed to preceding calls to `psa_aead_update_ad()`.
+    * The ciphertext consisting of the concatenation of the inputs passed to preceding calls to `psa_aead_update()`.
+    * The tag passed to this function call.
+
+    If the authentication tag is correct, this function outputs any remaining plaintext and reports success. If the authentication tag is not correct, this function returns `PSA_ERROR_INVALID_SIGNATURE`.
+
+    When this function returns successfully, the operation becomes inactive. If this function returns an error status, the operation enters an error state and must be aborted by calling `psa_aead_abort()`.
+
+    .. note::
+        Implementations must make the best effort to ensure that the comparison between the actual tag and the expected tag is performed in constant time.
+
+.. function:: psa_aead_abort
+
+    .. summary::
+        Abort an AEAD operation.
+
+    .. param:: psa_aead_operation_t * operation
+        Initialized AEAD operation.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    Aborting an operation frees all associated resources except for the ``operation`` object itself. Once aborted, the operation object can be reused for another operation by calling `psa_aead_encrypt_setup()` or `psa_aead_decrypt_setup()` again.
+
+    This function can be called any time after the operation object has been initialized as described in `psa_aead_operation_t`.
+
+    In particular, calling `psa_aead_abort()` after the operation has been terminated by a call to `psa_aead_abort()`, `psa_aead_finish()` or `psa_aead_verify()` is safe and has no effect.
+
+Support macros
+--------------
+
+.. macro:: PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Whether the specified algorithm is an AEAD mode on a block cipher.
+
+    .. param:: alg
+        An algorithm identifier (value of type `psa_algorithm_t`).
+
+    .. return::
+        ``1`` if ``alg`` is an AEAD algorithm which is an AEAD mode based on a block cipher, ``0`` otherwise.
+
+        This macro can return either ``0`` or ``1`` if ``alg`` is not a supported algorithm identifier.
+
+.. macro:: PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG
+    :definition: /* specification-defined value */
+
+    .. summary::
+        An AEAD algorithm with the default tag length.
+
+    .. param:: aead_alg
+        An AEAD algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_AEAD(alg)` is true).
+
+    .. return::
+        The corresponding AEAD algorithm with the default tag length for that algorithm.
+
+    This macro can be used to construct the AEAD algorithm with default tag length from an AEAD algorithm with a shortened tag. See also `PSA_ALG_AEAD_WITH_SHORTENED_TAG()`.
+
+.. macro:: PSA_AEAD_ENCRYPT_OUTPUT_SIZE
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        The maximum size of the output of `psa_aead_encrypt()`, in bytes.
+
+    .. param:: key_type
+        A symmetric key type that is compatible with algorithm ``alg``.
+    .. param:: alg
+        An AEAD algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_AEAD(alg)` is true).
+    .. param:: plaintext_length
+        Size of the plaintext in bytes.
+
+    .. return::
+        The AEAD ciphertext size for the specified key type and algorithm. If the key type or AEAD algorithm is not recognized, or the parameters are incompatible, return ``0``. An implementation can return either ``0`` or a correct size for a key type and AEAD algorithm that it recognizes, but does not support.
+
+    If the size of the ciphertext buffer is at least this large, it is guaranteed that `psa_aead_encrypt()` will not fail due to an insufficient buffer size. Depending on the algorithm, the actual size of the ciphertext might be smaller.
+
+    See also `PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE`.
+
+.. macro:: PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        A sufficient output buffer size for `psa_aead_encrypt()`, for any of the supported key types and AEAD algorithms.
+
+    .. param:: plaintext_length
+        Size of the plaintext in bytes.
+
+    If the size of the ciphertext buffer is at least this large, it is guaranteed that `psa_aead_encrypt()` will not fail due to an insufficient buffer size.
+
+    See also `PSA_AEAD_ENCRYPT_OUTPUT_SIZE()`.
+
+.. macro:: PSA_AEAD_DECRYPT_OUTPUT_SIZE
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        The maximum size of the output of `psa_aead_decrypt()`, in bytes.
+
+    .. param:: key_type
+        A symmetric key type that is compatible with algorithm ``alg``.
+    .. param:: alg
+        An AEAD algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_AEAD(alg)` is true).
+    .. param:: ciphertext_length
+        Size of the ciphertext in bytes.
+
+    .. return::
+        The AEAD plaintext size for the specified key type and algorithm. If the key type or AEAD algorithm is not recognized, or the parameters are incompatible, return ``0``. An implementation can return either ``0`` or a correct size for a key type and AEAD algorithm that it recognizes, but does not support.
+
+    If the size of the plaintext buffer is at least this large, it is guaranteed that `psa_aead_decrypt()` will not fail due to an insufficient buffer size. Depending on the algorithm, the actual size of the plaintext might be smaller.
+
+    See also `PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE`.
+
+.. macro:: PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        A sufficient output buffer size for `psa_aead_decrypt()`, for any of the supported key types and AEAD algorithms.
+
+    .. param:: ciphertext_length
+        Size of the ciphertext in bytes.
+
+    If the size of the plaintext buffer is at least this large, it is guaranteed that `psa_aead_decrypt()` will not fail due to an insufficient buffer size.
+
+    See also `PSA_AEAD_DECRYPT_OUTPUT_SIZE()`.
+
+.. macro:: PSA_AEAD_NONCE_LENGTH
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        The default nonce size for an AEAD algorithm, in bytes.
+
+    .. param:: key_type
+        A symmetric key type that is compatible with algorithm ``alg``.
+    .. param:: alg
+        An AEAD algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_AEAD(alg)` is true).
+
+    .. return::
+        The default nonce size for the specified key type and algorithm. If the key type or AEAD algorithm is not recognized, or the parameters are incompatible, return ``0``. An implementation can return either ``0`` or a correct size for a key type and AEAD algorithm that it recognizes, but does not support.
+
+    This macro can be used to allocate a buffer of sufficient size to store the nonce output from `psa_aead_generate_nonce()`.
+
+    See also `PSA_AEAD_NONCE_MAX_SIZE`.
+
+.. macro:: PSA_AEAD_NONCE_MAX_SIZE
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        The maximum nonce size for all supported AEAD algorithms, in bytes.
+
+    See also `PSA_AEAD_NONCE_LENGTH()`.
+
+.. macro:: PSA_AEAD_UPDATE_OUTPUT_SIZE
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        A sufficient output buffer size for `psa_aead_update()`.
+
+    .. param:: key_type
+        A symmetric key type that is compatible with algorithm ``alg``.
+    .. param:: alg
+        An AEAD algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_AEAD(alg)` is true).
+    .. param:: input_length
+        Size of the input in bytes.
+
+    .. return::
+        A sufficient output buffer size for the specified key type and algorithm. If the key type or AEAD algorithm is not recognized, or the parameters are incompatible, return ``0``. An implementation can return either ``0`` or a correct size for a key type and AEAD algorithm that it recognizes, but does not support.
+
+    If the size of the output buffer is at least this large, it is guaranteed that `psa_aead_update()` will not fail due to an insufficient buffer size. The actual size of the output might be smaller in any given call.
+
+    See also `PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE`.
+
+.. macro:: PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        A sufficient output buffer size for `psa_aead_update()`, for any of the supported key types and AEAD algorithms.
+
+    .. param:: input_length
+        Size of the input in bytes.
+
+    If the size of the output buffer is at least this large, it is guaranteed that `psa_aead_update()` will not fail due to an insufficient buffer size.
+
+    See also `PSA_AEAD_UPDATE_OUTPUT_SIZE()`.
+
+.. macro:: PSA_AEAD_FINISH_OUTPUT_SIZE
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        A sufficient ciphertext buffer size for `psa_aead_finish()`.
+
+    .. param:: key_type
+        A symmetric key type that is compatible with algorithm ``alg``.
+    .. param:: alg
+        An AEAD algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_AEAD(alg)` is true).
+
+    .. return::
+        A sufficient ciphertext buffer size for the specified key type and algorithm. If the key type or AEAD algorithm is not recognized, or the parameters are incompatible, return ``0``. An implementation can return either ``0`` or a correct size for a key type and AEAD algorithm that it recognizes, but does not support.
+
+    If the size of the ciphertext buffer is at least this large, it is guaranteed that `psa_aead_finish()` will not fail due to an insufficient ciphertext buffer size. The actual size of the output might be smaller in any given call.
+
+    See also `PSA_AEAD_FINISH_OUTPUT_MAX_SIZE`.
+
+.. macro:: PSA_AEAD_FINISH_OUTPUT_MAX_SIZE
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        A sufficient ciphertext buffer size for `psa_aead_finish()`, for any of the supported key types and AEAD algorithms.
+
+    See also `PSA_AEAD_FINISH_OUTPUT_SIZE()`.
+
+.. macro:: PSA_AEAD_TAG_LENGTH
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        The length of a tag for an AEAD algorithm, in bytes.
+
+    .. param:: key_type
+        The type of the AEAD key.
+    .. param:: key_bits
+        The size of the AEAD key in bits.
+    .. param:: alg
+        An AEAD algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_AEAD(alg)` is true).
+
+    .. return::
+        The tag length for the specified algorithm and key.
+        If the AEAD algorithm does not have an identified tag that can be distinguished from the rest of the ciphertext, return ``0``. If the AEAD algorithm is not recognized, return ``0``. An implementation can return either ``0`` or a correct size for an AEAD algorithm that it recognizes, but does not support.
+
+    This macro can be used to allocate a buffer of sufficient size to store the tag output from `psa_aead_finish()`.
+
+    See also `PSA_AEAD_TAG_MAX_SIZE`.
+
+.. macro:: PSA_AEAD_TAG_MAX_SIZE
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        The maximum tag size for all supported AEAD algorithms, in bytes.
+
+    See also `PSA_AEAD_TAG_LENGTH()`.
+
+.. macro:: PSA_AEAD_VERIFY_OUTPUT_SIZE
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        A sufficient plaintext buffer size for `psa_aead_verify()`.
+
+    .. param:: key_type
+        A symmetric key type that is compatible with algorithm ``alg``.
+    .. param:: alg
+        An AEAD algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_AEAD(alg)` is true).
+
+    .. return::
+        A sufficient plaintext buffer size for the specified key type and algorithm. If the key type or AEAD algorithm is not recognized, or the parameters are incompatible, return ``0``. An implementation can return either ``0`` or a correct size for a key type and AEAD algorithm that it recognizes, but does not support.
+
+    If the size of the plaintext buffer is at least this large, it is guaranteed that `psa_aead_verify()` will not fail due to an insufficient plaintext buffer size. The actual size of the output might be smaller in any given call.
+
+    See also `PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE`.
+
+.. macro:: PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        A sufficient plaintext buffer size for `psa_aead_verify()`, for any of the supported key types and AEAD algorithms.
+
+    See also `PSA_AEAD_VERIFY_OUTPUT_SIZE()`.
diff --git a/docs/html/_sources/api/ops/ciphers.rst.txt b/docs/html/_sources/api/ops/ciphers.rst.txt
new file mode 100644
index 0000000..2e0883e
--- /dev/null
+++ b/docs/html/_sources/api/ops/ciphers.rst.txt
@@ -0,0 +1,757 @@
+.. _ciphers:
+
+Unauthenticated ciphers
+=======================
+
+.. warning::
+
+    The unauthenticated cipher API is provided to implement legacy protocols and
+    for use cases where the data integrity and authenticity is guaranteed by
+    non-cryptographic means.
+
+    It is recommended that newer protocols use :title:`aead`.
+
+.. _cipher-algorithms:
+
+Cipher algorithms
+-----------------
+
+.. macro:: PSA_ALG_STREAM_CIPHER
+    :definition: ((psa_algorithm_t)0x04800100)
+
+    .. summary::
+        The stream cipher mode of a stream cipher algorithm.
+
+    The underlying stream cipher is determined by the key type:
+
+    * To use ChaCha20, use a key type of `PSA_KEY_TYPE_CHACHA20` and algorithm id `PSA_ALG_STREAM_CIPHER`.
+    * To use ARC4, use a key type of `PSA_KEY_TYPE_ARC4` and algorithm id `PSA_ALG_STREAM_CIPHER`.
+
+.. macro:: PSA_ALG_CTR
+    :definition: ((psa_algorithm_t)0x04c01000)
+
+    .. summary::
+        A stream cipher built using the Counter (CTR) mode of a block cipher.
+
+    CTR is a stream cipher which is built from a block cipher. The underlying block cipher is determined by the key type. For example, to use AES-128-CTR, use this algorithm with a key of type `PSA_KEY_TYPE_AES` and a length of 128 bits (16 bytes).
+
+.. macro:: PSA_ALG_CFB
+    :definition: ((psa_algorithm_t)0x04c01100)
+
+    .. summary::
+        A stream cipher built using the Cipher Feedback (CFB) mode of a block cipher.
+
+    The underlying block cipher is determined by the key type.
+
+.. macro:: PSA_ALG_OFB
+    :definition: ((psa_algorithm_t)0x04c01200)
+
+    .. summary::
+        A stream cipher built using the Output Feedback (OFB) mode of a block cipher.
+
+    The underlying block cipher is determined by the key type.
+
+.. macro:: PSA_ALG_XTS
+    :definition: ((psa_algorithm_t)0x0440ff00)
+
+    .. summary::
+        The XTS cipher mode of a block cipher.
+
+    XTS is a cipher mode which is built from a block cipher. It requires at least one full block of input, but beyond this minimum the input does not need to be a whole number of blocks.
+
+.. macro:: PSA_ALG_ECB_NO_PADDING
+    :definition: ((psa_algorithm_t)0x04404400)
+
+    .. summary::
+        The Electronic Code Book (ECB) mode of a block cipher, with no padding.
+
+    .. warning::
+        ECB mode does not protect the confidentiality of the encrypted data except in extremely narrow circumstances. It is recommended that applications only use ECB if they need to construct an operating mode that the implementation does not provide. Implementations are encouraged to provide the modes that applications need in preference to supporting direct access to ECB.
+
+    The underlying block cipher is determined by the key type.
+
+    This symmetric cipher mode can only be used with messages whose lengths are whole number of blocks for the chosen block cipher.
+
+    ECB mode does not accept an initialization vector (IV). When using a multi-part cipher operation with this algorithm, `psa_cipher_generate_iv()` and `psa_cipher_set_iv()` must not be called.
+
+.. macro:: PSA_ALG_CBC_NO_PADDING
+    :definition: ((psa_algorithm_t)0x04404000)
+
+    .. summary::
+        The Cipher Block Chaining (CBC) mode of a block cipher, with no padding.
+
+    The underlying block cipher is determined by the key type.
+
+    This symmetric cipher mode can only be used with messages whose lengths are whole number of blocks for the chosen block cipher.
+
+.. macro:: PSA_ALG_CBC_PKCS7
+    :definition: ((psa_algorithm_t)0x04404100)
+
+    .. summary::
+        The Cipher Block Chaining (CBC) mode of a block cipher, with PKCS#7 padding.
+
+    The underlying block cipher is determined by the key type.
+
+    This is the padding method defined by PKCS#7 :RFC:`2315#10.3`.
+
+Single-part cipher functions
+----------------------------
+
+.. function:: psa_cipher_encrypt
+
+    .. summary::
+        Encrypt a message using a symmetric cipher.
+
+    .. param:: psa_key_id_t key
+        Identifier of the key to use for the operation.
+        It must allow the usage `PSA_KEY_USAGE_ENCRYPT`.
+    .. param:: psa_algorithm_t alg
+        The cipher algorithm to compute (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_CIPHER(alg)` is true).
+    .. param:: const uint8_t * input
+        Buffer containing the message to encrypt.
+    .. param:: size_t input_length
+        Size of the ``input`` buffer in bytes.
+    .. param:: uint8_t * output
+        Buffer where the output is to be written. The output contains the IV followed by the ciphertext proper.
+    .. param:: size_t output_size
+        Size of the ``output`` buffer in bytes. This must be appropriate for the selected algorithm and key:
+
+        * A sufficient output size is :code:`PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_length)`  where ``key_type`` is the type of ``key``.
+        * :code:`PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(input_length)` evaluates to the maximum output size of any supported cipher encryption.
+
+    .. param:: size_t * output_length
+        On success, the number of bytes that make up the output.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+        Success.
+    .. retval:: PSA_ERROR_INVALID_HANDLE
+    .. retval:: PSA_ERROR_NOT_PERMITTED
+        The key does not have the `PSA_KEY_USAGE_ENCRYPT` flag, or it does not permit the requested algorithm.
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+        ``key`` is not compatible with ``alg``.
+    .. retval:: PSA_ERROR_NOT_SUPPORTED
+        ``alg`` is not supported or is not a cipher algorithm.
+    .. retval:: PSA_ERROR_BUFFER_TOO_SMALL
+        ``output_size`` is too small. `PSA_CIPHER_ENCRYPT_OUTPUT_SIZE()` or `PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE()` can be used to determine the required buffer size.
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_STORAGE_FAILURE
+    .. retval:: PSA_ERROR_DATA_CORRUPT
+    .. retval:: PSA_ERROR_DATA_INVALID
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    This function encrypts a message with a random initialization vector (IV).
+    The length of the IV is :code:`PSA_CIPHER_IV_LENGTH(key_type, alg)` where ``key_type`` is the type of ``key``.
+    The output of `psa_cipher_encrypt()` is the IV followed by the ciphertext.
+
+    Use the multi-part operation interface with a `psa_cipher_operation_t` object to provide other forms of IV or to manage the IV and ciphertext independently.
+
+.. function:: psa_cipher_decrypt
+
+    .. summary::
+        Decrypt a message using a symmetric cipher.
+
+    .. param:: psa_key_id_t key
+        Identifier of the key to use for the operation. It must remain valid until the operation terminates.
+        It must allow the usage `PSA_KEY_USAGE_DECRYPT`.
+    .. param:: psa_algorithm_t alg
+        The cipher algorithm to compute (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_CIPHER(alg)` is true).
+    .. param:: const uint8_t * input
+        Buffer containing the message to decrypt. This consists of the IV followed by the ciphertext proper.
+    .. param:: size_t input_length
+        Size of the ``input`` buffer in bytes.
+    .. param:: uint8_t * output
+        Buffer where the plaintext is to be written.
+    .. param:: size_t output_size
+        Size of the ``output`` buffer in bytes. This must be appropriate for the selected algorithm and key:
+
+        * A sufficient output size is :code:`PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_length)`  where ``key_type`` is the type of ``key``.
+        * :code:`PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE(input_length)` evaluates to the maximum output size of any supported cipher decryption.
+
+    .. param:: size_t * output_length
+        On success, the number of bytes that make up the output.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+        Success.
+    .. retval:: PSA_ERROR_INVALID_HANDLE
+    .. retval:: PSA_ERROR_NOT_PERMITTED
+        The key does not have the `PSA_KEY_USAGE_DECRYPT` flag, or it does not permit the requested algorithm.
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+        ``key`` is not compatible with ``alg``.
+    .. retval:: PSA_ERROR_NOT_SUPPORTED
+        ``alg`` is not supported or is not a cipher algorithm.
+    .. retval:: PSA_ERROR_BUFFER_TOO_SMALL
+        ``output_size`` is too small. `PSA_CIPHER_DECRYPT_OUTPUT_SIZE()` or `PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE()` can be used to determine the required buffer size.
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_STORAGE_FAILURE
+    .. retval:: PSA_ERROR_DATA_CORRUPT
+    .. retval:: PSA_ERROR_DATA_INVALID
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    This function decrypts a message encrypted with a symmetric cipher.
+
+    The input to this function must contain the IV followed by the ciphertext, as output by `psa_cipher_encrypt()`. The IV must be :code:`PSA_CIPHER_IV_LENGTH(key_type, alg)` bytes in length, where ``key_type`` is the type of ``key``.
+
+    Use the multi-part operation interface with a `psa_cipher_operation_t` object to decrypt data which is not in the expected input format.
+
+Multi-part cipher operations
+----------------------------
+
+.. typedef:: /* implementation-defined type */ psa_cipher_operation_t
+
+    .. summary::
+        The type of the state object for multi-part cipher operations.
+
+    Before calling any function on a cipher operation object, the application must initialize it by any of the following means:
+
+    * Set the object to all-bits-zero, for example:
+
+      .. autocode::
+          psa_cipher_operation_t operation;
+          memset(&operation, 0, sizeof(operation));
+
+    * Initialize the object to logical zero values by declaring the object as static or global without an explicit initializer, for example:
+
+      .. autocode::
+          static psa_cipher_operation_t operation;
+
+    * Initialize the object to the initializer `PSA_CIPHER_OPERATION_INIT`, for example:
+
+      .. autocode::
+          psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+
+    * Assign the result of the function `psa_cipher_operation_init()` to the object, for example:
+
+      .. autocode::
+          psa_cipher_operation_t operation;
+          operation = psa_cipher_operation_init();
+
+    This is an implementation-defined type. Applications that make assumptions about the content of this object will result in in implementation-specific behavior, and are non-portable.
+
+.. macro:: PSA_CIPHER_OPERATION_INIT
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        This macro returns a suitable initializer for a cipher operation object of type `psa_cipher_operation_t`.
+
+.. function:: psa_cipher_operation_init
+
+    .. summary::
+        Return an initial value for a cipher operation object.
+
+    .. return:: psa_cipher_operation_t
+
+.. function:: psa_cipher_encrypt_setup
+
+    .. summary::
+        Set the key for a multi-part symmetric encryption operation.
+
+    .. param:: psa_cipher_operation_t * operation
+        The operation object to set up. It must have been initialized as per the documentation for `psa_cipher_operation_t` and not yet in use.
+    .. param:: psa_key_id_t key
+        Identifier of the key to use for the operation. It must remain valid until the operation terminates.
+        It must allow the usage `PSA_KEY_USAGE_ENCRYPT`.
+    .. param:: psa_algorithm_t alg
+        The cipher algorithm to compute (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_CIPHER(alg)` is true).
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+        Success.
+    .. retval:: PSA_ERROR_INVALID_HANDLE
+    .. retval:: PSA_ERROR_NOT_PERMITTED
+        The key does not have the `PSA_KEY_USAGE_ENCRYPT` flag, or it does not permit the requested algorithm.
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+        ``key`` is not compatible with ``alg``.
+    .. retval:: PSA_ERROR_NOT_SUPPORTED
+        ``alg`` is not supported or is not a cipher algorithm.
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_STORAGE_FAILURE
+    .. retval:: PSA_ERROR_DATA_CORRUPT
+    .. retval:: PSA_ERROR_DATA_INVALID
+    .. retval:: PSA_ERROR_BAD_STATE
+        The operation state is not valid: it must be inactive.
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    The sequence of operations to encrypt a message with a symmetric cipher is as follows:
+
+    #. Allocate an operation object which will be passed to all the functions listed here.
+    #. Initialize the operation object with one of the methods described in the documentation for `psa_cipher_operation_t`, e.g. `PSA_CIPHER_OPERATION_INIT`.
+    #. Call `psa_cipher_encrypt_setup()` to specify the algorithm and key.
+    #. Call either `psa_cipher_generate_iv()` or `psa_cipher_set_iv()` to generate or set the initialization vector (IV), if the algorithm requires one. It is recommended to use `psa_cipher_generate_iv()` unless the protocol being implemented requires a specific IV value.
+    #. Call `psa_cipher_update()` zero, one or more times, passing a fragment of the message each time.
+    #. Call `psa_cipher_finish()`.
+
+    If an error occurs at any step after a call to `psa_cipher_encrypt_setup()`, the operation will need to be reset by a call to `psa_cipher_abort()`. The application can call `psa_cipher_abort()` at any time after the operation has been initialized.
+
+    After a successful call to `psa_cipher_encrypt_setup()`, the application must eventually terminate the operation. The following events terminate an operation:
+
+    * A successful call to `psa_cipher_finish()`.
+    * A call to `psa_cipher_abort()`.
+
+.. function:: psa_cipher_decrypt_setup
+
+    .. summary::
+        Set the key for a multi-part symmetric decryption operation.
+
+    .. param:: psa_cipher_operation_t * operation
+        The operation object to set up. It must have been initialized as per the documentation for `psa_cipher_operation_t` and not yet in use.
+    .. param:: psa_key_id_t key
+        Identifier of the key to use for the operation. It must remain valid until the operation terminates.
+        It must allow the usage `PSA_KEY_USAGE_DECRYPT`.
+    .. param:: psa_algorithm_t alg
+        The cipher algorithm to compute (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_CIPHER(alg)` is true).
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+        Success.
+    .. retval:: PSA_ERROR_INVALID_HANDLE
+    .. retval:: PSA_ERROR_NOT_PERMITTED
+        The key does not have the `PSA_KEY_USAGE_DECRYPT` flag, or it does not permit the requested algorithm.
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+        ``key`` is not compatible with ``alg``.
+    .. retval:: PSA_ERROR_NOT_SUPPORTED
+        ``alg`` is not supported or is not a cipher algorithm.
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_STORAGE_FAILURE
+    .. retval:: PSA_ERROR_DATA_CORRUPT
+    .. retval:: PSA_ERROR_DATA_INVALID
+    .. retval:: PSA_ERROR_BAD_STATE
+        The operation state is not valid: it must be inactive.
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    The sequence of operations to decrypt a message with a symmetric cipher is as follows:
+
+    #. Allocate an operation object which will be passed to all the functions listed here.
+    #. Initialize the operation object with one of the methods described in the documentation for `psa_cipher_operation_t`, e.g. `PSA_CIPHER_OPERATION_INIT`.
+    #. Call `psa_cipher_decrypt_setup()` to specify the algorithm and key.
+    #. Call `psa_cipher_set_iv()` with the initialization vector (IV) for the decryption, if the algorithm requires one. This must match the IV used for the encryption.
+    #. Call `psa_cipher_update()` zero, one or more times, passing a fragment of the message each time.
+    #. Call `psa_cipher_finish()`.
+
+    If an error occurs at any step after a call to `psa_cipher_decrypt_setup()`, the operation will need to be reset by a call to `psa_cipher_abort()`. The application can call `psa_cipher_abort()` at any time after the operation has been initialized.
+
+    After a successful call to `psa_cipher_decrypt_setup()`, the application must eventually terminate the operation. The following events terminate an operation:
+
+    * A successful call to `psa_cipher_finish()`.
+    * A call to `psa_cipher_abort()`.
+
+.. function:: psa_cipher_generate_iv
+
+    .. summary::
+        Generate an initialization vector (IV) for a symmetric encryption operation.
+
+    .. param:: psa_cipher_operation_t * operation
+        Active cipher operation.
+    .. param:: uint8_t * iv
+        Buffer where the generated IV is to be written.
+    .. param:: size_t iv_size
+        Size of the ``iv`` buffer in bytes. This must be at least :code:`PSA_CIPHER_IV_LENGTH(key_type, alg)` where ``key_type`` and ``alg`` are type of key and the algorithm respectively that were used to set up the cipher operation.
+    .. param:: size_t * iv_length
+        On success, the number of bytes of the generated IV.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+        Success.
+    .. retval:: PSA_ERROR_BAD_STATE
+        Either:
+
+        *  The cipher algorithm does not use an IV.
+        *  The operation state is not valid: it must be active, with no IV set.
+    .. retval:: PSA_ERROR_BUFFER_TOO_SMALL
+        The size of the ``iv`` buffer is too small. `PSA_CIPHER_IV_LENGTH()` or `PSA_CIPHER_IV_MAX_SIZE` can be used to determine the required buffer size.
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_STORAGE_FAILURE
+    .. retval:: PSA_ERROR_DATA_CORRUPT
+    .. retval:: PSA_ERROR_DATA_INVALID
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    This function generates a random IV, nonce or initial counter value for the encryption operation as appropriate for the chosen algorithm, key type and key size.
+
+    The generated IV is always the default length for the key and algorithm: :code:`PSA_CIPHER_IV_LENGTH(key_type, alg)`, where ``key_type`` is the type of key and ``alg`` is the algorithm that were used to set up the operation. To generate different lengths of IV, use `psa_generate_random()` and `psa_cipher_set_iv()`.
+
+    If the cipher algorithm does not use an IV, calling this function returns a `PSA_ERROR_BAD_STATE` error. For these algorithms, :code:`PSA_CIPHER_IV_LENGTH(key_type, alg)` will be zero.
+
+    The application must call `psa_cipher_encrypt_setup()` before calling this function.
+
+    If this function returns an error status, the operation enters an error state and must be aborted by calling `psa_cipher_abort()`.
+
+.. function:: psa_cipher_set_iv
+
+    .. summary::
+        Set the initialization vector (IV) for a symmetric encryption or decryption operation.
+
+    .. param:: psa_cipher_operation_t * operation
+        Active cipher operation.
+    .. param:: const uint8_t * iv
+        Buffer containing the IV to use.
+    .. param:: size_t iv_length
+        Size of the IV in bytes.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+        Success.
+    .. retval:: PSA_ERROR_BAD_STATE
+        Either:
+        
+        *  The cipher algorithm does not use an IV.
+        *  The operation state is not valid: it must be an active cipher encrypt operation, with no IV set.
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+        The size of ``iv`` is not acceptable for the chosen algorithm, or the chosen algorithm does not use an IV.
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_STORAGE_FAILURE
+    .. retval:: PSA_ERROR_DATA_CORRUPT
+    .. retval:: PSA_ERROR_DATA_INVALID
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    This function sets the IV, nonce or initial counter value for the encryption or decryption operation.
+
+    If the cipher algorithm does not use an IV, calling this function returns a `PSA_ERROR_BAD_STATE` error. For these algorithms, :code:`PSA_CIPHER_IV_LENGTH(key_type, alg)` will be zero.
+
+    The application must call `psa_cipher_encrypt_setup()` or `psa_cipher_decrypt_setup()` before calling this function.
+
+    If this function returns an error status, the operation enters an error state and must be aborted by calling `psa_cipher_abort()`.
+
+    .. note::
+        When encrypting, `psa_cipher_generate_iv()` is recommended instead of using this function, unless implementing a protocol that requires a non-random IV.
+
+.. function:: psa_cipher_update
+
+    .. summary::
+        Encrypt or decrypt a message fragment in an active cipher operation.
+
+    .. param:: psa_cipher_operation_t * operation
+        Active cipher operation.
+    .. param:: const uint8_t * input
+        Buffer containing the message fragment to encrypt or decrypt.
+    .. param:: size_t input_length
+        Size of the ``input`` buffer in bytes.
+    .. param:: uint8_t * output
+        Buffer where the output is to be written.
+    .. param:: size_t output_size
+        Size of the ``output`` buffer in bytes. This must be appropriate for the selected algorithm and key:
+
+        * A sufficient output size is :code:`PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input_length)`  where ``key_type`` is the type of key and ``alg`` is the algorithm that were used to set up the operation.
+        * :code:`PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE(input_length)` evaluates to the maximum output size of any supported cipher algorithm.
+
+    .. param:: size_t * output_length
+        On success, the number of bytes that make up the returned output.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+        Success.
+    .. retval:: PSA_ERROR_BAD_STATE
+        The operation state is not valid: it must be active, with an IV set if required for the algorithm.
+    .. retval:: PSA_ERROR_BUFFER_TOO_SMALL
+        The size of the ``output`` buffer is too small. `PSA_CIPHER_UPDATE_OUTPUT_SIZE()` or `PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE()` can be used to determine the required buffer size.
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_STORAGE_FAILURE
+    .. retval:: PSA_ERROR_DATA_CORRUPT
+    .. retval:: PSA_ERROR_DATA_INVALID
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    The following must occur before calling this function:
+
+    #. Call either `psa_cipher_encrypt_setup()` or `psa_cipher_decrypt_setup()`. The choice of setup function determines whether this function encrypts or decrypts its input.
+    #. If the algorithm requires an IV, call `psa_cipher_generate_iv()` or `psa_cipher_set_iv()`. `psa_cipher_generate_iv()` is recommended when encrypting.
+
+    If this function returns an error status, the operation enters an error state and must be aborted by calling `psa_cipher_abort()`.
+
+.. function:: psa_cipher_finish
+
+    .. summary::
+        Finish encrypting or decrypting a message in a cipher operation.
+
+    .. param:: psa_cipher_operation_t * operation
+        Active cipher operation.
+    .. param:: uint8_t * output
+        Buffer where the output is to be written.
+    .. param:: size_t output_size
+        Size of the ``output`` buffer in bytes. This must be appropriate for the selected algorithm and key:
+
+        * A sufficient output size is :code:`PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg)`  where ``key_type`` is the type of key and ``alg`` is the algorithm that were used to set up the operation.
+        * `PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE` evaluates to the maximum output size of any supported cipher algorithm.
+
+    .. param:: size_t * output_length
+        On success, the number of bytes that make up the returned output.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+        Success.
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+        The total input size passed to this operation is not valid for this particular algorithm. For example, the algorithm is a based on block cipher and requires a whole number of blocks, but the total input size is not a multiple of the block size.
+    .. retval:: PSA_ERROR_INVALID_PADDING
+        This is a decryption operation for an algorithm that includes padding, and the ciphertext does not contain valid padding.
+    .. retval:: PSA_ERROR_BAD_STATE
+        The operation state is not valid: it must be active, with an IV set if required for the algorithm.
+    .. retval:: PSA_ERROR_BUFFER_TOO_SMALL
+        The size of the ``output`` buffer is too small. `PSA_CIPHER_FINISH_OUTPUT_SIZE()` or `PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE` can be used to determine the required buffer size.
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_STORAGE_FAILURE
+    .. retval:: PSA_ERROR_DATA_CORRUPT
+    .. retval:: PSA_ERROR_DATA_INVALID
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    The application must call `psa_cipher_encrypt_setup()` or `psa_cipher_decrypt_setup()` before calling this function. The choice of setup function determines whether this function encrypts or decrypts its input.
+
+    This function finishes the encryption or decryption of the message formed by concatenating the inputs passed to preceding calls to `psa_cipher_update()`.
+
+    When this function returns successfully, the operation becomes inactive. If this function returns an error status, the operation enters an error state and must be aborted by calling `psa_cipher_abort()`.
+
+.. function:: psa_cipher_abort
+
+    .. summary::
+        Abort a cipher operation.
+
+    .. param:: psa_cipher_operation_t * operation
+        Initialized cipher operation.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    Aborting an operation frees all associated resources except for the ``operation`` object itself. Once aborted, the operation object can be reused for another operation by calling `psa_cipher_encrypt_setup()` or `psa_cipher_decrypt_setup()` again.
+
+    This function can be called any time after the operation object has been initialized as described in `psa_cipher_operation_t`.
+
+    In particular, calling `psa_cipher_abort()` after the operation has been terminated by a call to `psa_cipher_abort()` or `psa_cipher_finish()` is safe and has no effect.
+
+Support macros
+--------------
+
+.. macro:: PSA_ALG_IS_STREAM_CIPHER
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Whether the specified algorithm is a stream cipher.
+
+    .. param:: alg
+        An algorithm identifier (value of type `psa_algorithm_t`).
+
+    .. return::
+        ``1`` if ``alg`` is a stream cipher algorithm, ``0`` otherwise. This macro can return either ``0`` or ``1`` if ``alg`` is not a supported algorithm identifier or if it is not a symmetric cipher algorithm.
+
+    A stream cipher is a symmetric cipher that encrypts or decrypts messages by applying a bitwise-xor with a stream of bytes that is generated from a key.
+
+.. macro:: PSA_CIPHER_ENCRYPT_OUTPUT_SIZE
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        The maximum size of the output of `psa_cipher_encrypt()`, in bytes.
+
+    .. param:: key_type
+        A symmetric key type that is compatible with algorithm ``alg``.
+    .. param:: alg
+        A cipher algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_CIPHER(alg)` is true).
+    .. param:: input_length
+        Size of the input in bytes.
+
+    .. return::
+        A sufficient output size for the specified key type and algorithm. If the key type or cipher algorithm is not recognized, or the parameters are incompatible, return ``0``. An implementation can return either ``0`` or a correct size for a key type and cipher algorithm that it recognizes, but does not support.
+
+    If the size of the output buffer is at least this large, it is guaranteed that `psa_cipher_encrypt()` will not fail due to an insufficient buffer size. Depending on the algorithm, the actual size of the output might be smaller.
+
+    See also `PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE`.
+
+.. macro:: PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        A sufficient output buffer size for `psa_cipher_encrypt()`, for any of the supported key types and cipher algorithms.
+
+    .. param:: input_length
+        Size of the input in bytes.
+
+    If the size of the output buffer is at least this large, it is guaranteed that `psa_cipher_encrypt()` will not fail due to an insufficient buffer size.
+
+    See also `PSA_CIPHER_ENCRYPT_OUTPUT_SIZE()`.
+
+.. macro:: PSA_CIPHER_DECRYPT_OUTPUT_SIZE
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        The maximum size of the output of `psa_cipher_decrypt()`, in bytes.
+
+    .. param:: key_type
+        A symmetric key type that is compatible with algorithm ``alg``.
+    .. param:: alg
+        A cipher algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_CIPHER(alg)` is true).
+    .. param:: input_length
+        Size of the input in bytes.
+
+    .. return::
+        A sufficient output size for the specified key type and algorithm. If the key type or cipher algorithm is not recognized, or the parameters are incompatible, return ``0``. An implementation can return either ``0`` or a correct size for a key type and cipher algorithm that it recognizes, but does not support.
+
+    If the size of the output buffer is at least this large, it is guaranteed that `psa_cipher_decrypt()` will not fail due to an insufficient buffer size. Depending on the algorithm, the actual size of the output might be smaller.
+
+    See also `PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE`.
+
+.. macro:: PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        A sufficient output buffer size for `psa_cipher_decrypt()`, for any of the supported key types and cipher algorithms.
+
+    .. param:: input_length
+        Size of the input in bytes.
+
+    If the size of the output buffer is at least this large, it is guaranteed that `psa_cipher_decrypt()` will not fail due to an insufficient buffer size.
+
+    See also `PSA_CIPHER_DECRYPT_OUTPUT_SIZE()`.
+
+.. macro:: PSA_CIPHER_IV_LENGTH
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        The default IV size for a cipher algorithm, in bytes.
+
+    .. param:: key_type
+        A symmetric key type that is compatible with algorithm ``alg``.
+    .. param:: alg
+        A cipher algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_CIPHER(alg)` is true).
+
+    .. return::
+        The default IV size for the specified key type and algorithm.
+        If the algorithm does not use an IV, return ``0``.
+        If the key type or cipher algorithm is not recognized, or the parameters are incompatible, return ``0``.
+        An implementation can return either ``0`` or a correct size for a key type and cipher algorithm that it recognizes, but does not support.
+
+    The IV that is generated as part of a call to `psa_cipher_encrypt()` is always the default IV length for the algorithm.
+
+    This macro can be used to allocate a buffer of sufficient size to store the IV output from `psa_cipher_generate_iv()` when using a multi-part cipher operation.
+
+    See also `PSA_CIPHER_IV_MAX_SIZE`.
+
+.. macro:: PSA_CIPHER_IV_MAX_SIZE
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        The maximum IV size for all supported cipher algorithms, in bytes.
+
+    See also `PSA_CIPHER_IV_LENGTH()`.
+
+.. macro:: PSA_CIPHER_UPDATE_OUTPUT_SIZE
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        A sufficient output buffer size for `psa_cipher_update()`.
+
+    .. param:: key_type
+        A symmetric key type that is compatible with algorithm ``alg``.
+    .. param:: alg
+        A cipher algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_CIPHER(alg)` is true).
+    .. param:: input_length
+        Size of the input in bytes.
+
+    .. return::
+        A sufficient output size for the specified key type and algorithm. If the key type or cipher algorithm is not recognized, or the parameters are incompatible, return ``0``. An implementation can return either ``0`` or a correct size for a key type and cipher algorithm that it recognizes, but does not support.
+
+    If the size of the output buffer is at least this large, it is guaranteed that `psa_cipher_update()` will not fail due to an insufficient buffer size. The actual size of the output might be smaller in any given call.
+
+    See also `PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE`.
+
+.. macro:: PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        A sufficient output buffer size for `psa_cipher_update()`, for any of the supported key types and cipher algorithms.
+
+    .. param:: input_length
+        Size of the input in bytes.
+
+    If the size of the output buffer is at least this large, it is guaranteed that `psa_cipher_update()` will not fail due to an insufficient buffer size.
+
+    See also `PSA_CIPHER_UPDATE_OUTPUT_SIZE()`.
+
+.. macro:: PSA_CIPHER_FINISH_OUTPUT_SIZE
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        A sufficient ciphertext buffer size for `psa_cipher_finish()`.
+
+    .. param:: key_type
+        A symmetric key type that is compatible with algorithm ``alg``.
+    .. param:: alg
+        A cipher algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_CIPHER(alg)` is true).
+
+    .. return::
+        A sufficient output size for the specified key type and algorithm. If the key type or cipher algorithm is not recognized, or the parameters are incompatible, return ``0``. An implementation can return either ``0`` or a correct size for a key type and cipher algorithm that it recognizes, but does not support.
+
+    If the size of the ciphertext buffer is at least this large, it is guaranteed that `psa_cipher_finish()` will not fail due to an insufficient ciphertext buffer size. The actual size of the output might be smaller in any given call.
+
+    See also `PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE`.
+
+.. macro:: PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        A sufficient ciphertext buffer size for `psa_cipher_finish()`, for any of the supported key types and cipher algorithms.
+
+    See also `PSA_CIPHER_FINISH_OUTPUT_SIZE()`.
+
+.. macro:: PSA_BLOCK_CIPHER_BLOCK_LENGTH
+    :definition: /* specification-defined value */
+
+    .. summary::
+        The block size of a block cipher.
+
+    .. param:: type
+        A cipher key type (value of type `psa_key_type_t`).
+
+    .. return::
+        The block size for a block cipher, or ``1`` for a stream cipher. The return value is undefined if ``type`` is not a supported cipher key type.
+
+    .. note::
+        It is possible to build stream cipher algorithms on top of a block cipher, for example CTR mode (`PSA_ALG_CTR`). This macro only takes the key type into account, so it cannot be used to determine the size of the data that `psa_cipher_update()` might buffer for future processing in general.
+
+    .. note::
+        This macro expression is a compile-time constant if ``type`` is a compile-time constant.
+
+    .. warning::
+        This macro is permitted to evaluate its argument multiple times.
+
+    See also `PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE`.
+
+.. macro:: PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        The maximum size of a block cipher supported by the implementation.
+
+    See also `PSA_BLOCK_CIPHER_BLOCK_LENGTH()`.
diff --git a/docs/html/_sources/api/ops/hashes.rst.txt b/docs/html/_sources/api/ops/hashes.rst.txt
new file mode 100644
index 0000000..dceaf22
--- /dev/null
+++ b/docs/html/_sources/api/ops/hashes.rst.txt
@@ -0,0 +1,755 @@
+.. _hashes:
+
+Message digests
+===============
+
+.. _hash-algorithms:
+
+Hash algorithms
+---------------
+
+.. macro:: PSA_ALG_MD2
+    :definition: ((psa_algorithm_t)0x02000001)
+
+    .. summary::
+        MD2.
+
+    .. warning::
+        The MD2 hash is weak and deprecated and is only recommended for use in legacy protocols.
+
+.. macro:: PSA_ALG_MD4
+    :definition: ((psa_algorithm_t)0x02000002)
+
+    .. summary::
+        MD4.
+
+    .. warning::
+        The MD4 hash is weak and deprecated and is only recommended for use in legacy protocols.
+
+.. macro:: PSA_ALG_MD5
+    :definition: ((psa_algorithm_t)0x02000003)
+
+    .. summary::
+        MD5.
+
+    .. warning::
+        The MD5 hash is weak and deprecated and is only recommended for use in legacy protocols.
+
+.. macro:: PSA_ALG_RIPEMD160
+    :definition: ((psa_algorithm_t)0x02000004)
+
+    .. summary::
+        RIPEMD-160.
+
+.. macro:: PSA_ALG_SHA_1
+    :definition: ((psa_algorithm_t)0x02000005)
+
+    .. summary::
+        SHA-1.
+
+    .. warning::
+        The SHA-1 hash is weak and deprecated and is only recommended for use in legacy protocols.
+
+.. macro:: PSA_ALG_SHA_224
+    :definition: ((psa_algorithm_t)0x02000008)
+
+    .. summary::
+        SHA-224.
+
+.. macro:: PSA_ALG_SHA_256
+    :definition: ((psa_algorithm_t)0x02000009)
+
+    .. summary::
+        SHA-256.
+
+.. macro:: PSA_ALG_SHA_384
+    :definition: ((psa_algorithm_t)0x0200000a)
+
+    .. summary::
+        SHA-384.
+
+.. macro:: PSA_ALG_SHA_512
+    :definition: ((psa_algorithm_t)0x0200000b)
+
+    .. summary::
+        SHA-512.
+
+.. macro:: PSA_ALG_SHA_512_224
+    :definition: ((psa_algorithm_t)0x0200000c)
+
+    .. summary::
+        SHA-512/224.
+
+.. macro:: PSA_ALG_SHA_512_256
+    :definition: ((psa_algorithm_t)0x0200000d)
+
+    .. summary::
+        SHA-512/256.
+
+.. macro:: PSA_ALG_SHA3_224
+    :definition: ((psa_algorithm_t)0x02000010)
+
+    .. summary::
+        SHA3-224.
+
+.. macro:: PSA_ALG_SHA3_256
+    :definition: ((psa_algorithm_t)0x02000011)
+
+    .. summary::
+        SHA3-256.
+
+.. macro:: PSA_ALG_SHA3_384
+    :definition: ((psa_algorithm_t)0x02000012)
+
+    .. summary::
+        SHA3-384.
+
+.. macro:: PSA_ALG_SHA3_512
+    :definition: ((psa_algorithm_t)0x02000013)
+
+    .. summary::
+        SHA3-512.
+
+Single-part hashing functions
+-----------------------------
+
+.. function:: psa_hash_compute
+
+    .. summary::
+        Calculate the hash (digest) of a message.
+
+    .. param:: psa_algorithm_t alg
+        The hash algorithm to compute (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_HASH(alg)` is true).
+    .. param:: const uint8_t * input
+        Buffer containing the message to hash.
+    .. param:: size_t input_length
+        Size of the ``input`` buffer in bytes.
+    .. param:: uint8_t * hash
+        Buffer where the hash is to be written.
+    .. param:: size_t hash_size
+        Size of the ``hash`` buffer in bytes.
+        This must be at least :code:`PSA_HASH_LENGTH(alg)`.
+    .. param:: size_t * hash_length
+        On success, the number of bytes that make up the hash value. This is always :code:`PSA_HASH_LENGTH(alg)`.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+        Success.
+    .. retval:: PSA_ERROR_NOT_SUPPORTED
+        ``alg`` is not supported or is not a hash algorithm.
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+    .. retval:: PSA_ERROR_BUFFER_TOO_SMALL
+        ``hash_size`` is too small.
+        `PSA_HASH_LENGTH()` can be used to determine the required buffer size.
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    .. note::
+        To verify the hash of a message against an expected value, use `psa_hash_compare()` instead.
+
+.. function:: psa_hash_compare
+
+    .. summary::
+        Calculate the hash (digest) of a message and compare it with a reference value.
+
+    .. param:: psa_algorithm_t alg
+        The hash algorithm to compute (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_HASH(alg)` is true).
+    .. param:: const uint8_t * input
+        Buffer containing the message to hash.
+    .. param:: size_t input_length
+        Size of the ``input`` buffer in bytes.
+    .. param:: const uint8_t * hash
+        Buffer containing the expected hash value.
+    .. param:: size_t hash_length
+        Size of the ``hash`` buffer in bytes.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+        The expected hash is identical to the actual hash of the input.
+    .. retval:: PSA_ERROR_INVALID_SIGNATURE
+        The hash of the message was calculated successfully, but it differs from the expected hash.
+    .. retval:: PSA_ERROR_NOT_SUPPORTED
+        ``alg`` is not supported or is not a hash algorithm.
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+        ``input_length`` or ``hash_length`` do not match the hash size for ``alg``
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+.. _hash-mp:
+
+Multi-part hashing operations
+-----------------------------
+
+.. typedef:: /* implementation-defined type */ psa_hash_operation_t
+
+    .. summary::
+        The type of the state object for multi-part hash operations.
+
+    Before calling any function on a hash operation object, the application must initialize it by any of the following means:
+
+    * Set the object to all-bits-zero, for example:
+
+      .. autocode::
+          psa_hash_operation_t operation;
+          memset(&operation, 0, sizeof(operation));
+
+    * Initialize the object to logical zero values by declaring the object as static or global without an explicit initializer, for example:
+
+      .. autocode::
+          static psa_hash_operation_t operation;
+
+    * Initialize the object to the initializer `PSA_HASH_OPERATION_INIT`, for example:
+
+      .. autocode::
+          psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
+
+    * Assign the result of the function `psa_hash_operation_init()` to the object, for example:
+
+      .. autocode::
+          psa_hash_operation_t operation;
+          operation = psa_hash_operation_init();
+
+    This is an implementation-defined type. Applications that make assumptions about the content of this object will result in in implementation-specific behavior, and are non-portable.
+
+.. macro:: PSA_HASH_OPERATION_INIT
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        This macro returns a suitable initializer for a hash operation object of type `psa_hash_operation_t`.
+
+.. function:: psa_hash_operation_init
+
+    .. summary::
+        Return an initial value for a hash operation object.
+
+    .. return:: psa_hash_operation_t
+
+.. function:: psa_hash_setup
+
+    .. summary::
+        Set up a multi-part hash operation.
+
+    .. param:: psa_hash_operation_t * operation
+        The operation object to set up. It must have been initialized as per the documentation for `psa_hash_operation_t` and not yet in use.
+    .. param:: psa_algorithm_t alg
+        The hash algorithm to compute (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_HASH(alg)` is true).
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+        Success.
+    .. retval:: PSA_ERROR_NOT_SUPPORTED
+        ``alg`` is not a supported hash algorithm.
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+        ``alg`` is not a hash algorithm.
+    .. retval:: PSA_ERROR_BAD_STATE
+        The operation state is not valid: it must be inactive.
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    The sequence of operations to calculate a hash (message digest) is as follows:
+
+    #. Allocate an operation object which will be passed to all the functions listed here.
+    #. Initialize the operation object with one of the methods described in the documentation for `psa_hash_operation_t`, e.g. `PSA_HASH_OPERATION_INIT`.
+    #. Call `psa_hash_setup()` to specify the algorithm.
+    #. Call `psa_hash_update()` zero, one or more times, passing a fragment of the message each time. The hash that is calculated is the hash of the concatenation of these messages in order.
+    #. To calculate the hash, call `psa_hash_finish()`. To compare the hash with an expected value, call `psa_hash_verify()`. To suspend the hash operation and extract the current state, call `psa_hash_suspend()`.
+
+    If an error occurs at any step after a call to `psa_hash_setup()`, the operation will need to be reset by a call to `psa_hash_abort()`. The application can call `psa_hash_abort()` at any time after the operation has been initialized.
+
+    After a successful call to `psa_hash_setup()`, the application must eventually terminate the operation. The following events terminate an operation:
+
+    * A successful call to `psa_hash_finish()` or `psa_hash_verify()` or `psa_hash_suspend()`.
+    * A call to `psa_hash_abort()`.
+
+.. function:: psa_hash_update
+
+    .. summary::
+        Add a message fragment to a multi-part hash operation.
+
+    .. param:: psa_hash_operation_t * operation
+        Active hash operation.
+    .. param:: const uint8_t * input
+        Buffer containing the message fragment to hash.
+    .. param:: size_t input_length
+        Size of the ``input`` buffer in bytes.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+        Success.
+    .. retval:: PSA_ERROR_BAD_STATE
+        The operation state is not valid: it must be active.
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    The application must call `psa_hash_setup()` or `psa_hash_resume()` before calling this function.
+
+    If this function returns an error status, the operation enters an error state and must be aborted by calling `psa_hash_abort()`.
+
+.. function:: psa_hash_finish
+
+    .. summary::
+        Finish the calculation of the hash of a message.
+
+    .. param:: psa_hash_operation_t * operation
+        Active hash operation.
+    .. param:: uint8_t * hash
+        Buffer where the hash is to be written.
+    .. param:: size_t hash_size
+        Size of the ``hash`` buffer in bytes. This must be at least :code:`PSA_HASH_LENGTH(alg)` where ``alg`` is the algorithm that the operation performs.
+    .. param:: size_t * hash_length
+        On success, the number of bytes that make up the hash value. This is always :code:`PSA_HASH_LENGTH(alg)` where ``alg`` is the hash algorithm that the operation performs.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+        Success.
+    .. retval:: PSA_ERROR_BAD_STATE
+        The operation state is not valid: it must be active.
+    .. retval:: PSA_ERROR_BUFFER_TOO_SMALL
+        The size of the ``hash`` buffer is too small.
+        `PSA_HASH_LENGTH()` can be used to determine the required buffer size.
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    The application must call `psa_hash_setup()` or `psa_hash_resume()` before calling this function. This function calculates the hash of the message formed by concatenating the inputs passed to preceding calls to `psa_hash_update()`.
+
+    When this function returns successfully, the operation becomes inactive. If this function returns an error status, the operation enters an error state and must be aborted by calling `psa_hash_abort()`.
+
+    .. warning::
+        It is not recommended to use this function when a specific value is expected for the hash. Call `psa_hash_verify()` instead with the expected hash value.
+
+        Comparing integrity or authenticity data such as hash values with a function such as ``memcmp()`` is risky because the time taken by the comparison might leak information about the hashed data which could allow an attacker to guess a valid hash and thereby bypass security controls.
+
+.. function:: psa_hash_verify
+
+    .. summary::
+        Finish the calculation of the hash of a message and compare it with an expected value.
+
+    .. param:: psa_hash_operation_t * operation
+        Active hash operation.
+    .. param:: const uint8_t * hash
+        Buffer containing the expected hash value.
+    .. param:: size_t hash_length
+        Size of the ``hash`` buffer in bytes.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+        The expected hash is identical to the actual hash of the message.
+    .. retval:: PSA_ERROR_INVALID_SIGNATURE
+        The hash of the message was calculated successfully, but it differs from the expected hash.
+    .. retval:: PSA_ERROR_BAD_STATE
+        The operation state is not valid: it must be active.
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    The application must call `psa_hash_setup()` before calling this function. This function calculates the hash of the message formed by concatenating the inputs passed to preceding calls to `psa_hash_update()`. It then compares the calculated hash with the expected hash passed as a parameter to this function.
+
+    When this function returns successfully, the operation becomes inactive. If this function returns an error status, the operation enters an error state and must be aborted by calling `psa_hash_abort()`.
+
+    .. note::
+        Implementations must make the best effort to ensure that the comparison between the actual hash and the expected hash is performed in constant time.
+
+.. function:: psa_hash_abort
+
+    .. summary::
+        Abort a hash operation.
+
+    .. param:: psa_hash_operation_t * operation
+        Initialized hash operation.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    Aborting an operation frees all associated resources except for the ``operation`` object itself. Once aborted, the operation object can be reused for another operation by calling `psa_hash_setup()` again.
+
+    This function can be called any time after the operation object has been initialized by one of the methods described in `psa_hash_operation_t`.
+
+    In particular, calling `psa_hash_abort()` after the operation has been terminated by a call to `psa_hash_abort()`, `psa_hash_finish()` or `psa_hash_verify()` is safe and has no effect.
+
+.. function:: psa_hash_suspend
+
+    .. summary::
+        Halt the hash operation and extract the intermediate state of the hash computation.
+
+    .. param:: psa_hash_operation_t * operation
+        Active hash operation.
+    .. param:: uint8_t * hash_state
+        Buffer where the hash suspend state is to be written.
+    .. param:: size_t hash_state_size
+        Size of the ``hash_state`` buffer in bytes.
+        This must be appropriate for the selected algorithm:
+
+        * A sufficient output size is :code:`PSA_HASH_SUSPEND_OUTPUT_SIZE(alg)`  where ``alg`` is the algorithm that was used to set up the operation.
+        * `PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE` evaluates to the maximum output size of any supported hash algorithm.
+
+    .. param:: size_t * hash_state_length
+        On success, the number of bytes that make up the hash suspend state.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+        Success.
+    .. retval:: PSA_ERROR_BAD_STATE
+        The operation state is not valid: it must be active.
+    .. retval:: PSA_ERROR_BUFFER_TOO_SMALL
+        The size of the ``hash_state`` buffer is too small.
+        `PSA_HASH_SUSPEND_OUTPUT_SIZE()` or `PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE` can be used to determine the required buffer size.
+    .. retval:: PSA_ERROR_NOT_SUPPORTED
+        The hash algorithm being computed does not support suspend and resume.
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    The application must call `psa_hash_setup()` or `psa_hash_resume()` before calling this function. This function extracts an intermediate state of the hash computation of the message formed by concatenating the inputs passed to preceding calls to `psa_hash_update()`.
+
+    This function can be used to halt a hash operation, and then resume the hash operation at a later time, or in another application, by transferring the extracted hash suspend state to a call to `psa_hash_resume()`.
+
+    When this function returns successfully, the operation becomes inactive. If this function returns an error status, the operation enters an error state and must be aborted by calling `psa_hash_abort()`.
+
+    Hash suspend and resume is not defined for the SHA3 family of hash algorithms. :title:`hash-suspend-state` defines the format of the output from `psa_hash_suspend()`.
+
+    .. warning::
+        Applications must not use any of the hash suspend state as if it was a hash output. Instead, the suspend state must only be used to resume a hash operation, and `psa_hash_finish()` or `psa_hash_verify()` can then calculate or verify the final hash value.
+
+    .. rubric:: Usage
+
+    The sequence of operations to suspend and resume a hash operation is as follows:
+
+    #. Compute the first part of the hash.
+
+        #. Allocate an operation object and initialize it as described in the documentation for `psa_hash_operation_t`.
+        #. Call `psa_hash_setup()` to specify the algorithm.
+        #. Call `psa_hash_update()` zero, one or more times, passing a fragment of the message each time.
+        #. Call `psa_hash_suspend()` to extract the hash suspend state into a buffer.
+
+    #. Pass the hash state buffer to the application which will resume the operation.
+
+    #. Compute the rest of the hash.
+
+        #. Allocate an operation object and initialize it as described in the documentation for `psa_hash_operation_t`.
+        #. Call `psa_hash_resume()` with the extracted hash state.
+        #. Call `psa_hash_update()` zero, one or more times, passing a fragment of the message each time.
+        #. To calculate the hash, call `psa_hash_finish()`. To compare the hash with an expected value, call `psa_hash_verify()`.
+
+    If an error occurs at any step after a call to `psa_hash_setup()` or `psa_hash_resume()`, the operation will need to be reset by a call to `psa_hash_abort()`. The application can call `psa_hash_abort()` at any time after the operation has been initialized.
+
+.. function:: psa_hash_resume
+
+    .. summary::
+        Set up a multi-part hash operation using the hash suspend state from a previously suspended hash operation.
+
+    .. param:: psa_hash_operation_t * operation
+        The operation object to set up. It must have been initialized as per the documentation for `psa_hash_operation_t` and not yet in use.
+    .. param:: const uint8_t * hash_state
+        A buffer containing the suspended hash state which is to be resumed. This must be in the format output by `psa_hash_suspend()`, which is described in :title:`hash-suspend-state-format`.
+    .. param:: size_t hash_state_length
+        Length of ``hash_state`` in bytes.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+        Success.
+    .. retval:: PSA_ERROR_NOT_SUPPORTED
+        The provided hash suspend state is for an algorithm that is not supported.
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+        ``hash_state`` does not correspond to a valid hash suspend state. See :title:`hash-suspend-state-format` for the definition.
+    .. retval:: PSA_ERROR_BAD_STATE
+        The operation state is not valid: it must be inactive.
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    See `psa_hash_suspend()` for an example of how to use this function to suspend and resume a hash operation.
+
+    After a successful call to `psa_hash_resume()`, the application must eventually terminate the operation. The following events terminate an operation:
+
+    * A successful call to `psa_hash_finish()`, `psa_hash_verify()` or `psa_hash_suspend()`.
+    * A call to `psa_hash_abort()`.
+
+.. function:: psa_hash_clone
+
+    .. summary::
+        Clone a hash operation.
+
+    .. param:: const psa_hash_operation_t * source_operation
+        The active hash operation to clone.
+    .. param:: psa_hash_operation_t * target_operation
+        The operation object to set up. It must be initialized but not active.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+    .. retval:: PSA_ERROR_BAD_STATE
+        The ``source_operation`` state is not valid: it must be active.
+    .. retval:: PSA_ERROR_BAD_STATE
+        The ``target_operation`` state is not valid: it must be inactive.
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    This function copies the state of an ongoing hash operation to a new operation object. In other words, this function is equivalent to calling `psa_hash_setup()` on ``target_operation`` with the same algorithm that ``source_operation`` was set up for, then `psa_hash_update()` on ``target_operation`` with the same input that that was passed to ``source_operation``. After this function returns, the two objects are independent, i.e. subsequent calls involving one of the objects do not affect the other object.
+
+Support macros
+--------------
+
+.. macro:: PSA_HASH_LENGTH
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        The size of the output of `psa_hash_compute()` and `psa_hash_finish()`, in bytes.
+
+    .. param:: alg
+        A hash algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_HASH(alg)` is true), or an HMAC algorithm (:code:`PSA_ALG_HMAC(hash_alg)` where ``hash_alg`` is a hash algorithm).
+
+    .. return::
+        The hash length for the specified hash algorithm. If the hash algorithm is not recognized, return ``0``. An implementation can return either ``0`` or the correct size for a hash algorithm that it recognizes, but does not support.
+
+    This is also the hash length that `psa_hash_compare()` and `psa_hash_verify()` expect.
+
+    See also `PSA_HASH_MAX_SIZE`.
+
+.. macro:: PSA_HASH_MAX_SIZE
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        Maximum size of a hash.
+
+    This macro must expand to a compile-time constant integer.
+    It is recommended that this value is the maximum size of a hash supported by the implementation, in bytes. The value must not be smaller than this maximum.
+
+    See also `PSA_HASH_LENGTH()`.
+
+.. macro:: PSA_HASH_SUSPEND_OUTPUT_SIZE
+    :definition: /* specification-defined value */
+
+    .. summary::
+        A sufficient hash suspend state buffer size for `psa_hash_suspend()`.
+
+    .. param:: alg
+        A hash algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_HASH(alg)` is true).
+
+    .. return::
+        A sufficient output size for the algorithm. If the hash algorithm is not recognized, or is not supported by `psa_hash_suspend()`, return ``0``. An implementation can return either ``0`` or a correct size for a hash algorithm that it recognizes, but does not support.
+
+        For a supported hash algorithm ``alg``, the following expression is true:
+
+        .. autocode::
+            PSA_HASH_SUSPEND_OUTPUT_SIZE(alg) == PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH +
+                                                 PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH(alg) +
+                                                 PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH(alg) +
+                                                 PSA_HASH_BLOCK_LENGTH(alg) - 1
+
+    If the size of the hash state buffer is at least this large, it is guaranteed that `psa_hash_suspend()` will not fail due to an insufficient buffer size. The actual size of the output might be smaller in any given call.
+
+    See also `PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE`.
+
+.. macro:: PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        A sufficient hash suspend state buffer size for `psa_hash_suspend()`, for any supported hash algorithms.
+
+    See also `PSA_HASH_SUSPEND_OUTPUT_SIZE()`.
+
+.. macro:: PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH
+    :definition: ((size_t)4)
+
+    .. summary::
+        The size of the *algorithm* field that is part of the output of `psa_hash_suspend()`, in bytes.
+
+    Applications can use this value to unpack the hash suspend state that is output by `psa_hash_suspend()`.
+
+.. macro:: PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH
+    :definition: /* specification-defined value */
+
+    .. summary::
+        The size of the *input-length* field that is part of the output of `psa_hash_suspend()`, in bytes.
+
+    .. param:: alg
+        A hash algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_HASH(alg)` is true).
+
+    .. return::
+        The size, in bytes, of the *input-length* field of the hash suspend state for the specified hash algorithm. If the hash algorithm is not recognized, return ``0``. An implementation can return either ``0`` or the correct size for a hash algorithm that it recognizes, but does not support.
+
+        The algorithm-specific values are defined in :title:`hash-suspend-state-constants`.
+
+    Applications can use this value to unpack the hash suspend state that is output by `psa_hash_suspend()`.
+
+.. macro:: PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH
+    :definition: /* specification-defined value */
+
+    .. summary::
+        The size of the *hash-state* field that is part of the output of `psa_hash_suspend()`, in bytes.
+
+    .. param:: alg
+        A hash algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_HASH(alg)` is true).
+
+    .. return::
+        The size, in bytes, of the *hash-state* field of the hash suspend state for the specified hash algorithm. If the hash algorithm is not recognized, return ``0``. An implementation can return either ``0`` or the correct size for a hash algorithm that it recognizes, but does not support.
+
+        The algorithm-specific values are defined in :title:`hash-suspend-state-constants`.
+
+    Applications can use this value to unpack the hash suspend state that is output by `psa_hash_suspend()`.
+
+.. macro:: PSA_HASH_BLOCK_LENGTH
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        The input block size of a hash algorithm.
+
+    .. param:: alg
+        A hash algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_HASH(alg)` is true).
+
+    .. return::
+        The block size for the specified hash algorithm. If the hash algorithm is not recognized, return ``0``. An implementation can return either ``0`` or the correct size for a hash algorithm that it recognizes, but does not support.
+
+    Hash algorithms process their input data in blocks. Hash operations will retain any partial blocks until they have enough input to fill the block or until the operation is finished.
+
+    This affects the output from `psa_hash_suspend()`.
+
+
+.. _hash-suspend-state:
+
+Hash suspend state
+------------------
+
+The hash suspend state is output by `psa_hash_suspend()` and input to `psa_hash_resume()`.
+
+.. note::
+    Hash suspend and resume is not defined for the SHA3 family of hash algorithms.
+
+.. _hash-suspend-state-format:
+
+.. rubric:: Hash suspend state format
+
+The hash suspend state has the following format:
+
+*hash-suspend-state* = *algorithm* || *input-length* || *hash-state* || *unprocessed-input*
+
+The fields in the hash suspend state are defined as follows:
+
+.. tabularcolumns:: \Y{.25}\Y{.75}
+
+.. list-table::
+    :header-rows: 0
+    :widths: 1,3
+
+    *   -   *algorithm*
+
+            big-endian 32-bit unsigned integer
+
+        -   The PSA Crypto API algorithm identifier. Encoded as a big-endian 32-bit unsigned integer.
+
+            The byte length of the *algorithm* field can be evaluated using `PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH`.
+
+    *   -   *input-length*
+
+            big-endian unsigned integer
+
+        -   The content of this field is algorithm-specific:
+
+            - For MD2, this is the number of bytes in the *unprocessed-input*.
+            - For all other hash algorithms, this is the total number of bytes of input to the hash computation. This includes the *unprocessed-input* bytes.
+
+            The size of this field is algorithm-specific:
+
+            - For MD2: *input-length* is an 8-bit unsigned integer.
+            - For MD4, MD5, RIPEMD-160, SHA-1, SHA-224 and SHA-256: *input-length* is a 64-bit unsigned integer.
+            - For SHA-512, SHA-384 and SHA-512/256: *input-length* is a 128-bit unsigned integer.
+
+            The length, in bytes, of the *input-length* field can be calculated using :code:`PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH(alg)` where ``alg`` is a hash algorithm.
+            See :title:`hash-suspend-state-constants`.
+
+    *   -   *hash-state*
+
+            array of bytes
+
+        -   Algorithm-specific intermediate hash state:
+
+            - For MD2: 16 bytes of internal checksum, then 48 bytes of intermediate digest.
+            - For MD4 and MD5: 4x 32-bit integers, in little-endian encoding.
+            - For RIPEMD-160: 5x 32-bit integers, in little-endian encoding.
+            - For SHA-1: 5x 32-bit integers, in big-endian encoding.
+            - For SHA-224 and SHA-256: 8x 32-bit integers, in big-endian encoding.
+            - For SHA-512, SHA-384 and SHA-512/256: 8x 64-bit integers, in big-endian encoding.
+
+            The length of this field is specific to the algorithm.
+            The length, in bytes, of the *hash-state* field can be calculated using :code:`PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH(alg)` where ``alg`` is a hash algorithm.
+            See :title:`hash-suspend-state-constants`.
+
+    *   -   *unprocessed-input*
+
+            0 to (*hash-block-size*-1) bytes
+
+        -   A partial block of unprocessed input data. This is between zero and *hash-block-size*-1 bytes of data, the length can be calculated by:
+
+            ``length(``\ *unprocessed-input*\ ``)`` ``=`` *input-length* ``%`` *hash-block-size*.
+
+            The *hash-block-size* is specific to the algorithm.
+            The size of a hash block can be calculated using :code:`PSA_HASH_BLOCK_LENGTH(alg)` where ``alg`` is a hash algorithm.
+            See :title:`hash-suspend-state-constants`.
+
+.. _hash-suspend-state-constants:
+
+..  rubric:: Hash suspend state field sizes
+
+The following table defines the algorithm-specific field lengths for the hash suspend state returned by `psa_hash_suspend()`. All of the field lengths are in bytes. To compute the field lengths for algorithm ``alg``, use the following expressions:
+
+- :code:`PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH` returns the length of the *algorithm* field.
+- :code:`PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH(alg)` returns the length of the *input-length* field.
+- :code:`PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH(alg)` returns the length of the *hash-state* field.
+- :code:`PSA_HASH_BLOCK_LENGTH(alg)-1` is the maximum length of the *unprocessed-bytes* field.
+- :code:`PSA_HASH_SUSPEND_OUTPUT_SIZE(slg)` returns the maximum size of the hash suspend state.
+
+.. tabularcolumns:: LLLL
+
+.. csv-table::
+    :header-rows: 1
+
+    Hash algorithm, *input-length* size (bytes), *hash-state* length (bytes), *unprocessed-bytes* length (bytes)
+    `PSA_ALG_MD2`, 1, 64, 0 - 15
+    `PSA_ALG_MD4`, 8, 16, 0 - 63
+    `PSA_ALG_MD5`, 8, 16, 0 - 63
+    `PSA_ALG_RIPEMD160`, 8, 20, 0 - 63
+    `PSA_ALG_SHA_1`, 8, 20, 0 - 63
+    `PSA_ALG_SHA_224`, 8, 32, 0 - 63
+    `PSA_ALG_SHA_256`, 8, 32, 0 - 63
+    `PSA_ALG_SHA_512_256`, 16, 64, 0 - 127
+    `PSA_ALG_SHA_384`, 16, 64, 0 - 127
+    `PSA_ALG_SHA_512`, 16, 64, 0 - 127
diff --git a/docs/html/_sources/api/ops/index.rst.txt b/docs/html/_sources/api/ops/index.rst.txt
new file mode 100644
index 0000000..1e66853
--- /dev/null
+++ b/docs/html/_sources/api/ops/index.rst.txt
@@ -0,0 +1,17 @@
+.. _crypto-operations:
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Cryptographic operation reference
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. toctree::
+
+    hashes
+    macs
+    ciphers
+    aead
+    kdf
+    sign
+    pke
+    ka
+    rng
diff --git a/docs/html/_sources/api/ops/ka.rst.txt b/docs/html/_sources/api/ops/ka.rst.txt
new file mode 100644
index 0000000..a85b7a4
--- /dev/null
+++ b/docs/html/_sources/api/ops/ka.rst.txt
@@ -0,0 +1,263 @@
+.. _key-agreement:
+
+Key agreement
+=============
+
+.. _key-agreement-algorithms:
+
+Key agreement algorithms
+------------------------
+
+.. macro:: PSA_ALG_KEY_AGREEMENT
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Macro to build a combined algorithm that chains a key agreement with a key derivation.
+
+    .. param:: ka_alg
+        A key agreement algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_KEY_AGREEMENT(ka_alg)` is true).
+    .. param:: kdf_alg
+        A key derivation algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_KEY_DERIVATION(kdf_alg)` is true).
+
+    .. return::
+        The corresponding key agreement and derivation algorithm.
+
+        Unspecified if ``ka_alg`` is not a supported key agreement algorithm or ``kdf_alg`` is not a supported key derivation algorithm.
+
+    The component parts of a key agreement algorithm can be extracted using `PSA_ALG_KEY_AGREEMENT_GET_BASE()` and `PSA_ALG_KEY_AGREEMENT_GET_KDF()`.
+
+.. macro:: PSA_ALG_FFDH
+    :definition: ((psa_algorithm_t)0x09010000)
+
+    .. summary::
+        The finite-field Diffie-Hellman (DH) key agreement algorithm.
+
+    The shared secret produced by key agreement is ``g^{ab}`` in big-endian format. It is ``ceiling(m / 8)`` bytes long where ``m`` is the size of the prime ``p`` in bits.
+
+.. macro:: PSA_ALG_ECDH
+    :definition: ((psa_algorithm_t)0x09020000)
+
+    .. summary::
+        The elliptic curve Diffie-Hellman (ECDH) key agreement algorithm.
+
+    The shared secret produced by key agreement is the x-coordinate of the shared secret point. It is always ``ceiling(m / 8)`` bytes long where ``m`` is the bit size associated with the curve, i.e. the bit size of the order of the curve's coordinate field. When ``m`` is not a multiple of 8, the byte containing the most significant bit of the shared secret is padded with zero bits. The byte order is either little-endian or big-endian depending on the curve type.
+
+    * For Montgomery curves (curve family `PSA_ECC_FAMILY_MONTGOMERY`), the shared secret is the x-coordinate of ``d_A Q_B = d_B Q_A`` in little-endian byte order. The bit size is 448 for Curve448 and 255 for Curve25519.
+    * For Weierstrass curves over prime fields (curve families ``PSA_ECC_FAMILY_SECP_XX``, `PSA_ECC_FAMILY_BRAINPOOL_P_R1` and `PSA_ECC_FAMILY_FRP`), the shared secret is the x-coordinate of ``d_A Q_B = d_B Q_A`` in big-endian byte order. The bit size is ``m = ceiling(log_2(p))`` for the field ``F_p``.
+    * For Weierstrass curves over binary fields (curve families ``PSA_ECC_FAMILY_SECT_XX``), the shared secret is the x-coordinate of ``d_A Q_B = d_B Q_A`` in big-endian byte order. The bit size is ``m`` for the field ``F_{2^m}``.
+
+Standalone key agreement
+------------------------
+
+.. function:: psa_raw_key_agreement
+
+    .. summary::
+        Perform a key agreement and return the raw shared secret.
+
+    .. param:: psa_algorithm_t alg
+        The key agreement algorithm to compute (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_RAW_KEY_AGREEMENT(alg)` is true).
+    .. param:: psa_key_id_t private_key
+        Identifier of the private key to use.
+        It must allow the usage `PSA_KEY_USAGE_DERIVE`.
+    .. param:: const uint8_t * peer_key
+        Public key of the peer. It must be in the same format that `psa_import_key()` accepts. The standard formats for public keys are documented in the documentation of `psa_export_public_key()`.
+    .. param:: size_t peer_key_length
+        Size of ``peer_key`` in bytes.
+    .. param:: uint8_t * output
+        Buffer where the decrypted message is to be written.
+    .. param:: size_t output_size
+        Size of the ``output`` buffer in bytes.
+        This must be appropriate for the keys:
+
+        * The required output size is :code:`PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(type, bits)` where ``type`` is the type of ``private_key`` and ``bits`` is the bit-size of either ``private_key`` or the ``peer_key``.
+        * `PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE` evaluates to the maximum output size of any supported raw key agreement algorithm.
+
+    .. param:: size_t * output_length
+        On success, the number of bytes that make up the returned output.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+        Success.
+    .. retval:: PSA_ERROR_INVALID_HANDLE
+    .. retval:: PSA_ERROR_NOT_PERMITTED
+        The key does not have the `PSA_KEY_USAGE_DERIVE` flag, or it does not permit the requested algorithm.
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+        ``alg`` is not a key agreement algorithm
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+        ``private_key`` is not compatible with ``alg``, or ``peer_key`` is not valid for ``alg`` or not compatible with ``private_key``.
+    .. retval:: PSA_ERROR_BUFFER_TOO_SMALL
+        The size of the ``output`` buffer is too small.
+        `PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE()` or `PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE` can be used to determine the required buffer size.
+    .. retval:: PSA_ERROR_NOT_SUPPORTED
+        ``alg`` is not a supported key agreement algorithm.
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_STORAGE_FAILURE
+    .. retval:: PSA_ERROR_DATA_CORRUPT
+    .. retval:: PSA_ERROR_DATA_INVALID
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    .. warning::
+        The raw result of a key agreement algorithm such as finite-field Diffie-Hellman or elliptic curve Diffie-Hellman has biases, and is not suitable for use as key material. Instead it is recommended that the result is used as input to a key derivation algorithm. To chain a key agreement with a key derivation, use `psa_key_derivation_key_agreement()` and other functions from the key derivation interface.
+
+Combining key agreement and key derivation
+------------------------------------------
+
+.. function:: psa_key_derivation_key_agreement
+
+    .. summary::
+        Perform a key agreement and use the shared secret as input to a key derivation.
+
+    .. param:: psa_key_derivation_operation_t * operation
+        The key derivation operation object to use. It must have been set up with `psa_key_derivation_setup()` with a key agreement and derivation algorithm ``alg`` (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_KEY_AGREEMENT(alg)` is true and :code:`PSA_ALG_IS_RAW_KEY_AGREEMENT(alg)` is false). The operation must be ready for an input of the type given by ``step``.
+    .. param:: psa_key_derivation_step_t step
+        Which step the input data is for.
+    .. param:: psa_key_id_t private_key
+        Identifier of the private key to use.
+        It must allow the usage `PSA_KEY_USAGE_DERIVE`.
+    .. param:: const uint8_t * peer_key
+        Public key of the peer. The peer key must be in the same format that `psa_import_key()` accepts for the public key type corresponding to the type of private_key. That is, this function performs the equivalent of :code:`psa_import_key(..., peer_key, peer_key_length)` where with key attributes indicating the public key type corresponding to the type of ``private_key``. For example, for EC keys, this means that peer_key is interpreted as a point on the curve that the private key is on. The standard formats for public keys are documented in the documentation of `psa_export_public_key()`.
+    .. param:: size_t peer_key_length
+        Size of ``peer_key`` in bytes.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+        Success.
+    .. retval:: PSA_ERROR_BAD_STATE
+        The operation state is not valid for this key agreement ``step``.
+    .. retval:: PSA_ERROR_INVALID_HANDLE
+    .. retval:: PSA_ERROR_NOT_PERMITTED
+        The key does not have the `PSA_KEY_USAGE_DERIVE` flag, or it does not permit the requested algorithm.
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+        ``private_key`` is not compatible with ``alg``, or ``peer_key`` is not valid for ``alg`` or not compatible with ``private_key``.
+    .. retval:: PSA_ERROR_NOT_SUPPORTED
+        ``alg`` is not supported or is not a key derivation algorithm.
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+        ``step`` does not allow an input resulting from a key agreement.
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_STORAGE_FAILURE
+    .. retval:: PSA_ERROR_DATA_CORRUPT
+    .. retval:: PSA_ERROR_DATA_INVALID
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    A key agreement algorithm takes two inputs: a private key ``private_key`` a public key ``peer_key``. The result of this function is passed as input to a key derivation. The output of this key derivation can be extracted by reading from the resulting operation to produce keys and other cryptographic material.
+
+    If this function returns an error status, the operation enters an error state and must be aborted by calling `psa_key_derivation_abort()`.
+
+Support macros
+--------------
+
+.. macro:: PSA_ALG_KEY_AGREEMENT_GET_BASE
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Get the raw key agreement algorithm from a full key agreement algorithm.
+
+    .. param:: alg
+        A key agreement algorithm identifier (value of type `psa_algorithm_t` such that :code:`PSA_ALG_IS_KEY_AGREEMENT(alg)` is true).
+
+    .. return::
+        The underlying raw key agreement algorithm if ``alg`` is a key agreement algorithm.
+
+        Unspecified if ``alg`` is not a key agreement algorithm or if it is not supported by the implementation.
+
+    See also `PSA_ALG_KEY_AGREEMENT()` and `PSA_ALG_KEY_AGREEMENT_GET_KDF()`.
+
+.. macro:: PSA_ALG_KEY_AGREEMENT_GET_KDF
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Get the key derivation algorithm used in a full key agreement algorithm.
+
+    .. param:: alg
+        A key agreement algorithm identifier (value of type `psa_algorithm_t` such that :code:`PSA_ALG_IS_KEY_AGREEMENT(alg)` is true).
+
+    .. return::
+        The underlying key derivation algorithm if ``alg`` is a key agreement algorithm.
+
+        Unspecified if ``alg`` is not a key agreement algorithm or if it is not supported by the implementation.
+
+    See also `PSA_ALG_KEY_AGREEMENT()` and `PSA_ALG_KEY_AGREEMENT_GET_BASE()`.
+
+.. macro:: PSA_ALG_IS_RAW_KEY_AGREEMENT
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Whether the specified algorithm is a raw key agreement algorithm.
+
+    .. param:: alg
+        An algorithm identifier (value of type `psa_algorithm_t`).
+
+    .. return::
+        ``1`` if ``alg`` is a raw key agreement algorithm, ``0`` otherwise. This macro can return either ``0`` or ``1`` if ``alg`` is not a supported algorithm identifier.
+
+    A raw key agreement algorithm is one that does not specify a key derivation function. Usually, raw key agreement algorithms are constructed directly with a ``PSA_ALG_xxx`` macro while non-raw key agreement algorithms are constructed with `PSA_ALG_KEY_AGREEMENT()`.
+
+    The raw key agreement algorithm can be extracted from a full key agreement algorithm identifier using `PSA_ALG_KEY_AGREEMENT_GET_BASE()`.
+
+.. macro:: PSA_ALG_IS_FFDH
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Whether the specified algorithm is a finite field Diffie-Hellman algorithm.
+
+    .. param:: alg
+        An algorithm identifier (value of type `psa_algorithm_t`).
+
+    .. return::
+        ``1`` if ``alg`` is a finite field Diffie-Hellman algorithm, ``0`` otherwise. This macro can return either ``0`` or ``1`` if ``alg`` is not a supported key agreement algorithm identifier.
+
+    This includes the raw finite field Diffie-Hellman algorithm as well as finite-field Diffie-Hellman followed by any supporter key derivation algorithm.
+
+.. macro:: PSA_ALG_IS_ECDH
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Whether the specified algorithm is an elliptic curve Diffie-Hellman algorithm.
+
+    .. param:: alg
+        An algorithm identifier (value of type `psa_algorithm_t`).
+
+    .. return::
+        ``1`` if ``alg`` is an elliptic curve Diffie-Hellman algorithm, ``0`` otherwise. This macro can return either ``0`` or ``1`` if ``alg`` is not a supported key agreement algorithm identifier.
+
+    This includes the raw elliptic curve Diffie-Hellman algorithm as well as elliptic curve Diffie-Hellman followed by any supporter key derivation algorithm.
+
+.. macro:: PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        Sufficient output buffer size for `psa_raw_key_agreement()`.
+
+    .. param:: key_type
+        A supported key type.
+    .. param:: key_bits
+        The size of the key in bits.
+
+    .. return::
+        If the parameters are valid and supported, return a buffer size in bytes that guarantees that `psa_raw_key_agreement()` will not fail with `PSA_ERROR_BUFFER_TOO_SMALL`. If the parameters are a valid combination that is not supported by the implementation, this macro must return either a sensible size or ``0``. If the parameters are not valid, the return value is unspecified.
+
+    This macro returns a compile-time constant if its arguments are compile-time constants.
+
+    .. warning::
+        This function might evaluate its arguments multiple times or zero times. Providing arguments that have side effects will result in implementation-specific behavior, and is non-portable.
+
+    See also `PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE`.
+
+.. macro:: PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        Maximum size of the output from `psa_raw_key_agreement()`.
+
+    This macro must expand to a compile-time constant integer.
+    It is recommended that this value is the maximum size of the output any raw key agreement algorithm supported by the implementation, in bytes. The value must not be smaller than this maximum.
+
+    See also `PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE()`.
diff --git a/docs/html/_sources/api/ops/kdf.rst.txt b/docs/html/_sources/api/ops/kdf.rst.txt
new file mode 100644
index 0000000..62267a3
--- /dev/null
+++ b/docs/html/_sources/api/ops/kdf.rst.txt
@@ -0,0 +1,563 @@
+.. _kdf:
+
+Key derivation
+==============
+
+.. _key-derivation-algorithms:
+
+Key derivation algorithms
+-------------------------
+
+.. macro:: PSA_ALG_HKDF
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Macro to build an HKDF algorithm.
+
+    .. param:: hash_alg
+        A hash algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_HASH(hash_alg)` is true).
+
+    .. return::
+        The corresponding HKDF algorithm. For example, :code:`PSA_ALG_HKDF(PSA_ALG_SHA_256)` is HKDF using HMAC-SHA-256.
+
+        Unspecified if ``hash_alg`` is not a supported hash algorithm.
+
+    This key derivation algorithm uses the following inputs:
+
+    * `PSA_KEY_DERIVATION_INPUT_SALT` is the salt used in the "extract" step. It is optional; if omitted, the derivation uses an empty salt.
+    * `PSA_KEY_DERIVATION_INPUT_SECRET` is the secret key used in the "extract" step.
+    * `PSA_KEY_DERIVATION_INPUT_INFO` is the info string used in the "expand" step.
+
+    If `PSA_KEY_DERIVATION_INPUT_SALT` is provided, it must be before `PSA_KEY_DERIVATION_INPUT_SECRET`. `PSA_KEY_DERIVATION_INPUT_INFO` can be provided at any time after setup and before starting to generate output.
+
+.. macro:: PSA_ALG_TLS12_PRF
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Macro to build a TLS-1.2 PRF algorithm.
+
+    .. param:: hash_alg
+        A hash algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_HASH(hash_alg)` is true).
+
+    .. return::
+        The corresponding TLS-1.2 PRF algorithm. For example, :code:`PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256)` represents the TLS 1.2 PRF using HMAC-SHA-256.
+
+        Unspecified if ``hash_alg`` is not a supported hash algorithm.
+
+    TLS 1.2 uses a custom pseudorandom function (PRF) for key schedule, specified in :RFC:`5246#5`. It is based on HMAC and can be used with either SHA-256 or SHA-384.
+
+    This key derivation algorithm uses the following inputs, which must be passed in the order given here:
+
+    * `PSA_KEY_DERIVATION_INPUT_SEED` is the seed.
+    * `PSA_KEY_DERIVATION_INPUT_SECRET` is the secret key.
+    * `PSA_KEY_DERIVATION_INPUT_LABEL` is the label.
+
+    For the application to TLS-1.2 key expansion:
+
+    * The seed is the concatenation of ``ServerHello.Random + ClientHello.Random``.
+    * The label is ``"key expansion"``.
+
+.. macro:: PSA_ALG_TLS12_PSK_TO_MS
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Macro to build a TLS-1.2 PSK-to-MasterSecret algorithm.
+
+    .. param:: hash_alg
+        A hash algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_HASH(hash_alg)` is true).
+
+    .. return::
+        The corresponding TLS-1.2 PSK to MS algorithm. For example, :code:`PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256)` represents the TLS-1.2 PSK to MasterSecret derivation PRF using HMAC-SHA-256.
+
+        Unspecified if ``hash_alg`` is not a supported hash algorithm.
+
+    In a pure-PSK handshake in TLS 1.2, the master secret (MS) is derived from the pre-shared key (PSK) through the application of padding (:RFC:`4279#2`) and the TLS-1.2 PRF (:RFC:`5246#5`). The latter is based on HMAC and can be used with either SHA-256 or SHA-384.
+
+    This key derivation algorithm uses the following inputs, which must be passed in the order given here:
+
+    * `PSA_KEY_DERIVATION_INPUT_SEED` is the seed.
+    * `PSA_KEY_DERIVATION_INPUT_SECRET` is the PSK. The PSK must not be larger than `PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE`.
+    * `PSA_KEY_DERIVATION_INPUT_LABEL` is the label.
+
+    For the application to TLS-1.2:
+
+    * The seed, which is forwarded to the TLS-1.2 PRF, is the concatenation of the ``ClientHello.Random + ServerHello.Random``.
+    * The label is ``"master secret"`` or ``"extended master secret"``.
+
+Input step types
+----------------
+
+.. typedef:: uint16_t psa_key_derivation_step_t
+
+    .. summary::
+        Encoding of the step of a key derivation.
+
+.. macro:: PSA_KEY_DERIVATION_INPUT_SECRET
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        A secret input for key derivation.
+
+    This is typically a key of type `PSA_KEY_TYPE_DERIVE` passed to `psa_key_derivation_input_key()`, or the shared secret resulting from a key agreement obtained via `psa_key_derivation_key_agreement()`.
+
+    The secret can also be a direct input passed to `psa_key_derivation_input_bytes()`. In this case, the derivation operation cannot be used to derive keys: the operation will only allow `psa_key_derivation_output_bytes()`, not `psa_key_derivation_output_key()`.
+
+.. macro:: PSA_KEY_DERIVATION_INPUT_LABEL
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        A label for key derivation.
+
+    This is typically a direct input. It can also be a key of type `PSA_KEY_TYPE_RAW_DATA`.
+
+.. macro:: PSA_KEY_DERIVATION_INPUT_CONTEXT
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        A context for key derivation.
+
+    This is typically a direct input. It can also be a key of type `PSA_KEY_TYPE_RAW_DATA`.
+
+.. macro:: PSA_KEY_DERIVATION_INPUT_SALT
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        A salt for key derivation.
+
+    This is typically a direct input. It can also be a key of type `PSA_KEY_TYPE_RAW_DATA`.
+
+.. macro:: PSA_KEY_DERIVATION_INPUT_INFO
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        An information string for key derivation.
+
+    This is typically a direct input. It can also be a key of type `PSA_KEY_TYPE_RAW_DATA`.
+
+.. macro:: PSA_KEY_DERIVATION_INPUT_SEED
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        A seed for key derivation.
+
+    This is typically a direct input. It can also be a key of type `PSA_KEY_TYPE_RAW_DATA`.
+
+Key derivation functions
+------------------------
+
+.. typedef:: /* implementation-defined type */ psa_key_derivation_operation_t
+
+    .. summary::
+        The type of the state object for key derivation operations.
+
+    Before calling any function on a key derivation operation object, the application must initialize it by any of the following means:
+
+    * Set the object to all-bits-zero, for example:
+
+      .. autocode::
+          psa_key_derivation_operation_t operation;
+          memset(&operation, 0, sizeof(operation));
+
+    * Initialize the object to logical zero values by declaring the object as static or global without an explicit initializer, for example:
+
+      .. autocode::
+          static psa_key_derivation_operation_t operation;
+
+    * Initialize the object to the initializer `PSA_KEY_DERIVATION_OPERATION_INIT`, for example:
+
+      .. autocode::
+          psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+
+    * Assign the result of the function `psa_key_derivation_operation_init()` to the object, for example:
+
+      .. autocode::
+          psa_key_derivation_operation_t operation;
+          operation = psa_key_derivation_operation_init();
+
+    This is an implementation-defined type. Applications that make assumptions about the content of this object will result in in implementation-specific behavior, and are non-portable.
+
+.. macro:: PSA_KEY_DERIVATION_OPERATION_INIT
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        This macro returns a suitable initializer for a key derivation operation object of type `psa_key_derivation_operation_t`.
+
+.. function:: psa_key_derivation_operation_init
+
+    .. summary::
+        Return an initial value for a key derivation operation object.
+
+    .. return:: psa_key_derivation_operation_t
+
+.. function:: psa_key_derivation_setup
+
+    .. summary::
+        Set up a key derivation operation.
+
+    .. param:: psa_key_derivation_operation_t * operation
+        The key derivation operation object to set up. It must have been initialized but not set up yet.
+    .. param:: psa_algorithm_t alg
+        The key derivation algorithm to compute (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_KEY_DERIVATION(alg)` is true).
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+        Success.
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+        ``alg`` is not a key derivation algorithm.
+    .. retval:: PSA_ERROR_NOT_SUPPORTED
+        ``alg`` is not supported or is not a key derivation algorithm.
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_STORAGE_FAILURE
+    .. retval:: PSA_ERROR_DATA_CORRUPT
+    .. retval:: PSA_ERROR_DATA_INVALID
+    .. retval:: PSA_ERROR_BAD_STATE
+        The operation state is not valid: it must be inactive.
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    A key derivation algorithm takes some inputs and uses them to generate a byte stream in a deterministic way. This byte stream can be used to produce keys and other cryptographic material.
+
+    To derive a key:
+
+    #. Start with an initialized object of type `psa_key_derivation_operation_t`.
+    #. Call `psa_key_derivation_setup()` to select the algorithm.
+    #. Provide the inputs for the key derivation by calling `psa_key_derivation_input_bytes()` or `psa_key_derivation_input_key()` as appropriate. Which inputs are needed, in what order, whether keys are permitted, and what type of keys depends on the algorithm.
+    #. Optionally set the operation's maximum capacity with `psa_key_derivation_set_capacity()`. This can be done before, in the middle of, or after providing inputs. For some algorithms, this step is mandatory because the output depends on the maximum capacity.
+    #. To derive a key, call `psa_key_derivation_output_key()`. To derive a byte string for a different purpose, call `psa_key_derivation_output_bytes()`. Successive calls to these functions use successive output bytes calculated by the key derivation algorithm.
+    #. Clean up the key derivation operation object with `psa_key_derivation_abort()`.
+
+    If this function returns an error, the key derivation operation object is not changed.
+
+    If an error occurs at any step after a call to `psa_key_derivation_setup()`, the operation will need to be reset by a call to `psa_key_derivation_abort()`.
+
+    Implementations must reject an attempt to derive a key of size ``0``.
+
+.. function:: psa_key_derivation_get_capacity
+
+    .. summary::
+        Retrieve the current capacity of a key derivation operation.
+
+    .. param:: const psa_key_derivation_operation_t * operation
+        The operation to query.
+    .. param:: size_t * capacity
+        On success, the capacity of the operation.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_BAD_STATE
+        The operation state is not valid: it must be active.
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    The capacity of a key derivation is the maximum number of bytes that it can return. Reading *N* bytes of output from a key derivation operation reduces its capacity by at least *N*. The capacity can be reduced by more than *N* in the following situations:
+
+    - Calling `psa_key_derivation_output_key()` can reduce the capacity by more than the key size, depending on the type of key being generated. See  `psa_key_derivation_output_key()` for details of the key derivation process.
+    - When the `psa_key_derivation_operation_t` object is operating as a deterministic random bit generator (DBRG), which reduces capacity in whole blocks, even when less than a block is read.
+
+.. function:: psa_key_derivation_set_capacity
+
+    .. summary::
+        Set the maximum capacity of a key derivation operation.
+
+    .. param:: psa_key_derivation_operation_t * operation
+        The key derivation operation object to modify.
+    .. param:: size_t capacity
+        The new capacity of the operation. It must be less or equal to the operation's current capacity.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+        ``capacity`` is larger than the operation's current capacity. In this case, the operation object remains valid and its capacity remains unchanged.
+    .. retval:: PSA_ERROR_BAD_STATE
+        The operation state is not valid: it must be active.
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    The capacity of a key derivation operation is the maximum number of bytes that the key derivation operation can return from this point onwards.
+
+.. function:: psa_key_derivation_input_bytes
+
+    .. summary::
+        Provide an input for key derivation or key agreement.
+
+    .. param:: psa_key_derivation_operation_t * operation
+        The key derivation operation object to use. It must have been set up with `psa_key_derivation_setup()` and must not have produced any output yet.
+    .. param:: psa_key_derivation_step_t step
+        Which step the input data is for.
+    .. param:: const uint8_t * data
+        Input data to use.
+    .. param:: size_t data_length
+        Size of the ``data`` buffer in bytes.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+        Success.
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+        ``step`` is not compatible with the operation's algorithm.
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+        ``step`` does not allow direct inputs.
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_STORAGE_FAILURE
+    .. retval:: PSA_ERROR_DATA_CORRUPT
+    .. retval:: PSA_ERROR_DATA_INVALID
+    .. retval:: PSA_ERROR_BAD_STATE
+        The operation state is not valid for this input ``step``.
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    Which inputs are required and in what order depends on the algorithm. Refer to the documentation of each key derivation or key agreement algorithm for information.
+
+    This function passes direct inputs, which is usually correct for non-secret inputs. To pass a secret input, which is normally in a key object, call `psa_key_derivation_input_key()` instead of this function. Refer to the documentation of individual step types (``PSA_KEY_DERIVATION_INPUT_xxx`` values of type `psa_key_derivation_step_t`) for more information.
+
+    If this function returns an error status, the operation enters an error state and must be aborted by calling `psa_key_derivation_abort()`.
+
+.. function:: psa_key_derivation_input_key
+
+    .. summary::
+        Provide an input for key derivation in the form of a key.
+
+    .. param:: psa_key_derivation_operation_t * operation
+        The key derivation operation object to use. It must have been set up with `psa_key_derivation_setup()` and must not have produced any output yet.
+    .. param:: psa_key_derivation_step_t step
+        Which step the input data is for.
+    .. param:: psa_key_id_t key
+        Identifier of the key. It must have an appropriate type for ``step`` and must allow the usage `PSA_KEY_USAGE_DERIVE`.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+        Success.
+    .. retval:: PSA_ERROR_INVALID_HANDLE
+    .. retval:: PSA_ERROR_NOT_PERMITTED
+        The key does not have the `PSA_KEY_USAGE_DERIVE` flag.
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+        ``step`` is not compatible with the operation's algorithm.
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+        ``step`` does not allow key inputs of the given type or does not allow key inputs at all.
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_STORAGE_FAILURE
+    .. retval:: PSA_ERROR_DATA_CORRUPT
+    .. retval:: PSA_ERROR_DATA_INVALID
+    .. retval:: PSA_ERROR_BAD_STATE
+        The operation state is not valid for this input ``step``.
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    Which inputs are required and in what order depends on the algorithm. Refer to the documentation of each key derivation or key agreement algorithm for information.
+
+    This function obtains input from a key object, which is usually correct for secret inputs or for non-secret personalization strings kept in the key store. To pass a non-secret parameter which is not in the key store, call `psa_key_derivation_input_bytes()` instead of this function. Refer to the documentation of individual step types (``PSA_KEY_DERIVATION_INPUT_xxx`` values of type `psa_key_derivation_step_t`) for more information.
+
+    If this function returns an error status, the operation enters an error state and must be aborted by calling `psa_key_derivation_abort()`.
+
+.. function:: psa_key_derivation_output_bytes
+
+    .. summary::
+        Read some data from a key derivation operation.
+
+    .. param:: psa_key_derivation_operation_t * operation
+        The key derivation operation object to read from.
+    .. param:: uint8_t * output
+        Buffer where the output will be written.
+    .. param:: size_t output_length
+        Number of bytes to output.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+    .. retval:: PSA_ERROR_INSUFFICIENT_DATA
+        The operation's capacity was less than ``output_length`` bytes. Note that in this case, no output is written to the output buffer. The operation's capacity is set to ``0``, thus subsequent calls to this function will not succeed, even with a smaller output buffer.
+    .. retval:: PSA_ERROR_BAD_STATE
+        The operation state is not valid: it must be active and completed all required input steps.
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_STORAGE_FAILURE
+    .. retval:: PSA_ERROR_DATA_CORRUPT
+    .. retval:: PSA_ERROR_DATA_INVALID
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    This function calculates output bytes from a key derivation algorithm and return those bytes. If the key derivation's output is viewed as a stream of bytes, this function consumes the requested number of bytes from the stream and returns them to the caller. The operation's capacity decreases by the number of bytes read.
+
+    If this function returns an error status other than `PSA_ERROR_INSUFFICIENT_DATA`, the operation enters an error state and must be aborted by calling `psa_key_derivation_abort()`.
+
+.. function:: psa_key_derivation_output_key
+
+    .. summary::
+        Derive a key from an ongoing key derivation operation.
+
+    .. param:: const psa_key_attributes_t * attributes
+        The attributes for the new key.
+    .. param:: psa_key_derivation_operation_t * operation
+        The key derivation operation object to read from.
+    .. param:: psa_key_id_t * key
+        On success, an identifier for the newly created key. `PSA_KEY_ID_NULL` on failure.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+        Success. If the key is persistent, the key material and the key's metadata have been saved to persistent storage.
+    .. retval:: PSA_ERROR_ALREADY_EXISTS
+        This is an attempt to create a persistent key, and there is already a persistent key with the given identifier.
+    .. retval:: PSA_ERROR_INSUFFICIENT_DATA
+        There was not enough data to create the desired key. Note that in this case, no output is written to the output buffer. The operation's capacity is set to ``0``, thus subsequent calls to this function will not succeed, even with a smaller output buffer.
+    .. retval:: PSA_ERROR_NOT_SUPPORTED
+        The key type or key size is not supported, either by the implementation in general or in this particular location.
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+        The provided key attributes are not valid for the operation.
+    .. retval:: PSA_ERROR_NOT_PERMITTED
+        The `PSA_KEY_DERIVATION_INPUT_SECRET` input was not provided through a key.
+    .. retval:: PSA_ERROR_BAD_STATE
+        The operation state is not valid: it must be active and completed all required input steps.
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_INSUFFICIENT_STORAGE
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_STORAGE_FAILURE
+    .. retval:: PSA_ERROR_DATA_CORRUPT
+    .. retval:: PSA_ERROR_DATA_INVALID
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    This function calculates output bytes from a key derivation algorithm and uses those bytes to generate a key deterministically. The key's location, usage policy, type and size are taken from ``attributes``.
+
+    If the key derivation's output is viewed as a stream of bytes, this function consumes the required number of bytes from the stream. The operation's capacity decreases by the number of bytes used to derive the key.
+
+    If this function returns an error status other than `PSA_ERROR_INSUFFICIENT_DATA`, the operation enters an error state and must be aborted by calling `psa_key_derivation_abort()`.
+
+    How much output is produced and consumed from the operation, and how the key is derived, depends on the key type:
+
+    * For key types for which the key is an arbitrary sequence of bytes of a given size, this function is functionally equivalent to calling `psa_key_derivation_output_bytes()` and passing the resulting output to `psa_import_key()`. However, this function has a security benefit: if the implementation provides an isolation boundary then the key material is not exposed outside the isolation boundary. As a consequence, for these key types, this function always consumes exactly ``(bits/8)`` bytes from the operation. The following key types defined in this specification follow this scheme:
+
+      * `PSA_KEY_TYPE_AES`;
+      * `PSA_KEY_TYPE_ARC4`;
+      * `PSA_KEY_TYPE_CAMELLIA`;
+      * `PSA_KEY_TYPE_DERIVE`;
+      * `PSA_KEY_TYPE_HMAC`.
+
+    * For ECC keys on a Montgomery elliptic curve (:code:`PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY)`), this function always draws a byte string whose length is determined by the curve, and sets the mandatory bits accordingly. That is:
+
+      * Curve25519 (`PSA_ECC_FAMILY_MONTGOMERY`, 255 bits): draw a 32-byte string and process it as specified in :RFC:`7748#5`.
+      * Curve448 (`PSA_ECC_FAMILY_MONTGOMERY`, 448 bits): draw a 56-byte string and process it as specified in :RFC:`7748#5`.
+
+    * For key types for which the key is represented by a single sequence of ``bits`` bits with constraints as to which bit sequences are acceptable, this function draws a byte string of length ``ceiling(bits/8)`` bytes. If the resulting byte string is acceptable, it becomes the key, otherwise the drawn bytes are discarded. This process is repeated until an acceptable byte string is drawn. The byte string drawn from the operation is interpreted as specified for the output produced by `psa_export_key()`. The following key types defined in this specification follow this scheme:
+
+      * `PSA_KEY_TYPE_DES`. Force-set the parity bits, but discard forbidden weak keys. For 2-key and 3-key triple-DES, the three keys are generated successively. For example, for 3-key triple-DES, if the first 8 bytes specify a weak key and the next 8 bytes do not, discard the first 8 bytes, use the next 8 bytes as the first key, and continue reading output from the operation to derive the other two keys.
+
+      * Finite-field Diffie-Hellman keys (:code:`PSA_KEY_TYPE_DH_KEY_PAIR(dh_family)` where ``dh_family`` designates any Diffie-Hellman family) and ECC keys on a Weierstrass elliptic curve (:code:`PSA_KEY_TYPE_ECC_KEY_PAIR(ecc_family)` where ``ecc_family`` designates a Weierstrass curve family). For these key types, interpret the byte string as integer in big-endian order. Discard it if it is not in the range [0, *N* - 2] where *N* is the boundary of the private key domain: *N* is the prime *p* for Diffie-Hellman, or the order of the curve's base point for ECC. Add ``1`` to the resulting integer and use this as the private key *x*.
+
+        This method allows compliance to NIST standards, specifically the methods titled *Key-Pair Generation by Testing Candidates* in the following publications:
+
+        - |NIST SP 800-56A|_ (NIST SP 800-56A) §5.6.1.1.4 for Diffie-Hellman keys.
+        - `NIST SP 800-56A`_ §5.6.1.2.2 or |FIPS 186-4|_ (FIPS 186-4) §B.4.2 for elliptic curve keys.
+
+        .. |NIST SP 800-56A| replace:: *NIST Special Publication 800-56A: Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography*
+        .. _NIST SP 800-56A: https://doi.org/10.6028/NIST.SP.800-56Ar3
+
+        .. |FIPS 186-4| replace:: *FIPS Publication 186-4: Digital Signature Standard (DSS)*
+        .. _FIPS 186-4: https://doi.org/10.6028/NIST.FIPS.186-4
+
+    * For other key types, including `PSA_KEY_TYPE_RSA_KEY_PAIR`, the way in which the operation output is consumed is implementation-defined.
+
+    In all cases, the data that is read is discarded from the operation. The operation's capacity is decreased by the number of bytes read.
+
+    For algorithms that take an input step `PSA_KEY_DERIVATION_INPUT_SECRET`, the input to that step must be provided with `psa_key_derivation_input_key()`. Future versions of this specification might include additional restrictions on the derived key based on the attributes and strength of the secret key.
+
+.. function:: psa_key_derivation_abort
+
+    .. summary::
+        Abort a key derivation operation.
+
+    .. param:: psa_key_derivation_operation_t * operation
+        The operation to abort.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    Aborting an operation frees all associated resources except for the ``operation`` object itself. Once aborted, the operation object can be reused for another operation by calling `psa_key_derivation_setup()` again.
+
+    This function can be called at any time after the operation object has been initialized as described in `psa_key_derivation_operation_t`.
+
+    In particular, it is valid to call `psa_key_derivation_abort()` twice, or to call `psa_key_derivation_abort()` on an operation that has not been set up.
+
+Support macros
+--------------
+
+.. macro:: PSA_ALG_IS_HKDF
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Whether the specified algorithm is an HKDF algorithm.
+
+    .. param:: alg
+        An algorithm identifier (value of type `psa_algorithm_t`).
+
+    .. return::
+        ``1`` if ``alg`` is an HKDF algorithm, ``0`` otherwise. This macro can return either ``0`` or ``1`` if ``alg`` is not a supported key derivation algorithm identifier.
+
+    HKDF is a family of key derivation algorithms that are based on a hash function and the HMAC construction.
+
+.. macro:: PSA_ALG_IS_TLS12_PRF
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Whether the specified algorithm is a TLS-1.2 PRF algorithm.
+
+    .. param:: alg
+        An algorithm identifier (value of type `psa_algorithm_t`).
+
+    .. return::
+        ``1`` if ``alg`` is a TLS-1.2 PRF algorithm, ``0`` otherwise. This macro can return either ``0`` or ``1`` if ``alg`` is not a supported key derivation algorithm identifier.
+
+.. macro:: PSA_ALG_IS_TLS12_PSK_TO_MS
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Whether the specified algorithm is a TLS-1.2 PSK to MS algorithm.
+
+    .. param:: alg
+        An algorithm identifier (value of type `psa_algorithm_t`).
+
+    .. return::
+        ``1`` if ``alg`` is a TLS-1.2 PSK to MS algorithm, ``0`` otherwise. This macro can return either ``0`` or ``1`` if ``alg`` is not a supported key derivation algorithm identifier.
+
+.. macro:: PSA_KEY_DERIVATION_UNLIMITED_CAPACITY
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        Use the maximum possible capacity for a key derivation operation.
+
+    Use this value as the capacity argument when setting up a key derivation to specify that the operation will use the maximum possible capacity. The value of the maximum possible capacity depends on the key derivation algorithm.
+
+.. macro:: PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        This macro returns the maximum supported length of the PSK for the TLS-1.2 PSK-to-MS key derivation.
+
+    This implementation-defined value specifies the maximum length for the PSK input used with a `PSA_ALG_TLS12_PSK_TO_MS()` key agreement algorithm.
+
+    Quoting :RFC:`4279#5.3`:
+
+        TLS implementations supporting these ciphersuites MUST support arbitrary PSK identities up to 128 octets in length, and arbitrary PSKs up to 64 octets in length. Supporting longer identities and keys is RECOMMENDED.
+
+    Therefore, it is recommended that implementations define `PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE` with a value greater than or equal to ``64``.
diff --git a/docs/html/_sources/api/ops/macs.rst.txt b/docs/html/_sources/api/ops/macs.rst.txt
new file mode 100644
index 0000000..3cd1283
--- /dev/null
+++ b/docs/html/_sources/api/ops/macs.rst.txt
@@ -0,0 +1,540 @@
+.. _macs:
+
+Message authentication codes (MAC)
+==================================
+
+.. _mac-algorithms:
+
+MAC algorithms
+--------------
+
+.. macro:: PSA_ALG_HMAC
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Macro to build an HMAC algorithm.
+
+    .. param:: hash_alg
+        A hash algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_HASH(hash_alg)` is true).
+
+    .. return::
+        The corresponding HMAC algorithm.
+
+        Unspecified if ``hash_alg`` is not a supported hash algorithm.
+
+    For example, :code:`PSA_ALG_HMAC(PSA_ALG_SHA_256)` is HMAC-SHA-256.
+
+.. macro:: PSA_ALG_TRUNCATED_MAC
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Macro to build a truncated MAC algorithm.
+
+    .. param:: mac_alg
+        A MAC algorithm identifier (value of type `psa_algorithm_t` such that :code:`PSA_ALG_IS_MAC(alg)` is true). This can be a truncated or untruncated MAC algorithm.
+    .. param:: mac_length
+        Desired length of the truncated MAC in bytes. This must be at most the full length of the MAC and must be at least an implementation-specified minimum. The implementation-specified minimum must not be zero.
+
+    .. return::
+        The corresponding MAC algorithm with the specified length.
+
+        Unspecified if ``alg`` is not a supported MAC algorithm or if ``mac_length`` is too small or too large for the specified MAC algorithm.
+
+    A truncated MAC algorithm is identical to the corresponding MAC algorithm except that the MAC value for the truncated algorithm consists of only the first ``mac_length`` bytes of the MAC value for the untruncated algorithm.
+
+    .. note::
+        This macro might allow constructing algorithm identifiers that are not valid, either because the specified length is larger than the untruncated MAC or because the specified length is smaller than permitted by the implementation.
+
+    .. note::
+        It is implementation-defined whether a truncated MAC that is truncated to the same length as the MAC of the untruncated algorithm is considered identical to the untruncated algorithm for policy comparison purposes.
+
+    The full-length MAC algorithm can be recovered using `PSA_ALG_FULL_LENGTH_MAC()`.
+
+.. macro:: PSA_ALG_CBC_MAC
+    :definition: ((psa_algorithm_t)0x03c00100)
+
+    .. summary::
+        The CBC-MAC construction over a block cipher.
+
+    .. warning::
+        CBC-MAC is insecure in many cases. A more secure mode, such as `PSA_ALG_CMAC`, is recommended.
+
+.. macro:: PSA_ALG_CMAC
+    :definition: ((psa_algorithm_t)0x03c00200)
+
+    .. summary::
+        The CMAC construction over a block cipher.
+
+Single-part MAC functions
+-------------------------
+
+.. function:: psa_mac_compute
+
+    .. summary::
+        Calculate the message authentication code (MAC) of a message.
+
+    .. param:: psa_key_id_t key
+        Identifier of the key to use for the operation.
+        It must allow the usage `PSA_KEY_USAGE_SIGN_MESSAGE`.
+    .. param:: psa_algorithm_t alg
+        The MAC algorithm to compute (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_MAC(alg)` is true).
+    .. param:: const uint8_t * input
+        Buffer containing the input message.
+    .. param:: size_t input_length
+        Size of the ``input`` buffer in bytes.
+    .. param:: uint8_t * mac
+        Buffer where the MAC value is to be written.
+    .. param:: size_t mac_size
+        Size of the ``mac`` buffer in bytes.
+        This must be appropriate for the selected algorithm and key:
+
+        * The exact MAC size is :code:`PSA_MAC_LENGTH(key_type, key_bits, alg)` where ``key_type`` and ``key_bits`` are attributes of the key used to compute the MAC.
+        * `PSA_MAC_MAX_SIZE` evaluates to the maximum MAC size of any supported MAC algorithm.
+
+    .. param:: size_t * mac_length
+        On success, the number of bytes that make up the MAC value.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+        Success.
+    .. retval:: PSA_ERROR_INVALID_HANDLE
+    .. retval:: PSA_ERROR_NOT_PERMITTED
+        The key does not have the `PSA_KEY_USAGE_SIGN_MESSAGE` flag, or it does not permit the requested algorithm.
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+        ``key`` is not compatible with ``alg``.
+    .. retval:: PSA_ERROR_NOT_SUPPORTED
+        ``alg`` is not supported or is not a MAC algorithm.
+    .. retval:: PSA_ERROR_BUFFER_TOO_SMALL
+        The size of the ``mac`` buffer is too small.
+        `PSA_MAC_LENGTH()` or `PSA_MAC_MAX_SIZE` can be used to determine the required buffer size.
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_STORAGE_FAILURE
+        The key could not be retrieved from storage.
+    .. retval:: PSA_ERROR_DATA_CORRUPT
+        The key could not be retrieved from storage.
+    .. retval:: PSA_ERROR_DATA_INVALID
+        The key could not be retrieved from storage.
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    .. note::
+        To verify the MAC of a message against an expected value, use `psa_mac_verify()` instead. Beware that comparing integrity or authenticity data such as MAC values with a function such as ``memcmp()`` is risky because the time taken by the comparison might leak information about the MAC value which could allow an attacker to guess a valid MAC and thereby bypass security controls.
+
+.. function:: psa_mac_verify
+
+    .. summary::
+        Calculate the MAC of a message and compare it with a reference value.
+
+    .. param:: psa_key_id_t key
+        Identifier of the key to use for the operation.
+        It must allow the usage `PSA_KEY_USAGE_VERIFY_MESSAGE`.
+    .. param:: psa_algorithm_t alg
+        The MAC algorithm to compute (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_MAC(alg)` is true).
+    .. param:: const uint8_t * input
+        Buffer containing the input message.
+    .. param:: size_t input_length
+        Size of the ``input`` buffer in bytes.
+    .. param:: const uint8_t * mac
+        Buffer containing the expected MAC value.
+    .. param:: size_t mac_length
+        Size of the ``mac`` buffer in bytes.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+        The expected MAC is identical to the actual MAC of the input.
+    .. retval:: PSA_ERROR_INVALID_SIGNATURE
+        The MAC of the message was calculated successfully, but it differs from the expected value.
+    .. retval:: PSA_ERROR_INVALID_HANDLE
+    .. retval:: PSA_ERROR_NOT_PERMITTED
+        The key does not have the `PSA_KEY_USAGE_VERIFY_MESSAGE` flag, or it does not permit the requested algorithm.
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+        ``key`` is not compatible with ``alg``.
+    .. retval:: PSA_ERROR_NOT_SUPPORTED
+        ``alg`` is not supported or is not a MAC algorithm.
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_STORAGE_FAILURE
+        The key could not be retrieved from storage.
+    .. retval:: PSA_ERROR_DATA_CORRUPT
+        The key could not be retrieved from storage.
+    .. retval:: PSA_ERROR_DATA_INVALID
+        The key could not be retrieved from storage.
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+Multi-part MAC operations
+-------------------------
+
+.. typedef:: /* implementation-defined type */ psa_mac_operation_t
+
+    .. summary::
+        The type of the state object for multi-part MAC operations.
+
+    Before calling any function on a MAC operation object, the application must initialize it by any of the following means:
+
+    * Set the object to all-bits-zero, for example:
+
+      .. autocode::
+          psa_mac_operation_t operation;
+          memset(&operation, 0, sizeof(operation));
+
+    * Initialize the object to logical zero values by declaring the object as static or global without an explicit initializer, for example:
+
+      .. autocode::
+          static psa_mac_operation_t operation;
+
+    * Initialize the object to the initializer `PSA_MAC_OPERATION_INIT`, for example:
+
+      .. autocode::
+          psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+
+    * Assign the result of the function `psa_mac_operation_init()` to the object, for example:
+
+      .. autocode::
+          psa_mac_operation_t operation;
+          operation = psa_mac_operation_init();
+
+    This is an implementation-defined type. Applications that make assumptions about the content of this object will result in in implementation-specific behavior, and are non-portable.
+
+.. macro:: PSA_MAC_OPERATION_INIT
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        This macro returns a suitable initializer for a MAC operation object of type `psa_mac_operation_t`.
+
+.. function:: psa_mac_operation_init
+
+    .. summary::
+        Return an initial value for a MAC operation object.
+
+    .. return:: psa_mac_operation_t
+
+.. function:: psa_mac_sign_setup
+
+    .. summary::
+        Set up a multi-part MAC calculation operation.
+
+    .. param:: psa_mac_operation_t * operation
+        The operation object to set up. It must have been initialized as per the documentation for `psa_mac_operation_t` and not yet in use.
+    .. param:: psa_key_id_t key
+        Identifier of the key to use for the operation. It must remain valid until the operation terminates.
+        It must allow the usage `PSA_KEY_USAGE_SIGN_MESSAGE`.
+    .. param:: psa_algorithm_t alg
+        The MAC algorithm to compute (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_MAC(alg)` is true).
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+        Success.
+    .. retval:: PSA_ERROR_INVALID_HANDLE
+    .. retval:: PSA_ERROR_NOT_PERMITTED
+        The key does not have the `PSA_KEY_USAGE_SIGN_MESSAGE` flag, or it does not permit the requested algorithm.
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+        ``key`` is not compatible with ``alg``.
+    .. retval:: PSA_ERROR_NOT_SUPPORTED
+        ``alg`` is not supported or is not a MAC algorithm.
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_STORAGE_FAILURE
+        The key could not be retrieved from storage.
+    .. retval:: PSA_ERROR_DATA_CORRUPT
+        The key could not be retrieved from storage.
+    .. retval:: PSA_ERROR_DATA_INVALID
+        The key could not be retrieved from storage.
+    .. retval:: PSA_ERROR_BAD_STATE
+        The operation state is not valid: it must be inactive.
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    This function sets up the calculation of the message authentication code (MAC) of a byte string. To verify the MAC of a message against an expected value, use `psa_mac_verify_setup()` instead.
+
+    The sequence of operations to calculate a MAC is as follows:
+
+    #. Allocate an operation object which will be passed to all the functions listed here.
+    #. Initialize the operation object with one of the methods described in the documentation for `psa_mac_operation_t`, e.g. `PSA_MAC_OPERATION_INIT`.
+    #. Call `psa_mac_sign_setup()` to specify the algorithm and key.
+    #. Call `psa_mac_update()` zero, one or more times, passing a fragment of the message each time. The MAC that is calculated is the MAC of the concatenation of these messages in order.
+    #. At the end of the message, call `psa_mac_sign_finish()` to finish calculating the MAC value and retrieve it.
+
+    If an error occurs at any step after a call to `psa_mac_sign_setup()`, the operation will need to be reset by a call to `psa_mac_abort()`. The application can call `psa_mac_abort()` at any time after the operation has been initialized.
+
+    After a successful call to `psa_mac_sign_setup()`, the application must eventually terminate the operation through one of the following methods:
+
+    * A successful call to `psa_mac_sign_finish()`.
+    * A call to `psa_mac_abort()`.
+
+.. function:: psa_mac_verify_setup
+
+    .. summary::
+        Set up a multi-part MAC verification operation.
+
+    .. param:: psa_mac_operation_t * operation
+        The operation object to set up. It must have been initialized as per the documentation for `psa_mac_operation_t` and not yet in use.
+    .. param:: psa_key_id_t key
+        Identifier of the key to use for the operation. It must remain valid until the operation terminates.
+        It must allow the usage `PSA_KEY_USAGE_VERIFY_MESSAGE`.
+    .. param:: psa_algorithm_t alg
+        The MAC algorithm to compute (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_MAC(alg)` is true).
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+        Success.
+    .. retval:: PSA_ERROR_INVALID_HANDLE
+    .. retval:: PSA_ERROR_NOT_PERMITTED
+        The key does not have the `PSA_KEY_USAGE_VERIFY_MESSAGE` flag, or it does not permit the requested algorithm.
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+        ``key`` is not compatible with ``alg``.
+    .. retval:: PSA_ERROR_NOT_SUPPORTED
+        ``alg`` is not supported or is not a MAC algorithm.
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_STORAGE_FAILURE
+        The key could not be retrieved from storage
+    .. retval:: PSA_ERROR_DATA_CORRUPT
+        The key could not be retrieved from storage.
+    .. retval:: PSA_ERROR_DATA_INVALID
+        The key could not be retrieved from storage.
+    .. retval:: PSA_ERROR_BAD_STATE
+        The operation state is not valid: it must be inactive.
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    This function sets up the verification of the message authentication code (MAC) of a byte string against an expected value.
+
+    The sequence of operations to verify a MAC is as follows:
+
+    #. Allocate an operation object which will be passed to all the functions listed here.
+    #. Initialize the operation object with one of the methods described in the documentation for `psa_mac_operation_t`, e.g. `PSA_MAC_OPERATION_INIT`.
+    #. Call `psa_mac_verify_setup()` to specify the algorithm and key.
+    #. Call `psa_mac_update()` zero, one or more times, passing a fragment of the message each time. The MAC that is calculated is the MAC of the concatenation of these messages in order.
+    #. At the end of the message, call `psa_mac_verify_finish()` to finish calculating the actual MAC of the message and verify it against the expected value.
+
+    If an error occurs at any step after a call to `psa_mac_verify_setup()`, the operation will need to be reset by a call to `psa_mac_abort()`. The application can call `psa_mac_abort()` at any time after the operation has been initialized.
+
+    After a successful call to `psa_mac_verify_setup()`, the application must eventually terminate the operation through one of the following methods:
+
+    * A successful call to `psa_mac_verify_finish()`.
+    * A call to `psa_mac_abort()`.
+
+.. function:: psa_mac_update
+
+    .. summary::
+        Add a message fragment to a multi-part MAC operation.
+
+    .. param:: psa_mac_operation_t * operation
+        Active MAC operation.
+    .. param:: const uint8_t * input
+        Buffer containing the message fragment to add to the MAC calculation.
+    .. param:: size_t input_length
+        Size of the ``input`` buffer in bytes.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+        Success.
+    .. retval:: PSA_ERROR_BAD_STATE
+        The operation state is not valid: it must be active.
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_STORAGE_FAILURE
+    .. retval:: PSA_ERROR_DATA_CORRUPT
+    .. retval:: PSA_ERROR_DATA_INVALID
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    The application must call `psa_mac_sign_setup()` or `psa_mac_verify_setup()` before calling this function.
+
+    If this function returns an error status, the operation enters an error state and must be aborted by calling `psa_mac_abort()`.
+
+.. function:: psa_mac_sign_finish
+
+    .. summary::
+        Finish the calculation of the MAC of a message.
+
+    .. param:: psa_mac_operation_t * operation
+        Active MAC operation.
+    .. param:: uint8_t * mac
+        Buffer where the MAC value is to be written.
+    .. param:: size_t mac_size
+        Size of the ``mac`` buffer in bytes.
+        This must be appropriate for the selected algorithm and key:
+
+        * The exact MAC size is :code:`PSA_MAC_LENGTH(key_type, key_bits, alg)` where ``key_type`` and ``key_bits`` are attributes of the key, and ``alg`` is the algorithm used to compute the MAC.
+        * `PSA_MAC_MAX_SIZE` evaluates to the maximum MAC size of any supported MAC algorithm.
+
+    .. param:: size_t * mac_length
+        On success, the number of bytes that make up the MAC value. This is always :code:`PSA_MAC_FINAL_SIZE(key_type, key_bits, alg)` where ``key_type`` and ``key_bits`` are the type and bit-size respectively of the key and ``alg`` is the MAC algorithm that is calculated.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+        Success.
+    .. retval:: PSA_ERROR_BAD_STATE
+        The operation state is not valid: it must be an active mac sign operation.
+    .. retval:: PSA_ERROR_BUFFER_TOO_SMALL
+        The size of the ``mac`` buffer is too small.
+        `PSA_MAC_LENGTH()` or `PSA_MAC_MAX_SIZE` can be used to determine the required buffer size.
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_STORAGE_FAILURE
+    .. retval:: PSA_ERROR_DATA_CORRUPT
+    .. retval:: PSA_ERROR_DATA_INVALID
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    The application must call `psa_mac_sign_setup()` before calling this function. This function calculates the MAC of the message formed by concatenating the inputs passed to preceding calls to `psa_mac_update()`.
+
+    When this function returns successfully, the operation becomes inactive. If this function returns an error status, the operation enters an error state and must be aborted by calling `psa_mac_abort()`.
+
+    .. warning::
+        It is not recommended to use this function when a specific value is expected for the MAC. Call `psa_mac_verify_finish()` instead with the expected MAC value.
+
+        Comparing integrity or authenticity data such as MAC values with a function such as ``memcmp()`` is risky because the time taken by the comparison might leak information about the hashed data which could allow an attacker to guess a valid MAC and thereby bypass security controls.
+
+.. function:: psa_mac_verify_finish
+
+    .. summary::
+        Finish the calculation of the MAC of a message and compare it with an expected value.
+
+    .. param:: psa_mac_operation_t * operation
+        Active MAC operation.
+    .. param:: const uint8_t * mac
+        Buffer containing the expected MAC value.
+    .. param:: size_t mac_length
+        Size of the ``mac`` buffer in bytes.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+        The expected MAC is identical to the actual MAC of the message.
+    .. retval:: PSA_ERROR_INVALID_SIGNATURE
+        The MAC of the message was calculated successfully, but it differs from the expected MAC.
+    .. retval:: PSA_ERROR_BAD_STATE
+        The operation state is not valid: it must be an active mac verify operation.
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_STORAGE_FAILURE
+    .. retval:: PSA_ERROR_DATA_CORRUPT
+    .. retval:: PSA_ERROR_DATA_INVALID
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    The application must call `psa_mac_verify_setup()` before calling this function. This function calculates the MAC of the message formed by concatenating the inputs passed to preceding calls to `psa_mac_update()`. It then compares the calculated MAC with the expected MAC passed as a parameter to this function.
+
+    When this function returns successfully, the operation becomes inactive. If this function returns an error status, the operation enters an error state and must be aborted by calling `psa_mac_abort()`.
+
+    .. note::
+        Implementations must make the best effort to ensure that the comparison between the actual MAC and the expected MAC is performed in constant time.
+
+.. function:: psa_mac_abort
+
+    .. summary::
+        Abort a MAC operation.
+
+    .. param:: psa_mac_operation_t * operation
+        Initialized MAC operation.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    Aborting an operation frees all associated resources except for the ``operation`` object itself. Once aborted, the operation object can be reused for another operation by calling `psa_mac_sign_setup()` or `psa_mac_verify_setup()` again.
+
+    This function can be called any time after the operation object has been initialized by one of the methods described in `psa_mac_operation_t`.
+
+    In particular, calling `psa_mac_abort()` after the operation has been terminated by a call to `psa_mac_abort()`, `psa_mac_sign_finish()` or `psa_mac_verify_finish()` is safe and has no effect.
+
+Support macros
+--------------
+
+.. macro:: PSA_ALG_IS_HMAC
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Whether the specified algorithm is an HMAC algorithm.
+
+    .. param:: alg
+        An algorithm identifier (value of type `psa_algorithm_t`).
+
+    .. return::
+        ``1`` if ``alg`` is an HMAC algorithm, ``0`` otherwise. This macro can return either ``0`` or ``1`` if ``alg`` is not a supported algorithm identifier.
+
+    HMAC is a family of MAC algorithms that are based on a hash function.
+
+.. macro:: PSA_ALG_IS_BLOCK_CIPHER_MAC
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Whether the specified algorithm is a MAC algorithm based on a block cipher.
+
+    .. param:: alg
+        An algorithm identifier (value of type `psa_algorithm_t`).
+
+    .. return::
+        ``1`` if ``alg`` is a MAC algorithm based on a block cipher, ``0`` otherwise. This macro can return either ``0`` or ``1`` if ``alg`` is not a supported algorithm identifier.
+
+.. macro:: PSA_ALG_FULL_LENGTH_MAC
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Macro to construct the MAC algorithm with a full length MAC, from a truncated MAC algorithm.
+
+    .. param:: mac_alg
+        A MAC algorithm identifier (value of type `psa_algorithm_t` such that :code:`PSA_ALG_IS_MAC(alg)` is true). This can be a truncated or untruncated MAC algorithm.
+
+    .. return::
+        The corresponding MAC algorithm with a full length MAC.
+
+        Unspecified if ``alg`` is not a supported MAC algorithm.
+
+.. macro:: PSA_MAC_LENGTH
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        The size of the output of `psa_mac_compute()` and `psa_mac_sign_finish()`, in bytes.
+
+    .. param:: key_type
+        The type of the MAC key.
+    .. param:: key_bits
+        The size of the MAC key in bits.
+    .. param:: alg
+        A MAC algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_MAC(alg)` is true).
+
+    .. return::
+        The MAC length for the specified algorithm with the specified key parameters.
+
+        ``0`` if the MAC algorithm is not recognized.
+
+        Either ``0`` or the correct length for a MAC algorithm that the implementation recognizes, but does not support.
+
+        Unspecified if the key parameters are not consistent with the algorithm.
+
+    This is also the MAC length that `psa_mac_verify()` and `psa_mac_verify_finish()` expects.
+
+    See also `PSA_MAC_MAX_SIZE`.
+
+.. macro:: PSA_MAC_MAX_SIZE
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        Maximum size of a MAC.
+
+    This macro must expand to a compile-time constant integer.
+    It is recommended that this value is the maximum size of a MAC supported by the implementation, in bytes. The value must not be smaller than this maximum.
+
+    See also `PSA_MAC_LENGTH()`.
diff --git a/docs/html/_sources/api/ops/pke.rst.txt b/docs/html/_sources/api/ops/pke.rst.txt
new file mode 100644
index 0000000..9ffde10
--- /dev/null
+++ b/docs/html/_sources/api/ops/pke.rst.txt
@@ -0,0 +1,220 @@
+.. _pke:
+
+Asymmetric encryption
+=====================
+
+.. _asymmetric-encryption-algorithms:
+
+Asymmetric encryption algorithms
+--------------------------------
+
+.. macro:: PSA_ALG_RSA_PKCS1V15_CRYPT
+    :definition: ((psa_algorithm_t)0x07000200)
+
+    .. summary::
+        RSA PKCS#1 v1.5 encryption.
+
+.. macro:: PSA_ALG_RSA_OAEP
+    :definition: /* specification-defined value */
+
+    .. summary::
+        RSA OAEP encryption.
+
+    .. param:: hash_alg
+        The hash algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_HASH(hash_alg)` is true) to use for MGF1.
+
+    .. return::
+        The corresponding RSA OAEP signature algorithm.
+
+        Unspecified if ``hash_alg`` is not a supported hash algorithm.
+
+    This is the encryption scheme defined by :RFC:`8017` (PKCS#1: RSA Cryptography Specifications) under the name RSAES-OAEP, with the message generation function MGF1.
+
+Asymmetric encryption functions
+-------------------------------
+
+.. function:: psa_asymmetric_encrypt
+
+    .. summary::
+        Encrypt a short message with a public key.
+
+    .. param:: psa_key_id_t key
+        Identifer of the key to use for the operation. It must be a public key or an asymmetric key pair.
+        It must allow the usage `PSA_KEY_USAGE_ENCRYPT`.
+    .. param:: psa_algorithm_t alg
+        An asymmetric encryption algorithm that is compatible with the type of ``key``.
+    .. param:: const uint8_t * input
+        The message to encrypt.
+    .. param:: size_t input_length
+        Size of the ``input`` buffer in bytes.
+    .. param:: const uint8_t * salt
+        A salt or label, if supported by the encryption algorithm. If the algorithm does not support a salt, pass ``NULL``. If the algorithm supports an optional salt, pass ``NULL`` to indicate that there is no salt.
+    .. param:: size_t salt_length
+        Size of the ``salt`` buffer in bytes. If ``salt`` is ``NULL``, pass ``0``.
+    .. param:: uint8_t * output
+        Buffer where the encrypted message is to be written.
+    .. param:: size_t output_size
+        Size of the ``output`` buffer in bytes.
+        This must be appropriate for the selected algorithm and key:
+
+        * The required output size is :code:`PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg)` where ``key_type`` and ``key_bits`` are the type and bit-size respectively of ``key``.
+        * `PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE` evaluates to the maximum output size of any supported asymmetric encryption.
+
+    .. param:: size_t * output_length
+        On success, the number of bytes that make up the returned output.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+    .. retval:: PSA_ERROR_INVALID_HANDLE
+    .. retval:: PSA_ERROR_NOT_PERMITTED
+        The key does not have the `PSA_KEY_USAGE_ENCRYPT` flag, or it does not permit the requested algorithm.
+    .. retval:: PSA_ERROR_BUFFER_TOO_SMALL
+        The size of the ``output`` buffer is too small.
+        `PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE()` or `PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE` can be used to determine the required buffer size.
+    .. retval:: PSA_ERROR_NOT_SUPPORTED
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_STORAGE_FAILURE
+    .. retval:: PSA_ERROR_DATA_CORRUPT
+    .. retval:: PSA_ERROR_DATA_INVALID
+    .. retval:: PSA_ERROR_INSUFFICIENT_ENTROPY
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    * For `PSA_ALG_RSA_PKCS1V15_CRYPT`, no salt is supported.
+
+.. function:: psa_asymmetric_decrypt
+
+    .. summary::
+        Decrypt a short message with a private key.
+
+    .. param:: psa_key_id_t key
+        Identifier of the key to use for the operation. It must be an asymmetric key pair.
+        It must allow the usage `PSA_KEY_USAGE_DECRYPT`.
+    .. param:: psa_algorithm_t alg
+        An asymmetric encryption algorithm that is compatible with the type of ``key``.
+    .. param:: const uint8_t * input
+        The message to decrypt.
+    .. param:: size_t input_length
+        Size of the ``input`` buffer in bytes.
+    .. param:: const uint8_t * salt
+        A salt or label, if supported by the encryption algorithm. If the algorithm does not support a salt, pass ``NULL``. If the algorithm supports an optional salt, pass ``NULL`` to indicate that there is no salt.
+    .. param:: size_t salt_length
+        Size of the ``salt`` buffer in bytes. If ``salt`` is ``NULL``, pass ``0``.
+    .. param:: uint8_t * output
+        Buffer where the decrypted message is to be written.
+    .. param:: size_t output_size
+        Size of the ``output`` buffer in bytes.
+        This must be appropriate for the selected algorithm and key:
+
+        * The required output size is :code:`PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg)` where ``key_type`` and ``key_bits`` are the type and bit-size respectively of ``key``.
+        * `PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE` evaluates to the maximum output size of any supported asymmetric decryption.
+
+    .. param:: size_t * output_length
+        On success, the number of bytes that make up the returned output.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+    .. retval:: PSA_ERROR_INVALID_HANDLE
+    .. retval:: PSA_ERROR_NOT_PERMITTED
+        The key does not have the `PSA_KEY_USAGE_DECRYPT` flag, or it does not permit the requested algorithm.
+    .. retval:: PSA_ERROR_BUFFER_TOO_SMALL
+        The size of the ``output`` buffer is too small.
+        `PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE()` or `PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE` can be used to determine the required buffer size.
+    .. retval:: PSA_ERROR_NOT_SUPPORTED
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_STORAGE_FAILURE
+    .. retval:: PSA_ERROR_DATA_CORRUPT
+    .. retval:: PSA_ERROR_DATA_INVALID
+    .. retval:: PSA_ERROR_INSUFFICIENT_ENTROPY
+    .. retval:: PSA_ERROR_INVALID_PADDING
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    * For `PSA_ALG_RSA_PKCS1V15_CRYPT`, no salt is supported.
+
+Support macros
+--------------
+
+.. macro:: PSA_ALG_IS_RSA_OAEP
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Whether the specified algorithm is an RSA OAEP encryption algorithm.
+
+    .. param:: alg
+        An algorithm identifier (value of type `psa_algorithm_t`).
+
+    .. return::
+        ``1`` if ``alg`` is an RSA OAEP algorithm, ``0`` otherwise.
+
+        This macro can return either ``0`` or ``1`` if ``alg`` is not a supported algorithm identifier.
+
+.. macro:: PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        Sufficient output buffer size for `psa_asymmetric_encrypt()`.
+
+    .. param:: key_type
+        An asymmetric key type, either a key pair or a public key.
+    .. param:: key_bits
+        The size of the key in bits.
+    .. param:: alg
+        The signature algorithm.
+
+    .. return::
+        If the parameters are valid and supported, return a buffer size in bytes that guarantees that `psa_asymmetric_encrypt()` will not fail with `PSA_ERROR_BUFFER_TOO_SMALL`. If the parameters are a valid combination that is not supported by the implementation, this macro must return either a sensible size or ``0``. If the parameters are not valid, the return value is unspecified.
+
+    This macro returns a sufficient buffer size for a ciphertext produced using a key of the specified type and size, with the specified algorithm. Note that the actual size of the ciphertext might be smaller, depending on the algorithm.
+
+    .. warning::
+        This function might evaluate its arguments multiple times or zero times. Providing arguments that have side effects will result in implementation-specific behavior, and is non-portable.
+
+    See also `PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE`.
+
+.. macro:: PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        A sufficient output buffer size for `psa_asymmetric_encrypt()`, for any supported asymmetric encryption.
+
+    See also `PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE()`.
+
+.. macro:: PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        Sufficient output buffer size for `psa_asymmetric_decrypt()`.
+
+    .. param:: key_type
+        An asymmetric key type, either a key pair or a public key.
+    .. param:: key_bits
+        The size of the key in bits.
+    .. param:: alg
+        The signature algorithm.
+
+    .. return::
+        If the parameters are valid and supported, return a buffer size in bytes that guarantees that `psa_asymmetric_decrypt()` will not fail with `PSA_ERROR_BUFFER_TOO_SMALL`. If the parameters are a valid combination that is not supported by the implementation, this macro must return either a sensible size or ``0``. If the parameters are not valid, the return value is unspecified.
+
+    This macro returns a sufficient buffer size for a ciphertext produced using a key of the specified type and size, with the specified algorithm. Note that the actual size of the ciphertext might be smaller, depending on the algorithm.
+
+    .. warning::
+        This function might evaluate its arguments multiple times or zero times. Providing arguments that have side effects will result in implementation-specific behavior, and is non-portable.
+
+    See also `PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE`.
+
+.. macro:: PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        A sufficient output buffer size for `psa_asymmetric_decrypt()`, for any supported asymmetric decryption.
+
+    See also `PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE()`.
diff --git a/docs/html/_sources/api/ops/rng.rst.txt b/docs/html/_sources/api/ops/rng.rst.txt
new file mode 100644
index 0000000..f670bd9
--- /dev/null
+++ b/docs/html/_sources/api/ops/rng.rst.txt
@@ -0,0 +1,34 @@
+Other cryptographic services
+============================
+
+.. _rng:
+
+Random number generation
+------------------------
+
+.. function:: psa_generate_random
+
+    .. summary::
+        Generate random bytes.
+
+    .. param:: uint8_t * output
+        Output buffer for the generated data.
+    .. param:: size_t output_size
+        Number of bytes to generate and output.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+    .. retval:: PSA_ERROR_NOT_SUPPORTED
+    .. retval:: PSA_ERROR_INSUFFICIENT_ENTROPY
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    .. warning::
+        This function **can** fail! Callers MUST check the return status and MUST NOT use the content of the output buffer if the return status is not `PSA_SUCCESS`.
+
+    .. note::
+        To generate a key, use `psa_generate_key()` instead.
diff --git a/docs/html/_sources/api/ops/sign.rst.txt b/docs/html/_sources/api/ops/sign.rst.txt
new file mode 100644
index 0000000..a0025b5
--- /dev/null
+++ b/docs/html/_sources/api/ops/sign.rst.txt
@@ -0,0 +1,474 @@
+.. _sign:
+
+Asymmetric signature
+====================
+
+.. _sign-algorithms:
+
+Asymmetric signature algorithms
+-------------------------------
+
+.. macro:: PSA_ALG_RSA_PKCS1V15_SIGN
+    :definition: /* specification-defined value */
+
+    .. summary::
+        RSA PKCS#1 v1.5 signature with hashing.
+
+    .. param:: hash_alg
+        A hash algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_HASH(hash_alg)` is true). This includes `PSA_ALG_ANY_HASH` when specifying the algorithm in a usage policy.
+
+    .. return::
+        The corresponding RSA PKCS#1 v1.5 signature algorithm.
+
+        Unspecified if ``hash_alg`` is not a supported hash algorithm.
+
+    This is the signature scheme defined by :RFC:`8017` (PKCS#1: RSA Cryptography Specifications) under the name RSASSA-PKCS1-v1_5.
+
+.. macro:: PSA_ALG_RSA_PKCS1V15_SIGN_RAW
+    :definition: ((psa_algorithm_t) 0x06000200))
+
+    .. summary::
+        Raw PKCS#1 v1.5 signature.
+
+    The input to this algorithm is the DigestInfo structure used by :RFC:`8017#9.2` (PKCS#1: RSA Cryptography Specifications), in steps 3–6.
+
+.. macro:: PSA_ALG_RSA_PSS
+    :definition: /* specification-defined value */
+
+    .. summary::
+        RSA PSS signature with hashing.
+
+    .. param:: hash_alg
+        A hash algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_HASH(hash_alg)` is true). This includes `PSA_ALG_ANY_HASH` when specifying the algorithm in a usage policy.
+
+    .. return::
+        The corresponding RSA PSS signature algorithm.
+
+        Unspecified if ``hash_alg`` is not a supported hash algorithm.
+
+    This is the signature scheme defined by :RFC:`8017` (PKCS#1: RSA Cryptography Specifications) under the name RSASSA-PSS, with the message generation function MGF1, and with a salt length equal to the length of the hash. The specified hash algorithm is used to hash the input message, to create the salted hash, and for the mask generation.
+
+.. macro:: PSA_ALG_ECDSA
+    :definition: /* specification-defined value */
+
+    .. summary::
+        ECDSA signature with hashing.
+
+    .. param:: hash_alg
+        A hash algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_HASH(hash_alg)` is true). This includes `PSA_ALG_ANY_HASH` when specifying the algorithm in a usage policy.
+
+    .. return::
+        The corresponding ECDSA signature algorithm.
+
+        Unspecified if ``hash_alg`` is not a supported hash algorithm.
+
+    This is the *Elliptic Curve Digital Signature Algorithm (ECDSA)* defined by ANSI X9.62-2005, with a random per-message secret number (*k*).
+
+    The representation of the signature as a byte string consists of the concatenation of the signature values *r* and *s*. Each of *r* and *s* is encoded as an *N*-octet string, where *N* is the length of the base point of the curve in octets. Each value is represented in big-endian order, with the most significant octet first.
+
+.. macro:: PSA_ALG_ECDSA_ANY
+    :definition: ((psa_algorithm_t) 0x06000600))
+
+    .. summary::
+        ECDSA signature without hashing.
+
+    This is the same signature scheme as `PSA_ALG_ECDSA()`, but without specifying a hash algorithm. This algorithm is only recommended to sign or verify a sequence of bytes that are an already-calculated hash. Note that the input is padded with zeros on the left or truncated on the left as required to fit the curve size.
+
+.. macro:: PSA_ALG_DETERMINISTIC_ECDSA
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Deterministic ECDSA signature with hashing.
+
+    .. param:: hash_alg
+        A hash algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_HASH(hash_alg)` is true). This includes `PSA_ALG_ANY_HASH` when specifying the algorithm in a usage policy.
+
+    .. return::
+        The corresponding deterministic ECDSA signature algorithm.
+
+        Unspecified if ``hash_alg`` is not a supported hash algorithm.
+
+    This is the deterministic ECDSA signature scheme defined by :RFC:`6979`.
+
+    The representation of a signature is the same as with `PSA_ALG_ECDSA()`.
+
+    Note that when this algorithm is used for verification, signatures made with randomized ECDSA (:code:`PSA_ALG_ECDSA(hash_alg)`) with the same private key are accepted. In other words, :code:`PSA_ALG_DETERMINISTIC_ECDSA(hash_alg)` differs from :code:`PSA_ALG_ECDSA(hash_alg)` only for signature, not for verification.
+
+Asymmetric signature functions
+------------------------------
+
+.. function:: psa_sign_message
+
+    .. summary::
+        Sign a message with a private key. For hash-and-sign algorithms, this includes the hashing step.
+
+    .. param:: psa_key_id_t key
+        Identifier of the key to use for the operation. It must be an asymmetric key pair. The key must allow the usage `PSA_KEY_USAGE_SIGN_MESSAGE`.
+    .. param:: psa_algorithm_t alg
+        An asymmetric signature algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_SIGN_MESSAGE(alg)` is true), that is compatible with the type of ``key``.
+    .. param:: const uint8_t * input
+        The input message to sign.
+    .. param:: size_t input_length
+        Size of the ``input`` buffer in bytes.
+    .. param:: uint8_t * signature
+        Buffer where the signature is to be written.
+    .. param:: size_t signature_size
+        Size of the ``signature`` buffer in bytes.
+        This must be appropriate for the selected algorithm and key:
+
+        * The required signature size is :code:`PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg)` where ``key_type`` and ``key_bits`` are the type and bit-size respectively of ``key``.
+        * `PSA_SIGNATURE_MAX_SIZE` evaluates to the maximum signature size of any supported signature algorithm.
+
+    .. param:: size_t * signature_length
+        On success, the number of bytes that make up the returned signature value.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+    .. retval:: PSA_ERROR_INVALID_HANDLE
+    .. retval:: PSA_ERROR_NOT_PERMITTED
+        The key does not have the `PSA_KEY_USAGE_SIGN_MESSAGE` flag, or it does not permit the requested algorithm.
+    .. retval:: PSA_ERROR_BUFFER_TOO_SMALL
+        The size of the ``signature`` buffer is too small.
+        `PSA_SIGN_OUTPUT_SIZE()` or `PSA_SIGNATURE_MAX_SIZE` can be used to determine the required buffer size.
+    .. retval:: PSA_ERROR_NOT_SUPPORTED
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_STORAGE_FAILURE
+    .. retval:: PSA_ERROR_DATA_CORRUPT
+    .. retval:: PSA_ERROR_DATA_INVALID
+    .. retval:: PSA_ERROR_INSUFFICIENT_ENTROPY
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    ..  note::
+        To perform a multi-part hash-and-sign signature algorithm, first use a :ref:`multi-part hash operation <hash-mp>` and then pass the resulting hash to `psa_sign_hash()`. :code:`PSA_ALG_GET_HASH(alg)` can be used to determine the hash algorithm to use.
+
+.. function:: psa_verify_message
+
+    .. summary::
+        Verify the signature of a message with a public key, using a hash-and-sign verification algorithm.
+
+    .. param:: psa_key_id_t key
+        Identifier of the key to use for the operation. It must be a public key or an asymmetric key pair. The key must allow the usage `PSA_KEY_USAGE_VERIFY_MESSAGE`.
+    .. param:: psa_algorithm_t alg
+        An asymmetric signature algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_SIGN_MESSAGE(alg)` is true), that is compatible with the type of ``key``.
+    .. param:: const uint8_t * input
+        The message whose signature is to be verified.
+    .. param:: size_t input_length
+        Size of the ``input`` buffer in bytes.
+    .. param:: const uint8_t * signature
+        Buffer containing the signature to verify.
+    .. param:: size_t signature_length
+        Size of the ``signature`` buffer in bytes.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+        The signature is valid.
+    .. retval:: PSA_ERROR_INVALID_HANDLE
+    .. retval:: PSA_ERROR_NOT_PERMITTED
+        The key does not have the `PSA_KEY_USAGE_VERIFY_MESSAGE` flag, or it does not permit the requested algorithm.
+    .. retval:: PSA_ERROR_INVALID_SIGNATURE
+        The calculation was performed successfully, but the passed signature is not a valid signature.
+    .. retval:: PSA_ERROR_NOT_SUPPORTED
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_STORAGE_FAILURE
+    .. retval:: PSA_ERROR_DATA_CORRUPT
+    .. retval:: PSA_ERROR_DATA_INVALID
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    ..  note::
+        To perform a multi-part hash-and-sign signature verification algorithm, first use a :ref:`multi-part hash operation <hash-mp>` to hash the message and then pass the resulting hash to `psa_verify_hash()`. :code:`PSA_ALG_GET_HASH(alg)` can be used to determine the hash algorithm to use.
+
+.. function:: psa_sign_hash
+
+    .. summary::
+        Sign an already-calculated hash with a private key.
+
+    .. param:: psa_key_id_t key
+        Identifier of the key to use for the operation. It must be an asymmetric key pair. The key must allow the usage `PSA_KEY_USAGE_SIGN_HASH`.
+    .. param:: psa_algorithm_t alg
+        An asymmetric signature algorithm that separates the hash and sign operations (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_SIGN_HASH(alg)` is true), that is compatible with the type of ``key``.
+    .. param:: const uint8_t * hash
+        The input to sign. This is usually the hash of a message. See the detailed description of this function and the description of individual signature algorithms for a detailed description of acceptable inputs.
+    .. param:: size_t hash_length
+        Size of the ``hash`` buffer in bytes.
+    .. param:: uint8_t * signature
+        Buffer where the signature is to be written.
+    .. param:: size_t signature_size
+        Size of the ``signature`` buffer in bytes.
+        This must be appropriate for the selected algorithm and key:
+
+        * The required signature size is :code:`PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg)` where ``key_type`` and ``key_bits`` are the type and bit-size respectively of ``key``.
+        * `PSA_SIGNATURE_MAX_SIZE` evaluates to the maximum signature size of any supported signature algorithm.
+
+    .. param:: size_t * signature_length
+        On success, the number of bytes that make up the returned signature value.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+    .. retval:: PSA_ERROR_INVALID_HANDLE
+    .. retval:: PSA_ERROR_NOT_PERMITTED
+        The key does not have the `PSA_KEY_USAGE_SIGN_HASH` flag, or it does not permit the requested algorithm.
+    .. retval:: PSA_ERROR_BUFFER_TOO_SMALL
+        The size of the ``signature`` buffer is too small.
+        `PSA_SIGN_OUTPUT_SIZE()` or `PSA_SIGNATURE_MAX_SIZE` can be used to determine the required buffer size.
+    .. retval:: PSA_ERROR_NOT_SUPPORTED
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_STORAGE_FAILURE
+    .. retval:: PSA_ERROR_DATA_CORRUPT
+    .. retval:: PSA_ERROR_DATA_INVALID
+    .. retval:: PSA_ERROR_INSUFFICIENT_ENTROPY
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    With most signature mechanisms that follow the hash-and-sign paradigm, the hash input to this function is the hash of the message to sign. The hash algorithm is encoded in the signature algorithm.
+
+    Some hash-and-sign mechanisms apply a padding or encoding to the hash. In such cases, the encoded hash must be passed to this function. The current version of this specification defines one such signature algorithm: `PSA_ALG_RSA_PKCS1V15_SIGN_RAW`.
+
+    .. note::
+        To perform a hash-and-sign algorithm, the hash must be calculated before passing it to this function. This can be done by calling `psa_hash_compute()` or with a multi-part hash operation. Alternatively, to hash and sign a message in a single call, use `psa_sign_message()`.
+
+.. function:: psa_verify_hash
+
+    .. summary::
+        Verify the signature of a hash or short message using a public key.
+
+    .. param:: psa_key_id_t key
+        Identifier of the key to use for the operation. It must be a public key or an asymmetric key pair. The key must allow the usage `PSA_KEY_USAGE_VERIFY_HASH`.
+    .. param:: psa_algorithm_t alg
+        An asymmetric signature algorithm that separates the hash and sign operations (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_SIGN_HASH(alg)` is true), that is compatible with the type of ``key``.
+    .. param:: const uint8_t * hash
+        The input whose signature is to be verified. This is usually the hash of a message. See the detailed description of this function and the description of individual signature algorithms for a detailed description of acceptable inputs.
+    .. param:: size_t hash_length
+        Size of the ``hash`` buffer in bytes.
+    .. param:: const uint8_t * signature
+        Buffer containing the signature to verify.
+    .. param:: size_t signature_length
+        Size of the ``signature`` buffer in bytes.
+
+    .. return:: psa_status_t
+    .. retval:: PSA_SUCCESS
+        The signature is valid.
+    .. retval:: PSA_ERROR_INVALID_HANDLE
+    .. retval:: PSA_ERROR_NOT_PERMITTED
+        The key does not have the `PSA_KEY_USAGE_VERIFY_HASH` flag, or it does not permit the requested algorithm.
+    .. retval:: PSA_ERROR_INVALID_SIGNATURE
+        The calculation was performed successfully, but the passed signature is not a valid signature.
+    .. retval:: PSA_ERROR_NOT_SUPPORTED
+    .. retval:: PSA_ERROR_INVALID_ARGUMENT
+    .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
+    .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
+    .. retval:: PSA_ERROR_HARDWARE_FAILURE
+    .. retval:: PSA_ERROR_CORRUPTION_DETECTED
+    .. retval:: PSA_ERROR_STORAGE_FAILURE
+    .. retval:: PSA_ERROR_DATA_CORRUPT
+    .. retval:: PSA_ERROR_DATA_INVALID
+    .. retval:: PSA_ERROR_BAD_STATE
+        The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
+
+    With most signature mechanisms that follow the hash-and-sign paradigm, the hash input to this function is the hash of the message to sign. The hash algorithm is encoded in the signature algorithm.
+
+    Some hash-and-sign mechanisms apply a padding or encoding to the hash. In such cases, the encoded hash must be passed to this function. The current version of this specification defines one such signature algorithm: `PSA_ALG_RSA_PKCS1V15_SIGN_RAW`.
+
+    .. note::
+        To perform a hash-and-sign verification algorithm, the hash must be calculated before passing it to this function. This can be done by calling `psa_hash_compute()` or with a multi-part hash operation. Alternatively, to hash and verify a message signature in a single call, use `psa_verify_message()`.
+
+Support macros
+--------------
+
+.. macro:: PSA_ALG_IS_SIGN_MESSAGE
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Whether the specified algorithm is a signature algorithm that can be used with `psa_sign_message()` and `psa_verify_message()`.
+
+    .. param:: alg
+        An algorithm identifier (value of type `psa_algorithm_t`).
+
+    .. return::
+        ``1`` if ``alg`` is a signature algorithm that can be used to sign a message. ``0`` if ``alg`` is a signature algorithm that can only be used to sign an already-calculated hash. ``0`` if ``alg`` is not a signature algorithm. This macro can return either ``0`` or ``1`` if ``alg`` is not a supported algorithm identifier.
+
+.. macro:: PSA_ALG_IS_SIGN_HASH
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Whether the specified algorithm is a signature algorithm that can be used with `psa_sign_hash()` and `psa_verify_hash()`.
+
+    .. param:: alg
+        An algorithm identifier (value of type `psa_algorithm_t`).
+
+    .. return::
+        ``1`` if ``alg`` is a signature algorithm that can be used to sign a hash. ``0`` if ``alg`` is a signature algorithm that can only be used to sign a message. ``0`` if ``alg`` is not a signature algorithm. This macro can return either ``0`` or ``1`` if ``alg`` is not a supported algorithm identifier.
+
+.. macro:: PSA_ALG_IS_RSA_PKCS1V15_SIGN
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Whether the specified algorithm is an RSA PKCS#1 v1.5 signature algorithm.
+
+    .. param:: alg
+        An algorithm identifier (value of type `psa_algorithm_t`).
+
+    .. return::
+        ``1`` if ``alg`` is an RSA PKCS#1 v1.5 signature algorithm, ``0`` otherwise.
+
+        This macro can return either ``0`` or ``1`` if ``alg`` is not a supported algorithm identifier.
+
+.. macro:: PSA_ALG_IS_RSA_PSS
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Whether the specified algorithm is an RSA PSS signature algorithm.
+
+    .. param:: alg
+        An algorithm identifier (value of type `psa_algorithm_t`).
+
+    .. return::
+        ``1`` if ``alg`` is an RSA PSS signature algorithm, ``0`` otherwise.
+
+        This macro can return either ``0`` or ``1`` if ``alg`` is not a supported algorithm identifier.
+
+.. macro:: PSA_ALG_IS_ECDSA
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Whether the specified algorithm is ECDSA.
+
+    .. param:: alg
+        An algorithm identifier (value of type `psa_algorithm_t`).
+
+    .. return::
+        ``1`` if ``alg`` is an ECDSA algorithm, ``0`` otherwise.
+
+        This macro can return either ``0`` or ``1`` if ``alg`` is not a supported algorithm identifier.
+
+.. macro:: PSA_ALG_IS_DETERMINISTIC_ECDSA
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Whether the specified algorithm is deterministic ECDSA.
+
+    .. param:: alg
+        An algorithm identifier (value of type `psa_algorithm_t`).
+
+    .. return::
+        ``1`` if ``alg`` is a deterministic ECDSA algorithm, ``0`` otherwise.
+
+        This macro can return either ``0`` or ``1`` if ``alg`` is not a supported algorithm identifier.
+
+    See also `PSA_ALG_IS_ECDSA()` and `PSA_ALG_IS_RANDOMIZED_ECDSA()`.
+
+.. macro:: PSA_ALG_IS_RANDOMIZED_ECDSA
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Whether the specified algorithm is randomized ECDSA.
+
+    .. param:: alg
+        An algorithm identifier (value of type `psa_algorithm_t`).
+
+    .. return::
+        ``1`` if ``alg`` is a randomized ECDSA algorithm, ``0`` otherwise.
+
+        This macro can return either ``0`` or ``1`` if ``alg`` is not a supported algorithm identifier.
+
+    See also `PSA_ALG_IS_ECDSA()` and `PSA_ALG_IS_DETERMINISTIC_ECDSA()`.
+
+.. macro:: PSA_ALG_IS_HASH_AND_SIGN
+    :definition: /* specification-defined value */
+
+    .. summary::
+        Whether the specified algorithm is a hash-and-sign algorithm that signs exactly the hash value.
+
+    .. param:: alg
+        An algorithm identifier (value of type `psa_algorithm_t`).
+
+    .. return::
+        ``1`` if ``alg`` is a hash-and-sign algorithm that signs exactly the hash value, ``0`` otherwise. This macro can return either ``0`` or ``1`` if ``alg`` is not a supported algorithm identifier.
+
+    This macro identifies algorithms that can be used with `psa_sign_hash()` that use the exact message hash value as an input the signature operation. This excludes hash-and-sign algorithms that require a encoded or modified hash for the signature step in the algorithm, such as `PSA_ALG_RSA_PKCS1V15_SIGN_RAW`.
+
+.. macro:: PSA_ALG_ANY_HASH
+    :definition: ((psa_algorithm_t)0x020000ff)
+
+    .. summary::
+        In a hash-and-sign algorithm policy, allow any hash algorithm.
+
+    This value can be used to form the algorithm usage field of a policy for a signature algorithm that is parametrized by a hash. A key with this policy can then be used to perform operations using the same signature algorithm parametrized with any supported hash.
+    A signature algorithm policy created using this macro is a wildcard policy, and `PSA_ALG_IS_WILDCARD()` will return true.
+
+    This value must not be used to build other algorithms that are parametrized over a hash. For any valid use of this macro to build an algorithm ``alg``, :code:`PSA_ALG_IS_HASH_AND_SIGN(alg)` is true.
+
+    This value must not be used to build an algorithm specification to perform an operation. It is only valid to build policies.
+
+    .. rubric:: Usage
+
+    For example, suppose that ``PSA_xxx_SIGNATURE`` is one of the following macros:
+
+    * `PSA_ALG_RSA_PKCS1V15_SIGN`
+    * `PSA_ALG_RSA_PSS`
+    * `PSA_ALG_ECDSA`
+    * `PSA_ALG_DETERMINISTIC_ECDSA`
+
+    The following sequence of operations shows how `PSA_ALG_ANY_HASH` can be used in a key policy:
+
+    * Set the key usage field using `PSA_ALG_ANY_HASH`, for example:
+
+      .. autocode::
+          psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE); // or VERIFY_MESSAGE
+          psa_set_key_algorithm(&attributes, PSA_xxx_SIGNATURE(PSA_ALG_ANY_HASH));
+
+    * Import or generate key material.
+    * Call `psa_sign_message()` or `psa_verify_message()`, passing an algorithm built from ``PSA_xxx_SIGNATURE`` and a specific hash. Each call to sign or verify a message can use a different hash algorithm.
+
+      .. autocode::
+          psa_sign_message(key, PSA_xxx_SIGNATURE(PSA_ALG_SHA_256), ...);
+          psa_sign_message(key, PSA_xxx_SIGNATURE(PSA_ALG_SHA_512), ...);
+          psa_sign_message(key, PSA_xxx_SIGNATURE(PSA_ALG_SHA3_256), ...);
+
+
+.. macro:: PSA_SIGN_OUTPUT_SIZE
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        Sufficient signature buffer size for `psa_sign_message()` and `psa_sign_hash()`.
+
+    .. param:: key_type
+        An asymmetric key type. This can be a key pair type or a public key type.
+    .. param:: key_bits
+        The size of the key in bits.
+    .. param:: alg
+        The signature algorithm.
+
+    .. return::
+        If the parameters are valid and supported, return a buffer size in bytes that guarantees that `psa_sign_message()` and `psa_sign_hash()` will not fail with `PSA_ERROR_BUFFER_TOO_SMALL`. If the parameters are a valid combination that is not supported by the implementation, this macro must return either a sensible size or ``0``. If the parameters are not valid, the return value is unspecified.
+
+    This macro returns a sufficient buffer size for a signature using a key of the specified type and size, with the specified algorithm. Note that the actual size of the signature might be smaller, as some algorithms produce a variable-size signature.
+
+    .. warning::
+        This function might evaluate its arguments multiple times or zero times. Providing arguments that have side effects will result in implementation-specific behavior, and is non-portable.
+
+    See also `PSA_SIGNATURE_MAX_SIZE`.
+
+.. macro:: PSA_SIGNATURE_MAX_SIZE
+    :definition: /* implementation-defined value */
+
+    .. summary::
+        Maximum size of an asymmetric signature.
+
+    This macro must expand to a compile-time constant integer.
+    It is recommended that this value is the maximum size of an asymmetric signature supported by the implementation, in bytes. The value must not be smaller than this maximum.
+
+    See also `PSA_SIGN_OUTPUT_SIZE()`.
diff --git a/docs/html/_sources/appendix/example_header.rst.txt b/docs/html/_sources/appendix/example_header.rst.txt
new file mode 100644
index 0000000..32ce590
--- /dev/null
+++ b/docs/html/_sources/appendix/example_header.rst.txt
@@ -0,0 +1,18 @@
+.. _appendix-example-header:
+
+Example header file
+-------------------
+
+Each implementation of the PSA Crypto API must provide a header file named **psa/crypto.h**, in which the API elements in this specification are defined.
+
+This appendix provides a example of the **psa/crypto.h** header file with all of the API elements. This can be used as a starting point or reference for an implementation.
+
+.. note:
+    Not all of the API elements are fully defined. An implementation must provide the full definition.
+
+    The header will not compile without these missing definitions, and might require reordering to satisfy C compilation rules.
+
+psa/crypto.h
+~~~~~~~~~~~~
+
+.. autoinclude:: /../include/psa/crypto.h
diff --git a/docs/html/_sources/appendix/history.rst.txt b/docs/html/_sources/appendix/history.rst.txt
new file mode 100644
index 0000000..494ad62
--- /dev/null
+++ b/docs/html/_sources/appendix/history.rst.txt
@@ -0,0 +1,623 @@
+Changes to the API
+==================
+
+Release information
+-------------------
+
+All published versions of this document have been **non-confidential**.
+
+The change history table lists the changes that have been made to this document.
+
+.. tabularcolumns:: |\Y{.15}\Y{.15}\Y{.7}|
+
+.. list-table::
+    :header-rows: 1
+    :widths: 3,3,14
+
+    *   -   **Date**
+        -   **Version**
+        -   **Comments**
+
+    *   -   **Jan 2019**
+        -   1.0 beta 1
+        -   First public beta release.
+
+    *   -   **Feb 2019**
+        -   1.0 beta 2
+        -   Update for release with other PSA Dev API specifications.
+
+    *   -   **May 2019**
+        -   1.0 beta 3
+        -   Update for release with other PSA API specifications.
+
+            * Alignment with PSA API specifications.
+            * Changes to the key creation API.
+            * Changes to the handling of key lifetimes.
+            * Replaced 'generators' with key derivation operations.
+
+    *   -   **Feb 2020**
+        -   1.0.0
+        -   1.0 API finalized.
+
+            * Removed implementation APIs and definitions.
+            * Merged key handles with key identifiers.
+            * Recoded algorithm identifiers.
+            * Restructured key types.
+            * Provide buffer size macros for all output buffers.
+            * Provide sign-message signature operations.
+            * Add functions to suspend and resume hash operations.
+            * Reallocated key types and algorithm identifiers.
+            * Many minor corrections and clarifications.
+
+The detailed changes in each release are described in the following sections.
+
+Document change history
+-----------------------
+
+Changes between *1.0 beta 1* and *1.0 beta 2*
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+.. rubric:: Changes to the API
+
+-   Remove obsolete definition ``PSA_ALG_IS_KEY_SELECTION``.
+-   `PSA_AEAD_FINISH_OUTPUT_SIZE`: remove spurious parameter ``plaintext_length``.
+
+.. rubric:: Clarifications
+
+-   ``psa_key_agreement()``: document ``alg`` parameter.
+
+.. rubric:: Other changes
+
+-   Document formatting improvements.
+
+Changes between *1.0 beta 2* and *1.0 beta 3*
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+.. rubric:: Changes to the API
+
+-   Change the value of error codes, and some names, to align
+    with other PSA specifications. The name changes are:
+
+    * ``PSA_ERROR_UNKNOWN_ERROR`` → `PSA_ERROR_GENERIC_ERROR`
+    * ``PSA_ERROR_OCCUPIED_SLOT`` → `PSA_ERROR_ALREADY_EXISTS`
+    * ``PSA_ERROR_EMPTY_SLOT`` → `PSA_ERROR_DOES_NOT_EXIST`
+    * ``PSA_ERROR_INSUFFICIENT_CAPACITY`` → `PSA_ERROR_INSUFFICIENT_DATA`
+    * ``PSA_ERROR_TAMPERING_DETECTED`` → `PSA_ERROR_CORRUPTION_DETECTED`
+
+-   Change the way keys are created to avoid “half-filled” handles
+    that contained key metadata, but no key material.
+    Now, to create a key, first fill in a data structure containing
+    its attributes, then pass this structure to a function that
+    both allocates resources for the key and fills in the key
+    material. This affects the following functions:
+
+    * `psa_import_key()`, `psa_generate_key()`, ``psa_generator_import_key()``
+      and `psa_copy_key()` now take an attribute structure, as
+      a pointer to `psa_key_attributes_t`, to specify key metadata.
+      This replaces the previous method of passing arguments to
+      ``psa_create_key()`` or to the key material creation function
+      or calling ``psa_set_key_policy()``.
+    * ``psa_key_policy_t`` and functions operating on that type
+      no longer exist. A key's policy is now accessible as part of
+      its attributes.
+    * ``psa_get_key_information()`` is also replaced by accessing the
+      key's attributes, retrieved with `psa_get_key_attributes()`.
+    * ``psa_create_key()`` no longer exists. Instead, set the key id
+      attribute and the lifetime attribute before creating the
+      key material.
+
+-   Allow `psa_aead_update()` to buffer data.
+
+-   New buffer size calculation macros.
+
+-   Key identifiers are no longer specific to a given lifetime value. ``psa_open_key()`` no longer takes a ``lifetime`` parameter.
+
+-   Define a range of key identifiers for use by applications and a separate range for use by implementations.
+
+-   Avoid the unusual terminology "generator": call them
+    "key derivation operations" instead. Rename a number of functions
+    and other identifiers related to for clarity and consistency:
+
+    * ``psa_crypto_generator_t`` → `psa_key_derivation_operation_t`
+    * ``PSA_CRYPTO_GENERATOR_INIT`` → `PSA_KEY_DERIVATION_OPERATION_INIT`
+    * ``psa_crypto_generator_init()`` → `psa_key_derivation_operation_init()`
+    * ``PSA_GENERATOR_UNBRIDLED_CAPACITY`` → `PSA_KEY_DERIVATION_UNLIMITED_CAPACITY`
+    * ``psa_set_generator_capacity()`` → `psa_key_derivation_set_capacity()`
+    * ``psa_get_generator_capacity()`` → `psa_key_derivation_get_capacity()`
+    * ``psa_key_agreement()`` → `psa_key_derivation_key_agreement()`
+    * ``psa_generator_read()`` → `psa_key_derivation_output_bytes()`
+    * ``psa_generate_derived_key()`` → `psa_key_derivation_output_key()`
+    * ``psa_generator_abort()`` → `psa_key_derivation_abort()`
+    * ``psa_key_agreement_raw_shared_secret()`` → `psa_raw_key_agreement()`
+    * ``PSA_KDF_STEP_xxx`` → ``PSA_KEY_DERIVATION_INPUT_xxx``
+    * ``PSA_xxx_KEYPAIR`` → ``PSA_xxx_KEY_PAIR``
+
+-   Convert TLS1.2 KDF descriptions to multistep key derivation.
+
+.. rubric:: Clarifications
+
+-   Specify ``psa_generator_import_key()`` for most key types.
+
+-   Clarify the behavior in various corner cases.
+
+-   Document more error conditions.
+
+Changes between *1.0 beta 3* and *1.0.0*
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+.. rubric:: Changes to the API
+
+-   Added `PSA_CRYPTO_API_VERSION_MAJOR` and `PSA_CRYPTO_API_VERSION_MINOR` to report the PSA Cyrpto API version.
+
+-   Removed ``PSA_ALG_GMAC`` algorithm identifier.
+
+-   Removed internal implementation macros from the API specification:
+
+    * ``PSA_AEAD_TAG_LENGTH_OFFSET``
+    * ``PSA_ALG_AEAD_FROM_BLOCK_FLAG``
+    * ``PSA_ALG_AEAD_TAG_LENGTH_MASK``
+    * ``PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE``
+    * ``PSA_ALG_CATEGORY_AEAD``
+    * ``PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION``
+    * ``PSA_ALG_CATEGORY_CIPHER``
+    * ``PSA_ALG_CATEGORY_HASH``
+    * ``PSA_ALG_CATEGORY_KEY_AGREEMENT``
+    * ``PSA_ALG_CATEGORY_KEY_DERIVATION``
+    * ``PSA_ALG_CATEGORY_MAC``
+    * ``PSA_ALG_CATEGORY_MASK``
+    * ``PSA_ALG_CATEGORY_SIGN``
+    * ``PSA_ALG_CIPHER_FROM_BLOCK_FLAG``
+    * ``PSA_ALG_CIPHER_MAC_BASE``
+    * ``PSA_ALG_CIPHER_STREAM_FLAG``
+    * ``PSA_ALG_DETERMINISTIC_ECDSA_BASE``
+    * ``PSA_ALG_ECDSA_BASE``
+    * ``PSA_ALG_ECDSA_IS_DETERMINISTIC``
+    * ``PSA_ALG_HASH_MASK``
+    * ``PSA_ALG_HKDF_BASE``
+    * ``PSA_ALG_HMAC_BASE``
+    * ``PSA_ALG_IS_KEY_DERIVATION_OR_AGREEMENT``
+    * ``PSA_ALG_IS_VENDOR_DEFINED``
+    * ``PSA_ALG_KEY_AGREEMENT_MASK``
+    * ``PSA_ALG_KEY_DERIVATION_MASK``
+    * ``PSA_ALG_MAC_SUBCATEGORY_MASK``
+    * ``PSA_ALG_MAC_TRUNCATION_MASK``
+    * ``PSA_ALG_RSA_OAEP_BASE``
+    * ``PSA_ALG_RSA_PKCS1V15_SIGN_BASE``
+    * ``PSA_ALG_RSA_PSS_BASE``
+    * ``PSA_ALG_TLS12_PRF_BASE``
+    * ``PSA_ALG_TLS12_PSK_TO_MS_BASE``
+    * ``PSA_ALG_VENDOR_FLAG``
+    * ``PSA_BITS_TO_BYTES``
+    * ``PSA_BYTES_TO_BITS``
+    * ``PSA_ECDSA_SIGNATURE_SIZE``
+    * ``PSA_HMAC_MAX_HASH_BLOCK_SIZE``
+    * ``PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE``
+    * ``PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE``
+    * ``PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE``
+    * ``PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE``
+    * ``PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE``
+    * ``PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE``
+    * ``PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE``
+    * ``PSA_KEY_TYPE_CATEGORY_FLAG_PAIR``
+    * ``PSA_KEY_TYPE_CATEGORY_KEY_PAIR``
+    * ``PSA_KEY_TYPE_CATEGORY_MASK``
+    * ``PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY``
+    * ``PSA_KEY_TYPE_CATEGORY_RAW``
+    * ``PSA_KEY_TYPE_CATEGORY_SYMMETRIC``
+    * ``PSA_KEY_TYPE_DH_GROUP_MASK``
+    * ``PSA_KEY_TYPE_DH_KEY_PAIR_BASE``
+    * ``PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE``
+    * ``PSA_KEY_TYPE_ECC_CURVE_MASK``
+    * ``PSA_KEY_TYPE_ECC_KEY_PAIR_BASE``
+    * ``PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE``
+    * ``PSA_KEY_TYPE_IS_VENDOR_DEFINED``
+    * ``PSA_KEY_TYPE_VENDOR_FLAG``
+    * ``PSA_MAC_TRUNCATED_LENGTH``
+    * ``PSA_MAC_TRUNCATION_OFFSET``
+    * ``PSA_ROUND_UP_TO_MULTIPLE``
+    * ``PSA_RSA_MINIMUM_PADDING_SIZE``
+    * ``PSA_VENDOR_ECC_MAX_CURVE_BITS``
+    * ``PSA_VENDOR_RSA_MAX_KEY_BITS``
+
+-   Remove the definition of implementation-defined macros from the specification, and clarified the implementation requirements for these macros in :title:`implementation-specific-macro`.
+
+    * Macros with implementation-defined values are indicated by ``/* implementation-defined value */`` in the API prototype.
+      The implementation must provide the implementation.
+
+    * Macros for algorithm and key type construction and inspection have specification-defined values.
+      This is indicated by ``/* specification-defined value */`` in the API prototype.
+      Example definitions of these macros is provided in :title:`appendix-specdef-values`.
+
+-   Changed the semantics of multi-part operations.
+
+    * Formalize the standard pattern for multi-part operations.
+    * Require all errors to result in an error state, requiring a call to ``psa_xxx_abort()`` to reset the object.
+    * Define behavior in illegal and impossible operation states, and for copying and reusing operation objects.
+
+    Although the API signatures have not changed, this change requires modifications to application flows that handle error conditions in multi-part operations.
+
+-   Merge the key identifier and key handle concepts in the API.
+
+    * Replaced all references to key handles with key identifiers, or something similar.
+    * Replaced all uses of ``psa_key_handle_t`` with `psa_key_id_t` in the API, and removes the ``psa_key_handle_t`` type.
+    * Removed ``psa_open_key`` and ``psa_close_key``.
+    * Added `PSA_KEY_ID_NULL` for the never valid zero key identifier.
+    * Document rules related to destroying keys whilst in use.
+    * Added the `PSA_KEY_USAGE_CACHE` usage policy and the related `psa_purge_key()` API.
+    * Added clarification about caching keys to non-volatile memory.
+
+-   Renamed ``PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN`` to `PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE`.
+
+-   Relax definition of implementation-defined types.
+
+    * This is indicated in the specification by ``/* implementation-defined type */`` in the type definition.
+    * The specification only defines the name of implementation-defined types, and does not require that the implementation is a C struct.
+
+-   Zero-length keys are not permitted. Attempting to create one will now result in an error.
+
+-   Relax the constraints on inputs to key derivation:
+
+    * `psa_key_derivation_input_bytes()` can be used for secret input steps. This is necessary if a zero-length input is required by the application.
+    * `psa_key_derivation_input_key()` can be used for non-secret input steps.
+
+-   Multi-part cipher operations now require that the IV is passed using `psa_cipher_set_iv()`, the option to provide this as part of the input to `psa_cipher_update()` has been removed.
+
+    The format of the output from `psa_cipher_encrypt()`, and input to `psa_cipher_decrypt()`, is documented.
+
+-   Support macros to calculate the size of output buffers, IVs and nonces.
+
+    -   Macros to calculate a key and/or algorithm specific result are provided for all output buffers. The new macros are:
+
+        * `PSA_AEAD_NONCE_LENGTH()`
+        * `PSA_CIPHER_ENCRYPT_OUTPUT_SIZE()`
+        * `PSA_CIPHER_DECRYPT_OUTPUT_SIZE()`
+        * `PSA_CIPHER_UPDATE_OUTPUT_SIZE()`
+        * `PSA_CIPHER_FINISH_OUTPUT_SIZE()`
+        * `PSA_CIPHER_IV_LENGTH()`
+        * `PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE()`
+        * `PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE()`
+
+    -   Macros that evaluate to a maximum type-independent buffer size are provided. The new macros are:
+
+        * `PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE()`
+        * `PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE()`
+        * `PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE()`
+        * `PSA_AEAD_FINISH_OUTPUT_MAX_SIZE`
+        * `PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE`
+        * `PSA_AEAD_NONCE_MAX_SIZE`
+        * `PSA_AEAD_TAG_MAX_SIZE`
+        * `PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE`
+        * `PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE`
+        * `PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE()`
+        * `PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE()`
+        * `PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE()`
+        * `PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE`
+        * `PSA_CIPHER_IV_MAX_SIZE`
+        * `PSA_EXPORT_KEY_PAIR_MAX_SIZE`
+        * `PSA_EXPORT_PUBLIC_KEY_MAX_SIZE`
+        * `PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE`
+
+    -   AEAD output buffer size macros are now parameterized on the key type as well as the algorithm:
+
+        * `PSA_AEAD_ENCRYPT_OUTPUT_SIZE()`
+        * `PSA_AEAD_DECRYPT_OUTPUT_SIZE()`
+        * `PSA_AEAD_UPDATE_OUTPUT_SIZE()`
+        * `PSA_AEAD_FINISH_OUTPUT_SIZE()`
+        * `PSA_AEAD_TAG_LENGTH()`
+        * `PSA_AEAD_VERIFY_OUTPUT_SIZE()`
+
+    -   Some existing macros have been renamed to ensure that the name of the support macros are consistent. The following macros have been renamed:
+
+        * ``PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH()`` → `PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG()`
+        * ``PSA_ALG_AEAD_WITH_TAG_LENGTH()`` → `PSA_ALG_AEAD_WITH_SHORTENED_TAG()`
+        * ``PSA_KEY_EXPORT_MAX_SIZE()`` → `PSA_EXPORT_KEY_OUTPUT_SIZE()`
+        * ``PSA_HASH_SIZE()`` → `PSA_HASH_LENGTH()`
+        * ``PSA_MAC_FINAL_SIZE()`` → `PSA_MAC_LENGTH()`
+        * ``PSA_BLOCK_CIPHER_BLOCK_SIZE()`` → `PSA_BLOCK_CIPHER_BLOCK_LENGTH()`
+        * ``PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE`` → `PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE`
+
+    -   Documentation of the macros and of related APIs has been updated to reference the related API elements.
+
+-   Provide hash-and-sign operations as well as sign-the-hash operations. The API for asymmetric signature has been changed to clarify the use of the new functions.
+
+    - The existing asymmetric signature API has been renamed to clarify that this is for signing a hash that is already computed:
+
+      * ``PSA_KEY_USAGE_SIGN`` → `PSA_KEY_USAGE_SIGN_HASH`
+      * ``PSA_KEY_USAGE_VERIFY`` → `PSA_KEY_USAGE_VERIFY_HASH`
+      * ``psa_asymmetric_sign()`` → `psa_sign_hash()`
+      * ``psa_asymmetric_verify()`` → `psa_verify_hash()`
+
+    - New APIs added to provide the complete message signing operation:
+
+      * `PSA_KEY_USAGE_SIGN_MESSAGE`
+      * `PSA_KEY_USAGE_VERIFY_MESSAGE`
+      * `psa_sign_message()`
+      * `psa_verify_message()`
+
+    - New Support macros to identify which algorithms can be used in which signing API:
+
+      * `PSA_ALG_IS_SIGN_HASH()`
+      * `PSA_ALG_IS_SIGN_MESSAGE()`
+
+    - Renamed support macros that apply to both signing APIs:
+
+      * ``PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE()`` → `PSA_SIGN_OUTPUT_SIZE()`
+      * ``PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE`` → `PSA_SIGNATURE_MAX_SIZE`
+
+    - The usage policy values have been changed, including for `PSA_KEY_USAGE_DERIVE`.
+
+-   Restructure `psa_key_type_t` and reassign all key type values.
+
+    - `psa_key_type_t` changes from 32-bit to 16-bit integer.
+    - Reassigned the key type categories.
+    - Add a parity bit to the key type to ensure that valid key type values differ by at least 2 bits.
+    - 16-bit elliptic curve ids (``psa_ecc_curve_t``) replaced by 8-bit ECC curve family ids (`psa_ecc_family_t`).
+      16-bit  Diffie-Hellman group ids (``psa_dh_group_t``) replaced by 8-bit DH group family ids (`psa_dh_family_t`).
+
+      * These ids are no longer related to the IANA Group Registry specification.
+      * The new key type values do not encode the key size for ECC curves or DH groups. The key bit size from the key attributes identify a specific ECC curve or DH group within the family.
+
+    -   The following macros have been removed:
+
+        * ``PSA_DH_GROUP_FFDHE2048``
+        * ``PSA_DH_GROUP_FFDHE3072``
+        * ``PSA_DH_GROUP_FFDHE4096``
+        * ``PSA_DH_GROUP_FFDHE6144``
+        * ``PSA_DH_GROUP_FFDHE8192``
+        * ``PSA_ECC_CURVE_BITS``
+        * ``PSA_ECC_CURVE_BRAINPOOL_P256R1``
+        * ``PSA_ECC_CURVE_BRAINPOOL_P384R1``
+        * ``PSA_ECC_CURVE_BRAINPOOL_P512R1``
+        * ``PSA_ECC_CURVE_CURVE25519``
+        * ``PSA_ECC_CURVE_CURVE448``
+        * ``PSA_ECC_CURVE_SECP160K1``
+        * ``PSA_ECC_CURVE_SECP160R1``
+        * ``PSA_ECC_CURVE_SECP160R2``
+        * ``PSA_ECC_CURVE_SECP192K1``
+        * ``PSA_ECC_CURVE_SECP192R1``
+        * ``PSA_ECC_CURVE_SECP224K1``
+        * ``PSA_ECC_CURVE_SECP224R1``
+        * ``PSA_ECC_CURVE_SECP256K1``
+        * ``PSA_ECC_CURVE_SECP256R1``
+        * ``PSA_ECC_CURVE_SECP384R1``
+        * ``PSA_ECC_CURVE_SECP521R1``
+        * ``PSA_ECC_CURVE_SECT163K1``
+        * ``PSA_ECC_CURVE_SECT163R1``
+        * ``PSA_ECC_CURVE_SECT163R2``
+        * ``PSA_ECC_CURVE_SECT193R1``
+        * ``PSA_ECC_CURVE_SECT193R2``
+        * ``PSA_ECC_CURVE_SECT233K1``
+        * ``PSA_ECC_CURVE_SECT233R1``
+        * ``PSA_ECC_CURVE_SECT239K1``
+        * ``PSA_ECC_CURVE_SECT283K1``
+        * ``PSA_ECC_CURVE_SECT283R1``
+        * ``PSA_ECC_CURVE_SECT409K1``
+        * ``PSA_ECC_CURVE_SECT409R1``
+        * ``PSA_ECC_CURVE_SECT571K1``
+        * ``PSA_ECC_CURVE_SECT571R1``
+        * ``PSA_KEY_TYPE_GET_CURVE``
+        * ``PSA_KEY_TYPE_GET_GROUP``
+
+    -   The following macros have been added:
+
+        * `PSA_DH_FAMILY_RFC7919`
+        * `PSA_ECC_FAMILY_BRAINPOOL_P_R1`
+        * `PSA_ECC_FAMILY_SECP_K1`
+        * `PSA_ECC_FAMILY_SECP_R1`
+        * `PSA_ECC_FAMILY_SECP_R2`
+        * `PSA_ECC_FAMILY_SECT_K1`
+        * `PSA_ECC_FAMILY_SECT_R1`
+        * `PSA_ECC_FAMILY_SECT_R2`
+        * `PSA_ECC_FAMILY_MONTGOMERY`
+        * `PSA_KEY_TYPE_DH_GET_FAMILY`
+        * `PSA_KEY_TYPE_ECC_GET_FAMILY`
+
+    -   The following macros have new values:
+
+        * `PSA_KEY_TYPE_AES`
+        * `PSA_KEY_TYPE_ARC4`
+        * `PSA_KEY_TYPE_CAMELLIA`
+        * `PSA_KEY_TYPE_CHACHA20`
+        * `PSA_KEY_TYPE_DERIVE`
+        * `PSA_KEY_TYPE_DES`
+        * `PSA_KEY_TYPE_HMAC`
+        * `PSA_KEY_TYPE_NONE`
+        * `PSA_KEY_TYPE_RAW_DATA`
+        * `PSA_KEY_TYPE_RSA_KEY_PAIR`
+        * `PSA_KEY_TYPE_RSA_PUBLIC_KEY`
+
+    -   The following macros with specification-defined values have new example implementations:
+
+        * `PSA_BLOCK_CIPHER_BLOCK_LENGTH`
+        * `PSA_KEY_TYPE_DH_KEY_PAIR`
+        * `PSA_KEY_TYPE_DH_PUBLIC_KEY`
+        * `PSA_KEY_TYPE_ECC_KEY_PAIR`
+        * `PSA_KEY_TYPE_ECC_PUBLIC_KEY`
+        * `PSA_KEY_TYPE_IS_ASYMMETRIC`
+        * `PSA_KEY_TYPE_IS_DH`
+        * `PSA_KEY_TYPE_IS_DH_KEY_PAIR`
+        * `PSA_KEY_TYPE_IS_DH_PUBLIC_KEY`
+        * `PSA_KEY_TYPE_IS_ECC`
+        * `PSA_KEY_TYPE_IS_ECC_KEY_PAIR`
+        * `PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY`
+        * `PSA_KEY_TYPE_IS_KEY_PAIR`
+        * `PSA_KEY_TYPE_IS_PUBLIC_KEY`
+        * `PSA_KEY_TYPE_IS_RSA`
+        * `PSA_KEY_TYPE_IS_UNSTRUCTURED`
+        * `PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY`
+        * `PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR`
+
+-   Add ECC family `PSA_ECC_FAMILY_FRP` for the FRP256v1 curve.
+
+-   Restructure `psa_algorithm_t` encoding, to increase consistency across algorithm categories.
+
+    -   Algorithms that include a hash operation all use the same structure to encode the hash algorithm. The following ``PSA_ALG_XXXX_GET_HASH()`` macros have all been replaced by a single macro `PSA_ALG_GET_HASH()`:
+
+        * ``PSA_ALG_HKDF_GET_HASH()``
+        * ``PSA_ALG_HMAC_GET_HASH()``
+        * ``PSA_ALG_RSA_OAEP_GET_HASH()``
+        * ``PSA_ALG_SIGN_GET_HASH()``
+        * ``PSA_ALG_TLS12_PRF_GET_HASH()``
+        * ``PSA_ALG_TLS12_PSK_TO_MS_GET_HASH()``
+
+    -   Stream cipher algorithm macros have been removed; the key type indicates which cipher to use. Instead of ``PSA_ALG_ARC4`` and ``PSA_ALG_CHACHA20``, use `PSA_ALG_STREAM_CIPHER`.
+
+    All of the other ``PSA_ALG_XXX`` macros have updated values or updated example implementations.
+
+    -   The following macros have new values:
+
+        * `PSA_ALG_ANY_HASH`
+        * `PSA_ALG_CBC_MAC`
+        * `PSA_ALG_CBC_NO_PADDING`
+        * `PSA_ALG_CBC_PKCS7`
+        * `PSA_ALG_CCM`
+        * `PSA_ALG_CFB`
+        * `PSA_ALG_CHACHA20_POLY1305`
+        * `PSA_ALG_CMAC`
+        * `PSA_ALG_CTR`
+        * `PSA_ALG_ECDH`
+        * `PSA_ALG_ECDSA_ANY`
+        * `PSA_ALG_FFDH`
+        * `PSA_ALG_GCM`
+        * `PSA_ALG_MD2`
+        * `PSA_ALG_MD4`
+        * `PSA_ALG_MD5`
+        * `PSA_ALG_OFB`
+        * `PSA_ALG_RIPEMD160`
+        * `PSA_ALG_RSA_PKCS1V15_CRYPT`
+        * `PSA_ALG_RSA_PKCS1V15_SIGN_RAW`
+        * `PSA_ALG_SHA_1`
+        * `PSA_ALG_SHA_224`
+        * `PSA_ALG_SHA_256`
+        * `PSA_ALG_SHA_384`
+        * `PSA_ALG_SHA_512`
+        * `PSA_ALG_SHA_512_224`
+        * `PSA_ALG_SHA_512_256`
+        * `PSA_ALG_SHA3_224`
+        * `PSA_ALG_SHA3_256`
+        * `PSA_ALG_SHA3_384`
+        * `PSA_ALG_SHA3_512`
+        * `PSA_ALG_XTS`
+
+    -   The following macros with specification-defined values have new example implementations:
+
+        * `PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG()`
+        * `PSA_ALG_AEAD_WITH_SHORTENED_TAG()`
+        * `PSA_ALG_DETERMINISTIC_ECDSA()`
+        * `PSA_ALG_ECDSA()`
+        * `PSA_ALG_FULL_LENGTH_MAC()`
+        * `PSA_ALG_HKDF()`
+        * `PSA_ALG_HMAC()`
+        * `PSA_ALG_IS_AEAD()`
+        * `PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER()`
+        * `PSA_ALG_IS_ASYMMETRIC_ENCRYPTION()`
+        * `PSA_ALG_IS_BLOCK_CIPHER_MAC()`
+        * `PSA_ALG_IS_CIPHER()`
+        * `PSA_ALG_IS_DETERMINISTIC_ECDSA()`
+        * `PSA_ALG_IS_ECDH()`
+        * `PSA_ALG_IS_ECDSA()`
+        * `PSA_ALG_IS_FFDH()`
+        * `PSA_ALG_IS_HASH()`
+        * `PSA_ALG_IS_HASH_AND_SIGN()`
+        * `PSA_ALG_IS_HKDF()`
+        * `PSA_ALG_IS_HMAC()`
+        * `PSA_ALG_IS_KEY_AGREEMENT()`
+        * `PSA_ALG_IS_KEY_DERIVATION()`
+        * `PSA_ALG_IS_MAC()`
+        * `PSA_ALG_IS_RANDOMIZED_ECDSA()`
+        * `PSA_ALG_IS_RAW_KEY_AGREEMENT()`
+        * `PSA_ALG_IS_RSA_OAEP()`
+        * `PSA_ALG_IS_RSA_PKCS1V15_SIGN()`
+        * `PSA_ALG_IS_RSA_PSS()`
+        * `PSA_ALG_IS_SIGN()`
+        * `PSA_ALG_IS_SIGN_MESSAGE()`
+        * `PSA_ALG_IS_STREAM_CIPHER()`
+        * `PSA_ALG_IS_TLS12_PRF()`
+        * `PSA_ALG_IS_TLS12_PSK_TO_MS()`
+        * `PSA_ALG_IS_WILDCARD()`
+        * `PSA_ALG_KEY_AGREEMENT()`
+        * `PSA_ALG_KEY_AGREEMENT_GET_BASE()`
+        * `PSA_ALG_KEY_AGREEMENT_GET_KDF()`
+        * `PSA_ALG_RSA_OAEP()`
+        * `PSA_ALG_RSA_PKCS1V15_SIGN()`
+        * `PSA_ALG_RSA_PSS()`
+        * `PSA_ALG_TLS12_PRF()`
+        * `PSA_ALG_TLS12_PSK_TO_MS()`
+        * `PSA_ALG_TRUNCATED_MAC()`
+
+-   Added ECB block cipher mode, with no padding, as `PSA_ALG_ECB_NO_PADDING`.
+
+-   Add functions to suspend and resume hash operations:
+
+    * `psa_hash_suspend()` halts the current operation and outputs a hash suspend state.
+    * `psa_hash_resume()` continues a previously suspended hash operation.
+
+    The format of the hash suspend state is documented in :title:`hash-suspend-state`, and supporting macros are provided for using this API:
+
+    * `PSA_HASH_SUSPEND_OUTPUT_SIZE()`
+    * `PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE`
+    * `PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH`
+    * `PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH()`
+    * `PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH()`
+    * `PSA_HASH_BLOCK_LENGTH()`
+
+-   Complement `PSA_ERROR_STORAGE_FAILURE` with new error codes `PSA_ERROR_DATA_CORRUPT` and `PSA_ERROR_DATA_INVALID`. These permit an implementation to distinguish different causes of failure when reading from key storage.
+
+-   Added input step `PSA_KEY_DERIVATION_INPUT_CONTEXT` for key derivation, supporting obvious mapping from the step identifiers to common KDF constructions.
+
+.. rubric:: Clarifications
+
+-   Clarified rules regarding modification of parameters in concurrent environments.
+
+-   Guarantee that :code:`psa_destroy_key(PSA_KEY_ID_NULL)` always returns `PSA_SUCCESS`.
+
+-   Clarified the TLS PSK to MS key agreement algorithm.
+
+-   Document the key policy requirements for all APIs that accept a key parameter.
+
+-   Document more of the error codes for each function.
+
+.. rubric:: Other changes
+
+-   Require C99 for this specification instead of C89.
+
+-   Removed references to non-standard mbed-crypto header files. The only header file that applications need to include is **psa/crypto.h**.
+
+-   Reorganized the API reference, grouping the elements in a more natural way.
+
+-   Improved the cross referencing between all of the document sections, and from code snippets to API element descriptions.
+
+Planned changes for version 1.0.x
+---------------------------------
+
+Future versions of this specification that use a 1.0.x version will describe the same API as this specification. Any changes will not affect application compatibility and will not introduce major features. These updates are intended to add minor requirements on implementations, introduce optional definitions, make corrections, clarify potential or actual ambiguities, or improve the documentation.
+
+These are the changes that we are currently planning to make for version 1.0.x:
+
+* Declare identifiers for additional cryptographic algorithms.
+* Mandate certain checks when importing some types of asymmetric keys.
+* Specify the computation of algorithm and key type values.
+* Further clarifications on API usage and implementation.
+
+
+.. _future:
+
+Future additions
+----------------
+
+Major additions to the API will be defined in future drafts and editions of a 1.x or 2.x version of this specification. Features that are being considered include:
+
+-  Multi-part operations for hybrid cryptography. For example, this includes
+   hash-and-sign for EdDSA, and hybrid encryption for ECIES.
+-  A more general interface to key derivation and key exchange. This would
+   enable an application to derive a non-extractable session key from
+   non-extractable secrets, without leaking the intermediate material.
+-  Key wrapping mechanisms to extract and import keys in an encrypted and authenticated form.
+-  Key discovery mechanisms. This would enable an application to locate a key by
+   its name or attributes.
+-  Implementation capability description. This would enable an application to
+   determine the algorithms, key types and storage lifetimes that the
+   implementation provides.
+-  An ownership and access control mechanism allowing a multi-client
+   implementation to have privileged clients that are able to manage keys of
+   other clients.
diff --git a/docs/html/_sources/appendix/specdef_values.rst.txt b/docs/html/_sources/appendix/specdef_values.rst.txt
new file mode 100644
index 0000000..3a6a06e
--- /dev/null
+++ b/docs/html/_sources/appendix/specdef_values.rst.txt
@@ -0,0 +1,231 @@
+.. _appendix-specdef-values:
+
+Example macro implementations
+-----------------------------
+
+This appendix provides example implementations of the function-like macros that have specification-defined values.
+
+.. note::
+    In a future version of this specification, these example implementations will be replaced with a pseudo-code representation of the macro's computation in the macro description.
+
+The examples here provide correct results for the valid inputs defined by each API, for an implementation that supports all of the defined algorithms and key types. An implementation can provide alternative definitions of these macros:
+
+* If the implementation does not support all of the algorithms or key types, it can provide a simpler definition of applicable macros.
+* If the implementation provides vendor-specific algorithms or key types, it needs to extend the definitions of applicable macros.
+
+Algorithm macros
+~~~~~~~~~~~~~~~~
+
+:code:`PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(aead_alg)`
+    :code:`((((aead_alg) & ~0x003f0000) == 0x05400100) ? PSA_ALG_CCM : (((aead_alg) & ~0x003f0000) == 0x05400200) ? PSA_ALG_GCM : (((aead_alg) & ~0x003f0000) == 0x05000500) ? PSA_ALG_CHACHA20_POLY1305 : PSA_ALG_NONE)`
+
+:code:`PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, tag_length)`
+    :code:`((psa_algorithm_t) (((aead_alg) & ~0x003f0000) | (((tag_length) & 0x3f) << 16)))`
+
+:code:`PSA_ALG_DETERMINISTIC_ECDSA(hash_alg)`
+    :code:`((psa_algorithm_t) (0x06000700 | ((hash_alg) & 0x000000ff)))`
+
+:code:`PSA_ALG_ECDSA(hash_alg)`
+    :code:`((psa_algorithm_t) (0x06000600 | ((hash_alg) & 0x000000ff)))`
+
+:code:`PSA_ALG_FULL_LENGTH_MAC(mac_alg)`
+    :code:`((psa_algorithm_t) ((mac_alg) & ~0x003f0000))`
+
+:code:`PSA_ALG_GET_HASH(alg)`
+    :code:`(((alg) & 0x000000ff) == 0 ? PSA_ALG_NONE : 0x02000000 | ((alg) & 0x000000ff))`
+
+:code:`PSA_ALG_HKDF(hash_alg)`
+    :code:`((psa_algorithm_t) (0x08000100 | ((hash_alg) & 0x000000ff)))`
+
+:code:`PSA_ALG_HMAC(hash_alg)`
+    :code:`((psa_algorithm_t) (0x03800000 | ((hash_alg) & 0x000000ff)))`
+
+:code:`PSA_ALG_IS_AEAD(alg)`
+    :code:`(((alg) & 0x7f000000) == 0x05000000)`
+
+:code:`PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg)`
+    :code:`(((alg) & 0x7f400000) == 0x05400000)`
+
+:code:`PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg)`
+    :code:`(((alg) & 0x7f000000) == 0x07000000)`
+
+:code:`PSA_ALG_IS_BLOCK_CIPHER_MAC(alg)`
+    :code:`(((alg) & 0x7fc00000) == 0x03c00000)`
+
+:code:`PSA_ALG_IS_CIPHER(alg)`
+    :code:`(((alg) & 0x7f000000) == 0x03000000)`
+
+:code:`PSA_ALG_IS_DETERMINISTIC_ECDSA(alg)`
+    :code:`(((alg) & ~0x000000ff) == 0x06000700)`
+
+:code:`PSA_ALG_IS_ECDH(alg)`
+    :code:`(((alg) & 0x7fff0000) == 0x09020000)`
+
+:code:`PSA_ALG_IS_ECDSA(alg)`
+    :code:`(((alg) & ~0x000001ff) == 0x06000600)`
+
+:code:`PSA_ALG_IS_FFDH(alg)`
+    :code:`(((alg) & 0x7fff0000) == 0x09010000)`
+
+:code:`PSA_ALG_IS_HASH(alg)`
+    :code:`(((alg) & 0x7f000000) == 0x02000000)`
+
+:code:`PSA_ALG_IS_HASH_AND_SIGN(alg)`
+    :code:`(PSA_ALG_IS_RSA_PSS(alg) || PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) || PSA_ALG_IS_ECDSA(alg))`
+
+:code:`PSA_ALG_IS_HKDF(alg)`
+    :code:`(((alg) & ~0x000000ff) == 0x08000100)`
+
+:code:`PSA_ALG_IS_HMAC(alg)`
+    :code:`(((alg) & 0x7fc0ff00) == 0x03800000)`
+
+:code:`PSA_ALG_IS_KEY_AGREEMENT(alg)`
+    :code:`(((alg) & 0x7f000000) == 0x09000000)`
+
+:code:`PSA_ALG_IS_KEY_DERIVATION(alg)`
+    :code:`(((alg) & 0x7f000000) == 0x08000000)`
+
+:code:`PSA_ALG_IS_MAC(alg)`
+    :code:`(((alg) & 0x7f000000) == 0x03000000)`
+
+:code:`PSA_ALG_IS_RANDOMIZED_ECDSA(alg)`
+    :code:`(((alg) & ~0x000000ff) == 0x06000600)`
+
+:code:`PSA_ALG_IS_RAW_KEY_AGREEMENT(alg)`
+    :code:`(((alg) & 0x7f00ffff) == 0x09000000)`
+
+:code:`PSA_ALG_IS_RSA_OAEP(alg)`
+    :code:`(((alg) & ~0x000000ff) == 0x07000300)`
+
+:code:`PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg)`
+    :code:`(((alg) & ~0x000000ff) == 0x06000200)`
+
+:code:`PSA_ALG_IS_RSA_PSS(alg)`
+    :code:`(((alg) & ~0x000000ff) == 0x06000300)`
+
+:code:`PSA_ALG_IS_SIGN(alg)`
+    :code:`(((alg) & 0x7f000000) == 0x06000000)`
+
+:code:`PSA_ALG_IS_SIGN_HASH(alg)`
+    :code:`PSA_ALG_IS_SIGN(alg)`
+
+:code:`PSA_ALG_IS_SIGN_MESSAGE(alg)`
+    :code:`(PSA_ALG_IS_SIGN(alg) && (alg) != PSA_ALG_ECDSA_ANY && (alg) != PSA_ALG_RSA_PKCS1V15_SIGN_RAW)`
+
+:code:`PSA_ALG_IS_STREAM_CIPHER(alg)`
+    :code:`(((alg) & 0x7f800000) == 0x04800000)`
+
+:code:`PSA_ALG_IS_TLS12_PRF(alg)`
+    :code:`(((alg) & ~0x000000ff) == 0x08000200)`
+
+:code:`PSA_ALG_IS_TLS12_PSK_TO_MS(alg)`
+    :code:`(((alg) & ~0x000000ff) == 0x08000300)`
+
+:code:`PSA_ALG_IS_WILDCARD(alg)`
+    :code:`(PSA_ALG_GET_HASH(alg) == PSA_ALG_HASH_ANY)`
+
+:code:`PSA_ALG_KEY_AGREEMENT(ka_alg, kdf_alg)`
+    :code:`((ka_alg) | (kdf_alg))`
+
+:code:`PSA_ALG_KEY_AGREEMENT_GET_BASE(alg)`
+    :code:`((psa_algorithm_t)((alg) & 0xffff0000))`
+
+:code:`PSA_ALG_KEY_AGREEMENT_GET_KDF(alg)`
+    :code:`((psa_algorithm_t)((alg) & 0xfe00ffff))`
+
+:code:`PSA_ALG_RSA_OAEP(hash_alg)`
+    :code:`((psa_algorithm_t)(0x07000300 | ((hash_alg) & 0x000000ff)))`
+
+:code:`PSA_ALG_RSA_PKCS1V15_SIGN(hash_alg)`
+    :code:`((psa_algorithm_t)(0x06000200 | ((hash_alg) & 0x000000ff)))`
+
+:code:`PSA_ALG_RSA_PSS(hash_alg)`
+    :code:`((psa_algorithm_t)(0x06000300 | ((hash_alg) & 0x000000ff)))`
+
+:code:`PSA_ALG_TLS12_PRF(hash_alg)`
+    :code:`((psa_algorithm_t) (0x08000200 | ((hash_alg) & 0x000000ff)))`
+
+:code:`PSA_ALG_TLS12_PSK_TO_MS(hash_alg)`
+    :code:`((psa_algorithm_t) (0x08000300 | ((hash_alg) & 0x000000ff)))`
+
+:code:`PSA_ALG_TRUNCATED_MAC(mac_alg, mac_length)`
+    :code:`((psa_algorithm_t) (((mac_alg) & ~0x003f0000) | (((mac_length) & 0x3f) << 16)))`
+
+Key type macros
+~~~~~~~~~~~~~~~
+
+:code:`PSA_BLOCK_CIPHER_BLOCK_LENGTH(type)`
+    :code:`(1u << (((type) >> 8) & 7))`
+
+:code:`PSA_KEY_TYPE_DH_GET_FAMILY(type)`
+    :code:`((psa_dh_family_t) ((type) & 0x00ff))`
+
+:code:`PSA_KEY_TYPE_DH_KEY_PAIR(group)`
+    :code:`((psa_key_type_t) (0x7200 | (group)))`
+
+:code:`PSA_KEY_TYPE_DH_PUBLIC_KEY(group)`
+    :code:`((psa_key_type_t) (0x4200 | (group)))`
+
+:code:`PSA_KEY_TYPE_ECC_GET_FAMILY(type)`
+    :code:`((psa_ecc_family_t) ((type) & 0x00ff))`
+
+:code:`PSA_KEY_TYPE_ECC_KEY_PAIR(curve)`
+    :code:`((psa_key_type_t) (0x7100 | (curve)))`
+
+:code:`PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve)`
+    :code:`((psa_key_type_t) (0x4100 | (curve)))`
+
+:code:`PSA_KEY_TYPE_IS_ASYMMETRIC(type)`
+    :code:`(((type) & 0x4000) == 0x4000)`
+
+:code:`PSA_KEY_TYPE_IS_DH(type)`
+    :code:`((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) & 0xff00) == 0x4200)`
+
+:code:`PSA_KEY_TYPE_IS_DH_KEY_PAIR(type)`
+    :code:`(((type) & 0xff00) == 0x7200)`
+
+:code:`PSA_KEY_TYPE_IS_DH_PUBLIC_KEY(type)`
+    :code:`(((type) & 0xff00) == 0x4200)`
+
+:code:`PSA_KEY_TYPE_IS_ECC(type)`
+    :code:`((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) & 0xff00) == 0x4100)`
+
+:code:`PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)`
+    :code:`(((type) & 0xff00) == 0x7100)`
+
+:code:`PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type)`
+    :code:`(((type) & 0xff00) == 0x4100)`
+
+:code:`PSA_KEY_TYPE_IS_KEY_PAIR(type)`
+    :code:`(((type) & 0x7000) == 0x7000)`
+
+:code:`PSA_KEY_TYPE_IS_PUBLIC_KEY(type)`
+    :code:`(((type) & 0x7000) == 0x4000)`
+
+:code:`PSA_KEY_TYPE_IS_RSA(type)`
+    :code:`(PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == 0x4001)`
+
+:code:`PSA_KEY_TYPE_IS_UNSTRUCTURED(type)`
+    :code:`(((type) & 0x7000) == 0x1000 || ((type) & 0x7000) == 0x2000)`
+
+:code:`PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY(type)`
+    :code:`((psa_key_type_t) ((type) | 0x3000))`
+
+:code:`PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type)`
+    :code:`((psa_key_type_t) ((type) & ~0x3000))`
+
+Hash suspend state macros
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+:code:`PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH(alg)`
+    :code:`((alg)==PSA_ALG_MD2 ? 64 : (alg)==PSA_ALG_MD4 || (alg)==PSA_ALG_MD5 ? 16 : (alg)==PSA_ALG_RIPEMD160 || (alg)==PSA_ALG_SHA_1 ? 20 : (alg)==PSA_ALG_SHA_224 || (alg)==PSA_ALG_SHA_256 ? 32 : (alg)==PSA_ALG_SHA_512 || (alg)==PSA_ALG_SHA_384 || (alg)==PSA_ALG_SHA_512_256 ? 64 : 0)`
+
+    .. Could simplify a little if allowed to return 64 for every alg value that is not MD4/MD5/RIPEMD160/SHA1/SHA223/SHA256
+
+:code:`PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH(alg)`
+    :code:`((alg)==PSA_ALG_MD2 ? 1 : (alg)==PSA_ALG_MD4 || (alg)==PSA_ALG_MD5 || (alg)==PSA_ALG_RIPEMD160 || (alg)==PSA_ALG_SHA_1 || (alg)==PSA_ALG_SHA_224 || (alg)==PSA_ALG_SHA_256 ? 8 : (alg)==PSA_ALG_SHA_512 || (alg)==PSA_ALG_SHA_384 || (alg)==PSA_ALG_SHA_512_256 ? 16 : 0)`
+
+    .. Could simplify if allowed to return 8 for every alg value that is not MD2 or SHA512/SHA384/SHA512-256
+
+:code:`PSA_HASH_SUSPEND_OUTPUT_SIZE(alg)`
+    :code:`(PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH + PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH(alg) + PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH(alg) + PSA_HASH_BLOCK_LENGTH(alg) - 1)`
diff --git a/docs/html/_sources/index.rst.txt b/docs/html/_sources/index.rst.txt
new file mode 100644
index 0000000..375ee65
--- /dev/null
+++ b/docs/html/_sources/index.rst.txt
@@ -0,0 +1,36 @@
+==============================
+PSA Cryptography API |version|
+==============================
+
+.. toctree::
+   :maxdepth: 3
+
+   overview/intro
+   overview/goals
+   overview/functionality
+   overview/sample-arch
+   overview/conventions
+   overview/implementation
+   overview/usage
+   api/library/index
+   api/keys/index
+   api/ops/index
+
+.. only:: html
+
+    .. toctree::
+
+        appendix/example_header
+        appendix/specdef_values
+        appendix/history
+
+
+.. raw:: html
+
+   <h2 id="indices">Indices</h2>
+
+   <ul>
+     <li><a class="reference internal" href="genindex.html">General index</a></li>
+     <li><a class="reference internal" href="psa_c-identifiers.html">Index of identifiers</a></li>
+     <li><a class="reference internal" href="search.html">Search</a></li>
+   </ul>
diff --git a/docs/html/_sources/overview/conventions.rst.txt b/docs/html/_sources/overview/conventions.rst.txt
new file mode 100644
index 0000000..8baf991
--- /dev/null
+++ b/docs/html/_sources/overview/conventions.rst.txt
@@ -0,0 +1,281 @@
+Library conventions
+-------------------
+
+Error handling
+~~~~~~~~~~~~~~
+
+Return status
+^^^^^^^^^^^^^
+
+Almost all functions return a status indication of type `psa_status_t`. This
+is an enumeration of integer values, with ``0`` (`PSA_SUCCESS`) indicating
+successful operation and other values indicating errors. The exceptions are
+functions which only access objects that are intended to be implemented as
+simple data structures. Such functions cannot fail and either return
+``void`` or a data value.
+
+Unless specified otherwise, if multiple error conditions apply, an
+implementation is free to return any of the applicable error codes. The choice
+of error code is considered an implementation quality issue. Different
+implementations can make different choices, for example to favor code size over
+ease of debugging or vice versa.
+
+If the behavior is undefined, for example, if a function receives an invalid
+pointer as a parameter, this specification makes no guarantee that the function
+will return an error. Implementations are encouraged to return an error or halt
+the application in a manner that is appropriate for the platform if the
+undefined behavior condition can be detected. However, application developers need to be aware that undefined behavior conditions cannot be detected in general.
+
+Behavior on error
+^^^^^^^^^^^^^^^^^
+
+All function calls must be implemented atomically:
+
+-  When a function returns a type other than `psa_status_t`, the requested
+   action has been carried out.
+-  When a function returns the status `PSA_SUCCESS`, the requested action has
+   been carried out.
+-  When a function returns another status of type `psa_status_t`, no action
+   has been carried out. The content of the output parameters is undefined, but
+   otherwise the state of the system has not changed, except as described below.
+
+In general, functions that modify the system state, for example, creating or
+destroying a key, must leave the system state unchanged if they return an error
+code. There are specific conditions that can result in different behavior:
+
+-  The status `PSA_ERROR_BAD_STATE` indicates that a parameter was not in a
+   valid state for the requested action. This parameter might have been modified
+   by the call and is now in an undefined state. The only valid action on an
+   object in an undefined state is to abort it with the appropriate
+   ``psa_abort_xxx()`` function.
+-  The status `PSA_ERROR_INSUFFICIENT_DATA` indicates that a key
+   derivation object has reached its maximum capacity. The key derivation
+   operation might have been modified by the call. Any further attempt to obtain
+   output from the key derivation operation will return
+   `PSA_ERROR_INSUFFICIENT_DATA`.
+-  The status `PSA_ERROR_COMMUNICATION_FAILURE` indicates that the
+   communication between the application and the cryptoprocessor has broken
+   down. In this case, the cryptoprocessor must either finish the requested
+   action successfully, or interrupt the action and roll back the system to its
+   original state. Because it is often impossible to report the outcome to the
+   application after a communication failure, this specification does not
+   provide a way for the application to determine whether the action was
+   successful.
+-  The statuses `PSA_ERROR_STORAGE_FAILURE`, `PSA_ERROR_DATA_CORRUPT`, `PSA_ERROR_HARDWARE_FAILURE`
+   and `PSA_ERROR_CORRUPTION_DETECTED` might indicate data corruption in the
+   system state. When a function returns one of these statuses, the system state
+   might have changed from its previous state before the function call, even
+   though the function call failed.
+-  Some system states cannot be rolled back, for example, the internal state of
+   the random number generator or the content of access logs.
+
+Unless otherwise documented, the content of output parameters is not defined
+when a function returns a status other than `PSA_SUCCESS`. It is recommended
+that implementations set output parameters to safe defaults to avoid leaking
+confidential data and limit risk, in case an application does not properly
+handle all errors.
+
+Parameter conventions
+~~~~~~~~~~~~~~~~~~~~~
+
+Pointer conventions
+^^^^^^^^^^^^^^^^^^^
+
+Unless explicitly stated in the documentation of a function, all pointers must
+be valid pointers to an object of the specified type.
+
+A parameter is considered a **buffer** if it points to an array of bytes. A
+buffer parameter always has the type ``uint8_t *`` or ``const uint8_t *``, and
+always has an associated parameter indicating the size of the array. Note that a
+parameter of type ``void *`` is never considered a buffer.
+
+All parameters of pointer type must be valid non-null pointers, unless the
+pointer is to a buffer of length ``0`` or the function’s documentation
+explicitly describes the behavior when the pointer is null. Passing a null
+pointer as a function parameter in other cases is expected to abort the caller
+on implementations where this is the normal behavior for a null pointer
+dereference.
+
+Pointers to input parameters can be in read-only memory. Output parameters must
+be in writable memory. Output parameters that are not buffers must also be
+readable, and the implementation must be able to write to a non-buffer output
+parameter and read back the same value, as explained in the
+:title:`stability-of-parameters` section.
+
+Input buffer sizes
+^^^^^^^^^^^^^^^^^^
+
+For input buffers, the parameter convention is:
+
+``const uint8_t *foo``
+   Pointer to the first byte of the data. The pointer
+   can be invalid if the buffer size is ``0``.
+
+``size_t foo_length``
+   Size of the buffer in bytes.
+
+The interface never uses input-output buffers.
+
+Output buffer sizes
+^^^^^^^^^^^^^^^^^^^
+
+For output buffers, the parameter convention is:
+
+``uint8_t *foo``
+   Pointer to the first byte of the data. The pointer can be
+   invalid if the buffer size is ``0``.
+
+``size_t foo_size``
+   The size of the buffer in bytes.
+
+``size_t *foo_length``
+   On successful return, contains the length of the
+   output in bytes.
+
+The content of the data buffer and of ``*foo_length`` on errors is unspecified,
+unless explicitly mentioned in the function description. They might be unmodified
+or set to a safe default. On successful completion, the content of the buffer
+between the offsets ``*foo_length`` and ``foo_size`` is also unspecified.
+
+Functions return `PSA_ERROR_BUFFER_TOO_SMALL` if the buffer size is
+insufficient to carry out the requested operation. The interface defines macros
+to calculate a sufficient buffer size for each operation that has an output
+buffer. These macros return compile-time constants if their arguments are
+compile-time constants, so they are suitable for static or stack allocation.
+Refer to an individual function’s documentation for the associated output size
+macro.
+
+Some functions always return exactly as much data as the size of the output
+buffer. In this case, the parameter convention changes to:
+
+``uint8_t *foo``
+   Pointer to the first byte of the output. The pointer can be
+   invalid if the buffer size is ``0``.
+
+``size_t foo_length``
+   The number of bytes to return in ``foo`` if
+   successful.
+
+Overlap between parameters
+^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Output parameters that are not buffers must not overlap with any input buffer or
+with any other output parameter. Otherwise, the behavior is undefined.
+
+Output buffers can overlap with input buffers. In this event, the implementation
+must return the same result as if the buffers did not overlap. The
+implementation must behave as if it had copied all the inputs into temporary
+memory, as far as the result is concerned. However, it is possible that overlap
+between parameters will affect the performance of a function call. Overlap might
+also affect memory management security if the buffer is located in memory that
+the caller shares with another security context, as described in the
+:title:`stability-of-parameters` section.
+
+.. _stability-of-parameters:
+
+Stability of parameters
+^^^^^^^^^^^^^^^^^^^^^^^
+
+In some environments, it is possible for the content of a parameter to change
+while a function is executing. It might also be possible for the content of an
+output parameter to be read before the function terminates. This can happen if
+the application is multithreaded. In some implementations, memory can be shared
+between security contexts, for example, between tasks in a multitasking
+operating system, between a user land task and the kernel, or between the
+Non-secure world and the Secure world of a trusted execution environment.
+
+This section describes the assumptions that an implementation can make about
+function parameters, and the guarantees that the implementation must provide
+about how it accesses parameters.
+
+Parameters that are not buffers are assumed to be under the caller’s full
+control. In a shared memory environment, this means that the parameter must be
+in memory that is exclusively accessible by the application. In a multithreaded
+environment, this means that the parameter must not be modified during the
+execution, and the value of an output parameter is undetermined until the
+function returns. The implementation can read an input parameter that is not a
+buffer multiple times and expect to read the same data. The implementation can
+write to an output parameter that is not a buffer and expect to read back the
+value that it last wrote. The implementation has the same permissions on buffers
+that overlap with a buffer in the opposite direction.
+
+In an environment with multiple threads or with shared memory, the
+implementation carefully accesses non-overlapping buffer parameters in order to
+prevent any security risk resulting from the content of the buffer being
+modified or observed during the execution of the function. In an input buffer
+that does not overlap with an output buffer, the implementation reads each byte
+of the input once, at most. The implementation does not read from an output
+buffer that does not overlap with an input buffer. Additionally, the
+implementation does not write data to a non-overlapping output buffer if this
+data is potentially confidential and the implementation has not yet verified
+that outputting this data is authorized.
+
+Unless otherwise specified, the implementation must not keep a reference to any
+parameter once a function call has returned.
+
+Key types and algorithms
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+Types of cryptographic keys and cryptographic algorithms are encoded separately.
+Each is encoded by using an integral type: `psa_key_type_t` and
+`psa_algorithm_t`, respectively.
+
+There is some overlap in the information conveyed by key types and algorithms.
+Both types contain enough information, so that the meaning of an algorithm type
+value does not depend on what type of key it is used with, and vice versa.
+However, the particular instance of an algorithm might depend on the key type. For
+example, the algorithm `PSA_ALG_GCM` can be instantiated as any AEAD algorithm
+using the GCM mode over a block cipher. The underlying block cipher is
+determined by the key type.
+
+Key types do not encode the key size. For example, AES-128, AES-192 and AES-256
+share a key type `PSA_KEY_TYPE_AES`.
+
+Structure of key and algorithm types
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Both types use a partial bitmask structure, which allows the analysis and
+building of values from parts. However, the interface defines constants, so that
+applications do not need to depend on the encoding, and an implementation might
+only care about the encoding for code size optimization.
+
+The encodings follows a few conventions:
+
+-  The highest bit is a vendor flag. Current and future versions of this
+   specification will only define values where this bit is clear.
+   Implementations that wish to define additional implementation-specific values
+   must use values where this bit is set, to avoid conflicts with future
+   versions of this specification.
+-  The next few highest bits indicate the corresponding algorithm category:
+   hash, MAC, symmetric cipher, asymmetric encryption, and so on.
+-  The following bits identify a family of algorithms in a category-dependent
+   manner.
+-  In some categories and algorithm families, the lowest-order bits indicate a
+   variant in a systematic way. For example, algorithm families that are
+   parametrized around a hash function encode the hash in the 8 lowest bits.
+
+.. _concurrency:
+
+Concurrent calls
+~~~~~~~~~~~~~~~~
+
+In some environments, an application can make calls to the PSA crypto API in
+separate threads. In such an environment, concurrent calls are performed
+correctly, as if the calls were executed in sequence, provided that they obey
+the following constraints:
+
+-  There is no overlap between an output parameter of one call and an input or
+   output parameter of another call. Overlap between input parameters is
+   permitted.
+-  If a call destroys a key, then no other call must destroy or use that key.
+   *Using*, in this context, includes all functions of multi-part operations
+   which have used the key as an input in a previous function.
+-  Concurrent calls that use the same key are permitted.
+-  Concurrent calls must not use the same operation object.
+
+If any of these constraints are violated, the behavior is undefined.
+
+If the application modifies an input parameter while a function call is in
+progress, the behavior is undefined.
+
+Individual implementations can provide additional guarantees.
diff --git a/docs/html/_sources/overview/functionality.rst.txt b/docs/html/_sources/overview/functionality.rst.txt
new file mode 100644
index 0000000..004f8bc
--- /dev/null
+++ b/docs/html/_sources/overview/functionality.rst.txt
@@ -0,0 +1,647 @@
+.. _functionality-overview:
+
+Functionality overview
+----------------------
+
+This section provides a high-level overview of the functionality provided by the
+interface defined in this specification. Refer to the `API definition
+<api-reference>` for a detailed description.
+
+`future` describes features that might be included in future versions of this
+specification.
+
+Due to the modularity of the interface, almost every part of the library is
+optional. The only mandatory function is `psa_crypto_init()`.
+
+Library management
+~~~~~~~~~~~~~~~~~~
+
+Applications must call `psa_crypto_init()` to initialize the library before
+using any other function.
+
+Key management
+~~~~~~~~~~~~~~
+
+Applications always access keys indirectly via an identifier, and can perform
+operations using a key without accessing the key material. This allows keys to
+be *non-extractable*, where an application can use a key but is not permitted to
+obtain the key material. Non-extractable keys are bound to the device, can be
+rate-limited and can have their usage restricted by policies.
+
+Each key has a set of attributes that describe the key and the policy for using
+the key. A `psa_key_attributes_t` object contains all of the attributes, which
+is used when creating a key and when querying key attributes.
+
+Each key has a *lifetime* that determines when the key material is destroyed.
+There are two types of lifetimes: `volatile <volatile-keys>` and
+`persistent <persistent-keys>`.
+
+.. _volatile-keys:
+
+Volatile keys
+^^^^^^^^^^^^^
+
+A *volatile* key exists until it explicitly destroyed with `psa_destroy_key()`
+or until the application terminates, which conceptually destroys all of its
+volatile keys.
+
+Conceptually, a volatile key is stored in RAM. Volatile keys have the
+lifetime `PSA_KEY_LIFETIME_VOLATILE`.
+
+To create a volatile key:
+
+1. Populate a `psa_key_attributes_t` object with the required type, size, policy
+   and other key attributes.
+2. Create the key with `psa_import_key()`, `psa_generate_key()`,
+   `psa_key_derivation_output_key()` or `psa_copy_key()`. If successful, these
+   functions output a transient `key identifier <key-ids>`.
+
+To destroy a volatile key, call `psa_destroy_key()` with the key identifier.
+
+.. _persistent-keys:
+
+Persistent keys
+^^^^^^^^^^^^^^^
+
+A *persistent* key exists until it explicitly destroyed with `psa_destroy_key()`
+or until it is wiped by the reset or destruction of the device.
+
+Each persistent key has a permanent key identifier, which acts as a name for the key.
+Within an application, the key identifier corresponds to a single key. The
+application specifies the key identifier when the key is created and when
+using the key.
+
+Persistent keys can be stored in different storage areas; this is indicated
+through different lifetime values. This specification defines a single lifetime
+value `PSA_KEY_LIFETIME_PERSISTENT` which corresponds to a default storage
+area. Implementations can define alternative lifetime values corresponding to
+different storage areas with different retention policies, or to secure elements
+with different security characteristics.
+
+To create a persistent key:
+
+1. Populate a `psa_key_attributes_t` object with the key’s type, size, policy
+   and other attributes.
+2. In the attributes object, set the desired lifetime and persistent identifier
+   for the key.
+3. Create the key with one of the *key creation functions*:
+
+   * `psa_import_key()`
+   * `psa_generate_key()`
+   * `psa_key_derivation_output_key()`
+   * `psa_copy_key()`
+
+   If successful, these functions output the `key identifier <key-ids>`
+   that was specified by the application in step 2.
+
+To access an existing persistent key: use the key identifier in any API that
+requires a key.
+
+To remove cached copies of key material for persistent keys created with the
+`PSA_KEY_USAGE_CACHE` policy: call `psa_purge_key()` with the key identifier.
+
+To destroy a persistent key: call `psa_destroy_key()` with the key identifier.
+Destroying a persistent key permanently removes it from memory and storage.
+
+The key lifetime and identifier are set when the key is created and cannot be
+changed without destroying the key first. If the original key permits copying,
+then the application can specify a different lifetime for the copy of the key.
+
+.. _key-ids:
+
+Key identifiers
+^^^^^^^^^^^^^^^
+
+Key identifiers are integral values that act as permanent names for persistent
+keys, or as transient references to volatile keys. Key identifiers use the
+`psa_key_id_t` type, and the range of identifier values is divided as follows:
+
+:code:`PSA_KEY_ID_NULL = 0`
+    Reserved as an invalid key identifier.
+:code:`PSA_KEY_ID_USER_MIN - PSA_KEY_ID_USER_MAX`
+    Applications can freely choose persistent key identifiers in this range.
+:code:`PSA_KEY_ID_VENDOR_MIN - PSA_KEY_ID_VENDOR_MAX`
+    Implementations can define additional persistent key identifiers in this
+    range, and must allocate any volatile key identifiers from this range.
+
+Key identifiers outside these ranges are reserved for future use.
+
+Key identifiers are output from a successful call to one of
+the key creation functions. For persistent keys, this is the same identifier
+as the one specified in the key attributes used to create the key.
+The key identifier remains valid until it is invalidated by passing it to
+`psa_destroy_key()`. A volatile key identifier must not be used after it has been
+invalidated.
+
+Valid key identifiers must have distinct values within the same application. If
+the implementation provides `caller isolation <isolation>`, then key
+identifiers are local to each application. That is, the same key identifier in two
+applications corresponds to two different keys.
+
+If an invalid key identifier is provided as a parameter in any function, the
+function will return `PSA_ERROR_INVALID_HANDLE`; except for the special case of
+calling :code:`psa_destroy_key(PSA_KEY_ID_NULL)`, which has no effect and always
+returns `PSA_SUCCESS`.
+
+There must be a matching call to `psa_destroy_key()` for each successful call
+to a create a volatile key.
+
+A call to `psa_destroy_key()` destroys the key material, and will cause any active
+operations that are using the key to fail. Therefore an application must not
+destroy a key while an operation using that key is in progress, unless the
+application is prepared to handle a failure of the operation.
+
+Recommendations of minimum standards for key management
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Most implementations provide the following functions:
+
+*  `psa_import_key()`. The exceptions are implementations that only give access
+   to a key or keys that are provisioned by proprietary means, and do not allow
+   the main application to use its own cryptographic material.
+
+*  `psa_get_key_attributes()` and the ``psa_get_key_xxx()`` accessor functions.
+   They are easy to implement, and it is difficult to write applications and to
+   diagnose issues without being able to check the metadata.
+
+*  `psa_export_public_key()`. This function is usually provided if the
+   implementation supports any asymmetric algorithm, since public-key
+   cryptography often requires the delivery of a public key that is associated
+   with a protected private key.
+
+*  `psa_export_key()`. However, highly constrained implementations that are
+   designed to work only with short-term keys, or only with long-term
+   non-extractable keys, do not need to provide this function.
+
+Usage policies
+~~~~~~~~~~~~~~
+
+All keys have an associated policy that regulates which operations are permitted
+on the key. Each key policy is a set of usage flags and a specific algorithm
+that is permitted with the key. The policy is part of the key attributes that
+are managed by a `psa_key_attributes_t` object.
+
+The usage flags are encoded in a bitmask, which has the type
+`psa_key_usage_t`. Four kinds of usage flag can be specified:
+
+*  The extractable flag `PSA_KEY_USAGE_EXPORT` determines whether the key
+   material can be extracted.
+*  The copyable flag `PSA_KEY_USAGE_COPY` determines whether the key material
+   can be copied into a new key, which can have a different lifetime or a more
+   restrictive policy.
+*  The cacheable flag `PSA_KEY_USAGE_CACHE` determines whether the
+   implementation is permitted to retain non-essential copies of the
+   key material in RAM. This policy only applies to persistent keys. See also
+   :title:`key-material`.
+*  The other usage flags, for example, `PSA_KEY_USAGE_ENCRYPT` and `PSA_KEY_USAGE_SIGN_MESSAGE`,
+   determine whether the corresponding operation is permitted on the key.
+
+In addition to the usage bitmask, a policy specifies which algorithm is
+permitted with the key. This specification only defines policies that restrict
+keys to a single algorithm, which is consistent with both common practice and
+security good practice.
+
+A highly constrained implementation might not be able to support all the policies
+that can be expressed through this interface. If an implementation cannot create
+a key with the required policy, it must return an appropriate error code when
+the key is created.
+
+Symmetric cryptography
+~~~~~~~~~~~~~~~~~~~~~~
+
+This specification defines interfaces for the following types of symmetric
+cryptographic operation:
+
+*  Message digests, commonly known as hash functions.
+*  Message authentication codes (MAC).
+*  Symmetric ciphers.
+*  Authenticated encryption with associated data (AEAD).
+
+For each type of symmetric cryptographic operation, the API includes:
+
+*  A pair of *single-part* functions. For example, compute and verify, or
+   encrypt and decrypt.
+*  A series of functions that permit *multi-part operations*.
+
+Single-part Functions
+^^^^^^^^^^^^^^^^^^^^^
+
+Single-part functions are APIs that implement the cryptographic operation in a
+single function call. This is the easiest API to use when all of the inputs and
+outputs fit into the application memory.
+
+Some use cases involve messages that are too large to be assembled in memory, or
+require non-default configuration of the algorithm. These use cases require the
+use of a :title:`multi-part operation <multi-part-operations>`.
+
+.. _multi-part-operations:
+
+Multi-part operations
+^^^^^^^^^^^^^^^^^^^^^
+
+Multi-part operations are APIs which split a single cryptographic operation into
+a sequence of separate steps. This enables fine control over the configuration
+of the cryptographic operation, and allows the message data to be processed in
+fragments instead of all at once. For example, the following situations require
+the use of a multi-part operation:
+
+-  Processing messages that cannot be assembled in memory.
+-  Using a deterministic IV for unauthenticated encryption.
+-  Providing the IV separately for unauthenticated encryption or decryption.
+-  Separating the AEAD authentication tag from the cipher text.
+
+Each multi-part operation defines a specific object type to maintain the state
+of the operation. These types are implementation-defined. All multi-part
+operations follow the same pattern of use:
+
+1.  **Allocate:** Allocate memory for an operation object of the appropriate
+    type. The application can use any allocation strategy: stack, heap, static, etc.
+
+2.  **Initialize:** Initialize or assign the operation object by one of the
+    following methods:
+
+       -  Set it to logical zero. This is automatic for static and global
+          variables. Explicit initialization must use the associated
+          ``PSA_xxx_INIT`` macro as the type is implementation-defined.
+       -  Set it to all-bits zero. This is automatic if the object was
+          allocated with ``calloc()``.
+       -  Assign the value of the associated macro ``PSA_xxx_INIT``.
+       -  Assign the result of calling the associated function
+          ``psa_xxx_init()``.
+
+    The resulting object is now *inactive*.
+
+    It is an error to initialize an operation object that is in *active* or
+    *error* states. This can leak memory or other resources.
+
+3.  **Setup:** Start a new multi-part operation on an *inactive* operation
+    object. Each operation object will define one or more setup functions to
+    start a specific operation.
+
+    On success, a setup function will put an operation object into an *active*
+    state. On failure, the operation object will remain *inactive*.
+
+4.  **Update:** Update an *active* operation object. The update function can
+    provide additional parameters, supply data for processing or generate
+    outputs.
+
+    On success, the operation object remains *active*. On failure, the
+    operation object will enter an *error* state.
+
+5.  **Finish:** To end the operation, call the applicable finishing function.
+    This will take any final inputs, produce any final outputs, and then
+    release any resources associated with the operation.
+
+    On success, the operation object returns to the *inactive* state. On
+    failure, the operation object will enter an *error* state.
+
+An operation can be aborted at any stage during its use by calling the
+associated ``psa_xxx_abort()`` function. This will release any resources
+associated with the operation and return the operation object to the *inactive*
+state.
+
+Any error that occurs to an operation while it is in an *active* state will
+result in the operation entering an *error* state. The application must call the
+associated ``psa_xxx_abort()`` function to release the operation resources and
+return the object to the *inactive* state.
+
+Once an operation object is returned to the *inactive* state, it can be reused
+by calling one of the applicable setup functions again.
+
+If a multi-part operation object is not initialized before use, the behavior is
+undefined.
+
+If a multi-part operation function determines that the operation object is not in
+any valid state, it can return `PSA_ERROR_CORRUPTION_DETECTED`.
+
+If a multi-part operation function is called with an operation object in the
+wrong state, the function will return `PSA_ERROR_BAD_STATE` and the operation
+object will enter the *error* state.
+
+It is safe to move a multi-part operation object to a different memory location,
+for example, using a bitwise copy, and then to use the object in the new
+location. For example, an application can allocate an operation object on the
+stack and return it, or the operation object can be allocated within memory
+managed by a garbage collector. However, this does not permit the following
+behaviors:
+
+-  Moving the object while a function is being called on the object. This is
+   not safe. See also `concurrency`.
+-  Working with both the original and the copied operation objects. This
+   requires cloning the operation, which is only available for hash operations
+   using `psa_hash_clone()`.
+
+Each type of multi-part operation can have multiple *active* states.
+Documentation for the specific operation describes the configuration and update
+functions, and any requirements about their usage and ordering.
+
+Message digests (Hashes)
+^^^^^^^^^^^^^^^^^^^^^^^^
+
+The single-part hash functions are:
+
+-   `psa_hash_compute()` to calculate the hash of a message.
+-   `psa_hash_compare()` to compare the hash of a message with a reference value.
+
+The `psa_hash_operation_t` `multi-part operation <multi-part-operations>`
+allows messages to be processed in fragments:
+
+1. Initialize the `psa_hash_operation_t` object to zero, or by assigning the
+   value of the associated macro `PSA_HASH_OPERATION_INIT`.
+2. Call `psa_hash_setup()` to specify the required hash algorithm, call
+   `psa_hash_clone()` to duplicate the state of *active* `psa_hash_operation_t`
+   object, or call `psa_hash_resume()` to restart a hash operation with the
+   output from a previously suspended hash operation.
+3. Call the `psa_hash_update()` function on successive chunks of the message.
+4. At the end of the message, call the required finishing function:
+
+   -  To suspend the hash operation and extract a hash suspend state,
+      call `psa_hash_suspend()`. The output state can subsequently be used
+      to resume the hash operation.
+   -  To calculate the digest of a message, call `psa_hash_finish()`.
+   -  To verify the digest of a message against a reference value, call
+      `psa_hash_verify()`.
+
+To abort the operation or recover from an error, call `psa_hash_abort()`.
+
+Message authentication codes (MACs)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The single-part MAC functions are:
+
+-  `psa_mac_compute()` to calculate the MAC of a message.
+-  `psa_mac_verify()` to compare the MAC of a message with a reference value.
+
+The `psa_mac_operation_t` `multi-part operation <multi-part-operations>`
+allows messages to be processed in fragments:
+
+1. Initialize the `psa_mac_operation_t` object to zero, or by assigning the
+   value of the associated macro `PSA_MAC_OPERATION_INIT`.
+2. Call `psa_mac_sign_setup()` or `psa_mac_verify_setup()` to specify the
+   algorithm and key.
+3. Call the `psa_mac_update()` function on successive chunks of the message.
+4. At the end of the message, call the required finishing function:
+
+   -  To calculate the MAC of the message, call `psa_mac_sign_finish()`.
+   -  To verify the MAC of the message against a reference value, call
+      `psa_mac_verify_finish()`.
+
+To abort the operation or recover from an error, call `psa_mac_abort()`.
+
+Encryption and decryption
+^^^^^^^^^^^^^^^^^^^^^^^^^
+
+.. note::
+
+    The unauthenticated cipher API is provided to implement legacy protocols and
+    for use cases where the data integrity and authenticity is guaranteed by
+    non-cryptographic means. It is recommended that newer protocols use
+    :title:`func-aead`.
+
+The single-part functions for encrypting or decrypting a message using an
+unauthenticated symmetric cipher are:
+
+-  `psa_cipher_encrypt()` to encrypt a message using an unauthenticated symmetric
+   cipher. The encryption function generates a random IV. Use the multi-part API
+   to provide a deterministic IV: this is not secure in general, but
+   can be secure in some conditions that depend on the algorithm.
+-  `psa_cipher_decrypt()` to decrypt a message using an unauthenticated symmetric
+   cipher.
+
+The `psa_cipher_operation_t` `multi-part operation <multi-part-operations>`
+permits alternative initialization parameters and allows messages to be
+processed in fragments:
+
+1. Initialize the `psa_cipher_operation_t` object to zero, or by assigning the
+   value of the associated macro `PSA_CIPHER_OPERATION_INIT`.
+2. Call `psa_cipher_encrypt_setup()` or `psa_cipher_decrypt_setup()` to specify the
+   algorithm and key.
+3. Provide additional parameters:
+
+   -  When encrypting data, generate or set an initialization vector (IV),
+      nonce, or similar initial value such as an initial counter value. To
+      generate a random IV, which is recommended in most protocols, call
+      `psa_cipher_generate_iv()`. To set the IV, call `psa_cipher_set_iv()`.
+   -  When decrypting, set the IV or nonce. To set the IV, call
+      `psa_cipher_set_iv()`.
+4. Call the `psa_cipher_update()` function on successive chunks of the message.
+5. Call `psa_cipher_finish()` to complete the operation and return any final
+   output.
+
+To abort the operation or recover from an error, call `psa_cipher_abort()`.
+
+.. _func-aead:
+
+Authenticated encryption (AEAD)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The single-part AEAD functions are:
+
+-  `psa_aead_encrypt()` to encrypt a message using an authenticated symmetric
+   cipher.
+-  `psa_aead_decrypt()` to decrypt a message using an authenticated symmetric
+   cipher.
+
+These functions follow the interface recommended by :RFC:`5116`.
+
+The encryption function requires a nonce to be provided. To generate a random
+nonce, either call `psa_generate_random()` or use the AEAD multi-part API.
+
+The `psa_aead_operation_t` `multi-part operation <multi-part-operations>`
+permits alternative initialization parameters and allows messages to be
+processed in fragments:
+
+1. Initialize the `psa_aead_operation_t` object to zero, or by assigning the
+   value of the associated macro `PSA_AEAD_OPERATION_INIT`.
+2. Call `psa_aead_encrypt_setup()` or `psa_aead_decrypt_setup()` to specify the
+   algorithm and key.
+3. Provide additional parameters:
+
+   -  If the algorithm requires it, call `psa_aead_set_lengths()` to specify the
+      length of the non-encrypted and encrypted inputs to the operation.
+   -  When encrypting, call either `psa_aead_generate_nonce()` or
+      `psa_aead_set_nonce()` to generate or set the nonce.
+   -  When decrypting, call `psa_aead_set_nonce()` to set the nonce.
+4. Call `psa_aead_update_ad()` zero or more times with fragments of the
+   non-encrypted additional data.
+5. Call `psa_aead_update()` zero or more times with fragments of the plaintext
+   or ciphertext to encrypt or decrypt.
+6. At the end of the message, call the required finishing function:
+
+   -  To complete an encryption operation, call `psa_aead_finish()` to compute
+      and return authentication tag.
+   -  To complete a decryption operation, call `psa_aead_verify()` to
+      compute the authentication tag and verify it against a reference value.
+
+To abort the operation or recover from an error, call `psa_aead_abort()`.
+
+Having a multi-part interface to authenticated encryption raises specific issues.
+
+Multi-part authenticated decryption produces partial results that are not
+authenticated. Applications must not use or expose partial results of
+authenticated decryption until `psa_aead_verify()` has returned a success
+status and must destroy all partial results without revealing them if
+`psa_aead_verify()` returns a failure status. Revealing partial results, either directly or indirectly through the application’s behavior, can compromise the
+confidentiality of all inputs that are encrypted with the same key.
+
+For encryption, some common algorithms cannot be processed in a streaming
+fashion. For SIV mode, the whole plaintext must be known before the encryption
+can start; the multi-part AEAD API is not meant to be usable with SIV mode. For
+CCM mode, the length of the plaintext must be known before the encryption can
+start; the application can call the function `psa_aead_set_lengths()` to provide
+these lengths before providing input.
+
+.. _key-derivation:
+
+Key derivation
+^^^^^^^^^^^^^^
+
+A key derivation encodes a deterministic method to generate a finite stream of
+bytes. This data stream is computed by the cryptoprocessor and extracted in
+chunks. If two key derivation operations are constructed with the same
+parameters, then they produce the same output.
+
+A key derivation consists of two phases:
+
+1. Input collection. This is sometimes known as *extraction*: the operation
+   “extracts” information from the inputs to generate a pseudorandom
+   intermediate secret value.
+2. Output generation. This is sometimes known as *expansion*: the operation
+   “expands” the intermediate secret value to the desired output length.
+
+The specification defines a `multi-part operation <multi-part-operations>`
+API for key derivation that allows for multiple key and non-key outputs to be
+extracted from a single derivation operation object.
+
+In an implementation with `isolation <isolation>`, the intermediate
+state of the key derivation is not visible to the caller, and if an output of
+the derivation is a non-exportable key, then this key cannot be recovered
+outside the isolation boundary.
+
+Applications use the `psa_key_derivation_operation_t` type to create key
+derivation operations. The operation object is used as follows:
+
+1. Initialize a `psa_key_derivation_operation_t` object to zero or to
+   `PSA_KEY_DERIVATION_OPERATION_INIT`.
+2. Call `psa_key_derivation_setup()` to select a key derivation algorithm.
+3. Call the functions `psa_key_derivation_input_bytes()` and
+   `psa_key_derivation_input_key()`, or `psa_key_derivation_key_agreement()` to
+   provide the inputs to the key derivation algorithm. Many key derivation
+   algorithms take multiple inputs; the ``step`` parameter to these functions
+   indicates which input is being provided. The documentation for each key
+   derivation algorithm describes the expected inputs for that algorithm and
+   in what order to pass them.
+4. Optionally, call `psa_key_derivation_set_capacity()` to set a limit on the
+   amount of data that can be output from the key derivation operation.
+5. Call `psa_key_derivation_output_key()` to create a derived key, or
+   `psa_key_derivation_output_bytes()` to export the derived data. These
+   functions can be called multiple times to read successive output from the key
+   derivation, until the stream is exhausted when its capacity has been reached.
+6. Key derivation does not finish in the same way as other multi-part
+   operations. Call `psa_key_derivation_abort()` to release the key derivation
+   operation memory when the object is no longer required.
+
+To recover from an error, call `psa_key_derivation_abort()` to release the key
+derivation operation memory.
+
+A key derivation operation cannot be rewound. Once a part of the stream has been
+output, it cannot be output again. This ensures that the same part of the output
+will not be used for different purposes.
+
+Example of the symmetric cryptography API
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Here is an example of a use case where a master key is used to generate both a
+message encryption key and an IV for the encryption, and the derived key and IV
+are then used to encrypt a message.
+
+1. Derive the message encryption material from the master key.
+
+   1. Initialize a `psa_key_derivation_operation_t` object to zero or to
+      `PSA_KEY_DERIVATION_OPERATION_INIT`.
+   2. Call `psa_key_derivation_setup()` with `PSA_ALG_HKDF` as the algorithm.
+   3. Call `psa_key_derivation_input_key()` with the step
+      `PSA_KEY_DERIVATION_INPUT_SECRET` and the master key.
+   4. Call `psa_key_derivation_input_bytes()` with the step
+      `PSA_KEY_DERIVATION_INPUT_INFO` and a public value that uniquely
+      identifies the message.
+   5. Populate a `psa_key_attributes_t` object with the derived message
+      encryption key’s attributes.
+   6. Call `psa_key_derivation_output_key()` to create the derived message key.
+   7. Call `psa_key_derivation_output_bytes()` to generate the derived IV.
+   8. Call `psa_key_derivation_abort()` to release the key derivation operation
+      memory.
+
+2. Encrypt the message with the derived material.
+
+   1. Initialize a `psa_cipher_operation_t` object to zero or to
+      `PSA_CIPHER_OPERATION_INIT`.
+   2. Call `psa_cipher_encrypt_setup()` with the derived message encryption key.
+   3. Call `psa_cipher_set_iv()` using the derived IV retrieved above.
+   4. Call `psa_cipher_update()` one or more times to encrypt the message.
+   5. Call `psa_cipher_finish()` at the end of the message.
+
+3. Call `psa_destroy_key()` to clear the generated key.
+
+Asymmetric cryptography
+~~~~~~~~~~~~~~~~~~~~~~~
+
+This specification defines functions for asymmetric cryptography, including
+asymmetric encryption, asymmetric signature, and two-way key agreement.
+
+Asymmetric encryption
+^^^^^^^^^^^^^^^^^^^^^
+
+Asymmetric encryption is provided through the functions
+`psa_asymmetric_encrypt()` and `psa_asymmetric_decrypt()`.
+
+Hash-and-sign
+^^^^^^^^^^^^^
+
+The signature and verification functions `psa_sign_message()` and
+`psa_verify_message()` take a message as one of their inputs and perform a
+hash-and-sign algorithm.
+
+The functions `psa_sign_hash()` and `psa_verify_hash()` take a message hash as
+one of their inputs. This is useful for signing pre-computed hashes, or for
+implementing hash-and-sign using a :ref:`multi-part hash operation <hash-mp>`
+before signing the resulting hash. To determine which
+hash algorithm to use, call the macro `PSA_ALG_GET_HASH()` on the
+corresponding signature algorithm.
+
+Some hash-and-sign algorithms add padding to the message hash before completing
+the signing operation. The format of the padding that is used depends on the
+algorithm used to construct the signature.
+
+Key agreement
+^^^^^^^^^^^^^
+
+This specification defines two functions for a Diffie-Hellman-style key
+agreement where each party combines its own private key with the peer’s public
+key.
+
+The recommended approach is to use a `key derivation
+operation <key-derivation>` with the `psa_key_derivation_key_agreement()`
+input function, which calculates a shared secret for the key derivation
+function.
+
+Where an application needs direct access to the shared secret, it can call
+`psa_raw_key_agreement()` instead. Note that in general the shared secret is not
+directly suitable for use as a key because it is biased.
+
+Randomness and key generation
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+We strongly recommended that implementations include a random generator,
+consisting of a cryptographically secure pseudo-random generator (CSPRNG), which
+is adequately seeded with a cryptographic-quality hardware entropy source,
+commonly referred to as a true random number generator (TRNG). Constrained
+implementations can omit the random generation functionality if they do not
+implement any algorithm that requires randomness internally, and they do not
+provide a key generation functionality. For example, a special-purpose component
+for signature verification can omit this.
+
+It is recommended that applications use `psa_generate_key()`,
+`psa_cipher_generate_iv()` or `psa_aead_generate_nonce()` to generate
+suitably-formatted random data, as applicable. In addition, the API includes a
+function `psa_generate_random()` to generate and extract arbitrary random data.
diff --git a/docs/html/_sources/overview/goals.rst.txt b/docs/html/_sources/overview/goals.rst.txt
new file mode 100644
index 0000000..48a2f75
--- /dev/null
+++ b/docs/html/_sources/overview/goals.rst.txt
@@ -0,0 +1,194 @@
+.. _design-goals:
+
+Design goals
+------------
+
+Suitable for constrained devices
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The interface is suitable for a vast range of devices: from special-purpose
+cryptographic processors that process data with a built-in key, to constrained
+devices running custom application code, such as microcontrollers, and
+multi-application devices, such as servers. Consequentially, the interface is
+scalable and modular.
+
+-  *Scalable*: devices only need to implement the functionality that they will
+   use.
+-  *Modular*: larger devices implement larger subsets of the same interface,
+   rather than different interfaces.
+
+In this interface, all operations on unbounded amounts of data
+allow *multi-part* processing, as long as the calculations on the data are
+performed in a streaming manner. This means that the application does not need
+to store the whole message in memory at one time. As a result, this
+specification is suitable for very constrained devices, including those where
+memory is very limited.
+
+Memory outside the keystore boundary is managed by the application. An
+implementation of the interface is not required to retain any state between
+function calls, apart from the content of the keystore and other data that must
+be kept inside the keystore security boundary.
+
+The interface does not expose the representation of keys and intermediate data,
+except when required for interchange. This allows each implementation to choose
+optimal data representations. Implementations with multiple components are also
+free to choose which memory area to use for internal data.
+
+A keystore interface
+~~~~~~~~~~~~~~~~~~~~
+
+The specification allows cryptographic operations to be performed on a key to
+which the application does not have direct access. Except where required for
+interchange, applications access all keys indirectly, by an identifier. The key
+material corresponding to that identifier can reside inside a security boundary
+that prevents it from being extracted, except as permitted by a policy that is
+defined when the key is created.
+
+.. _isolation:
+
+Optional isolation
+~~~~~~~~~~~~~~~~~~
+
+Implementations can isolate the cryptoprocessor from the calling application,
+and can further isolate multiple calling applications. The interface allows the
+implementation to be separated between a frontend and a backend. In an isolated
+implementation, the frontend is the part of the implementation that is located
+in the same isolation boundary as the application, which the application
+accesses by function calls. The backend is the part of the implementation that
+is located in a different environment, which is protected from the frontend.
+Various technologies can provide protection, for example:
+
+-  Process isolation in an operating system.
+-  Partition isolation, either with a virtual machine or a partition manager.
+-  Physical separation between devices.
+
+Communication between the frontend and backend is beyond the scope of this
+specification.
+
+In an isolated implementation, the backend can serve more than one
+implementation instance. In this case, a single backend communicates with
+multiple instances of the frontend. The backend must enforce **caller
+isolation**: it must ensure that assets of one frontend are not visible to any
+other frontend. The mechanism for identifying callers is beyond the scope of this
+specification. An implementation that provides caller isolation must document
+the identification mechanism. An implementation that provides isolation must
+document any implementation-specific extension of the API that enables frontend
+instances to share data in any form.
+
+In summary, there are three types of implementation:
+
+-  No isolation: there is no security boundary between the application and the
+   cryptoprocessor. For example, a statically or dynamically linked library is
+   an implementation with no isolation.
+-  Cryptoprocessor isolation: there is a security boundary between the
+   application and the cryptoprocessor, but the cryptoprocessor does not
+   communicate with other applications. For example, a cryptoprocessor chip that
+   is a companion to an application processor is an implementation with
+   cryptoprocessor isolation.
+-  Caller isolation: there are multiple application instances, with a security
+   boundary between the application instances among themselves, as well as
+   between the cryptoprocessor and the application instances. For example, a
+   cryptography service in a multiprocess environment is an implementation with
+   caller and cryptoprocessor isolation.
+
+Choice of algorithms
+~~~~~~~~~~~~~~~~~~~~
+
+The specification defines a low-level cryptographic interface, where the caller
+explicitly chooses which algorithm and which security parameters they use. This
+is necessary to implement protocols that are inescapable in various use cases.
+The design of the interface enables applications to implement widely-used
+protocols and data exchange formats, as well as custom ones.
+
+As a consequence, all cryptographic functionality operates according to the
+precise algorithm specified by the caller. However, this does not apply to
+device-internal functionality, which does not involve any form of
+interoperability, such as random number generation. The specification does not
+include generic higher-level interfaces, where the implementation chooses the
+best algorithm for a purpose. However, higher-level libraries can be built on
+top of the PSA Crypto API.
+
+Another consequence is that the specification permits the use of algorithms, key
+sizes and other parameters that, while known to be insecure, might be necessary to
+support legacy protocols or legacy data. Where major weaknesses are known, the
+algorithm descriptions give applicable warnings. However, the lack of a warning
+both does not and cannot indicate that an algorithm is secure in all circumstances.
+Application developers need to research the security of the protocols and
+algorithms that they plan to use to determine if these meet their requirements.
+
+The interface facilitates algorithm agility. As a consequence, cryptographic
+primitives are presented through generic functions with a parameter indicating
+the specific choice of algorithm. For example, there is a single function to
+calculate a message digest, which takes a parameter that identifies the specific
+hash algorithm.
+
+Ease of use
+~~~~~~~~~~~
+
+The interface is designed to be as user-friendly as possible, given the
+aforementioned constraints on suitability for various types of devices and on
+the freedom to choose algorithms.
+
+In particular, the code flows are designed to reduce the risk of dangerous
+misuse. The interface is designed in part to make it harder to misuse. Where
+possible, it is designed so that
+typical mistakes result in test failures, rather than subtle security issues.
+Implementations avoid leaking data when a function is called with invalid
+parameters, to the extent allowed by the C language and by implementation size
+constraints.
+
+Example use cases
+~~~~~~~~~~~~~~~~~
+
+This section lists some of the use cases that were considered during the design
+of this API. This list is not exhaustive, nor are all implementations required to
+support all use cases.
+
+Network Security (TLS)
+^^^^^^^^^^^^^^^^^^^^^^
+
+The API provides all of the cryptographic primitives needed to establish TLS
+connections.
+
+Secure Storage
+^^^^^^^^^^^^^^
+
+The API provides all primitives related to storage encryption, block or
+file-based, with master encryption keys stored inside a key store.
+
+Network Credentials
+^^^^^^^^^^^^^^^^^^^
+
+The API provides network credential management inside a key store, for example,
+for X.509-based authentication or pre-shared keys on enterprise networks.
+
+Device Pairing
+^^^^^^^^^^^^^^
+
+The API provides support for key agreement protocols that are often used for
+secure pairing of devices over wireless channels. For example, the pairing of an
+NFC token or a Bluetooth device might use key agreement protocols upon
+first use.
+
+Secure Boot
+^^^^^^^^^^^
+
+The API provides primitives for use during firmware integrity and authenticity
+validation, during a secure or trusted boot process.
+
+Attestation
+^^^^^^^^^^^
+
+The API provides primitives used in attestation activities. Attestation is the
+ability for a device to sign an array of bytes with a device private key and
+return the result to the caller. There are several use cases; ranging from attestation
+of the device state, to the ability to generate a key pair and prove that it has
+been generated inside a secure key store. The API provides access to the
+algorithms commonly used for attestation.
+
+Factory Provisioning
+^^^^^^^^^^^^^^^^^^^^
+
+Most IoT devices receive a unique identity during the factory provisioning
+process, or once they have been deployed to the field. This API provides the APIs necessary for
+populating a device with keys that represent that identity.
diff --git a/docs/html/_sources/overview/implementation.rst.txt b/docs/html/_sources/overview/implementation.rst.txt
new file mode 100644
index 0000000..b85ef16
--- /dev/null
+++ b/docs/html/_sources/overview/implementation.rst.txt
@@ -0,0 +1,290 @@
+.. _implementation-considerations:
+
+Implementation considerations
+-----------------------------
+
+Implementation-specific aspects of the interface
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Implementation profile
+^^^^^^^^^^^^^^^^^^^^^^
+
+Implementations can implement a subset of the API and a subset of the available
+algorithms. The implemented subset is known as the implementation’s profile. The
+documentation for each implementation must describe the profile that it
+implements. This specification’s companion documents also define a number of
+standard profiles.
+
+.. _implementation-defined-type:
+
+Implementation-specific types
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+This specification defines a number of implementation-specific types, which
+represent objects whose content depends on the implementation. These are defined
+as C ``typedef`` types in this specification, with a comment
+:code:`/* implementation-defined type */` in place of the underlying type
+definition. For some types the specification constrains the type, for example,
+by requiring that the type is a ``struct``, or that it is convertible to and
+from an unsigned integer. In the implementation's version of **psa/crypto.h**,
+these types need to be defined as complete C types so that objects of these
+types can be instantiated by application code.
+
+Applications that rely on the implementation specific definition of any of these
+types might not be portable to other implementations of this specification.
+
+.. _implementation-specific-macro:
+
+Implementation-specific macros
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Some macro constants and function-like macros are precisely defined by this
+specification. The use of an exact definition is essential if the definition can
+appear in more than one header file within a compilation.
+
+Other macros that are defined by this specification have a macro body that is
+implementation-specific. The description of an implementation-specific macro can
+optionally specify each of the following requirements:
+
+* Input domains: the macro must be valid for arguments within the input domain.
+* A return type: the macro result must be compatible with this type.
+* Output range: the macro result must lie in the output range.
+* Computed value: A precise mapping of valid input to output values.
+
+Each implementation-specific macro is in one of following categories:
+
+.. _specification-defined-value:
+
+*Specification-defined value*
+
+    The result type and computed value of the macro expression is defined by
+    this specification, but the definition of the macro body is provided by the
+    implementation.
+
+    These macros are indicated in this specification using the comment
+    :code:`/* specification-defined value */`.
+
+    .. TODO!!
+        Change this text when we have provided pseudo-code implementations of
+        all the relevant macro expressions.
+
+    For function-like macros with specification-defined values:
+
+    * Example implementations are provided in an appendix to this specification.
+      See :title:`appendix-specdef-values`.
+
+    * The expected computation for valid and supported input arguments will be
+      defined as pseudo-code in a future version of this specification.
+
+.. _implementation-defined-value:
+
+*Implementation-defined value*
+
+    The value of the macro expression is implementation-defined.
+
+    For some macros, the computed value is derived from the specification of one
+    or more cryptographic algorithms. In these cases, the result must exactly
+    match the value in those external specifications.
+
+    These macros are indicated in this specification using the comment
+    :code:`/* implementation-defined value */`.
+
+Some of these macros compute a result based on an algorithm or key type.
+If an implementation defines vendor-specific algorithms or
+key types, then it must provide an implementation for such macros that takes all
+relevant algorithms and types into account. Conversely, an implementation that
+does not support a certain algorithm or key type can define such macros in a
+simpler way that does not take unsupported argument values into account.
+
+Some macros define the minimum sufficient output buffer size for certain
+functions. In some cases, an implementation is allowed to require a buffer size
+that is larger than the theoretical minimum. An implementation must define
+minimum-size macros in such a way that it guarantees that the buffer of the
+resulting size is sufficient for the output of the corresponding function. Refer
+to each macro’s documentation for the applicable requirements.
+
+Porting to a platform
+~~~~~~~~~~~~~~~~~~~~~
+
+Platform assumptions
+^^^^^^^^^^^^^^^^^^^^
+
+This specification is designed for a C99 platform. The interface is defined in
+terms of C macros, functions and objects.
+
+The specification assumes 8-bit bytes, and “byte” and “octet” are used
+synonymously.
+
+Platform-specific types
+^^^^^^^^^^^^^^^^^^^^^^^
+
+The specification makes use of some types defined in C99. These types must be
+defined in the implementation version of **psa/crypto.h** or by a header
+included in this file. The following C99 types are used:
+
+``uint8_t``, ``uint16_t``, ``uint32_t``
+   Unsigned integer types with 8, 16 and 32 value bits respectively.
+   These types are defined by the C99 header **stdint.h**.
+
+Cryptographic hardware support
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Implementations are encouraged to make use of hardware accelerators where
+available. A future version of this specification will define a function
+interface that calls drivers for hardware accelerators and external
+cryptographic hardware.
+
+Security requirements and recommendations
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Error detection
+^^^^^^^^^^^^^^^
+
+Implementations that provide isolation between the caller and the cryptography
+processing environment must validate parameters to ensure that the cryptography
+processing environment is protected from attacks caused by passing invalid
+parameters.
+
+Even implementations that do not provide isolation are recommended to detect bad
+parameters and fail-safe where possible.
+
+Indirect object references
+^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Implementations can use different strategies for allocating key identifiers,
+and other types of indirect object reference.
+
+Implementations that provide isolation between the caller and the cryptography
+processing environment must consider the threats relating to abuse and misuse
+of key identifiers and other indirect resource references. For example,
+multi-part operations can be implemented as backend state to which the client
+only maintains an indirect reference in the application's multi-part operation
+object.
+
+An implementation that supports multiple callers must implement strict isolation
+of API resources between different callers. For example, a client must not be
+able to obtain a reference to another client's key by guessing the key
+identifier value. Isolation of key identifiers can be achieved in several ways.
+For example:
+
+-  There is a single identifier namespace for all clients, and the
+   implementation verifies that the client is the owner of the identifier when
+   looking up the key.
+-  Each client has an independent identifier namespace, and the implementation
+   uses a client specific identifier-to-key mapping when looking up the key.
+
+After a volatile key identifier is destroyed, it is recommended that the
+implementation does not immediately reuse the same identifier value for a
+different key. This reduces the risk of an attack that is able to exploit a key
+identifier reuse vulnerability within an application.
+
+.. _memory-cleanup:
+
+Memory cleanup
+^^^^^^^^^^^^^^
+
+Implementations must wipe all sensitive data from memory when it is no longer
+used. It is recommended that they wipe this sensitive data as soon as possible. All
+temporary data used during the execution of a function, such as stack buffers,
+must be wiped before the function returns. All data associated with an object,
+such as a multi-part operation, must be wiped, at the latest, when the object
+becomes inactive, for example, when a multi-part operation is aborted.
+
+The rationale for this non-functional requirement is to minimize impact if the
+system is compromised. If sensitive data is wiped immediately after use, only
+data that is currently in use can be leaked. It does not compromise past data.
+
+.. _key-material:
+
+Managing key material
+^^^^^^^^^^^^^^^^^^^^^
+
+In implementations that have limited volatile memory for keys, the
+implementation is permitted to store a `volatile key <volatile-keys>` to a
+temporary location in non-volatile memory. The implementation must delete any
+such copies when the key is destroyed, and it is recommended that these copies
+are deleted as soon as the key is reloaded into volatile memory. An
+implementation that uses this method must clear any stored volatile key material
+on startup.
+
+Implementing the `memory cleanup rule <memory-cleanup>` for persistent keys
+can result in inefficiencies when the same persistent key is used sequentially
+in multiple cryptographic operations. The inefficiency stems from loading the
+key from non-volatile storage on each use of the key. The `PSA_KEY_USAGE_CACHE`
+policy allows an application to request that the implementation does not cleanup
+non-essential copies of persistent key material, effectively suspending the
+cleanup rules for that key. The effects of this policy depend on the
+implementation and the key, for example:
+
+-  For volatile keys or keys in a secure element with no open/close mechanism,
+   this is likely to have no effect.
+-  For persistent keys that are not in a secure element, this allows the
+   implementation to keep the key in a memory cache outside of the memory used
+   by ongoing operations.
+-  For keys in a secure element with an open/close mechanism, this is a hint to
+   keep the key open in the secure element.
+
+The application can indicate when it has finished using the key by calling
+`psa_purge_key()`, to request that the key material is cleaned from memory.
+
+Safe outputs on error
+^^^^^^^^^^^^^^^^^^^^^
+
+Implementations must ensure that confidential data is not written to output
+parameters before validating that the disclosure of this confidential data is
+authorized. This requirement is particularly important for implementations where
+the caller can share memory with another security context, as described in the
+`stability-of-parameters` section.
+
+In most cases, the specification does not define the content of output
+parameters when an error occurs. It is recommended that implementations try to
+ensure that the content of output parameters is as safe as possible, in case an
+application flaw or a data leak causes it to be used. In particular, Arm
+recommends that implementations avoid placing partial output in output buffers
+when an action is interrupted. The meaning of “safe as possible” depends on the
+implementation, as different environments require different compromises between
+implementation complexity, overall robustness and performance. Some common
+strategies are to leave output parameters unchanged, in case of errors, or
+zeroing them out.
+
+Attack resistance
+^^^^^^^^^^^^^^^^^
+
+Cryptographic code tends to manipulate high-value secrets, from which other
+secrets can be unlocked. As such, it is a high-value target for attacks. There
+is a vast body of literature on attack types, such as side channel attacks and
+glitch attacks. Typical side channels include timing, cache access patterns,
+branch-prediction access patterns, power consumption, radio emissions and more.
+
+This specification does not specify particular requirements for attack
+resistance. Implementers are encouraged to consider the attack resistance
+desired in each use case and design their implementation accordingly. Security
+standards for attack resistance for particular targets might be applicable in
+certain use cases.
+
+Other implementation considerations
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Philosophy of resource management
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The specification allows most functions to return
+`PSA_ERROR_INSUFFICIENT_MEMORY`. This gives implementations the freedom to
+manage memory as they please.
+
+Alternatively, the interface is also designed for conservative strategies of
+memory management. An implementation can avoid dynamic memory allocation
+altogether by obeying certain restrictions:
+
+-  Pre-allocate memory for a predefined number of keys, each with sufficient
+   memory for all key types that can be stored.
+-  For multi-part operations, in an implementation without isolation, place all
+   the data that needs to be carried over from one step to the next in the
+   operation object. The application is then fully in control of how memory is
+   allocated for the operation.
+-  In an implementation with isolation, pre-allocate memory for a predefined
+   number of operations inside the cryptoprocessor.
+
+.. Inclusion of algorithms
+
+   Inline algorithm-generic functions into specialized functions at compile/link time
diff --git a/docs/html/_sources/overview/intro.rst.txt b/docs/html/_sources/overview/intro.rst.txt
new file mode 100644
index 0000000..416cde7
--- /dev/null
+++ b/docs/html/_sources/overview/intro.rst.txt
@@ -0,0 +1,36 @@
+Introduction
+------------
+
+Arm’s Platform Security Architecture (PSA) is a holistic set of threat models,
+security analyses, hardware and firmware architecture specifications, an
+open source firmware reference implementation, and an independent evaluation
+and certification scheme. PSA provides a recipe, based on
+industry best practice, that allows security to be consistently designed in, at
+both a hardware and firmware level.
+
+The PSA Cryptographic API (Crypto API) described in this document is an
+important PSA component that provides an interface to cryptographic operations
+on resource-constrained devices. The interface is user-friendly, while still
+providing access to the low-level primitives used in modern cryptography. It
+does not require that the user has access to the key material. Instead, it uses
+opaque key identifiers.
+
+This document is part of the PSA family of specifications. It defines an
+interface for cryptographic services, including cryptography primitives and a
+key storage functionality.
+
+This document includes:
+
+-  A `rationale <design-goals>` for the design.
+-  A `high-level overview of the functionality <functionality-overview>`
+   provided by the interface.
+-  A `description of typical architectures <architectures>` of
+   implementations for this specification.
+-  General considerations `for implementers <implementation-considerations>`
+   of this specification and `for applications <usage-considerations>` that
+   use the interface defined in this specification.
+-  A `detailed definition <api-reference>` of the API.
+
+Companion documents will define *profiles* for this specification. A profile is
+a minimum mandatory subset of the interface that a compliant implementation must
+provide.
diff --git a/docs/html/_sources/overview/sample-arch.rst.txt b/docs/html/_sources/overview/sample-arch.rst.txt
new file mode 100644
index 0000000..499283e
--- /dev/null
+++ b/docs/html/_sources/overview/sample-arch.rst.txt
@@ -0,0 +1,121 @@
+.. _architectures:
+
+Sample architectures
+--------------------
+
+This section describes some example architectures that can be used for
+implementations of the interface described in this specification. This list is
+not exhaustive and the section is entirely non-normative.
+
+Single-partition architecture
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+In the single-partition architecture, there is no security boundary inside the system. The
+application code can access all the system memory, including the memory used by
+the cryptographic services described in this specification. Thus, the
+architecture provides `no isolation <isolation>`.
+
+This architecture does not conform to the Arm *Platform Security Architecture
+Security Model*. However, it is useful for providing cryptographic services
+that use the same interface, even on devices that cannot support any security
+boundary. So, while this architecture is not the primary design goal of the API
+defined in the present specification, it is supported.
+
+The functions in this specification simply execute the underlying algorithmic
+code. Security checks can be kept to a minimum, since the cryptoprocessor cannot
+defend against a malicious application. Key import and export copy data inside
+the same memory space.
+
+This architecture also describes a subset of some larger systems, where the
+cryptographic services are implemented inside a high-security partition,
+separate from the code of the main application, though it shares this
+high-security partition with other platform security services.
+
+.. _isolated-cryptoprocessor:
+
+Cryptographic token and single-application processor
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+This system is composed of two partitions: one is a cryptoprocessor and the
+other partition runs an application. There is a security boundary between the
+two partitions, so that the application cannot access the cryptoprocessor,
+except through its public interface. Thus, the architecture provides
+`cryptoprocessor isolation <isolation>`. The cryptoprocessor has
+some non-volatile storage, a TRNG, and possibly, some cryptographic accelerators.
+
+There are a number of potential physical realizations: the cryptoprocessor might
+be a separate chip, a separate processor on the same chip, or a logical
+partition using a combination of hardware and software to provide the isolation.
+These realizations are functionally equivalent in terms of the offered software
+interface, but they would typically offer different levels of security
+guarantees.
+
+The PSA crypto API in the application processor consists of a thin layer of code
+that translates function calls to remote procedure calls in the cryptoprocessor.
+All cryptographic computations are, therefore, performed inside the
+cryptoprocessor. Non-volatile keys are stored inside the cryptoprocessor.
+
+Cryptoprocessor with no key storage
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+As in the :title:`isolated-cryptoprocessor` architecture, this system
+is also composed of two partitions separated by a security boundary and also
+provides `cryptoprocessor isolation <isolation>`.
+However, unlike the previous architecture, in this system, the cryptoprocessor
+does not have any secure, persistent storage that could be used to store
+application keys.
+
+If the cryptoprocessor is not capable of storing cryptographic material, then
+there is little use for a separate cryptoprocessor, since all data would have to
+be imported by the application.
+
+The cryptoprocessor can provide useful services if it is able to store at least
+one key. This might be a hardware unique key that is burnt to one-time
+programmable memory during the manufacturing of the device. This key can be used
+for one or more purposes:
+
+-  Encrypt and authenticate data stored in the application processor.
+-  Communicate with a paired device.
+-  Allow the application to perform operations with keys that are derived from
+   the hardware unique key.
+
+Multi-client cryptoprocessor
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+This is an expanded variant of the `cryptographic token plus application
+architecture <isolated-cryptoprocessor>`. In this
+variant, the cryptoprocessor serves multiple applications that are mutually
+untrustworthy. This architecture provides `caller
+isolation <isolation>`.
+
+In this architecture, API calls are translated to remote procedure calls, which
+encode the identity of the client application. The cryptoprocessor carefully
+segments its internal storage to ensure that a client’s data is never leaked to
+another client.
+
+Multi-cryptoprocessor architecture
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+This system includes multiple cryptoprocessors. There are several reasons to
+have multiple cryptoprocessors:
+
+-  Different compromises between security and performance for different keys.
+   Typically, this means a cryptoprocessor that runs on the same hardware as the
+   main application and processes short-term secrets, a secure element or a
+   similar separate chip that retains long-term secrets.
+-  Independent provisioning of certain secrets.
+-  A combination of a non-removable cryptoprocessor and removable ones, for
+   example, a smartcard or HSM.
+-  Cryptoprocessors managed by different stakeholders who do not trust each
+   other.
+
+The keystore implementation needs to dispatch each request to the correct
+processor. For example:
+
+-  All requests involving a non-extractable key must be processed in the
+   cryptoprocessor that holds that key.
+-  Requests involving a persistent key must be processed in the cryptoprocessor
+   that corresponds to the key’s lifetime value.
+-  Requests involving a volatile key might target a cryptoprocessor based on
+   parameters supplied by the application, or based on considerations such as
+   performance inside the implementation.
diff --git a/docs/html/_sources/overview/usage.rst.txt b/docs/html/_sources/overview/usage.rst.txt
new file mode 100644
index 0000000..1d1f2c9
--- /dev/null
+++ b/docs/html/_sources/overview/usage.rst.txt
@@ -0,0 +1,71 @@
+.. _usage-considerations:
+
+Usage considerations
+--------------------
+
+Security recommendations
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+Always check for errors
+^^^^^^^^^^^^^^^^^^^^^^^
+
+Most functions in this API can return errors. All functions that can fail have
+the return type `psa_status_t`. A few functions cannot fail, and thus, return
+``void`` or some other type.
+
+If an error occurs, unless otherwise specified, the content of the output
+parameters is undefined and must not be used.
+
+Some common causes of errors include:
+
+-  In implementations where the keys are stored and processed in a separate
+   environment from the application, all functions that need to access the
+   cryptography processing environment might fail due to an error in the
+   communication between the two environments.
+-  If an algorithm is implemented with a hardware accelerator, which is
+   logically separate from the application processor, the accelerator might fail,
+   even when the application processor keeps running normally.
+-  Most functions might fail due to a lack of resources. However, some
+   implementations guarantee that certain functions always have sufficient
+   memory.
+-  All functions that access persistent keys might fail due to a storage failure.
+-  All functions that require randomness might fail due to a lack of entropy.
+   Implementations are encouraged to seed the random generator with sufficient
+   entropy during the execution of `psa_crypto_init()`. However, some security
+   standards require periodic reseeding from a hardware random generator, which
+   can fail.
+
+Shared memory and concurrency
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Some environments allow applications to be multithreaded, while others do not.
+In some environments, applications can share memory with a different security
+context. In environments with multithreaded applications or shared memory,
+applications must be written carefully to avoid data corruption or leakage. This
+specification requires the application to obey certain constraints.
+
+In general, this API allows either one writer or any number of simultaneous
+readers, on any given object. In other words, if two or more calls access the
+same object concurrently, then the behavior is only well-defined if all the
+calls are only reading from the object and do not modify it. Read accesses
+include reading memory by input parameters and reading keystore content by using
+a key. For more details, refer to the `concurrency`
+section.
+
+If an application shares memory with another security context, it can pass
+shared memory blocks as input buffers or output buffers, but not as non-buffer
+parameters. For more details, refer to the :title:`stability-of-parameters` section.
+
+Cleaning up after use
+^^^^^^^^^^^^^^^^^^^^^
+
+To minimize impact if the system is compromised, it is recommended that
+applications wipe all sensitive data from memory when it is no longer used. That
+way, only data that is currently in use can be leaked, and past data is not
+compromised.
+
+Wiping sensitive data includes:
+
+-  Clearing temporary buffers in the stack or on the heap.
+-  Aborting operations if they will not be finished.
+-  Destroying keys that are no longer used.
diff --git a/docs/html/_static/alabaster.css b/docs/html/_static/alabaster.css
index 0eddaeb..517cb43 100644
--- a/docs/html/_static/alabaster.css
+++ b/docs/html/_static/alabaster.css
@@ -1,11 +1,28 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
 @import url("basic.css");
 
 /* -- page layout ----------------------------------------------------------- */
 
 body {
-    font-family: Georgia, serif;
+    font-family: 'goudy old style', 'minion pro', 'bell mt', Georgia, 'Hiragino Mincho Pro', serif;
     font-size: 17px;
-    background-color: #fff;
+    background-color: white;
     color: #000;
     margin: 0;
     padding: 0;
@@ -37,7 +54,7 @@
 }
 
 div.body {
-    background-color: #fff;
+    background-color: #ffffff;
     color: #3E4349;
     padding: 0 30px 0 30px;
 }
@@ -59,7 +76,7 @@
 }
 
 p.caption {
-    font-family: inherit;
+    font-family: ;
     font-size: inherit;
 }
 
@@ -107,7 +124,7 @@
 
 div.sphinxsidebar h3,
 div.sphinxsidebar h4 {
-    font-family: Georgia, serif;
+    font-family: 'Garamond', 'Georgia', serif;
     color: #444;
     font-size: 24px;
     font-weight: normal;
@@ -151,7 +168,7 @@
 
 div.sphinxsidebar input {
     border: 1px solid #CCC;
-    font-family: Georgia, serif;
+    font-family: 'goudy old style', 'minion pro', 'bell mt', Georgia, 'Hiragino Mincho Pro', serif;
     font-size: 1em;
 }
 
@@ -166,19 +183,6 @@
     width: 50%;
 }
 
-div.sphinxsidebar .badge {
-    border-bottom: none;
-}
-
-div.sphinxsidebar .badge:hover {
-    border-bottom: none;
-}
-
-/* To address an issue with donation coming after search */
-div.sphinxsidebar h3.donation {
-    margin-top: 10px;
-}
-
 /* -- body styles ----------------------------------------------------------- */
 
 a {
@@ -197,7 +201,7 @@
 div.body h4,
 div.body h5,
 div.body h6 {
-    font-family: Georgia, serif;
+    font-family: 'Garamond', 'Georgia', serif;
     font-weight: normal;
     margin: 30px 0px 10px 0px;
     padding: 0;
@@ -228,17 +232,21 @@
 div.admonition {
     margin: 20px 0px;
     padding: 10px 30px;
-    background-color: #EEE;
-    border: 1px solid #CCC;
+    background-color: #FCC;
+    border: 1px solid #FAA;
 }
 
-div.admonition tt.xref, div.admonition code.xref, div.admonition a tt {
-    background-color: #FBFBFB;
+div.admonition tt.xref, div.admonition a tt {
     border-bottom: 1px solid #fafafa;
 }
 
+dd div.admonition {
+    margin-left: -60px;
+    padding-left: 60px;
+}
+
 div.admonition p.admonition-title {
-    font-family: Georgia, serif;
+    font-family: 'Garamond', 'Georgia', serif;
     font-weight: normal;
     font-size: 24px;
     margin: 0 0 10px 0;
@@ -251,71 +259,25 @@
 }
 
 div.highlight {
-    background-color: #fff;
+    background-color: white;
 }
 
 dt:target, .highlight {
     background: #FAF3E8;
 }
 
-div.warning {
-    background-color: #FCC;
-    border: 1px solid #FAA;
-}
-
-div.danger {
-    background-color: #FCC;
-    border: 1px solid #FAA;
-    -moz-box-shadow: 2px 2px 4px #D52C2C;
-    -webkit-box-shadow: 2px 2px 4px #D52C2C;
-    box-shadow: 2px 2px 4px #D52C2C;
-}
-
-div.error {
-    background-color: #FCC;
-    border: 1px solid #FAA;
-    -moz-box-shadow: 2px 2px 4px #D52C2C;
-    -webkit-box-shadow: 2px 2px 4px #D52C2C;
-    box-shadow: 2px 2px 4px #D52C2C;
-}
-
-div.caution {
-    background-color: #FCC;
-    border: 1px solid #FAA;
-}
-
-div.attention {
-    background-color: #FCC;
-    border: 1px solid #FAA;
-}
-
-div.important {
-    background-color: #EEE;
-    border: 1px solid #CCC;
-}
-
 div.note {
     background-color: #EEE;
     border: 1px solid #CCC;
 }
 
-div.tip {
-    background-color: #EEE;
-    border: 1px solid #CCC;
-}
-
-div.hint {
-    background-color: #EEE;
-    border: 1px solid #CCC;
-}
-
 div.seealso {
     background-color: #EEE;
     border: 1px solid #CCC;
 }
 
 div.topic {
-    background-color: #EEE;
+    background-color: #eee;
 }
 
 p.admonition-title {
@@ -327,7 +289,7 @@
 }
 
 pre, tt, code {
-    font-family: 'Consolas', 'Menlo', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', monospace;
+    font-family: 'Consolas', 'Menlo', 'Deja Vu Sans Mono', 'Bitstream Vera Sans Mono', monospace;
     font-size: 0.9em;
 }
 
@@ -350,16 +312,16 @@
 }
 
 img.screenshot {
-    -moz-box-shadow: 2px 2px 4px #EEE;
-    -webkit-box-shadow: 2px 2px 4px #EEE;
-    box-shadow: 2px 2px 4px #EEE;
+    -moz-box-shadow: 2px 2px 4px #eee;
+    -webkit-box-shadow: 2px 2px 4px #eee;
+    box-shadow: 2px 2px 4px #eee;
 }
 
 table.docutils {
     border: 1px solid #888;
-    -moz-box-shadow: 2px 2px 4px #EEE;
-    -webkit-box-shadow: 2px 2px 4px #EEE;
-    box-shadow: 2px 2px 4px #EEE;
+    -moz-box-shadow: 2px 2px 4px #eee;
+    -webkit-box-shadow: 2px 2px 4px #eee;
+    box-shadow: 2px 2px 4px #eee;
 }
 
 table.docutils td, table.docutils th {
@@ -399,16 +361,6 @@
     margin-bottom: 0.8em;
 }
 
-/* Cloned from
- * https://github.com/sphinx-doc/sphinx/commit/ef60dbfce09286b20b7385333d63a60321784e68
- */
-.field-name {
-    -moz-hyphens: manual;
-    -ms-hyphens: manual;
-    -webkit-hyphens: manual;
-    hyphens: manual;
-}
-
 table.footnote td.label {
     width: .1px;
     padding: 0.3em 0 0.3em 0.5em;
@@ -445,15 +397,16 @@
     line-height: 1.3em;
 }
 
-div.viewcode-block:target {
-    background: #ffd;
-}
-
 dl pre, blockquote pre, li pre {
     margin-left: 0;
     padding-left: 30px;
 }
 
+dl dl pre {
+    margin-left: -90px;
+    padding-left: 90px;
+}
+
 tt, code {
     background-color: #ecf0f3;
     color: #222;
@@ -462,7 +415,7 @@
 
 tt.xref, code.xref, a tt {
     background-color: #FBFBFB;
-    border-bottom: 1px solid #fff;
+    border-bottom: 1px solid white;
 }
 
 a.reference {
@@ -564,7 +517,7 @@
 
     div.documentwrapper {
         float: none;
-        background: #fff;
+        background: white;
     }
 
     div.sphinxsidebar {
@@ -579,7 +532,7 @@
 
     div.sphinxsidebar h3, div.sphinxsidebar h4, div.sphinxsidebar p,
     div.sphinxsidebar h3 a {
-        color: #fff;
+        color: white;
     }
 
     div.sphinxsidebar a {
@@ -651,51 +604,4 @@
   -moz-box-shadow: none;
   -webkit-box-shadow: none;
   box-shadow: none;
-}
-
-
-/* relbar */
-
-.related {
-    line-height: 30px;
-    width: 100%;
-    font-size: 0.9rem;
-}
-
-.related.top {
-    border-bottom: 1px solid #EEE;
-    margin-bottom: 20px;
-}
-
-.related.bottom {
-    border-top: 1px solid #EEE;
-}
-
-.related ul {
-    padding: 0;
-    margin: 0;
-    list-style: none;
-}
-
-.related li {
-    display: inline;
-}
-
-nav#rellinks {
-    float: right;
-}
-
-nav#rellinks li+li:before {
-    content: "|";
-}
-
-nav#breadcrumbs li+li:before {
-    content: "\00BB";
-}
-
-/* Hide certain items when printing */
-@media print {
-    div.related {
-        display: none;
-    }
 }
\ No newline at end of file
diff --git a/docs/html/_static/basic.css b/docs/html/_static/basic.css
index 0807176..607b5f5 100644
--- a/docs/html/_static/basic.css
+++ b/docs/html/_static/basic.css
@@ -4,7 +4,7 @@
  *
  * Sphinx stylesheet -- basic theme.
  *
- * :copyright: Copyright 2007-2019 by the Sphinx team, see AUTHORS.
+ * :copyright: Copyright 2007-2018 by the Sphinx team, see AUTHORS.
  * :license: BSD, see LICENSE for details.
  *
  */
@@ -81,26 +81,10 @@
     font-size: 1em;
 }
 
-div.sphinxsidebar #searchbox form.search {
-    overflow: hidden;
-}
-
 div.sphinxsidebar #searchbox input[type="text"] {
-    float: left;
-    width: 80%;
-    padding: 0.25em;
-    box-sizing: border-box;
+    width: 170px;
 }
 
-div.sphinxsidebar #searchbox input[type="submit"] {
-    float: left;
-    width: 20%;
-    border-left: none;
-    padding: 0.25em;
-    box-sizing: border-box;
-}
-
-
 img {
     border: 0;
     max-width: 100%;
@@ -215,11 +199,6 @@
 
 /* -- general body styles --------------------------------------------------- */
 
-div.body {
-    min-width: 450px;
-    max-width: 800px;
-}
-
 div.body p, div.body dd, div.body li, div.body blockquote {
     -moz-hyphens: auto;
     -ms-hyphens: auto;
@@ -431,13 +410,6 @@
     hyphens: manual;
 }
 
-/* -- hlist styles ---------------------------------------------------------- */
-
-table.hlist td {
-    vertical-align: top;
-}
-
-
 /* -- other body styles ----------------------------------------------------- */
 
 ol.arabic {
diff --git a/docs/html/_static/custom.css b/docs/html/_static/custom.css
index 2a924f1..c252930 100644
--- a/docs/html/_static/custom.css
+++ b/docs/html/_static/custom.css
@@ -1 +1,111 @@
-/* This file intentionally left blank. */
+/* CSS overrides for the html output */
+
+body {
+    font-family: Calibri, sans-serif;
+    font-size: 17px;
+}
+
+div.document {
+    width: 1080px;
+}
+
+div.body h1,
+div.body h2,
+div.body h3,
+div.body h4,
+div.body h5,
+div.body h6 {
+    font-family: Calibri, sans-serif;
+    font-weight: bold;
+}
+
+div.sphinxsidebar h3,
+div.sphinxsidebar h4 {
+    font-family: Calibri, sans-serif;
+}
+
+a {
+    color: #0091BD;
+    text-decoration: none;
+}
+
+a.reference {
+    border-bottom: none;
+}
+
+tt, code {
+    font-family: 'Consolas', 'Menlo', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', monospace;
+    font-size: 0.85em;
+    background-color: white;
+}
+
+code.xref, a code {
+    font-weight: normal;
+    color: #0091BD;
+    background-color: white;
+}
+
+pre {
+    font-family: 'Consolas', 'Menlo', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', monospace;
+    font-size: 0.8em;
+    background: #F7F7F7;
+    padding: 7px 10px;
+    margin: 15px 0px 15px 15px;
+    line-height: 1.3em;
+}
+
+table.docutils {
+    border: 0;
+	width: 100%;
+	-moz-box-shadow: none;
+    -webkit-box-shadow: none;
+    box-shadow: none;
+    border-top: 1px solid #AAA;
+    border-bottom: 1px solid #AAA;
+}
+
+table.docutils td, table.docutils th {
+	border: 0;
+    padding: 0.3em 0.5em 0.3em 0.5em;
+    text-align: left;
+    vertical-align: top;
+}
+
+table.docutils th {
+    border-bottom: 1px solid #AAA;
+}
+
+.small-caps {
+    font-variant: small-caps;
+}
+
+div.admonition {
+    margin: 5px 15px;
+    padding: 5px 15px;
+    background-color: #FFF;
+    border: 0;
+    border-left: 6px solid #DDD;
+}
+
+div.warning {
+    border-left: 6px solid #FBB;
+}
+
+div.admonition p.admonition-title {
+    font-family: Calibri, sans-serif;
+    font-weight: bold;
+    font-size: 90%;
+}
+
+div.warning p.admonition-title {
+    color: darkred;
+}
+
+div.admonition p {
+    margin-top: 0;
+    margin-bottom: 5px;
+}
+
+p.admonition-title:after {
+    content: "";
+}
diff --git a/docs/html/_static/doctools.js b/docs/html/_static/doctools.js
index 344db17..0c15c00 100644
--- a/docs/html/_static/doctools.js
+++ b/docs/html/_static/doctools.js
@@ -4,7 +4,7 @@
  *
  * Sphinx JavaScript utilities for all documentation.
  *
- * :copyright: Copyright 2007-2019 by the Sphinx team, see AUTHORS.
+ * :copyright: Copyright 2007-2018 by the Sphinx team, see AUTHORS.
  * :license: BSD, see LICENSE for details.
  *
  */
@@ -70,9 +70,7 @@
     if (node.nodeType === 3) {
       var val = node.nodeValue;
       var pos = val.toLowerCase().indexOf(text);
-      if (pos >= 0 &&
-          !jQuery(node.parentNode).hasClass(className) &&
-          !jQuery(node.parentNode).hasClass("nohighlight")) {
+      if (pos >= 0 && !jQuery(node.parentNode).hasClass(className)) {
         var span;
         var isInSVG = jQuery(node).closest("body, svg, foreignObject").is("svg");
         if (isInSVG) {
@@ -150,9 +148,7 @@
     this.fixFirefoxAnchorBug();
     this.highlightSearchWords();
     this.initIndexTable();
-    if (DOCUMENTATION_OPTIONS.NAVIGATION_WITH_KEYS) {
-      this.initOnKeyListeners();
-    }
+    
   },
 
   /**
@@ -312,4 +308,4 @@
 
 $(document).ready(function() {
   Documentation.init();
-});
+});
\ No newline at end of file
diff --git a/docs/html/_static/documentation_options.js b/docs/html/_static/documentation_options.js
deleted file mode 100644
index b2f4f64..0000000
--- a/docs/html/_static/documentation_options.js
+++ /dev/null
@@ -1,10 +0,0 @@
-var DOCUMENTATION_OPTIONS = {
-    URL_ROOT: document.getElementById("documentation_options").getAttribute('data-url_root'),
-    VERSION: '1.0 beta3',
-    LANGUAGE: 'None',
-    COLLAPSE_INDEX: false,
-    FILE_SUFFIX: '.html',
-    HAS_SOURCE: true,
-    SOURCELINK_SUFFIX: '.txt',
-    NAVIGATION_WITH_KEYS: false,
-};
\ No newline at end of file
diff --git a/docs/html/_static/jquery-3.2.1.js b/docs/html/_static/jquery-3.2.1.js
deleted file mode 100644
index d2d8ca4..0000000
--- a/docs/html/_static/jquery-3.2.1.js
+++ /dev/null
@@ -1,10253 +0,0 @@
-/*!
- * jQuery JavaScript Library v3.2.1
- * https://jquery.com/
- *
- * Includes Sizzle.js
- * https://sizzlejs.com/
- *
- * Copyright JS Foundation and other contributors
- * Released under the MIT license
- * https://jquery.org/license
- *
- * Date: 2017-03-20T18:59Z
- */
-( function( global, factory ) {
-
-	"use strict";
-
-	if ( typeof module === "object" && typeof module.exports === "object" ) {
-
-		// For CommonJS and CommonJS-like environments where a proper `window`
-		// is present, execute the factory and get jQuery.
-		// For environments that do not have a `window` with a `document`
-		// (such as Node.js), expose a factory as module.exports.
-		// This accentuates the need for the creation of a real `window`.
-		// e.g. var jQuery = require("jquery")(window);
-		// See ticket #14549 for more info.
-		module.exports = global.document ?
-			factory( global, true ) :
-			function( w ) {
-				if ( !w.document ) {
-					throw new Error( "jQuery requires a window with a document" );
-				}
-				return factory( w );
-			};
-	} else {
-		factory( global );
-	}
-
-// Pass this if window is not defined yet
-} )( typeof window !== "undefined" ? window : this, function( window, noGlobal ) {
-
-// Edge <= 12 - 13+, Firefox <=18 - 45+, IE 10 - 11, Safari 5.1 - 9+, iOS 6 - 9.1
-// throw exceptions when non-strict code (e.g., ASP.NET 4.5) accesses strict mode
-// arguments.callee.caller (trac-13335). But as of jQuery 3.0 (2016), strict mode should be common
-// enough that all such attempts are guarded in a try block.
-"use strict";
-
-var arr = [];
-
-var document = window.document;
-
-var getProto = Object.getPrototypeOf;
-
-var slice = arr.slice;
-
-var concat = arr.concat;
-
-var push = arr.push;
-
-var indexOf = arr.indexOf;
-
-var class2type = {};
-
-var toString = class2type.toString;
-
-var hasOwn = class2type.hasOwnProperty;
-
-var fnToString = hasOwn.toString;
-
-var ObjectFunctionString = fnToString.call( Object );
-
-var support = {};
-
-
-
-	function DOMEval( code, doc ) {
-		doc = doc || document;
-
-		var script = doc.createElement( "script" );
-
-		script.text = code;
-		doc.head.appendChild( script ).parentNode.removeChild( script );
-	}
-/* global Symbol */
-// Defining this global in .eslintrc.json would create a danger of using the global
-// unguarded in another place, it seems safer to define global only for this module
-
-
-
-var
-	version = "3.2.1",
-
-	// Define a local copy of jQuery
-	jQuery = function( selector, context ) {
-
-		// The jQuery object is actually just the init constructor 'enhanced'
-		// Need init if jQuery is called (just allow error to be thrown if not included)
-		return new jQuery.fn.init( selector, context );
-	},
-
-	// Support: Android <=4.0 only
-	// Make sure we trim BOM and NBSP
-	rtrim = /^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,
-
-	// Matches dashed string for camelizing
-	rmsPrefix = /^-ms-/,
-	rdashAlpha = /-([a-z])/g,
-
-	// Used by jQuery.camelCase as callback to replace()
-	fcamelCase = function( all, letter ) {
-		return letter.toUpperCase();
-	};
-
-jQuery.fn = jQuery.prototype = {
-
-	// The current version of jQuery being used
-	jquery: version,
-
-	constructor: jQuery,
-
-	// The default length of a jQuery object is 0
-	length: 0,
-
-	toArray: function() {
-		return slice.call( this );
-	},
-
-	// Get the Nth element in the matched element set OR
-	// Get the whole matched element set as a clean array
-	get: function( num ) {
-
-		// Return all the elements in a clean array
-		if ( num == null ) {
-			return slice.call( this );
-		}
-
-		// Return just the one element from the set
-		return num < 0 ? this[ num + this.length ] : this[ num ];
-	},
-
-	// Take an array of elements and push it onto the stack
-	// (returning the new matched element set)
-	pushStack: function( elems ) {
-
-		// Build a new jQuery matched element set
-		var ret = jQuery.merge( this.constructor(), elems );
-
-		// Add the old object onto the stack (as a reference)
-		ret.prevObject = this;
-
-		// Return the newly-formed element set
-		return ret;
-	},
-
-	// Execute a callback for every element in the matched set.
-	each: function( callback ) {
-		return jQuery.each( this, callback );
-	},
-
-	map: function( callback ) {
-		return this.pushStack( jQuery.map( this, function( elem, i ) {
-			return callback.call( elem, i, elem );
-		} ) );
-	},
-
-	slice: function() {
-		return this.pushStack( slice.apply( this, arguments ) );
-	},
-
-	first: function() {
-		return this.eq( 0 );
-	},
-
-	last: function() {
-		return this.eq( -1 );
-	},
-
-	eq: function( i ) {
-		var len = this.length,
-			j = +i + ( i < 0 ? len : 0 );
-		return this.pushStack( j >= 0 && j < len ? [ this[ j ] ] : [] );
-	},
-
-	end: function() {
-		return this.prevObject || this.constructor();
-	},
-
-	// For internal use only.
-	// Behaves like an Array's method, not like a jQuery method.
-	push: push,
-	sort: arr.sort,
-	splice: arr.splice
-};
-
-jQuery.extend = jQuery.fn.extend = function() {
-	var options, name, src, copy, copyIsArray, clone,
-		target = arguments[ 0 ] || {},
-		i = 1,
-		length = arguments.length,
-		deep = false;
-
-	// Handle a deep copy situation
-	if ( typeof target === "boolean" ) {
-		deep = target;
-
-		// Skip the boolean and the target
-		target = arguments[ i ] || {};
-		i++;
-	}
-
-	// Handle case when target is a string or something (possible in deep copy)
-	if ( typeof target !== "object" && !jQuery.isFunction( target ) ) {
-		target = {};
-	}
-
-	// Extend jQuery itself if only one argument is passed
-	if ( i === length ) {
-		target = this;
-		i--;
-	}
-
-	for ( ; i < length; i++ ) {
-
-		// Only deal with non-null/undefined values
-		if ( ( options = arguments[ i ] ) != null ) {
-
-			// Extend the base object
-			for ( name in options ) {
-				src = target[ name ];
-				copy = options[ name ];
-
-				// Prevent never-ending loop
-				if ( target === copy ) {
-					continue;
-				}
-
-				// Recurse if we're merging plain objects or arrays
-				if ( deep && copy && ( jQuery.isPlainObject( copy ) ||
-					( copyIsArray = Array.isArray( copy ) ) ) ) {
-
-					if ( copyIsArray ) {
-						copyIsArray = false;
-						clone = src && Array.isArray( src ) ? src : [];
-
-					} else {
-						clone = src && jQuery.isPlainObject( src ) ? src : {};
-					}
-
-					// Never move original objects, clone them
-					target[ name ] = jQuery.extend( deep, clone, copy );
-
-				// Don't bring in undefined values
-				} else if ( copy !== undefined ) {
-					target[ name ] = copy;
-				}
-			}
-		}
-	}
-
-	// Return the modified object
-	return target;
-};
-
-jQuery.extend( {
-
-	// Unique for each copy of jQuery on the page
-	expando: "jQuery" + ( version + Math.random() ).replace( /\D/g, "" ),
-
-	// Assume jQuery is ready without the ready module
-	isReady: true,
-
-	error: function( msg ) {
-		throw new Error( msg );
-	},
-
-	noop: function() {},
-
-	isFunction: function( obj ) {
-		return jQuery.type( obj ) === "function";
-	},
-
-	isWindow: function( obj ) {
-		return obj != null && obj === obj.window;
-	},
-
-	isNumeric: function( obj ) {
-
-		// As of jQuery 3.0, isNumeric is limited to
-		// strings and numbers (primitives or objects)
-		// that can be coerced to finite numbers (gh-2662)
-		var type = jQuery.type( obj );
-		return ( type === "number" || type === "string" ) &&
-
-			// parseFloat NaNs numeric-cast false positives ("")
-			// ...but misinterprets leading-number strings, particularly hex literals ("0x...")
-			// subtraction forces infinities to NaN
-			!isNaN( obj - parseFloat( obj ) );
-	},
-
-	isPlainObject: function( obj ) {
-		var proto, Ctor;
-
-		// Detect obvious negatives
-		// Use toString instead of jQuery.type to catch host objects
-		if ( !obj || toString.call( obj ) !== "[object Object]" ) {
-			return false;
-		}
-
-		proto = getProto( obj );
-
-		// Objects with no prototype (e.g., `Object.create( null )`) are plain
-		if ( !proto ) {
-			return true;
-		}
-
-		// Objects with prototype are plain iff they were constructed by a global Object function
-		Ctor = hasOwn.call( proto, "constructor" ) && proto.constructor;
-		return typeof Ctor === "function" && fnToString.call( Ctor ) === ObjectFunctionString;
-	},
-
-	isEmptyObject: function( obj ) {
-
-		/* eslint-disable no-unused-vars */
-		// See https://github.com/eslint/eslint/issues/6125
-		var name;
-
-		for ( name in obj ) {
-			return false;
-		}
-		return true;
-	},
-
-	type: function( obj ) {
-		if ( obj == null ) {
-			return obj + "";
-		}
-
-		// Support: Android <=2.3 only (functionish RegExp)
-		return typeof obj === "object" || typeof obj === "function" ?
-			class2type[ toString.call( obj ) ] || "object" :
-			typeof obj;
-	},
-
-	// Evaluates a script in a global context
-	globalEval: function( code ) {
-		DOMEval( code );
-	},
-
-	// Convert dashed to camelCase; used by the css and data modules
-	// Support: IE <=9 - 11, Edge 12 - 13
-	// Microsoft forgot to hump their vendor prefix (#9572)
-	camelCase: function( string ) {
-		return string.replace( rmsPrefix, "ms-" ).replace( rdashAlpha, fcamelCase );
-	},
-
-	each: function( obj, callback ) {
-		var length, i = 0;
-
-		if ( isArrayLike( obj ) ) {
-			length = obj.length;
-			for ( ; i < length; i++ ) {
-				if ( callback.call( obj[ i ], i, obj[ i ] ) === false ) {
-					break;
-				}
-			}
-		} else {
-			for ( i in obj ) {
-				if ( callback.call( obj[ i ], i, obj[ i ] ) === false ) {
-					break;
-				}
-			}
-		}
-
-		return obj;
-	},
-
-	// Support: Android <=4.0 only
-	trim: function( text ) {
-		return text == null ?
-			"" :
-			( text + "" ).replace( rtrim, "" );
-	},
-
-	// results is for internal usage only
-	makeArray: function( arr, results ) {
-		var ret = results || [];
-
-		if ( arr != null ) {
-			if ( isArrayLike( Object( arr ) ) ) {
-				jQuery.merge( ret,
-					typeof arr === "string" ?
-					[ arr ] : arr
-				);
-			} else {
-				push.call( ret, arr );
-			}
-		}
-
-		return ret;
-	},
-
-	inArray: function( elem, arr, i ) {
-		return arr == null ? -1 : indexOf.call( arr, elem, i );
-	},
-
-	// Support: Android <=4.0 only, PhantomJS 1 only
-	// push.apply(_, arraylike) throws on ancient WebKit
-	merge: function( first, second ) {
-		var len = +second.length,
-			j = 0,
-			i = first.length;
-
-		for ( ; j < len; j++ ) {
-			first[ i++ ] = second[ j ];
-		}
-
-		first.length = i;
-
-		return first;
-	},
-
-	grep: function( elems, callback, invert ) {
-		var callbackInverse,
-			matches = [],
-			i = 0,
-			length = elems.length,
-			callbackExpect = !invert;
-
-		// Go through the array, only saving the items
-		// that pass the validator function
-		for ( ; i < length; i++ ) {
-			callbackInverse = !callback( elems[ i ], i );
-			if ( callbackInverse !== callbackExpect ) {
-				matches.push( elems[ i ] );
-			}
-		}
-
-		return matches;
-	},
-
-	// arg is for internal usage only
-	map: function( elems, callback, arg ) {
-		var length, value,
-			i = 0,
-			ret = [];
-
-		// Go through the array, translating each of the items to their new values
-		if ( isArrayLike( elems ) ) {
-			length = elems.length;
-			for ( ; i < length; i++ ) {
-				value = callback( elems[ i ], i, arg );
-
-				if ( value != null ) {
-					ret.push( value );
-				}
-			}
-
-		// Go through every key on the object,
-		} else {
-			for ( i in elems ) {
-				value = callback( elems[ i ], i, arg );
-
-				if ( value != null ) {
-					ret.push( value );
-				}
-			}
-		}
-
-		// Flatten any nested arrays
-		return concat.apply( [], ret );
-	},
-
-	// A global GUID counter for objects
-	guid: 1,
-
-	// Bind a function to a context, optionally partially applying any
-	// arguments.
-	proxy: function( fn, context ) {
-		var tmp, args, proxy;
-
-		if ( typeof context === "string" ) {
-			tmp = fn[ context ];
-			context = fn;
-			fn = tmp;
-		}
-
-		// Quick check to determine if target is callable, in the spec
-		// this throws a TypeError, but we will just return undefined.
-		if ( !jQuery.isFunction( fn ) ) {
-			return undefined;
-		}
-
-		// Simulated bind
-		args = slice.call( arguments, 2 );
-		proxy = function() {
-			return fn.apply( context || this, args.concat( slice.call( arguments ) ) );
-		};
-
-		// Set the guid of unique handler to the same of original handler, so it can be removed
-		proxy.guid = fn.guid = fn.guid || jQuery.guid++;
-
-		return proxy;
-	},
-
-	now: Date.now,
-
-	// jQuery.support is not used in Core but other projects attach their
-	// properties to it so it needs to exist.
-	support: support
-} );
-
-if ( typeof Symbol === "function" ) {
-	jQuery.fn[ Symbol.iterator ] = arr[ Symbol.iterator ];
-}
-
-// Populate the class2type map
-jQuery.each( "Boolean Number String Function Array Date RegExp Object Error Symbol".split( " " ),
-function( i, name ) {
-	class2type[ "[object " + name + "]" ] = name.toLowerCase();
-} );
-
-function isArrayLike( obj ) {
-
-	// Support: real iOS 8.2 only (not reproducible in simulator)
-	// `in` check used to prevent JIT error (gh-2145)
-	// hasOwn isn't used here due to false negatives
-	// regarding Nodelist length in IE
-	var length = !!obj && "length" in obj && obj.length,
-		type = jQuery.type( obj );
-
-	if ( type === "function" || jQuery.isWindow( obj ) ) {
-		return false;
-	}
-
-	return type === "array" || length === 0 ||
-		typeof length === "number" && length > 0 && ( length - 1 ) in obj;
-}
-var Sizzle =
-/*!
- * Sizzle CSS Selector Engine v2.3.3
- * https://sizzlejs.com/
- *
- * Copyright jQuery Foundation and other contributors
- * Released under the MIT license
- * http://jquery.org/license
- *
- * Date: 2016-08-08
- */
-(function( window ) {
-
-var i,
-	support,
-	Expr,
-	getText,
-	isXML,
-	tokenize,
-	compile,
-	select,
-	outermostContext,
-	sortInput,
-	hasDuplicate,
-
-	// Local document vars
-	setDocument,
-	document,
-	docElem,
-	documentIsHTML,
-	rbuggyQSA,
-	rbuggyMatches,
-	matches,
-	contains,
-
-	// Instance-specific data
-	expando = "sizzle" + 1 * new Date(),
-	preferredDoc = window.document,
-	dirruns = 0,
-	done = 0,
-	classCache = createCache(),
-	tokenCache = createCache(),
-	compilerCache = createCache(),
-	sortOrder = function( a, b ) {
-		if ( a === b ) {
-			hasDuplicate = true;
-		}
-		return 0;
-	},
-
-	// Instance methods
-	hasOwn = ({}).hasOwnProperty,
-	arr = [],
-	pop = arr.pop,
-	push_native = arr.push,
-	push = arr.push,
-	slice = arr.slice,
-	// Use a stripped-down indexOf as it's faster than native
-	// https://jsperf.com/thor-indexof-vs-for/5
-	indexOf = function( list, elem ) {
-		var i = 0,
-			len = list.length;
-		for ( ; i < len; i++ ) {
-			if ( list[i] === elem ) {
-				return i;
-			}
-		}
-		return -1;
-	},
-
-	booleans = "checked|selected|async|autofocus|autoplay|controls|defer|disabled|hidden|ismap|loop|multiple|open|readonly|required|scoped",
-
-	// Regular expressions
-
-	// http://www.w3.org/TR/css3-selectors/#whitespace
-	whitespace = "[\\x20\\t\\r\\n\\f]",
-
-	// http://www.w3.org/TR/CSS21/syndata.html#value-def-identifier
-	identifier = "(?:\\\\.|[\\w-]|[^\0-\\xa0])+",
-
-	// Attribute selectors: http://www.w3.org/TR/selectors/#attribute-selectors
-	attributes = "\\[" + whitespace + "*(" + identifier + ")(?:" + whitespace +
-		// Operator (capture 2)
-		"*([*^$|!~]?=)" + whitespace +
-		// "Attribute values must be CSS identifiers [capture 5] or strings [capture 3 or capture 4]"
-		"*(?:'((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\"|(" + identifier + "))|)" + whitespace +
-		"*\\]",
-
-	pseudos = ":(" + identifier + ")(?:\\((" +
-		// To reduce the number of selectors needing tokenize in the preFilter, prefer arguments:
-		// 1. quoted (capture 3; capture 4 or capture 5)
-		"('((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\")|" +
-		// 2. simple (capture 6)
-		"((?:\\\\.|[^\\\\()[\\]]|" + attributes + ")*)|" +
-		// 3. anything else (capture 2)
-		".*" +
-		")\\)|)",
-
-	// Leading and non-escaped trailing whitespace, capturing some non-whitespace characters preceding the latter
-	rwhitespace = new RegExp( whitespace + "+", "g" ),
-	rtrim = new RegExp( "^" + whitespace + "+|((?:^|[^\\\\])(?:\\\\.)*)" + whitespace + "+$", "g" ),
-
-	rcomma = new RegExp( "^" + whitespace + "*," + whitespace + "*" ),
-	rcombinators = new RegExp( "^" + whitespace + "*([>+~]|" + whitespace + ")" + whitespace + "*" ),
-
-	rattributeQuotes = new RegExp( "=" + whitespace + "*([^\\]'\"]*?)" + whitespace + "*\\]", "g" ),
-
-	rpseudo = new RegExp( pseudos ),
-	ridentifier = new RegExp( "^" + identifier + "$" ),
-
-	matchExpr = {
-		"ID": new RegExp( "^#(" + identifier + ")" ),
-		"CLASS": new RegExp( "^\\.(" + identifier + ")" ),
-		"TAG": new RegExp( "^(" + identifier + "|[*])" ),
-		"ATTR": new RegExp( "^" + attributes ),
-		"PSEUDO": new RegExp( "^" + pseudos ),
-		"CHILD": new RegExp( "^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\(" + whitespace +
-			"*(even|odd|(([+-]|)(\\d*)n|)" + whitespace + "*(?:([+-]|)" + whitespace +
-			"*(\\d+)|))" + whitespace + "*\\)|)", "i" ),
-		"bool": new RegExp( "^(?:" + booleans + ")$", "i" ),
-		// For use in libraries implementing .is()
-		// We use this for POS matching in `select`
-		"needsContext": new RegExp( "^" + whitespace + "*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\(" +
-			whitespace + "*((?:-\\d)?\\d*)" + whitespace + "*\\)|)(?=[^-]|$)", "i" )
-	},
-
-	rinputs = /^(?:input|select|textarea|button)$/i,
-	rheader = /^h\d$/i,
-
-	rnative = /^[^{]+\{\s*\[native \w/,
-
-	// Easily-parseable/retrievable ID or TAG or CLASS selectors
-	rquickExpr = /^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/,
-
-	rsibling = /[+~]/,
-
-	// CSS escapes
-	// http://www.w3.org/TR/CSS21/syndata.html#escaped-characters
-	runescape = new RegExp( "\\\\([\\da-f]{1,6}" + whitespace + "?|(" + whitespace + ")|.)", "ig" ),
-	funescape = function( _, escaped, escapedWhitespace ) {
-		var high = "0x" + escaped - 0x10000;
-		// NaN means non-codepoint
-		// Support: Firefox<24
-		// Workaround erroneous numeric interpretation of +"0x"
-		return high !== high || escapedWhitespace ?
-			escaped :
-			high < 0 ?
-				// BMP codepoint
-				String.fromCharCode( high + 0x10000 ) :
-				// Supplemental Plane codepoint (surrogate pair)
-				String.fromCharCode( high >> 10 | 0xD800, high & 0x3FF | 0xDC00 );
-	},
-
-	// CSS string/identifier serialization
-	// https://drafts.csswg.org/cssom/#common-serializing-idioms
-	rcssescape = /([\0-\x1f\x7f]|^-?\d)|^-$|[^\0-\x1f\x7f-\uFFFF\w-]/g,
-	fcssescape = function( ch, asCodePoint ) {
-		if ( asCodePoint ) {
-
-			// U+0000 NULL becomes U+FFFD REPLACEMENT CHARACTER
-			if ( ch === "\0" ) {
-				return "\uFFFD";
-			}
-
-			// Control characters and (dependent upon position) numbers get escaped as code points
-			return ch.slice( 0, -1 ) + "\\" + ch.charCodeAt( ch.length - 1 ).toString( 16 ) + " ";
-		}
-
-		// Other potentially-special ASCII characters get backslash-escaped
-		return "\\" + ch;
-	},
-
-	// Used for iframes
-	// See setDocument()
-	// Removing the function wrapper causes a "Permission Denied"
-	// error in IE
-	unloadHandler = function() {
-		setDocument();
-	},
-
-	disabledAncestor = addCombinator(
-		function( elem ) {
-			return elem.disabled === true && ("form" in elem || "label" in elem);
-		},
-		{ dir: "parentNode", next: "legend" }
-	);
-
-// Optimize for push.apply( _, NodeList )
-try {
-	push.apply(
-		(arr = slice.call( preferredDoc.childNodes )),
-		preferredDoc.childNodes
-	);
-	// Support: Android<4.0
-	// Detect silently failing push.apply
-	arr[ preferredDoc.childNodes.length ].nodeType;
-} catch ( e ) {
-	push = { apply: arr.length ?
-
-		// Leverage slice if possible
-		function( target, els ) {
-			push_native.apply( target, slice.call(els) );
-		} :
-
-		// Support: IE<9
-		// Otherwise append directly
-		function( target, els ) {
-			var j = target.length,
-				i = 0;
-			// Can't trust NodeList.length
-			while ( (target[j++] = els[i++]) ) {}
-			target.length = j - 1;
-		}
-	};
-}
-
-function Sizzle( selector, context, results, seed ) {
-	var m, i, elem, nid, match, groups, newSelector,
-		newContext = context && context.ownerDocument,
-
-		// nodeType defaults to 9, since context defaults to document
-		nodeType = context ? context.nodeType : 9;
-
-	results = results || [];
-
-	// Return early from calls with invalid selector or context
-	if ( typeof selector !== "string" || !selector ||
-		nodeType !== 1 && nodeType !== 9 && nodeType !== 11 ) {
-
-		return results;
-	}
-
-	// Try to shortcut find operations (as opposed to filters) in HTML documents
-	if ( !seed ) {
-
-		if ( ( context ? context.ownerDocument || context : preferredDoc ) !== document ) {
-			setDocument( context );
-		}
-		context = context || document;
-
-		if ( documentIsHTML ) {
-
-			// If the selector is sufficiently simple, try using a "get*By*" DOM method
-			// (excepting DocumentFragment context, where the methods don't exist)
-			if ( nodeType !== 11 && (match = rquickExpr.exec( selector )) ) {
-
-				// ID selector
-				if ( (m = match[1]) ) {
-
-					// Document context
-					if ( nodeType === 9 ) {
-						if ( (elem = context.getElementById( m )) ) {
-
-							// Support: IE, Opera, Webkit
-							// TODO: identify versions
-							// getElementById can match elements by name instead of ID
-							if ( elem.id === m ) {
-								results.push( elem );
-								return results;
-							}
-						} else {
-							return results;
-						}
-
-					// Element context
-					} else {
-
-						// Support: IE, Opera, Webkit
-						// TODO: identify versions
-						// getElementById can match elements by name instead of ID
-						if ( newContext && (elem = newContext.getElementById( m )) &&
-							contains( context, elem ) &&
-							elem.id === m ) {
-
-							results.push( elem );
-							return results;
-						}
-					}
-
-				// Type selector
-				} else if ( match[2] ) {
-					push.apply( results, context.getElementsByTagName( selector ) );
-					return results;
-
-				// Class selector
-				} else if ( (m = match[3]) && support.getElementsByClassName &&
-					context.getElementsByClassName ) {
-
-					push.apply( results, context.getElementsByClassName( m ) );
-					return results;
-				}
-			}
-
-			// Take advantage of querySelectorAll
-			if ( support.qsa &&
-				!compilerCache[ selector + " " ] &&
-				(!rbuggyQSA || !rbuggyQSA.test( selector )) ) {
-
-				if ( nodeType !== 1 ) {
-					newContext = context;
-					newSelector = selector;
-
-				// qSA looks outside Element context, which is not what we want
-				// Thanks to Andrew Dupont for this workaround technique
-				// Support: IE <=8
-				// Exclude object elements
-				} else if ( context.nodeName.toLowerCase() !== "object" ) {
-
-					// Capture the context ID, setting it first if necessary
-					if ( (nid = context.getAttribute( "id" )) ) {
-						nid = nid.replace( rcssescape, fcssescape );
-					} else {
-						context.setAttribute( "id", (nid = expando) );
-					}
-
-					// Prefix every selector in the list
-					groups = tokenize( selector );
-					i = groups.length;
-					while ( i-- ) {
-						groups[i] = "#" + nid + " " + toSelector( groups[i] );
-					}
-					newSelector = groups.join( "," );
-
-					// Expand context for sibling selectors
-					newContext = rsibling.test( selector ) && testContext( context.parentNode ) ||
-						context;
-				}
-
-				if ( newSelector ) {
-					try {
-						push.apply( results,
-							newContext.querySelectorAll( newSelector )
-						);
-						return results;
-					} catch ( qsaError ) {
-					} finally {
-						if ( nid === expando ) {
-							context.removeAttribute( "id" );
-						}
-					}
-				}
-			}
-		}
-	}
-
-	// All others
-	return select( selector.replace( rtrim, "$1" ), context, results, seed );
-}
-
-/**
- * Create key-value caches of limited size
- * @returns {function(string, object)} Returns the Object data after storing it on itself with
- *	property name the (space-suffixed) string and (if the cache is larger than Expr.cacheLength)
- *	deleting the oldest entry
- */
-function createCache() {
-	var keys = [];
-
-	function cache( key, value ) {
-		// Use (key + " ") to avoid collision with native prototype properties (see Issue #157)
-		if ( keys.push( key + " " ) > Expr.cacheLength ) {
-			// Only keep the most recent entries
-			delete cache[ keys.shift() ];
-		}
-		return (cache[ key + " " ] = value);
-	}
-	return cache;
-}
-
-/**
- * Mark a function for special use by Sizzle
- * @param {Function} fn The function to mark
- */
-function markFunction( fn ) {
-	fn[ expando ] = true;
-	return fn;
-}
-
-/**
- * Support testing using an element
- * @param {Function} fn Passed the created element and returns a boolean result
- */
-function assert( fn ) {
-	var el = document.createElement("fieldset");
-
-	try {
-		return !!fn( el );
-	} catch (e) {
-		return false;
-	} finally {
-		// Remove from its parent by default
-		if ( el.parentNode ) {
-			el.parentNode.removeChild( el );
-		}
-		// release memory in IE
-		el = null;
-	}
-}
-
-/**
- * Adds the same handler for all of the specified attrs
- * @param {String} attrs Pipe-separated list of attributes
- * @param {Function} handler The method that will be applied
- */
-function addHandle( attrs, handler ) {
-	var arr = attrs.split("|"),
-		i = arr.length;
-
-	while ( i-- ) {
-		Expr.attrHandle[ arr[i] ] = handler;
-	}
-}
-
-/**
- * Checks document order of two siblings
- * @param {Element} a
- * @param {Element} b
- * @returns {Number} Returns less than 0 if a precedes b, greater than 0 if a follows b
- */
-function siblingCheck( a, b ) {
-	var cur = b && a,
-		diff = cur && a.nodeType === 1 && b.nodeType === 1 &&
-			a.sourceIndex - b.sourceIndex;
-
-	// Use IE sourceIndex if available on both nodes
-	if ( diff ) {
-		return diff;
-	}
-
-	// Check if b follows a
-	if ( cur ) {
-		while ( (cur = cur.nextSibling) ) {
-			if ( cur === b ) {
-				return -1;
-			}
-		}
-	}
-
-	return a ? 1 : -1;
-}
-
-/**
- * Returns a function to use in pseudos for input types
- * @param {String} type
- */
-function createInputPseudo( type ) {
-	return function( elem ) {
-		var name = elem.nodeName.toLowerCase();
-		return name === "input" && elem.type === type;
-	};
-}
-
-/**
- * Returns a function to use in pseudos for buttons
- * @param {String} type
- */
-function createButtonPseudo( type ) {
-	return function( elem ) {
-		var name = elem.nodeName.toLowerCase();
-		return (name === "input" || name === "button") && elem.type === type;
-	};
-}
-
-/**
- * Returns a function to use in pseudos for :enabled/:disabled
- * @param {Boolean} disabled true for :disabled; false for :enabled
- */
-function createDisabledPseudo( disabled ) {
-
-	// Known :disabled false positives: fieldset[disabled] > legend:nth-of-type(n+2) :can-disable
-	return function( elem ) {
-
-		// Only certain elements can match :enabled or :disabled
-		// https://html.spec.whatwg.org/multipage/scripting.html#selector-enabled
-		// https://html.spec.whatwg.org/multipage/scripting.html#selector-disabled
-		if ( "form" in elem ) {
-
-			// Check for inherited disabledness on relevant non-disabled elements:
-			// * listed form-associated elements in a disabled fieldset
-			//   https://html.spec.whatwg.org/multipage/forms.html#category-listed
-			//   https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled
-			// * option elements in a disabled optgroup
-			//   https://html.spec.whatwg.org/multipage/forms.html#concept-option-disabled
-			// All such elements have a "form" property.
-			if ( elem.parentNode && elem.disabled === false ) {
-
-				// Option elements defer to a parent optgroup if present
-				if ( "label" in elem ) {
-					if ( "label" in elem.parentNode ) {
-						return elem.parentNode.disabled === disabled;
-					} else {
-						return elem.disabled === disabled;
-					}
-				}
-
-				// Support: IE 6 - 11
-				// Use the isDisabled shortcut property to check for disabled fieldset ancestors
-				return elem.isDisabled === disabled ||
-
-					// Where there is no isDisabled, check manually
-					/* jshint -W018 */
-					elem.isDisabled !== !disabled &&
-						disabledAncestor( elem ) === disabled;
-			}
-
-			return elem.disabled === disabled;
-
-		// Try to winnow out elements that can't be disabled before trusting the disabled property.
-		// Some victims get caught in our net (label, legend, menu, track), but it shouldn't
-		// even exist on them, let alone have a boolean value.
-		} else if ( "label" in elem ) {
-			return elem.disabled === disabled;
-		}
-
-		// Remaining elements are neither :enabled nor :disabled
-		return false;
-	};
-}
-
-/**
- * Returns a function to use in pseudos for positionals
- * @param {Function} fn
- */
-function createPositionalPseudo( fn ) {
-	return markFunction(function( argument ) {
-		argument = +argument;
-		return markFunction(function( seed, matches ) {
-			var j,
-				matchIndexes = fn( [], seed.length, argument ),
-				i = matchIndexes.length;
-
-			// Match elements found at the specified indexes
-			while ( i-- ) {
-				if ( seed[ (j = matchIndexes[i]) ] ) {
-					seed[j] = !(matches[j] = seed[j]);
-				}
-			}
-		});
-	});
-}
-
-/**
- * Checks a node for validity as a Sizzle context
- * @param {Element|Object=} context
- * @returns {Element|Object|Boolean} The input node if acceptable, otherwise a falsy value
- */
-function testContext( context ) {
-	return context && typeof context.getElementsByTagName !== "undefined" && context;
-}
-
-// Expose support vars for convenience
-support = Sizzle.support = {};
-
-/**
- * Detects XML nodes
- * @param {Element|Object} elem An element or a document
- * @returns {Boolean} True iff elem is a non-HTML XML node
- */
-isXML = Sizzle.isXML = function( elem ) {
-	// documentElement is verified for cases where it doesn't yet exist
-	// (such as loading iframes in IE - #4833)
-	var documentElement = elem && (elem.ownerDocument || elem).documentElement;
-	return documentElement ? documentElement.nodeName !== "HTML" : false;
-};
-
-/**
- * Sets document-related variables once based on the current document
- * @param {Element|Object} [doc] An element or document object to use to set the document
- * @returns {Object} Returns the current document
- */
-setDocument = Sizzle.setDocument = function( node ) {
-	var hasCompare, subWindow,
-		doc = node ? node.ownerDocument || node : preferredDoc;
-
-	// Return early if doc is invalid or already selected
-	if ( doc === document || doc.nodeType !== 9 || !doc.documentElement ) {
-		return document;
-	}
-
-	// Update global variables
-	document = doc;
-	docElem = document.documentElement;
-	documentIsHTML = !isXML( document );
-
-	// Support: IE 9-11, Edge
-	// Accessing iframe documents after unload throws "permission denied" errors (jQuery #13936)
-	if ( preferredDoc !== document &&
-		(subWindow = document.defaultView) && subWindow.top !== subWindow ) {
-
-		// Support: IE 11, Edge
-		if ( subWindow.addEventListener ) {
-			subWindow.addEventListener( "unload", unloadHandler, false );
-
-		// Support: IE 9 - 10 only
-		} else if ( subWindow.attachEvent ) {
-			subWindow.attachEvent( "onunload", unloadHandler );
-		}
-	}
-
-	/* Attributes
-	---------------------------------------------------------------------- */
-
-	// Support: IE<8
-	// Verify that getAttribute really returns attributes and not properties
-	// (excepting IE8 booleans)
-	support.attributes = assert(function( el ) {
-		el.className = "i";
-		return !el.getAttribute("className");
-	});
-
-	/* getElement(s)By*
-	---------------------------------------------------------------------- */
-
-	// Check if getElementsByTagName("*") returns only elements
-	support.getElementsByTagName = assert(function( el ) {
-		el.appendChild( document.createComment("") );
-		return !el.getElementsByTagName("*").length;
-	});
-
-	// Support: IE<9
-	support.getElementsByClassName = rnative.test( document.getElementsByClassName );
-
-	// Support: IE<10
-	// Check if getElementById returns elements by name
-	// The broken getElementById methods don't pick up programmatically-set names,
-	// so use a roundabout getElementsByName test
-	support.getById = assert(function( el ) {
-		docElem.appendChild( el ).id = expando;
-		return !document.getElementsByName || !document.getElementsByName( expando ).length;
-	});
-
-	// ID filter and find
-	if ( support.getById ) {
-		Expr.filter["ID"] = function( id ) {
-			var attrId = id.replace( runescape, funescape );
-			return function( elem ) {
-				return elem.getAttribute("id") === attrId;
-			};
-		};
-		Expr.find["ID"] = function( id, context ) {
-			if ( typeof context.getElementById !== "undefined" && documentIsHTML ) {
-				var elem = context.getElementById( id );
-				return elem ? [ elem ] : [];
-			}
-		};
-	} else {
-		Expr.filter["ID"] =  function( id ) {
-			var attrId = id.replace( runescape, funescape );
-			return function( elem ) {
-				var node = typeof elem.getAttributeNode !== "undefined" &&
-					elem.getAttributeNode("id");
-				return node && node.value === attrId;
-			};
-		};
-
-		// Support: IE 6 - 7 only
-		// getElementById is not reliable as a find shortcut
-		Expr.find["ID"] = function( id, context ) {
-			if ( typeof context.getElementById !== "undefined" && documentIsHTML ) {
-				var node, i, elems,
-					elem = context.getElementById( id );
-
-				if ( elem ) {
-
-					// Verify the id attribute
-					node = elem.getAttributeNode("id");
-					if ( node && node.value === id ) {
-						return [ elem ];
-					}
-
-					// Fall back on getElementsByName
-					elems = context.getElementsByName( id );
-					i = 0;
-					while ( (elem = elems[i++]) ) {
-						node = elem.getAttributeNode("id");
-						if ( node && node.value === id ) {
-							return [ elem ];
-						}
-					}
-				}
-
-				return [];
-			}
-		};
-	}
-
-	// Tag
-	Expr.find["TAG"] = support.getElementsByTagName ?
-		function( tag, context ) {
-			if ( typeof context.getElementsByTagName !== "undefined" ) {
-				return context.getElementsByTagName( tag );
-
-			// DocumentFragment nodes don't have gEBTN
-			} else if ( support.qsa ) {
-				return context.querySelectorAll( tag );
-			}
-		} :
-
-		function( tag, context ) {
-			var elem,
-				tmp = [],
-				i = 0,
-				// By happy coincidence, a (broken) gEBTN appears on DocumentFragment nodes too
-				results = context.getElementsByTagName( tag );
-
-			// Filter out possible comments
-			if ( tag === "*" ) {
-				while ( (elem = results[i++]) ) {
-					if ( elem.nodeType === 1 ) {
-						tmp.push( elem );
-					}
-				}
-
-				return tmp;
-			}
-			return results;
-		};
-
-	// Class
-	Expr.find["CLASS"] = support.getElementsByClassName && function( className, context ) {
-		if ( typeof context.getElementsByClassName !== "undefined" && documentIsHTML ) {
-			return context.getElementsByClassName( className );
-		}
-	};
-
-	/* QSA/matchesSelector
-	---------------------------------------------------------------------- */
-
-	// QSA and matchesSelector support
-
-	// matchesSelector(:active) reports false when true (IE9/Opera 11.5)
-	rbuggyMatches = [];
-
-	// qSa(:focus) reports false when true (Chrome 21)
-	// We allow this because of a bug in IE8/9 that throws an error
-	// whenever `document.activeElement` is accessed on an iframe
-	// So, we allow :focus to pass through QSA all the time to avoid the IE error
-	// See https://bugs.jquery.com/ticket/13378
-	rbuggyQSA = [];
-
-	if ( (support.qsa = rnative.test( document.querySelectorAll )) ) {
-		// Build QSA regex
-		// Regex strategy adopted from Diego Perini
-		assert(function( el ) {
-			// Select is set to empty string on purpose
-			// This is to test IE's treatment of not explicitly
-			// setting a boolean content attribute,
-			// since its presence should be enough
-			// https://bugs.jquery.com/ticket/12359
-			docElem.appendChild( el ).innerHTML = "<a id='" + expando + "'></a>" +
-				"<select id='" + expando + "-\r\\' msallowcapture=''>" +
-				"<option selected=''></option></select>";
-
-			// Support: IE8, Opera 11-12.16
-			// Nothing should be selected when empty strings follow ^= or $= or *=
-			// The test attribute must be unknown in Opera but "safe" for WinRT
-			// https://msdn.microsoft.com/en-us/library/ie/hh465388.aspx#attribute_section
-			if ( el.querySelectorAll("[msallowcapture^='']").length ) {
-				rbuggyQSA.push( "[*^$]=" + whitespace + "*(?:''|\"\")" );
-			}
-
-			// Support: IE8
-			// Boolean attributes and "value" are not treated correctly
-			if ( !el.querySelectorAll("[selected]").length ) {
-				rbuggyQSA.push( "\\[" + whitespace + "*(?:value|" + booleans + ")" );
-			}
-
-			// Support: Chrome<29, Android<4.4, Safari<7.0+, iOS<7.0+, PhantomJS<1.9.8+
-			if ( !el.querySelectorAll( "[id~=" + expando + "-]" ).length ) {
-				rbuggyQSA.push("~=");
-			}
-
-			// Webkit/Opera - :checked should return selected option elements
-			// http://www.w3.org/TR/2011/REC-css3-selectors-20110929/#checked
-			// IE8 throws error here and will not see later tests
-			if ( !el.querySelectorAll(":checked").length ) {
-				rbuggyQSA.push(":checked");
-			}
-
-			// Support: Safari 8+, iOS 8+
-			// https://bugs.webkit.org/show_bug.cgi?id=136851
-			// In-page `selector#id sibling-combinator selector` fails
-			if ( !el.querySelectorAll( "a#" + expando + "+*" ).length ) {
-				rbuggyQSA.push(".#.+[+~]");
-			}
-		});
-
-		assert(function( el ) {
-			el.innerHTML = "<a href='' disabled='disabled'></a>" +
-				"<select disabled='disabled'><option/></select>";
-
-			// Support: Windows 8 Native Apps
-			// The type and name attributes are restricted during .innerHTML assignment
-			var input = document.createElement("input");
-			input.setAttribute( "type", "hidden" );
-			el.appendChild( input ).setAttribute( "name", "D" );
-
-			// Support: IE8
-			// Enforce case-sensitivity of name attribute
-			if ( el.querySelectorAll("[name=d]").length ) {
-				rbuggyQSA.push( "name" + whitespace + "*[*^$|!~]?=" );
-			}
-
-			// FF 3.5 - :enabled/:disabled and hidden elements (hidden elements are still enabled)
-			// IE8 throws error here and will not see later tests
-			if ( el.querySelectorAll(":enabled").length !== 2 ) {
-				rbuggyQSA.push( ":enabled", ":disabled" );
-			}
-
-			// Support: IE9-11+
-			// IE's :disabled selector does not pick up the children of disabled fieldsets
-			docElem.appendChild( el ).disabled = true;
-			if ( el.querySelectorAll(":disabled").length !== 2 ) {
-				rbuggyQSA.push( ":enabled", ":disabled" );
-			}
-
-			// Opera 10-11 does not throw on post-comma invalid pseudos
-			el.querySelectorAll("*,:x");
-			rbuggyQSA.push(",.*:");
-		});
-	}
-
-	if ( (support.matchesSelector = rnative.test( (matches = docElem.matches ||
-		docElem.webkitMatchesSelector ||
-		docElem.mozMatchesSelector ||
-		docElem.oMatchesSelector ||
-		docElem.msMatchesSelector) )) ) {
-
-		assert(function( el ) {
-			// Check to see if it's possible to do matchesSelector
-			// on a disconnected node (IE 9)
-			support.disconnectedMatch = matches.call( el, "*" );
-
-			// This should fail with an exception
-			// Gecko does not error, returns false instead
-			matches.call( el, "[s!='']:x" );
-			rbuggyMatches.push( "!=", pseudos );
-		});
-	}
-
-	rbuggyQSA = rbuggyQSA.length && new RegExp( rbuggyQSA.join("|") );
-	rbuggyMatches = rbuggyMatches.length && new RegExp( rbuggyMatches.join("|") );
-
-	/* Contains
-	---------------------------------------------------------------------- */
-	hasCompare = rnative.test( docElem.compareDocumentPosition );
-
-	// Element contains another
-	// Purposefully self-exclusive
-	// As in, an element does not contain itself
-	contains = hasCompare || rnative.test( docElem.contains ) ?
-		function( a, b ) {
-			var adown = a.nodeType === 9 ? a.documentElement : a,
-				bup = b && b.parentNode;
-			return a === bup || !!( bup && bup.nodeType === 1 && (
-				adown.contains ?
-					adown.contains( bup ) :
-					a.compareDocumentPosition && a.compareDocumentPosition( bup ) & 16
-			));
-		} :
-		function( a, b ) {
-			if ( b ) {
-				while ( (b = b.parentNode) ) {
-					if ( b === a ) {
-						return true;
-					}
-				}
-			}
-			return false;
-		};
-
-	/* Sorting
-	---------------------------------------------------------------------- */
-
-	// Document order sorting
-	sortOrder = hasCompare ?
-	function( a, b ) {
-
-		// Flag for duplicate removal
-		if ( a === b ) {
-			hasDuplicate = true;
-			return 0;
-		}
-
-		// Sort on method existence if only one input has compareDocumentPosition
-		var compare = !a.compareDocumentPosition - !b.compareDocumentPosition;
-		if ( compare ) {
-			return compare;
-		}
-
-		// Calculate position if both inputs belong to the same document
-		compare = ( a.ownerDocument || a ) === ( b.ownerDocument || b ) ?
-			a.compareDocumentPosition( b ) :
-
-			// Otherwise we know they are disconnected
-			1;
-
-		// Disconnected nodes
-		if ( compare & 1 ||
-			(!support.sortDetached && b.compareDocumentPosition( a ) === compare) ) {
-
-			// Choose the first element that is related to our preferred document
-			if ( a === document || a.ownerDocument === preferredDoc && contains(preferredDoc, a) ) {
-				return -1;
-			}
-			if ( b === document || b.ownerDocument === preferredDoc && contains(preferredDoc, b) ) {
-				return 1;
-			}
-
-			// Maintain original order
-			return sortInput ?
-				( indexOf( sortInput, a ) - indexOf( sortInput, b ) ) :
-				0;
-		}
-
-		return compare & 4 ? -1 : 1;
-	} :
-	function( a, b ) {
-		// Exit early if the nodes are identical
-		if ( a === b ) {
-			hasDuplicate = true;
-			return 0;
-		}
-
-		var cur,
-			i = 0,
-			aup = a.parentNode,
-			bup = b.parentNode,
-			ap = [ a ],
-			bp = [ b ];
-
-		// Parentless nodes are either documents or disconnected
-		if ( !aup || !bup ) {
-			return a === document ? -1 :
-				b === document ? 1 :
-				aup ? -1 :
-				bup ? 1 :
-				sortInput ?
-				( indexOf( sortInput, a ) - indexOf( sortInput, b ) ) :
-				0;
-
-		// If the nodes are siblings, we can do a quick check
-		} else if ( aup === bup ) {
-			return siblingCheck( a, b );
-		}
-
-		// Otherwise we need full lists of their ancestors for comparison
-		cur = a;
-		while ( (cur = cur.parentNode) ) {
-			ap.unshift( cur );
-		}
-		cur = b;
-		while ( (cur = cur.parentNode) ) {
-			bp.unshift( cur );
-		}
-
-		// Walk down the tree looking for a discrepancy
-		while ( ap[i] === bp[i] ) {
-			i++;
-		}
-
-		return i ?
-			// Do a sibling check if the nodes have a common ancestor
-			siblingCheck( ap[i], bp[i] ) :
-
-			// Otherwise nodes in our document sort first
-			ap[i] === preferredDoc ? -1 :
-			bp[i] === preferredDoc ? 1 :
-			0;
-	};
-
-	return document;
-};
-
-Sizzle.matches = function( expr, elements ) {
-	return Sizzle( expr, null, null, elements );
-};
-
-Sizzle.matchesSelector = function( elem, expr ) {
-	// Set document vars if needed
-	if ( ( elem.ownerDocument || elem ) !== document ) {
-		setDocument( elem );
-	}
-
-	// Make sure that attribute selectors are quoted
-	expr = expr.replace( rattributeQuotes, "='$1']" );
-
-	if ( support.matchesSelector && documentIsHTML &&
-		!compilerCache[ expr + " " ] &&
-		( !rbuggyMatches || !rbuggyMatches.test( expr ) ) &&
-		( !rbuggyQSA     || !rbuggyQSA.test( expr ) ) ) {
-
-		try {
-			var ret = matches.call( elem, expr );
-
-			// IE 9's matchesSelector returns false on disconnected nodes
-			if ( ret || support.disconnectedMatch ||
-					// As well, disconnected nodes are said to be in a document
-					// fragment in IE 9
-					elem.document && elem.document.nodeType !== 11 ) {
-				return ret;
-			}
-		} catch (e) {}
-	}
-
-	return Sizzle( expr, document, null, [ elem ] ).length > 0;
-};
-
-Sizzle.contains = function( context, elem ) {
-	// Set document vars if needed
-	if ( ( context.ownerDocument || context ) !== document ) {
-		setDocument( context );
-	}
-	return contains( context, elem );
-};
-
-Sizzle.attr = function( elem, name ) {
-	// Set document vars if needed
-	if ( ( elem.ownerDocument || elem ) !== document ) {
-		setDocument( elem );
-	}
-
-	var fn = Expr.attrHandle[ name.toLowerCase() ],
-		// Don't get fooled by Object.prototype properties (jQuery #13807)
-		val = fn && hasOwn.call( Expr.attrHandle, name.toLowerCase() ) ?
-			fn( elem, name, !documentIsHTML ) :
-			undefined;
-
-	return val !== undefined ?
-		val :
-		support.attributes || !documentIsHTML ?
-			elem.getAttribute( name ) :
-			(val = elem.getAttributeNode(name)) && val.specified ?
-				val.value :
-				null;
-};
-
-Sizzle.escape = function( sel ) {
-	return (sel + "").replace( rcssescape, fcssescape );
-};
-
-Sizzle.error = function( msg ) {
-	throw new Error( "Syntax error, unrecognized expression: " + msg );
-};
-
-/**
- * Document sorting and removing duplicates
- * @param {ArrayLike} results
- */
-Sizzle.uniqueSort = function( results ) {
-	var elem,
-		duplicates = [],
-		j = 0,
-		i = 0;
-
-	// Unless we *know* we can detect duplicates, assume their presence
-	hasDuplicate = !support.detectDuplicates;
-	sortInput = !support.sortStable && results.slice( 0 );
-	results.sort( sortOrder );
-
-	if ( hasDuplicate ) {
-		while ( (elem = results[i++]) ) {
-			if ( elem === results[ i ] ) {
-				j = duplicates.push( i );
-			}
-		}
-		while ( j-- ) {
-			results.splice( duplicates[ j ], 1 );
-		}
-	}
-
-	// Clear input after sorting to release objects
-	// See https://github.com/jquery/sizzle/pull/225
-	sortInput = null;
-
-	return results;
-};
-
-/**
- * Utility function for retrieving the text value of an array of DOM nodes
- * @param {Array|Element} elem
- */
-getText = Sizzle.getText = function( elem ) {
-	var node,
-		ret = "",
-		i = 0,
-		nodeType = elem.nodeType;
-
-	if ( !nodeType ) {
-		// If no nodeType, this is expected to be an array
-		while ( (node = elem[i++]) ) {
-			// Do not traverse comment nodes
-			ret += getText( node );
-		}
-	} else if ( nodeType === 1 || nodeType === 9 || nodeType === 11 ) {
-		// Use textContent for elements
-		// innerText usage removed for consistency of new lines (jQuery #11153)
-		if ( typeof elem.textContent === "string" ) {
-			return elem.textContent;
-		} else {
-			// Traverse its children
-			for ( elem = elem.firstChild; elem; elem = elem.nextSibling ) {
-				ret += getText( elem );
-			}
-		}
-	} else if ( nodeType === 3 || nodeType === 4 ) {
-		return elem.nodeValue;
-	}
-	// Do not include comment or processing instruction nodes
-
-	return ret;
-};
-
-Expr = Sizzle.selectors = {
-
-	// Can be adjusted by the user
-	cacheLength: 50,
-
-	createPseudo: markFunction,
-
-	match: matchExpr,
-
-	attrHandle: {},
-
-	find: {},
-
-	relative: {
-		">": { dir: "parentNode", first: true },
-		" ": { dir: "parentNode" },
-		"+": { dir: "previousSibling", first: true },
-		"~": { dir: "previousSibling" }
-	},
-
-	preFilter: {
-		"ATTR": function( match ) {
-			match[1] = match[1].replace( runescape, funescape );
-
-			// Move the given value to match[3] whether quoted or unquoted
-			match[3] = ( match[3] || match[4] || match[5] || "" ).replace( runescape, funescape );
-
-			if ( match[2] === "~=" ) {
-				match[3] = " " + match[3] + " ";
-			}
-
-			return match.slice( 0, 4 );
-		},
-
-		"CHILD": function( match ) {
-			/* matches from matchExpr["CHILD"]
-				1 type (only|nth|...)
-				2 what (child|of-type)
-				3 argument (even|odd|\d*|\d*n([+-]\d+)?|...)
-				4 xn-component of xn+y argument ([+-]?\d*n|)
-				5 sign of xn-component
-				6 x of xn-component
-				7 sign of y-component
-				8 y of y-component
-			*/
-			match[1] = match[1].toLowerCase();
-
-			if ( match[1].slice( 0, 3 ) === "nth" ) {
-				// nth-* requires argument
-				if ( !match[3] ) {
-					Sizzle.error( match[0] );
-				}
-
-				// numeric x and y parameters for Expr.filter.CHILD
-				// remember that false/true cast respectively to 0/1
-				match[4] = +( match[4] ? match[5] + (match[6] || 1) : 2 * ( match[3] === "even" || match[3] === "odd" ) );
-				match[5] = +( ( match[7] + match[8] ) || match[3] === "odd" );
-
-			// other types prohibit arguments
-			} else if ( match[3] ) {
-				Sizzle.error( match[0] );
-			}
-
-			return match;
-		},
-
-		"PSEUDO": function( match ) {
-			var excess,
-				unquoted = !match[6] && match[2];
-
-			if ( matchExpr["CHILD"].test( match[0] ) ) {
-				return null;
-			}
-
-			// Accept quoted arguments as-is
-			if ( match[3] ) {
-				match[2] = match[4] || match[5] || "";
-
-			// Strip excess characters from unquoted arguments
-			} else if ( unquoted && rpseudo.test( unquoted ) &&
-				// Get excess from tokenize (recursively)
-				(excess = tokenize( unquoted, true )) &&
-				// advance to the next closing parenthesis
-				(excess = unquoted.indexOf( ")", unquoted.length - excess ) - unquoted.length) ) {
-
-				// excess is a negative index
-				match[0] = match[0].slice( 0, excess );
-				match[2] = unquoted.slice( 0, excess );
-			}
-
-			// Return only captures needed by the pseudo filter method (type and argument)
-			return match.slice( 0, 3 );
-		}
-	},
-
-	filter: {
-
-		"TAG": function( nodeNameSelector ) {
-			var nodeName = nodeNameSelector.replace( runescape, funescape ).toLowerCase();
-			return nodeNameSelector === "*" ?
-				function() { return true; } :
-				function( elem ) {
-					return elem.nodeName && elem.nodeName.toLowerCase() === nodeName;
-				};
-		},
-
-		"CLASS": function( className ) {
-			var pattern = classCache[ className + " " ];
-
-			return pattern ||
-				(pattern = new RegExp( "(^|" + whitespace + ")" + className + "(" + whitespace + "|$)" )) &&
-				classCache( className, function( elem ) {
-					return pattern.test( typeof elem.className === "string" && elem.className || typeof elem.getAttribute !== "undefined" && elem.getAttribute("class") || "" );
-				});
-		},
-
-		"ATTR": function( name, operator, check ) {
-			return function( elem ) {
-				var result = Sizzle.attr( elem, name );
-
-				if ( result == null ) {
-					return operator === "!=";
-				}
-				if ( !operator ) {
-					return true;
-				}
-
-				result += "";
-
-				return operator === "=" ? result === check :
-					operator === "!=" ? result !== check :
-					operator === "^=" ? check && result.indexOf( check ) === 0 :
-					operator === "*=" ? check && result.indexOf( check ) > -1 :
-					operator === "$=" ? check && result.slice( -check.length ) === check :
-					operator === "~=" ? ( " " + result.replace( rwhitespace, " " ) + " " ).indexOf( check ) > -1 :
-					operator === "|=" ? result === check || result.slice( 0, check.length + 1 ) === check + "-" :
-					false;
-			};
-		},
-
-		"CHILD": function( type, what, argument, first, last ) {
-			var simple = type.slice( 0, 3 ) !== "nth",
-				forward = type.slice( -4 ) !== "last",
-				ofType = what === "of-type";
-
-			return first === 1 && last === 0 ?
-
-				// Shortcut for :nth-*(n)
-				function( elem ) {
-					return !!elem.parentNode;
-				} :
-
-				function( elem, context, xml ) {
-					var cache, uniqueCache, outerCache, node, nodeIndex, start,
-						dir = simple !== forward ? "nextSibling" : "previousSibling",
-						parent = elem.parentNode,
-						name = ofType && elem.nodeName.toLowerCase(),
-						useCache = !xml && !ofType,
-						diff = false;
-
-					if ( parent ) {
-
-						// :(first|last|only)-(child|of-type)
-						if ( simple ) {
-							while ( dir ) {
-								node = elem;
-								while ( (node = node[ dir ]) ) {
-									if ( ofType ?
-										node.nodeName.toLowerCase() === name :
-										node.nodeType === 1 ) {
-
-										return false;
-									}
-								}
-								// Reverse direction for :only-* (if we haven't yet done so)
-								start = dir = type === "only" && !start && "nextSibling";
-							}
-							return true;
-						}
-
-						start = [ forward ? parent.firstChild : parent.lastChild ];
-
-						// non-xml :nth-child(...) stores cache data on `parent`
-						if ( forward && useCache ) {
-
-							// Seek `elem` from a previously-cached index
-
-							// ...in a gzip-friendly way
-							node = parent;
-							outerCache = node[ expando ] || (node[ expando ] = {});
-
-							// Support: IE <9 only
-							// Defend against cloned attroperties (jQuery gh-1709)
-							uniqueCache = outerCache[ node.uniqueID ] ||
-								(outerCache[ node.uniqueID ] = {});
-
-							cache = uniqueCache[ type ] || [];
-							nodeIndex = cache[ 0 ] === dirruns && cache[ 1 ];
-							diff = nodeIndex && cache[ 2 ];
-							node = nodeIndex && parent.childNodes[ nodeIndex ];
-
-							while ( (node = ++nodeIndex && node && node[ dir ] ||
-
-								// Fallback to seeking `elem` from the start
-								(diff = nodeIndex = 0) || start.pop()) ) {
-
-								// When found, cache indexes on `parent` and break
-								if ( node.nodeType === 1 && ++diff && node === elem ) {
-									uniqueCache[ type ] = [ dirruns, nodeIndex, diff ];
-									break;
-								}
-							}
-
-						} else {
-							// Use previously-cached element index if available
-							if ( useCache ) {
-								// ...in a gzip-friendly way
-								node = elem;
-								outerCache = node[ expando ] || (node[ expando ] = {});
-
-								// Support: IE <9 only
-								// Defend against cloned attroperties (jQuery gh-1709)
-								uniqueCache = outerCache[ node.uniqueID ] ||
-									(outerCache[ node.uniqueID ] = {});
-
-								cache = uniqueCache[ type ] || [];
-								nodeIndex = cache[ 0 ] === dirruns && cache[ 1 ];
-								diff = nodeIndex;
-							}
-
-							// xml :nth-child(...)
-							// or :nth-last-child(...) or :nth(-last)?-of-type(...)
-							if ( diff === false ) {
-								// Use the same loop as above to seek `elem` from the start
-								while ( (node = ++nodeIndex && node && node[ dir ] ||
-									(diff = nodeIndex = 0) || start.pop()) ) {
-
-									if ( ( ofType ?
-										node.nodeName.toLowerCase() === name :
-										node.nodeType === 1 ) &&
-										++diff ) {
-
-										// Cache the index of each encountered element
-										if ( useCache ) {
-											outerCache = node[ expando ] || (node[ expando ] = {});
-
-											// Support: IE <9 only
-											// Defend against cloned attroperties (jQuery gh-1709)
-											uniqueCache = outerCache[ node.uniqueID ] ||
-												(outerCache[ node.uniqueID ] = {});
-
-											uniqueCache[ type ] = [ dirruns, diff ];
-										}
-
-										if ( node === elem ) {
-											break;
-										}
-									}
-								}
-							}
-						}
-
-						// Incorporate the offset, then check against cycle size
-						diff -= last;
-						return diff === first || ( diff % first === 0 && diff / first >= 0 );
-					}
-				};
-		},
-
-		"PSEUDO": function( pseudo, argument ) {
-			// pseudo-class names are case-insensitive
-			// http://www.w3.org/TR/selectors/#pseudo-classes
-			// Prioritize by case sensitivity in case custom pseudos are added with uppercase letters
-			// Remember that setFilters inherits from pseudos
-			var args,
-				fn = Expr.pseudos[ pseudo ] || Expr.setFilters[ pseudo.toLowerCase() ] ||
-					Sizzle.error( "unsupported pseudo: " + pseudo );
-
-			// The user may use createPseudo to indicate that
-			// arguments are needed to create the filter function
-			// just as Sizzle does
-			if ( fn[ expando ] ) {
-				return fn( argument );
-			}
-
-			// But maintain support for old signatures
-			if ( fn.length > 1 ) {
-				args = [ pseudo, pseudo, "", argument ];
-				return Expr.setFilters.hasOwnProperty( pseudo.toLowerCase() ) ?
-					markFunction(function( seed, matches ) {
-						var idx,
-							matched = fn( seed, argument ),
-							i = matched.length;
-						while ( i-- ) {
-							idx = indexOf( seed, matched[i] );
-							seed[ idx ] = !( matches[ idx ] = matched[i] );
-						}
-					}) :
-					function( elem ) {
-						return fn( elem, 0, args );
-					};
-			}
-
-			return fn;
-		}
-	},
-
-	pseudos: {
-		// Potentially complex pseudos
-		"not": markFunction(function( selector ) {
-			// Trim the selector passed to compile
-			// to avoid treating leading and trailing
-			// spaces as combinators
-			var input = [],
-				results = [],
-				matcher = compile( selector.replace( rtrim, "$1" ) );
-
-			return matcher[ expando ] ?
-				markFunction(function( seed, matches, context, xml ) {
-					var elem,
-						unmatched = matcher( seed, null, xml, [] ),
-						i = seed.length;
-
-					// Match elements unmatched by `matcher`
-					while ( i-- ) {
-						if ( (elem = unmatched[i]) ) {
-							seed[i] = !(matches[i] = elem);
-						}
-					}
-				}) :
-				function( elem, context, xml ) {
-					input[0] = elem;
-					matcher( input, null, xml, results );
-					// Don't keep the element (issue #299)
-					input[0] = null;
-					return !results.pop();
-				};
-		}),
-
-		"has": markFunction(function( selector ) {
-			return function( elem ) {
-				return Sizzle( selector, elem ).length > 0;
-			};
-		}),
-
-		"contains": markFunction(function( text ) {
-			text = text.replace( runescape, funescape );
-			return function( elem ) {
-				return ( elem.textContent || elem.innerText || getText( elem ) ).indexOf( text ) > -1;
-			};
-		}),
-
-		// "Whether an element is represented by a :lang() selector
-		// is based solely on the element's language value
-		// being equal to the identifier C,
-		// or beginning with the identifier C immediately followed by "-".
-		// The matching of C against the element's language value is performed case-insensitively.
-		// The identifier C does not have to be a valid language name."
-		// http://www.w3.org/TR/selectors/#lang-pseudo
-		"lang": markFunction( function( lang ) {
-			// lang value must be a valid identifier
-			if ( !ridentifier.test(lang || "") ) {
-				Sizzle.error( "unsupported lang: " + lang );
-			}
-			lang = lang.replace( runescape, funescape ).toLowerCase();
-			return function( elem ) {
-				var elemLang;
-				do {
-					if ( (elemLang = documentIsHTML ?
-						elem.lang :
-						elem.getAttribute("xml:lang") || elem.getAttribute("lang")) ) {
-
-						elemLang = elemLang.toLowerCase();
-						return elemLang === lang || elemLang.indexOf( lang + "-" ) === 0;
-					}
-				} while ( (elem = elem.parentNode) && elem.nodeType === 1 );
-				return false;
-			};
-		}),
-
-		// Miscellaneous
-		"target": function( elem ) {
-			var hash = window.location && window.location.hash;
-			return hash && hash.slice( 1 ) === elem.id;
-		},
-
-		"root": function( elem ) {
-			return elem === docElem;
-		},
-
-		"focus": function( elem ) {
-			return elem === document.activeElement && (!document.hasFocus || document.hasFocus()) && !!(elem.type || elem.href || ~elem.tabIndex);
-		},
-
-		// Boolean properties
-		"enabled": createDisabledPseudo( false ),
-		"disabled": createDisabledPseudo( true ),
-
-		"checked": function( elem ) {
-			// In CSS3, :checked should return both checked and selected elements
-			// http://www.w3.org/TR/2011/REC-css3-selectors-20110929/#checked
-			var nodeName = elem.nodeName.toLowerCase();
-			return (nodeName === "input" && !!elem.checked) || (nodeName === "option" && !!elem.selected);
-		},
-
-		"selected": function( elem ) {
-			// Accessing this property makes selected-by-default
-			// options in Safari work properly
-			if ( elem.parentNode ) {
-				elem.parentNode.selectedIndex;
-			}
-
-			return elem.selected === true;
-		},
-
-		// Contents
-		"empty": function( elem ) {
-			// http://www.w3.org/TR/selectors/#empty-pseudo
-			// :empty is negated by element (1) or content nodes (text: 3; cdata: 4; entity ref: 5),
-			//   but not by others (comment: 8; processing instruction: 7; etc.)
-			// nodeType < 6 works because attributes (2) do not appear as children
-			for ( elem = elem.firstChild; elem; elem = elem.nextSibling ) {
-				if ( elem.nodeType < 6 ) {
-					return false;
-				}
-			}
-			return true;
-		},
-
-		"parent": function( elem ) {
-			return !Expr.pseudos["empty"]( elem );
-		},
-
-		// Element/input types
-		"header": function( elem ) {
-			return rheader.test( elem.nodeName );
-		},
-
-		"input": function( elem ) {
-			return rinputs.test( elem.nodeName );
-		},
-
-		"button": function( elem ) {
-			var name = elem.nodeName.toLowerCase();
-			return name === "input" && elem.type === "button" || name === "button";
-		},
-
-		"text": function( elem ) {
-			var attr;
-			return elem.nodeName.toLowerCase() === "input" &&
-				elem.type === "text" &&
-
-				// Support: IE<8
-				// New HTML5 attribute values (e.g., "search") appear with elem.type === "text"
-				( (attr = elem.getAttribute("type")) == null || attr.toLowerCase() === "text" );
-		},
-
-		// Position-in-collection
-		"first": createPositionalPseudo(function() {
-			return [ 0 ];
-		}),
-
-		"last": createPositionalPseudo(function( matchIndexes, length ) {
-			return [ length - 1 ];
-		}),
-
-		"eq": createPositionalPseudo(function( matchIndexes, length, argument ) {
-			return [ argument < 0 ? argument + length : argument ];
-		}),
-
-		"even": createPositionalPseudo(function( matchIndexes, length ) {
-			var i = 0;
-			for ( ; i < length; i += 2 ) {
-				matchIndexes.push( i );
-			}
-			return matchIndexes;
-		}),
-
-		"odd": createPositionalPseudo(function( matchIndexes, length ) {
-			var i = 1;
-			for ( ; i < length; i += 2 ) {
-				matchIndexes.push( i );
-			}
-			return matchIndexes;
-		}),
-
-		"lt": createPositionalPseudo(function( matchIndexes, length, argument ) {
-			var i = argument < 0 ? argument + length : argument;
-			for ( ; --i >= 0; ) {
-				matchIndexes.push( i );
-			}
-			return matchIndexes;
-		}),
-
-		"gt": createPositionalPseudo(function( matchIndexes, length, argument ) {
-			var i = argument < 0 ? argument + length : argument;
-			for ( ; ++i < length; ) {
-				matchIndexes.push( i );
-			}
-			return matchIndexes;
-		})
-	}
-};
-
-Expr.pseudos["nth"] = Expr.pseudos["eq"];
-
-// Add button/input type pseudos
-for ( i in { radio: true, checkbox: true, file: true, password: true, image: true } ) {
-	Expr.pseudos[ i ] = createInputPseudo( i );
-}
-for ( i in { submit: true, reset: true } ) {
-	Expr.pseudos[ i ] = createButtonPseudo( i );
-}
-
-// Easy API for creating new setFilters
-function setFilters() {}
-setFilters.prototype = Expr.filters = Expr.pseudos;
-Expr.setFilters = new setFilters();
-
-tokenize = Sizzle.tokenize = function( selector, parseOnly ) {
-	var matched, match, tokens, type,
-		soFar, groups, preFilters,
-		cached = tokenCache[ selector + " " ];
-
-	if ( cached ) {
-		return parseOnly ? 0 : cached.slice( 0 );
-	}
-
-	soFar = selector;
-	groups = [];
-	preFilters = Expr.preFilter;
-
-	while ( soFar ) {
-
-		// Comma and first run
-		if ( !matched || (match = rcomma.exec( soFar )) ) {
-			if ( match ) {
-				// Don't consume trailing commas as valid
-				soFar = soFar.slice( match[0].length ) || soFar;
-			}
-			groups.push( (tokens = []) );
-		}
-
-		matched = false;
-
-		// Combinators
-		if ( (match = rcombinators.exec( soFar )) ) {
-			matched = match.shift();
-			tokens.push({
-				value: matched,
-				// Cast descendant combinators to space
-				type: match[0].replace( rtrim, " " )
-			});
-			soFar = soFar.slice( matched.length );
-		}
-
-		// Filters
-		for ( type in Expr.filter ) {
-			if ( (match = matchExpr[ type ].exec( soFar )) && (!preFilters[ type ] ||
-				(match = preFilters[ type ]( match ))) ) {
-				matched = match.shift();
-				tokens.push({
-					value: matched,
-					type: type,
-					matches: match
-				});
-				soFar = soFar.slice( matched.length );
-			}
-		}
-
-		if ( !matched ) {
-			break;
-		}
-	}
-
-	// Return the length of the invalid excess
-	// if we're just parsing
-	// Otherwise, throw an error or return tokens
-	return parseOnly ?
-		soFar.length :
-		soFar ?
-			Sizzle.error( selector ) :
-			// Cache the tokens
-			tokenCache( selector, groups ).slice( 0 );
-};
-
-function toSelector( tokens ) {
-	var i = 0,
-		len = tokens.length,
-		selector = "";
-	for ( ; i < len; i++ ) {
-		selector += tokens[i].value;
-	}
-	return selector;
-}
-
-function addCombinator( matcher, combinator, base ) {
-	var dir = combinator.dir,
-		skip = combinator.next,
-		key = skip || dir,
-		checkNonElements = base && key === "parentNode",
-		doneName = done++;
-
-	return combinator.first ?
-		// Check against closest ancestor/preceding element
-		function( elem, context, xml ) {
-			while ( (elem = elem[ dir ]) ) {
-				if ( elem.nodeType === 1 || checkNonElements ) {
-					return matcher( elem, context, xml );
-				}
-			}
-			return false;
-		} :
-
-		// Check against all ancestor/preceding elements
-		function( elem, context, xml ) {
-			var oldCache, uniqueCache, outerCache,
-				newCache = [ dirruns, doneName ];
-
-			// We can't set arbitrary data on XML nodes, so they don't benefit from combinator caching
-			if ( xml ) {
-				while ( (elem = elem[ dir ]) ) {
-					if ( elem.nodeType === 1 || checkNonElements ) {
-						if ( matcher( elem, context, xml ) ) {
-							return true;
-						}
-					}
-				}
-			} else {
-				while ( (elem = elem[ dir ]) ) {
-					if ( elem.nodeType === 1 || checkNonElements ) {
-						outerCache = elem[ expando ] || (elem[ expando ] = {});
-
-						// Support: IE <9 only
-						// Defend against cloned attroperties (jQuery gh-1709)
-						uniqueCache = outerCache[ elem.uniqueID ] || (outerCache[ elem.uniqueID ] = {});
-
-						if ( skip && skip === elem.nodeName.toLowerCase() ) {
-							elem = elem[ dir ] || elem;
-						} else if ( (oldCache = uniqueCache[ key ]) &&
-							oldCache[ 0 ] === dirruns && oldCache[ 1 ] === doneName ) {
-
-							// Assign to newCache so results back-propagate to previous elements
-							return (newCache[ 2 ] = oldCache[ 2 ]);
-						} else {
-							// Reuse newcache so results back-propagate to previous elements
-							uniqueCache[ key ] = newCache;
-
-							// A match means we're done; a fail means we have to keep checking
-							if ( (newCache[ 2 ] = matcher( elem, context, xml )) ) {
-								return true;
-							}
-						}
-					}
-				}
-			}
-			return false;
-		};
-}
-
-function elementMatcher( matchers ) {
-	return matchers.length > 1 ?
-		function( elem, context, xml ) {
-			var i = matchers.length;
-			while ( i-- ) {
-				if ( !matchers[i]( elem, context, xml ) ) {
-					return false;
-				}
-			}
-			return true;
-		} :
-		matchers[0];
-}
-
-function multipleContexts( selector, contexts, results ) {
-	var i = 0,
-		len = contexts.length;
-	for ( ; i < len; i++ ) {
-		Sizzle( selector, contexts[i], results );
-	}
-	return results;
-}
-
-function condense( unmatched, map, filter, context, xml ) {
-	var elem,
-		newUnmatched = [],
-		i = 0,
-		len = unmatched.length,
-		mapped = map != null;
-
-	for ( ; i < len; i++ ) {
-		if ( (elem = unmatched[i]) ) {
-			if ( !filter || filter( elem, context, xml ) ) {
-				newUnmatched.push( elem );
-				if ( mapped ) {
-					map.push( i );
-				}
-			}
-		}
-	}
-
-	return newUnmatched;
-}
-
-function setMatcher( preFilter, selector, matcher, postFilter, postFinder, postSelector ) {
-	if ( postFilter && !postFilter[ expando ] ) {
-		postFilter = setMatcher( postFilter );
-	}
-	if ( postFinder && !postFinder[ expando ] ) {
-		postFinder = setMatcher( postFinder, postSelector );
-	}
-	return markFunction(function( seed, results, context, xml ) {
-		var temp, i, elem,
-			preMap = [],
-			postMap = [],
-			preexisting = results.length,
-
-			// Get initial elements from seed or context
-			elems = seed || multipleContexts( selector || "*", context.nodeType ? [ context ] : context, [] ),
-
-			// Prefilter to get matcher input, preserving a map for seed-results synchronization
-			matcherIn = preFilter && ( seed || !selector ) ?
-				condense( elems, preMap, preFilter, context, xml ) :
-				elems,
-
-			matcherOut = matcher ?
-				// If we have a postFinder, or filtered seed, or non-seed postFilter or preexisting results,
-				postFinder || ( seed ? preFilter : preexisting || postFilter ) ?
-
-					// ...intermediate processing is necessary
-					[] :
-
-					// ...otherwise use results directly
-					results :
-				matcherIn;
-
-		// Find primary matches
-		if ( matcher ) {
-			matcher( matcherIn, matcherOut, context, xml );
-		}
-
-		// Apply postFilter
-		if ( postFilter ) {
-			temp = condense( matcherOut, postMap );
-			postFilter( temp, [], context, xml );
-
-			// Un-match failing elements by moving them back to matcherIn
-			i = temp.length;
-			while ( i-- ) {
-				if ( (elem = temp[i]) ) {
-					matcherOut[ postMap[i] ] = !(matcherIn[ postMap[i] ] = elem);
-				}
-			}
-		}
-
-		if ( seed ) {
-			if ( postFinder || preFilter ) {
-				if ( postFinder ) {
-					// Get the final matcherOut by condensing this intermediate into postFinder contexts
-					temp = [];
-					i = matcherOut.length;
-					while ( i-- ) {
-						if ( (elem = matcherOut[i]) ) {
-							// Restore matcherIn since elem is not yet a final match
-							temp.push( (matcherIn[i] = elem) );
-						}
-					}
-					postFinder( null, (matcherOut = []), temp, xml );
-				}
-
-				// Move matched elements from seed to results to keep them synchronized
-				i = matcherOut.length;
-				while ( i-- ) {
-					if ( (elem = matcherOut[i]) &&
-						(temp = postFinder ? indexOf( seed, elem ) : preMap[i]) > -1 ) {
-
-						seed[temp] = !(results[temp] = elem);
-					}
-				}
-			}
-
-		// Add elements to results, through postFinder if defined
-		} else {
-			matcherOut = condense(
-				matcherOut === results ?
-					matcherOut.splice( preexisting, matcherOut.length ) :
-					matcherOut
-			);
-			if ( postFinder ) {
-				postFinder( null, results, matcherOut, xml );
-			} else {
-				push.apply( results, matcherOut );
-			}
-		}
-	});
-}
-
-function matcherFromTokens( tokens ) {
-	var checkContext, matcher, j,
-		len = tokens.length,
-		leadingRelative = Expr.relative[ tokens[0].type ],
-		implicitRelative = leadingRelative || Expr.relative[" "],
-		i = leadingRelative ? 1 : 0,
-
-		// The foundational matcher ensures that elements are reachable from top-level context(s)
-		matchContext = addCombinator( function( elem ) {
-			return elem === checkContext;
-		}, implicitRelative, true ),
-		matchAnyContext = addCombinator( function( elem ) {
-			return indexOf( checkContext, elem ) > -1;
-		}, implicitRelative, true ),
-		matchers = [ function( elem, context, xml ) {
-			var ret = ( !leadingRelative && ( xml || context !== outermostContext ) ) || (
-				(checkContext = context).nodeType ?
-					matchContext( elem, context, xml ) :
-					matchAnyContext( elem, context, xml ) );
-			// Avoid hanging onto element (issue #299)
-			checkContext = null;
-			return ret;
-		} ];
-
-	for ( ; i < len; i++ ) {
-		if ( (matcher = Expr.relative[ tokens[i].type ]) ) {
-			matchers = [ addCombinator(elementMatcher( matchers ), matcher) ];
-		} else {
-			matcher = Expr.filter[ tokens[i].type ].apply( null, tokens[i].matches );
-
-			// Return special upon seeing a positional matcher
-			if ( matcher[ expando ] ) {
-				// Find the next relative operator (if any) for proper handling
-				j = ++i;
-				for ( ; j < len; j++ ) {
-					if ( Expr.relative[ tokens[j].type ] ) {
-						break;
-					}
-				}
-				return setMatcher(
-					i > 1 && elementMatcher( matchers ),
-					i > 1 && toSelector(
-						// If the preceding token was a descendant combinator, insert an implicit any-element `*`
-						tokens.slice( 0, i - 1 ).concat({ value: tokens[ i - 2 ].type === " " ? "*" : "" })
-					).replace( rtrim, "$1" ),
-					matcher,
-					i < j && matcherFromTokens( tokens.slice( i, j ) ),
-					j < len && matcherFromTokens( (tokens = tokens.slice( j )) ),
-					j < len && toSelector( tokens )
-				);
-			}
-			matchers.push( matcher );
-		}
-	}
-
-	return elementMatcher( matchers );
-}
-
-function matcherFromGroupMatchers( elementMatchers, setMatchers ) {
-	var bySet = setMatchers.length > 0,
-		byElement = elementMatchers.length > 0,
-		superMatcher = function( seed, context, xml, results, outermost ) {
-			var elem, j, matcher,
-				matchedCount = 0,
-				i = "0",
-				unmatched = seed && [],
-				setMatched = [],
-				contextBackup = outermostContext,
-				// We must always have either seed elements or outermost context
-				elems = seed || byElement && Expr.find["TAG"]( "*", outermost ),
-				// Use integer dirruns iff this is the outermost matcher
-				dirrunsUnique = (dirruns += contextBackup == null ? 1 : Math.random() || 0.1),
-				len = elems.length;
-
-			if ( outermost ) {
-				outermostContext = context === document || context || outermost;
-			}
-
-			// Add elements passing elementMatchers directly to results
-			// Support: IE<9, Safari
-			// Tolerate NodeList properties (IE: "length"; Safari: <number>) matching elements by id
-			for ( ; i !== len && (elem = elems[i]) != null; i++ ) {
-				if ( byElement && elem ) {
-					j = 0;
-					if ( !context && elem.ownerDocument !== document ) {
-						setDocument( elem );
-						xml = !documentIsHTML;
-					}
-					while ( (matcher = elementMatchers[j++]) ) {
-						if ( matcher( elem, context || document, xml) ) {
-							results.push( elem );
-							break;
-						}
-					}
-					if ( outermost ) {
-						dirruns = dirrunsUnique;
-					}
-				}
-
-				// Track unmatched elements for set filters
-				if ( bySet ) {
-					// They will have gone through all possible matchers
-					if ( (elem = !matcher && elem) ) {
-						matchedCount--;
-					}
-
-					// Lengthen the array for every element, matched or not
-					if ( seed ) {
-						unmatched.push( elem );
-					}
-				}
-			}
-
-			// `i` is now the count of elements visited above, and adding it to `matchedCount`
-			// makes the latter nonnegative.
-			matchedCount += i;
-
-			// Apply set filters to unmatched elements
-			// NOTE: This can be skipped if there are no unmatched elements (i.e., `matchedCount`
-			// equals `i`), unless we didn't visit _any_ elements in the above loop because we have
-			// no element matchers and no seed.
-			// Incrementing an initially-string "0" `i` allows `i` to remain a string only in that
-			// case, which will result in a "00" `matchedCount` that differs from `i` but is also
-			// numerically zero.
-			if ( bySet && i !== matchedCount ) {
-				j = 0;
-				while ( (matcher = setMatchers[j++]) ) {
-					matcher( unmatched, setMatched, context, xml );
-				}
-
-				if ( seed ) {
-					// Reintegrate element matches to eliminate the need for sorting
-					if ( matchedCount > 0 ) {
-						while ( i-- ) {
-							if ( !(unmatched[i] || setMatched[i]) ) {
-								setMatched[i] = pop.call( results );
-							}
-						}
-					}
-
-					// Discard index placeholder values to get only actual matches
-					setMatched = condense( setMatched );
-				}
-
-				// Add matches to results
-				push.apply( results, setMatched );
-
-				// Seedless set matches succeeding multiple successful matchers stipulate sorting
-				if ( outermost && !seed && setMatched.length > 0 &&
-					( matchedCount + setMatchers.length ) > 1 ) {
-
-					Sizzle.uniqueSort( results );
-				}
-			}
-
-			// Override manipulation of globals by nested matchers
-			if ( outermost ) {
-				dirruns = dirrunsUnique;
-				outermostContext = contextBackup;
-			}
-
-			return unmatched;
-		};
-
-	return bySet ?
-		markFunction( superMatcher ) :
-		superMatcher;
-}
-
-compile = Sizzle.compile = function( selector, match /* Internal Use Only */ ) {
-	var i,
-		setMatchers = [],
-		elementMatchers = [],
-		cached = compilerCache[ selector + " " ];
-
-	if ( !cached ) {
-		// Generate a function of recursive functions that can be used to check each element
-		if ( !match ) {
-			match = tokenize( selector );
-		}
-		i = match.length;
-		while ( i-- ) {
-			cached = matcherFromTokens( match[i] );
-			if ( cached[ expando ] ) {
-				setMatchers.push( cached );
-			} else {
-				elementMatchers.push( cached );
-			}
-		}
-
-		// Cache the compiled function
-		cached = compilerCache( selector, matcherFromGroupMatchers( elementMatchers, setMatchers ) );
-
-		// Save selector and tokenization
-		cached.selector = selector;
-	}
-	return cached;
-};
-
-/**
- * A low-level selection function that works with Sizzle's compiled
- *  selector functions
- * @param {String|Function} selector A selector or a pre-compiled
- *  selector function built with Sizzle.compile
- * @param {Element} context
- * @param {Array} [results]
- * @param {Array} [seed] A set of elements to match against
- */
-select = Sizzle.select = function( selector, context, results, seed ) {
-	var i, tokens, token, type, find,
-		compiled = typeof selector === "function" && selector,
-		match = !seed && tokenize( (selector = compiled.selector || selector) );
-
-	results = results || [];
-
-	// Try to minimize operations if there is only one selector in the list and no seed
-	// (the latter of which guarantees us context)
-	if ( match.length === 1 ) {
-
-		// Reduce context if the leading compound selector is an ID
-		tokens = match[0] = match[0].slice( 0 );
-		if ( tokens.length > 2 && (token = tokens[0]).type === "ID" &&
-				context.nodeType === 9 && documentIsHTML && Expr.relative[ tokens[1].type ] ) {
-
-			context = ( Expr.find["ID"]( token.matches[0].replace(runescape, funescape), context ) || [] )[0];
-			if ( !context ) {
-				return results;
-
-			// Precompiled matchers will still verify ancestry, so step up a level
-			} else if ( compiled ) {
-				context = context.parentNode;
-			}
-
-			selector = selector.slice( tokens.shift().value.length );
-		}
-
-		// Fetch a seed set for right-to-left matching
-		i = matchExpr["needsContext"].test( selector ) ? 0 : tokens.length;
-		while ( i-- ) {
-			token = tokens[i];
-
-			// Abort if we hit a combinator
-			if ( Expr.relative[ (type = token.type) ] ) {
-				break;
-			}
-			if ( (find = Expr.find[ type ]) ) {
-				// Search, expanding context for leading sibling combinators
-				if ( (seed = find(
-					token.matches[0].replace( runescape, funescape ),
-					rsibling.test( tokens[0].type ) && testContext( context.parentNode ) || context
-				)) ) {
-
-					// If seed is empty or no tokens remain, we can return early
-					tokens.splice( i, 1 );
-					selector = seed.length && toSelector( tokens );
-					if ( !selector ) {
-						push.apply( results, seed );
-						return results;
-					}
-
-					break;
-				}
-			}
-		}
-	}
-
-	// Compile and execute a filtering function if one is not provided
-	// Provide `match` to avoid retokenization if we modified the selector above
-	( compiled || compile( selector, match ) )(
-		seed,
-		context,
-		!documentIsHTML,
-		results,
-		!context || rsibling.test( selector ) && testContext( context.parentNode ) || context
-	);
-	return results;
-};
-
-// One-time assignments
-
-// Sort stability
-support.sortStable = expando.split("").sort( sortOrder ).join("") === expando;
-
-// Support: Chrome 14-35+
-// Always assume duplicates if they aren't passed to the comparison function
-support.detectDuplicates = !!hasDuplicate;
-
-// Initialize against the default document
-setDocument();
-
-// Support: Webkit<537.32 - Safari 6.0.3/Chrome 25 (fixed in Chrome 27)
-// Detached nodes confoundingly follow *each other*
-support.sortDetached = assert(function( el ) {
-	// Should return 1, but returns 4 (following)
-	return el.compareDocumentPosition( document.createElement("fieldset") ) & 1;
-});
-
-// Support: IE<8
-// Prevent attribute/property "interpolation"
-// https://msdn.microsoft.com/en-us/library/ms536429%28VS.85%29.aspx
-if ( !assert(function( el ) {
-	el.innerHTML = "<a href='#'></a>";
-	return el.firstChild.getAttribute("href") === "#" ;
-}) ) {
-	addHandle( "type|href|height|width", function( elem, name, isXML ) {
-		if ( !isXML ) {
-			return elem.getAttribute( name, name.toLowerCase() === "type" ? 1 : 2 );
-		}
-	});
-}
-
-// Support: IE<9
-// Use defaultValue in place of getAttribute("value")
-if ( !support.attributes || !assert(function( el ) {
-	el.innerHTML = "<input/>";
-	el.firstChild.setAttribute( "value", "" );
-	return el.firstChild.getAttribute( "value" ) === "";
-}) ) {
-	addHandle( "value", function( elem, name, isXML ) {
-		if ( !isXML && elem.nodeName.toLowerCase() === "input" ) {
-			return elem.defaultValue;
-		}
-	});
-}
-
-// Support: IE<9
-// Use getAttributeNode to fetch booleans when getAttribute lies
-if ( !assert(function( el ) {
-	return el.getAttribute("disabled") == null;
-}) ) {
-	addHandle( booleans, function( elem, name, isXML ) {
-		var val;
-		if ( !isXML ) {
-			return elem[ name ] === true ? name.toLowerCase() :
-					(val = elem.getAttributeNode( name )) && val.specified ?
-					val.value :
-				null;
-		}
-	});
-}
-
-return Sizzle;
-
-})( window );
-
-
-
-jQuery.find = Sizzle;
-jQuery.expr = Sizzle.selectors;
-
-// Deprecated
-jQuery.expr[ ":" ] = jQuery.expr.pseudos;
-jQuery.uniqueSort = jQuery.unique = Sizzle.uniqueSort;
-jQuery.text = Sizzle.getText;
-jQuery.isXMLDoc = Sizzle.isXML;
-jQuery.contains = Sizzle.contains;
-jQuery.escapeSelector = Sizzle.escape;
-
-
-
-
-var dir = function( elem, dir, until ) {
-	var matched = [],
-		truncate = until !== undefined;
-
-	while ( ( elem = elem[ dir ] ) && elem.nodeType !== 9 ) {
-		if ( elem.nodeType === 1 ) {
-			if ( truncate && jQuery( elem ).is( until ) ) {
-				break;
-			}
-			matched.push( elem );
-		}
-	}
-	return matched;
-};
-
-
-var siblings = function( n, elem ) {
-	var matched = [];
-
-	for ( ; n; n = n.nextSibling ) {
-		if ( n.nodeType === 1 && n !== elem ) {
-			matched.push( n );
-		}
-	}
-
-	return matched;
-};
-
-
-var rneedsContext = jQuery.expr.match.needsContext;
-
-
-
-function nodeName( elem, name ) {
-
-  return elem.nodeName && elem.nodeName.toLowerCase() === name.toLowerCase();
-
-};
-var rsingleTag = ( /^<([a-z][^\/\0>:\x20\t\r\n\f]*)[\x20\t\r\n\f]*\/?>(?:<\/\1>|)$/i );
-
-
-
-var risSimple = /^.[^:#\[\.,]*$/;
-
-// Implement the identical functionality for filter and not
-function winnow( elements, qualifier, not ) {
-	if ( jQuery.isFunction( qualifier ) ) {
-		return jQuery.grep( elements, function( elem, i ) {
-			return !!qualifier.call( elem, i, elem ) !== not;
-		} );
-	}
-
-	// Single element
-	if ( qualifier.nodeType ) {
-		return jQuery.grep( elements, function( elem ) {
-			return ( elem === qualifier ) !== not;
-		} );
-	}
-
-	// Arraylike of elements (jQuery, arguments, Array)
-	if ( typeof qualifier !== "string" ) {
-		return jQuery.grep( elements, function( elem ) {
-			return ( indexOf.call( qualifier, elem ) > -1 ) !== not;
-		} );
-	}
-
-	// Simple selector that can be filtered directly, removing non-Elements
-	if ( risSimple.test( qualifier ) ) {
-		return jQuery.filter( qualifier, elements, not );
-	}
-
-	// Complex selector, compare the two sets, removing non-Elements
-	qualifier = jQuery.filter( qualifier, elements );
-	return jQuery.grep( elements, function( elem ) {
-		return ( indexOf.call( qualifier, elem ) > -1 ) !== not && elem.nodeType === 1;
-	} );
-}
-
-jQuery.filter = function( expr, elems, not ) {
-	var elem = elems[ 0 ];
-
-	if ( not ) {
-		expr = ":not(" + expr + ")";
-	}
-
-	if ( elems.length === 1 && elem.nodeType === 1 ) {
-		return jQuery.find.matchesSelector( elem, expr ) ? [ elem ] : [];
-	}
-
-	return jQuery.find.matches( expr, jQuery.grep( elems, function( elem ) {
-		return elem.nodeType === 1;
-	} ) );
-};
-
-jQuery.fn.extend( {
-	find: function( selector ) {
-		var i, ret,
-			len = this.length,
-			self = this;
-
-		if ( typeof selector !== "string" ) {
-			return this.pushStack( jQuery( selector ).filter( function() {
-				for ( i = 0; i < len; i++ ) {
-					if ( jQuery.contains( self[ i ], this ) ) {
-						return true;
-					}
-				}
-			} ) );
-		}
-
-		ret = this.pushStack( [] );
-
-		for ( i = 0; i < len; i++ ) {
-			jQuery.find( selector, self[ i ], ret );
-		}
-
-		return len > 1 ? jQuery.uniqueSort( ret ) : ret;
-	},
-	filter: function( selector ) {
-		return this.pushStack( winnow( this, selector || [], false ) );
-	},
-	not: function( selector ) {
-		return this.pushStack( winnow( this, selector || [], true ) );
-	},
-	is: function( selector ) {
-		return !!winnow(
-			this,
-
-			// If this is a positional/relative selector, check membership in the returned set
-			// so $("p:first").is("p:last") won't return true for a doc with two "p".
-			typeof selector === "string" && rneedsContext.test( selector ) ?
-				jQuery( selector ) :
-				selector || [],
-			false
-		).length;
-	}
-} );
-
-
-// Initialize a jQuery object
-
-
-// A central reference to the root jQuery(document)
-var rootjQuery,
-
-	// A simple way to check for HTML strings
-	// Prioritize #id over <tag> to avoid XSS via location.hash (#9521)
-	// Strict HTML recognition (#11290: must start with <)
-	// Shortcut simple #id case for speed
-	rquickExpr = /^(?:\s*(<[\w\W]+>)[^>]*|#([\w-]+))$/,
-
-	init = jQuery.fn.init = function( selector, context, root ) {
-		var match, elem;
-
-		// HANDLE: $(""), $(null), $(undefined), $(false)
-		if ( !selector ) {
-			return this;
-		}
-
-		// Method init() accepts an alternate rootjQuery
-		// so migrate can support jQuery.sub (gh-2101)
-		root = root || rootjQuery;
-
-		// Handle HTML strings
-		if ( typeof selector === "string" ) {
-			if ( selector[ 0 ] === "<" &&
-				selector[ selector.length - 1 ] === ">" &&
-				selector.length >= 3 ) {
-
-				// Assume that strings that start and end with <> are HTML and skip the regex check
-				match = [ null, selector, null ];
-
-			} else {
-				match = rquickExpr.exec( selector );
-			}
-
-			// Match html or make sure no context is specified for #id
-			if ( match && ( match[ 1 ] || !context ) ) {
-
-				// HANDLE: $(html) -> $(array)
-				if ( match[ 1 ] ) {
-					context = context instanceof jQuery ? context[ 0 ] : context;
-
-					// Option to run scripts is true for back-compat
-					// Intentionally let the error be thrown if parseHTML is not present
-					jQuery.merge( this, jQuery.parseHTML(
-						match[ 1 ],
-						context && context.nodeType ? context.ownerDocument || context : document,
-						true
-					) );
-
-					// HANDLE: $(html, props)
-					if ( rsingleTag.test( match[ 1 ] ) && jQuery.isPlainObject( context ) ) {
-						for ( match in context ) {
-
-							// Properties of context are called as methods if possible
-							if ( jQuery.isFunction( this[ match ] ) ) {
-								this[ match ]( context[ match ] );
-
-							// ...and otherwise set as attributes
-							} else {
-								this.attr( match, context[ match ] );
-							}
-						}
-					}
-
-					return this;
-
-				// HANDLE: $(#id)
-				} else {
-					elem = document.getElementById( match[ 2 ] );
-
-					if ( elem ) {
-
-						// Inject the element directly into the jQuery object
-						this[ 0 ] = elem;
-						this.length = 1;
-					}
-					return this;
-				}
-
-			// HANDLE: $(expr, $(...))
-			} else if ( !context || context.jquery ) {
-				return ( context || root ).find( selector );
-
-			// HANDLE: $(expr, context)
-			// (which is just equivalent to: $(context).find(expr)
-			} else {
-				return this.constructor( context ).find( selector );
-			}
-
-		// HANDLE: $(DOMElement)
-		} else if ( selector.nodeType ) {
-			this[ 0 ] = selector;
-			this.length = 1;
-			return this;
-
-		// HANDLE: $(function)
-		// Shortcut for document ready
-		} else if ( jQuery.isFunction( selector ) ) {
-			return root.ready !== undefined ?
-				root.ready( selector ) :
-
-				// Execute immediately if ready is not present
-				selector( jQuery );
-		}
-
-		return jQuery.makeArray( selector, this );
-	};
-
-// Give the init function the jQuery prototype for later instantiation
-init.prototype = jQuery.fn;
-
-// Initialize central reference
-rootjQuery = jQuery( document );
-
-
-var rparentsprev = /^(?:parents|prev(?:Until|All))/,
-
-	// Methods guaranteed to produce a unique set when starting from a unique set
-	guaranteedUnique = {
-		children: true,
-		contents: true,
-		next: true,
-		prev: true
-	};
-
-jQuery.fn.extend( {
-	has: function( target ) {
-		var targets = jQuery( target, this ),
-			l = targets.length;
-
-		return this.filter( function() {
-			var i = 0;
-			for ( ; i < l; i++ ) {
-				if ( jQuery.contains( this, targets[ i ] ) ) {
-					return true;
-				}
-			}
-		} );
-	},
-
-	closest: function( selectors, context ) {
-		var cur,
-			i = 0,
-			l = this.length,
-			matched = [],
-			targets = typeof selectors !== "string" && jQuery( selectors );
-
-		// Positional selectors never match, since there's no _selection_ context
-		if ( !rneedsContext.test( selectors ) ) {
-			for ( ; i < l; i++ ) {
-				for ( cur = this[ i ]; cur && cur !== context; cur = cur.parentNode ) {
-
-					// Always skip document fragments
-					if ( cur.nodeType < 11 && ( targets ?
-						targets.index( cur ) > -1 :
-
-						// Don't pass non-elements to Sizzle
-						cur.nodeType === 1 &&
-							jQuery.find.matchesSelector( cur, selectors ) ) ) {
-
-						matched.push( cur );
-						break;
-					}
-				}
-			}
-		}
-
-		return this.pushStack( matched.length > 1 ? jQuery.uniqueSort( matched ) : matched );
-	},
-
-	// Determine the position of an element within the set
-	index: function( elem ) {
-
-		// No argument, return index in parent
-		if ( !elem ) {
-			return ( this[ 0 ] && this[ 0 ].parentNode ) ? this.first().prevAll().length : -1;
-		}
-
-		// Index in selector
-		if ( typeof elem === "string" ) {
-			return indexOf.call( jQuery( elem ), this[ 0 ] );
-		}
-
-		// Locate the position of the desired element
-		return indexOf.call( this,
-
-			// If it receives a jQuery object, the first element is used
-			elem.jquery ? elem[ 0 ] : elem
-		);
-	},
-
-	add: function( selector, context ) {
-		return this.pushStack(
-			jQuery.uniqueSort(
-				jQuery.merge( this.get(), jQuery( selector, context ) )
-			)
-		);
-	},
-
-	addBack: function( selector ) {
-		return this.add( selector == null ?
-			this.prevObject : this.prevObject.filter( selector )
-		);
-	}
-} );
-
-function sibling( cur, dir ) {
-	while ( ( cur = cur[ dir ] ) && cur.nodeType !== 1 ) {}
-	return cur;
-}
-
-jQuery.each( {
-	parent: function( elem ) {
-		var parent = elem.parentNode;
-		return parent && parent.nodeType !== 11 ? parent : null;
-	},
-	parents: function( elem ) {
-		return dir( elem, "parentNode" );
-	},
-	parentsUntil: function( elem, i, until ) {
-		return dir( elem, "parentNode", until );
-	},
-	next: function( elem ) {
-		return sibling( elem, "nextSibling" );
-	},
-	prev: function( elem ) {
-		return sibling( elem, "previousSibling" );
-	},
-	nextAll: function( elem ) {
-		return dir( elem, "nextSibling" );
-	},
-	prevAll: function( elem ) {
-		return dir( elem, "previousSibling" );
-	},
-	nextUntil: function( elem, i, until ) {
-		return dir( elem, "nextSibling", until );
-	},
-	prevUntil: function( elem, i, until ) {
-		return dir( elem, "previousSibling", until );
-	},
-	siblings: function( elem ) {
-		return siblings( ( elem.parentNode || {} ).firstChild, elem );
-	},
-	children: function( elem ) {
-		return siblings( elem.firstChild );
-	},
-	contents: function( elem ) {
-        if ( nodeName( elem, "iframe" ) ) {
-            return elem.contentDocument;
-        }
-
-        // Support: IE 9 - 11 only, iOS 7 only, Android Browser <=4.3 only
-        // Treat the template element as a regular one in browsers that
-        // don't support it.
-        if ( nodeName( elem, "template" ) ) {
-            elem = elem.content || elem;
-        }
-
-        return jQuery.merge( [], elem.childNodes );
-	}
-}, function( name, fn ) {
-	jQuery.fn[ name ] = function( until, selector ) {
-		var matched = jQuery.map( this, fn, until );
-
-		if ( name.slice( -5 ) !== "Until" ) {
-			selector = until;
-		}
-
-		if ( selector && typeof selector === "string" ) {
-			matched = jQuery.filter( selector, matched );
-		}
-
-		if ( this.length > 1 ) {
-
-			// Remove duplicates
-			if ( !guaranteedUnique[ name ] ) {
-				jQuery.uniqueSort( matched );
-			}
-
-			// Reverse order for parents* and prev-derivatives
-			if ( rparentsprev.test( name ) ) {
-				matched.reverse();
-			}
-		}
-
-		return this.pushStack( matched );
-	};
-} );
-var rnothtmlwhite = ( /[^\x20\t\r\n\f]+/g );
-
-
-
-// Convert String-formatted options into Object-formatted ones
-function createOptions( options ) {
-	var object = {};
-	jQuery.each( options.match( rnothtmlwhite ) || [], function( _, flag ) {
-		object[ flag ] = true;
-	} );
-	return object;
-}
-
-/*
- * Create a callback list using the following parameters:
- *
- *	options: an optional list of space-separated options that will change how
- *			the callback list behaves or a more traditional option object
- *
- * By default a callback list will act like an event callback list and can be
- * "fired" multiple times.
- *
- * Possible options:
- *
- *	once:			will ensure the callback list can only be fired once (like a Deferred)
- *
- *	memory:			will keep track of previous values and will call any callback added
- *					after the list has been fired right away with the latest "memorized"
- *					values (like a Deferred)
- *
- *	unique:			will ensure a callback can only be added once (no duplicate in the list)
- *
- *	stopOnFalse:	interrupt callings when a callback returns false
- *
- */
-jQuery.Callbacks = function( options ) {
-
-	// Convert options from String-formatted to Object-formatted if needed
-	// (we check in cache first)
-	options = typeof options === "string" ?
-		createOptions( options ) :
-		jQuery.extend( {}, options );
-
-	var // Flag to know if list is currently firing
-		firing,
-
-		// Last fire value for non-forgettable lists
-		memory,
-
-		// Flag to know if list was already fired
-		fired,
-
-		// Flag to prevent firing
-		locked,
-
-		// Actual callback list
-		list = [],
-
-		// Queue of execution data for repeatable lists
-		queue = [],
-
-		// Index of currently firing callback (modified by add/remove as needed)
-		firingIndex = -1,
-
-		// Fire callbacks
-		fire = function() {
-
-			// Enforce single-firing
-			locked = locked || options.once;
-
-			// Execute callbacks for all pending executions,
-			// respecting firingIndex overrides and runtime changes
-			fired = firing = true;
-			for ( ; queue.length; firingIndex = -1 ) {
-				memory = queue.shift();
-				while ( ++firingIndex < list.length ) {
-
-					// Run callback and check for early termination
-					if ( list[ firingIndex ].apply( memory[ 0 ], memory[ 1 ] ) === false &&
-						options.stopOnFalse ) {
-
-						// Jump to end and forget the data so .add doesn't re-fire
-						firingIndex = list.length;
-						memory = false;
-					}
-				}
-			}
-
-			// Forget the data if we're done with it
-			if ( !options.memory ) {
-				memory = false;
-			}
-
-			firing = false;
-
-			// Clean up if we're done firing for good
-			if ( locked ) {
-
-				// Keep an empty list if we have data for future add calls
-				if ( memory ) {
-					list = [];
-
-				// Otherwise, this object is spent
-				} else {
-					list = "";
-				}
-			}
-		},
-
-		// Actual Callbacks object
-		self = {
-
-			// Add a callback or a collection of callbacks to the list
-			add: function() {
-				if ( list ) {
-
-					// If we have memory from a past run, we should fire after adding
-					if ( memory && !firing ) {
-						firingIndex = list.length - 1;
-						queue.push( memory );
-					}
-
-					( function add( args ) {
-						jQuery.each( args, function( _, arg ) {
-							if ( jQuery.isFunction( arg ) ) {
-								if ( !options.unique || !self.has( arg ) ) {
-									list.push( arg );
-								}
-							} else if ( arg && arg.length && jQuery.type( arg ) !== "string" ) {
-
-								// Inspect recursively
-								add( arg );
-							}
-						} );
-					} )( arguments );
-
-					if ( memory && !firing ) {
-						fire();
-					}
-				}
-				return this;
-			},
-
-			// Remove a callback from the list
-			remove: function() {
-				jQuery.each( arguments, function( _, arg ) {
-					var index;
-					while ( ( index = jQuery.inArray( arg, list, index ) ) > -1 ) {
-						list.splice( index, 1 );
-
-						// Handle firing indexes
-						if ( index <= firingIndex ) {
-							firingIndex--;
-						}
-					}
-				} );
-				return this;
-			},
-
-			// Check if a given callback is in the list.
-			// If no argument is given, return whether or not list has callbacks attached.
-			has: function( fn ) {
-				return fn ?
-					jQuery.inArray( fn, list ) > -1 :
-					list.length > 0;
-			},
-
-			// Remove all callbacks from the list
-			empty: function() {
-				if ( list ) {
-					list = [];
-				}
-				return this;
-			},
-
-			// Disable .fire and .add
-			// Abort any current/pending executions
-			// Clear all callbacks and values
-			disable: function() {
-				locked = queue = [];
-				list = memory = "";
-				return this;
-			},
-			disabled: function() {
-				return !list;
-			},
-
-			// Disable .fire
-			// Also disable .add unless we have memory (since it would have no effect)
-			// Abort any pending executions
-			lock: function() {
-				locked = queue = [];
-				if ( !memory && !firing ) {
-					list = memory = "";
-				}
-				return this;
-			},
-			locked: function() {
-				return !!locked;
-			},
-
-			// Call all callbacks with the given context and arguments
-			fireWith: function( context, args ) {
-				if ( !locked ) {
-					args = args || [];
-					args = [ context, args.slice ? args.slice() : args ];
-					queue.push( args );
-					if ( !firing ) {
-						fire();
-					}
-				}
-				return this;
-			},
-
-			// Call all the callbacks with the given arguments
-			fire: function() {
-				self.fireWith( this, arguments );
-				return this;
-			},
-
-			// To know if the callbacks have already been called at least once
-			fired: function() {
-				return !!fired;
-			}
-		};
-
-	return self;
-};
-
-
-function Identity( v ) {
-	return v;
-}
-function Thrower( ex ) {
-	throw ex;
-}
-
-function adoptValue( value, resolve, reject, noValue ) {
-	var method;
-
-	try {
-
-		// Check for promise aspect first to privilege synchronous behavior
-		if ( value && jQuery.isFunction( ( method = value.promise ) ) ) {
-			method.call( value ).done( resolve ).fail( reject );
-
-		// Other thenables
-		} else if ( value && jQuery.isFunction( ( method = value.then ) ) ) {
-			method.call( value, resolve, reject );
-
-		// Other non-thenables
-		} else {
-
-			// Control `resolve` arguments by letting Array#slice cast boolean `noValue` to integer:
-			// * false: [ value ].slice( 0 ) => resolve( value )
-			// * true: [ value ].slice( 1 ) => resolve()
-			resolve.apply( undefined, [ value ].slice( noValue ) );
-		}
-
-	// For Promises/A+, convert exceptions into rejections
-	// Since jQuery.when doesn't unwrap thenables, we can skip the extra checks appearing in
-	// Deferred#then to conditionally suppress rejection.
-	} catch ( value ) {
-
-		// Support: Android 4.0 only
-		// Strict mode functions invoked without .call/.apply get global-object context
-		reject.apply( undefined, [ value ] );
-	}
-}
-
-jQuery.extend( {
-
-	Deferred: function( func ) {
-		var tuples = [
-
-				// action, add listener, callbacks,
-				// ... .then handlers, argument index, [final state]
-				[ "notify", "progress", jQuery.Callbacks( "memory" ),
-					jQuery.Callbacks( "memory" ), 2 ],
-				[ "resolve", "done", jQuery.Callbacks( "once memory" ),
-					jQuery.Callbacks( "once memory" ), 0, "resolved" ],
-				[ "reject", "fail", jQuery.Callbacks( "once memory" ),
-					jQuery.Callbacks( "once memory" ), 1, "rejected" ]
-			],
-			state = "pending",
-			promise = {
-				state: function() {
-					return state;
-				},
-				always: function() {
-					deferred.done( arguments ).fail( arguments );
-					return this;
-				},
-				"catch": function( fn ) {
-					return promise.then( null, fn );
-				},
-
-				// Keep pipe for back-compat
-				pipe: function( /* fnDone, fnFail, fnProgress */ ) {
-					var fns = arguments;
-
-					return jQuery.Deferred( function( newDefer ) {
-						jQuery.each( tuples, function( i, tuple ) {
-
-							// Map tuples (progress, done, fail) to arguments (done, fail, progress)
-							var fn = jQuery.isFunction( fns[ tuple[ 4 ] ] ) && fns[ tuple[ 4 ] ];
-
-							// deferred.progress(function() { bind to newDefer or newDefer.notify })
-							// deferred.done(function() { bind to newDefer or newDefer.resolve })
-							// deferred.fail(function() { bind to newDefer or newDefer.reject })
-							deferred[ tuple[ 1 ] ]( function() {
-								var returned = fn && fn.apply( this, arguments );
-								if ( returned && jQuery.isFunction( returned.promise ) ) {
-									returned.promise()
-										.progress( newDefer.notify )
-										.done( newDefer.resolve )
-										.fail( newDefer.reject );
-								} else {
-									newDefer[ tuple[ 0 ] + "With" ](
-										this,
-										fn ? [ returned ] : arguments
-									);
-								}
-							} );
-						} );
-						fns = null;
-					} ).promise();
-				},
-				then: function( onFulfilled, onRejected, onProgress ) {
-					var maxDepth = 0;
-					function resolve( depth, deferred, handler, special ) {
-						return function() {
-							var that = this,
-								args = arguments,
-								mightThrow = function() {
-									var returned, then;
-
-									// Support: Promises/A+ section 2.3.3.3.3
-									// https://promisesaplus.com/#point-59
-									// Ignore double-resolution attempts
-									if ( depth < maxDepth ) {
-										return;
-									}
-
-									returned = handler.apply( that, args );
-
-									// Support: Promises/A+ section 2.3.1
-									// https://promisesaplus.com/#point-48
-									if ( returned === deferred.promise() ) {
-										throw new TypeError( "Thenable self-resolution" );
-									}
-
-									// Support: Promises/A+ sections 2.3.3.1, 3.5
-									// https://promisesaplus.com/#point-54
-									// https://promisesaplus.com/#point-75
-									// Retrieve `then` only once
-									then = returned &&
-
-										// Support: Promises/A+ section 2.3.4
-										// https://promisesaplus.com/#point-64
-										// Only check objects and functions for thenability
-										( typeof returned === "object" ||
-											typeof returned === "function" ) &&
-										returned.then;
-
-									// Handle a returned thenable
-									if ( jQuery.isFunction( then ) ) {
-
-										// Special processors (notify) just wait for resolution
-										if ( special ) {
-											then.call(
-												returned,
-												resolve( maxDepth, deferred, Identity, special ),
-												resolve( maxDepth, deferred, Thrower, special )
-											);
-
-										// Normal processors (resolve) also hook into progress
-										} else {
-
-											// ...and disregard older resolution values
-											maxDepth++;
-
-											then.call(
-												returned,
-												resolve( maxDepth, deferred, Identity, special ),
-												resolve( maxDepth, deferred, Thrower, special ),
-												resolve( maxDepth, deferred, Identity,
-													deferred.notifyWith )
-											);
-										}
-
-									// Handle all other returned values
-									} else {
-
-										// Only substitute handlers pass on context
-										// and multiple values (non-spec behavior)
-										if ( handler !== Identity ) {
-											that = undefined;
-											args = [ returned ];
-										}
-
-										// Process the value(s)
-										// Default process is resolve
-										( special || deferred.resolveWith )( that, args );
-									}
-								},
-
-								// Only normal processors (resolve) catch and reject exceptions
-								process = special ?
-									mightThrow :
-									function() {
-										try {
-											mightThrow();
-										} catch ( e ) {
-
-											if ( jQuery.Deferred.exceptionHook ) {
-												jQuery.Deferred.exceptionHook( e,
-													process.stackTrace );
-											}
-
-											// Support: Promises/A+ section 2.3.3.3.4.1
-											// https://promisesaplus.com/#point-61
-											// Ignore post-resolution exceptions
-											if ( depth + 1 >= maxDepth ) {
-
-												// Only substitute handlers pass on context
-												// and multiple values (non-spec behavior)
-												if ( handler !== Thrower ) {
-													that = undefined;
-													args = [ e ];
-												}
-
-												deferred.rejectWith( that, args );
-											}
-										}
-									};
-
-							// Support: Promises/A+ section 2.3.3.3.1
-							// https://promisesaplus.com/#point-57
-							// Re-resolve promises immediately to dodge false rejection from
-							// subsequent errors
-							if ( depth ) {
-								process();
-							} else {
-
-								// Call an optional hook to record the stack, in case of exception
-								// since it's otherwise lost when execution goes async
-								if ( jQuery.Deferred.getStackHook ) {
-									process.stackTrace = jQuery.Deferred.getStackHook();
-								}
-								window.setTimeout( process );
-							}
-						};
-					}
-
-					return jQuery.Deferred( function( newDefer ) {
-
-						// progress_handlers.add( ... )
-						tuples[ 0 ][ 3 ].add(
-							resolve(
-								0,
-								newDefer,
-								jQuery.isFunction( onProgress ) ?
-									onProgress :
-									Identity,
-								newDefer.notifyWith
-							)
-						);
-
-						// fulfilled_handlers.add( ... )
-						tuples[ 1 ][ 3 ].add(
-							resolve(
-								0,
-								newDefer,
-								jQuery.isFunction( onFulfilled ) ?
-									onFulfilled :
-									Identity
-							)
-						);
-
-						// rejected_handlers.add( ... )
-						tuples[ 2 ][ 3 ].add(
-							resolve(
-								0,
-								newDefer,
-								jQuery.isFunction( onRejected ) ?
-									onRejected :
-									Thrower
-							)
-						);
-					} ).promise();
-				},
-
-				// Get a promise for this deferred
-				// If obj is provided, the promise aspect is added to the object
-				promise: function( obj ) {
-					return obj != null ? jQuery.extend( obj, promise ) : promise;
-				}
-			},
-			deferred = {};
-
-		// Add list-specific methods
-		jQuery.each( tuples, function( i, tuple ) {
-			var list = tuple[ 2 ],
-				stateString = tuple[ 5 ];
-
-			// promise.progress = list.add
-			// promise.done = list.add
-			// promise.fail = list.add
-			promise[ tuple[ 1 ] ] = list.add;
-
-			// Handle state
-			if ( stateString ) {
-				list.add(
-					function() {
-
-						// state = "resolved" (i.e., fulfilled)
-						// state = "rejected"
-						state = stateString;
-					},
-
-					// rejected_callbacks.disable
-					// fulfilled_callbacks.disable
-					tuples[ 3 - i ][ 2 ].disable,
-
-					// progress_callbacks.lock
-					tuples[ 0 ][ 2 ].lock
-				);
-			}
-
-			// progress_handlers.fire
-			// fulfilled_handlers.fire
-			// rejected_handlers.fire
-			list.add( tuple[ 3 ].fire );
-
-			// deferred.notify = function() { deferred.notifyWith(...) }
-			// deferred.resolve = function() { deferred.resolveWith(...) }
-			// deferred.reject = function() { deferred.rejectWith(...) }
-			deferred[ tuple[ 0 ] ] = function() {
-				deferred[ tuple[ 0 ] + "With" ]( this === deferred ? undefined : this, arguments );
-				return this;
-			};
-
-			// deferred.notifyWith = list.fireWith
-			// deferred.resolveWith = list.fireWith
-			// deferred.rejectWith = list.fireWith
-			deferred[ tuple[ 0 ] + "With" ] = list.fireWith;
-		} );
-
-		// Make the deferred a promise
-		promise.promise( deferred );
-
-		// Call given func if any
-		if ( func ) {
-			func.call( deferred, deferred );
-		}
-
-		// All done!
-		return deferred;
-	},
-
-	// Deferred helper
-	when: function( singleValue ) {
-		var
-
-			// count of uncompleted subordinates
-			remaining = arguments.length,
-
-			// count of unprocessed arguments
-			i = remaining,
-
-			// subordinate fulfillment data
-			resolveContexts = Array( i ),
-			resolveValues = slice.call( arguments ),
-
-			// the master Deferred
-			master = jQuery.Deferred(),
-
-			// subordinate callback factory
-			updateFunc = function( i ) {
-				return function( value ) {
-					resolveContexts[ i ] = this;
-					resolveValues[ i ] = arguments.length > 1 ? slice.call( arguments ) : value;
-					if ( !( --remaining ) ) {
-						master.resolveWith( resolveContexts, resolveValues );
-					}
-				};
-			};
-
-		// Single- and empty arguments are adopted like Promise.resolve
-		if ( remaining <= 1 ) {
-			adoptValue( singleValue, master.done( updateFunc( i ) ).resolve, master.reject,
-				!remaining );
-
-			// Use .then() to unwrap secondary thenables (cf. gh-3000)
-			if ( master.state() === "pending" ||
-				jQuery.isFunction( resolveValues[ i ] && resolveValues[ i ].then ) ) {
-
-				return master.then();
-			}
-		}
-
-		// Multiple arguments are aggregated like Promise.all array elements
-		while ( i-- ) {
-			adoptValue( resolveValues[ i ], updateFunc( i ), master.reject );
-		}
-
-		return master.promise();
-	}
-} );
-
-
-// These usually indicate a programmer mistake during development,
-// warn about them ASAP rather than swallowing them by default.
-var rerrorNames = /^(Eval|Internal|Range|Reference|Syntax|Type|URI)Error$/;
-
-jQuery.Deferred.exceptionHook = function( error, stack ) {
-
-	// Support: IE 8 - 9 only
-	// Console exists when dev tools are open, which can happen at any time
-	if ( window.console && window.console.warn && error && rerrorNames.test( error.name ) ) {
-		window.console.warn( "jQuery.Deferred exception: " + error.message, error.stack, stack );
-	}
-};
-
-
-
-
-jQuery.readyException = function( error ) {
-	window.setTimeout( function() {
-		throw error;
-	} );
-};
-
-
-
-
-// The deferred used on DOM ready
-var readyList = jQuery.Deferred();
-
-jQuery.fn.ready = function( fn ) {
-
-	readyList
-		.then( fn )
-
-		// Wrap jQuery.readyException in a function so that the lookup
-		// happens at the time of error handling instead of callback
-		// registration.
-		.catch( function( error ) {
-			jQuery.readyException( error );
-		} );
-
-	return this;
-};
-
-jQuery.extend( {
-
-	// Is the DOM ready to be used? Set to true once it occurs.
-	isReady: false,
-
-	// A counter to track how many items to wait for before
-	// the ready event fires. See #6781
-	readyWait: 1,
-
-	// Handle when the DOM is ready
-	ready: function( wait ) {
-
-		// Abort if there are pending holds or we're already ready
-		if ( wait === true ? --jQuery.readyWait : jQuery.isReady ) {
-			return;
-		}
-
-		// Remember that the DOM is ready
-		jQuery.isReady = true;
-
-		// If a normal DOM Ready event fired, decrement, and wait if need be
-		if ( wait !== true && --jQuery.readyWait > 0 ) {
-			return;
-		}
-
-		// If there are functions bound, to execute
-		readyList.resolveWith( document, [ jQuery ] );
-	}
-} );
-
-jQuery.ready.then = readyList.then;
-
-// The ready event handler and self cleanup method
-function completed() {
-	document.removeEventListener( "DOMContentLoaded", completed );
-	window.removeEventListener( "load", completed );
-	jQuery.ready();
-}
-
-// Catch cases where $(document).ready() is called
-// after the browser event has already occurred.
-// Support: IE <=9 - 10 only
-// Older IE sometimes signals "interactive" too soon
-if ( document.readyState === "complete" ||
-	( document.readyState !== "loading" && !document.documentElement.doScroll ) ) {
-
-	// Handle it asynchronously to allow scripts the opportunity to delay ready
-	window.setTimeout( jQuery.ready );
-
-} else {
-
-	// Use the handy event callback
-	document.addEventListener( "DOMContentLoaded", completed );
-
-	// A fallback to window.onload, that will always work
-	window.addEventListener( "load", completed );
-}
-
-
-
-
-// Multifunctional method to get and set values of a collection
-// The value/s can optionally be executed if it's a function
-var access = function( elems, fn, key, value, chainable, emptyGet, raw ) {
-	var i = 0,
-		len = elems.length,
-		bulk = key == null;
-
-	// Sets many values
-	if ( jQuery.type( key ) === "object" ) {
-		chainable = true;
-		for ( i in key ) {
-			access( elems, fn, i, key[ i ], true, emptyGet, raw );
-		}
-
-	// Sets one value
-	} else if ( value !== undefined ) {
-		chainable = true;
-
-		if ( !jQuery.isFunction( value ) ) {
-			raw = true;
-		}
-
-		if ( bulk ) {
-
-			// Bulk operations run against the entire set
-			if ( raw ) {
-				fn.call( elems, value );
-				fn = null;
-
-			// ...except when executing function values
-			} else {
-				bulk = fn;
-				fn = function( elem, key, value ) {
-					return bulk.call( jQuery( elem ), value );
-				};
-			}
-		}
-
-		if ( fn ) {
-			for ( ; i < len; i++ ) {
-				fn(
-					elems[ i ], key, raw ?
-					value :
-					value.call( elems[ i ], i, fn( elems[ i ], key ) )
-				);
-			}
-		}
-	}
-
-	if ( chainable ) {
-		return elems;
-	}
-
-	// Gets
-	if ( bulk ) {
-		return fn.call( elems );
-	}
-
-	return len ? fn( elems[ 0 ], key ) : emptyGet;
-};
-var acceptData = function( owner ) {
-
-	// Accepts only:
-	//  - Node
-	//    - Node.ELEMENT_NODE
-	//    - Node.DOCUMENT_NODE
-	//  - Object
-	//    - Any
-	return owner.nodeType === 1 || owner.nodeType === 9 || !( +owner.nodeType );
-};
-
-
-
-
-function Data() {
-	this.expando = jQuery.expando + Data.uid++;
-}
-
-Data.uid = 1;
-
-Data.prototype = {
-
-	cache: function( owner ) {
-
-		// Check if the owner object already has a cache
-		var value = owner[ this.expando ];
-
-		// If not, create one
-		if ( !value ) {
-			value = {};
-
-			// We can accept data for non-element nodes in modern browsers,
-			// but we should not, see #8335.
-			// Always return an empty object.
-			if ( acceptData( owner ) ) {
-
-				// If it is a node unlikely to be stringify-ed or looped over
-				// use plain assignment
-				if ( owner.nodeType ) {
-					owner[ this.expando ] = value;
-
-				// Otherwise secure it in a non-enumerable property
-				// configurable must be true to allow the property to be
-				// deleted when data is removed
-				} else {
-					Object.defineProperty( owner, this.expando, {
-						value: value,
-						configurable: true
-					} );
-				}
-			}
-		}
-
-		return value;
-	},
-	set: function( owner, data, value ) {
-		var prop,
-			cache = this.cache( owner );
-
-		// Handle: [ owner, key, value ] args
-		// Always use camelCase key (gh-2257)
-		if ( typeof data === "string" ) {
-			cache[ jQuery.camelCase( data ) ] = value;
-
-		// Handle: [ owner, { properties } ] args
-		} else {
-
-			// Copy the properties one-by-one to the cache object
-			for ( prop in data ) {
-				cache[ jQuery.camelCase( prop ) ] = data[ prop ];
-			}
-		}
-		return cache;
-	},
-	get: function( owner, key ) {
-		return key === undefined ?
-			this.cache( owner ) :
-
-			// Always use camelCase key (gh-2257)
-			owner[ this.expando ] && owner[ this.expando ][ jQuery.camelCase( key ) ];
-	},
-	access: function( owner, key, value ) {
-
-		// In cases where either:
-		//
-		//   1. No key was specified
-		//   2. A string key was specified, but no value provided
-		//
-		// Take the "read" path and allow the get method to determine
-		// which value to return, respectively either:
-		//
-		//   1. The entire cache object
-		//   2. The data stored at the key
-		//
-		if ( key === undefined ||
-				( ( key && typeof key === "string" ) && value === undefined ) ) {
-
-			return this.get( owner, key );
-		}
-
-		// When the key is not a string, or both a key and value
-		// are specified, set or extend (existing objects) with either:
-		//
-		//   1. An object of properties
-		//   2. A key and value
-		//
-		this.set( owner, key, value );
-
-		// Since the "set" path can have two possible entry points
-		// return the expected data based on which path was taken[*]
-		return value !== undefined ? value : key;
-	},
-	remove: function( owner, key ) {
-		var i,
-			cache = owner[ this.expando ];
-
-		if ( cache === undefined ) {
-			return;
-		}
-
-		if ( key !== undefined ) {
-
-			// Support array or space separated string of keys
-			if ( Array.isArray( key ) ) {
-
-				// If key is an array of keys...
-				// We always set camelCase keys, so remove that.
-				key = key.map( jQuery.camelCase );
-			} else {
-				key = jQuery.camelCase( key );
-
-				// If a key with the spaces exists, use it.
-				// Otherwise, create an array by matching non-whitespace
-				key = key in cache ?
-					[ key ] :
-					( key.match( rnothtmlwhite ) || [] );
-			}
-
-			i = key.length;
-
-			while ( i-- ) {
-				delete cache[ key[ i ] ];
-			}
-		}
-
-		// Remove the expando if there's no more data
-		if ( key === undefined || jQuery.isEmptyObject( cache ) ) {
-
-			// Support: Chrome <=35 - 45
-			// Webkit & Blink performance suffers when deleting properties
-			// from DOM nodes, so set to undefined instead
-			// https://bugs.chromium.org/p/chromium/issues/detail?id=378607 (bug restricted)
-			if ( owner.nodeType ) {
-				owner[ this.expando ] = undefined;
-			} else {
-				delete owner[ this.expando ];
-			}
-		}
-	},
-	hasData: function( owner ) {
-		var cache = owner[ this.expando ];
-		return cache !== undefined && !jQuery.isEmptyObject( cache );
-	}
-};
-var dataPriv = new Data();
-
-var dataUser = new Data();
-
-
-
-//	Implementation Summary
-//
-//	1. Enforce API surface and semantic compatibility with 1.9.x branch
-//	2. Improve the module's maintainability by reducing the storage
-//		paths to a single mechanism.
-//	3. Use the same single mechanism to support "private" and "user" data.
-//	4. _Never_ expose "private" data to user code (TODO: Drop _data, _removeData)
-//	5. Avoid exposing implementation details on user objects (eg. expando properties)
-//	6. Provide a clear path for implementation upgrade to WeakMap in 2014
-
-var rbrace = /^(?:\{[\w\W]*\}|\[[\w\W]*\])$/,
-	rmultiDash = /[A-Z]/g;
-
-function getData( data ) {
-	if ( data === "true" ) {
-		return true;
-	}
-
-	if ( data === "false" ) {
-		return false;
-	}
-
-	if ( data === "null" ) {
-		return null;
-	}
-
-	// Only convert to a number if it doesn't change the string
-	if ( data === +data + "" ) {
-		return +data;
-	}
-
-	if ( rbrace.test( data ) ) {
-		return JSON.parse( data );
-	}
-
-	return data;
-}
-
-function dataAttr( elem, key, data ) {
-	var name;
-
-	// If nothing was found internally, try to fetch any
-	// data from the HTML5 data-* attribute
-	if ( data === undefined && elem.nodeType === 1 ) {
-		name = "data-" + key.replace( rmultiDash, "-$&" ).toLowerCase();
-		data = elem.getAttribute( name );
-
-		if ( typeof data === "string" ) {
-			try {
-				data = getData( data );
-			} catch ( e ) {}
-
-			// Make sure we set the data so it isn't changed later
-			dataUser.set( elem, key, data );
-		} else {
-			data = undefined;
-		}
-	}
-	return data;
-}
-
-jQuery.extend( {
-	hasData: function( elem ) {
-		return dataUser.hasData( elem ) || dataPriv.hasData( elem );
-	},
-
-	data: function( elem, name, data ) {
-		return dataUser.access( elem, name, data );
-	},
-
-	removeData: function( elem, name ) {
-		dataUser.remove( elem, name );
-	},
-
-	// TODO: Now that all calls to _data and _removeData have been replaced
-	// with direct calls to dataPriv methods, these can be deprecated.
-	_data: function( elem, name, data ) {
-		return dataPriv.access( elem, name, data );
-	},
-
-	_removeData: function( elem, name ) {
-		dataPriv.remove( elem, name );
-	}
-} );
-
-jQuery.fn.extend( {
-	data: function( key, value ) {
-		var i, name, data,
-			elem = this[ 0 ],
-			attrs = elem && elem.attributes;
-
-		// Gets all values
-		if ( key === undefined ) {
-			if ( this.length ) {
-				data = dataUser.get( elem );
-
-				if ( elem.nodeType === 1 && !dataPriv.get( elem, "hasDataAttrs" ) ) {
-					i = attrs.length;
-					while ( i-- ) {
-
-						// Support: IE 11 only
-						// The attrs elements can be null (#14894)
-						if ( attrs[ i ] ) {
-							name = attrs[ i ].name;
-							if ( name.indexOf( "data-" ) === 0 ) {
-								name = jQuery.camelCase( name.slice( 5 ) );
-								dataAttr( elem, name, data[ name ] );
-							}
-						}
-					}
-					dataPriv.set( elem, "hasDataAttrs", true );
-				}
-			}
-
-			return data;
-		}
-
-		// Sets multiple values
-		if ( typeof key === "object" ) {
-			return this.each( function() {
-				dataUser.set( this, key );
-			} );
-		}
-
-		return access( this, function( value ) {
-			var data;
-
-			// The calling jQuery object (element matches) is not empty
-			// (and therefore has an element appears at this[ 0 ]) and the
-			// `value` parameter was not undefined. An empty jQuery object
-			// will result in `undefined` for elem = this[ 0 ] which will
-			// throw an exception if an attempt to read a data cache is made.
-			if ( elem && value === undefined ) {
-
-				// Attempt to get data from the cache
-				// The key will always be camelCased in Data
-				data = dataUser.get( elem, key );
-				if ( data !== undefined ) {
-					return data;
-				}
-
-				// Attempt to "discover" the data in
-				// HTML5 custom data-* attrs
-				data = dataAttr( elem, key );
-				if ( data !== undefined ) {
-					return data;
-				}
-
-				// We tried really hard, but the data doesn't exist.
-				return;
-			}
-
-			// Set the data...
-			this.each( function() {
-
-				// We always store the camelCased key
-				dataUser.set( this, key, value );
-			} );
-		}, null, value, arguments.length > 1, null, true );
-	},
-
-	removeData: function( key ) {
-		return this.each( function() {
-			dataUser.remove( this, key );
-		} );
-	}
-} );
-
-
-jQuery.extend( {
-	queue: function( elem, type, data ) {
-		var queue;
-
-		if ( elem ) {
-			type = ( type || "fx" ) + "queue";
-			queue = dataPriv.get( elem, type );
-
-			// Speed up dequeue by getting out quickly if this is just a lookup
-			if ( data ) {
-				if ( !queue || Array.isArray( data ) ) {
-					queue = dataPriv.access( elem, type, jQuery.makeArray( data ) );
-				} else {
-					queue.push( data );
-				}
-			}
-			return queue || [];
-		}
-	},
-
-	dequeue: function( elem, type ) {
-		type = type || "fx";
-
-		var queue = jQuery.queue( elem, type ),
-			startLength = queue.length,
-			fn = queue.shift(),
-			hooks = jQuery._queueHooks( elem, type ),
-			next = function() {
-				jQuery.dequeue( elem, type );
-			};
-
-		// If the fx queue is dequeued, always remove the progress sentinel
-		if ( fn === "inprogress" ) {
-			fn = queue.shift();
-			startLength--;
-		}
-
-		if ( fn ) {
-
-			// Add a progress sentinel to prevent the fx queue from being
-			// automatically dequeued
-			if ( type === "fx" ) {
-				queue.unshift( "inprogress" );
-			}
-
-			// Clear up the last queue stop function
-			delete hooks.stop;
-			fn.call( elem, next, hooks );
-		}
-
-		if ( !startLength && hooks ) {
-			hooks.empty.fire();
-		}
-	},
-
-	// Not public - generate a queueHooks object, or return the current one
-	_queueHooks: function( elem, type ) {
-		var key = type + "queueHooks";
-		return dataPriv.get( elem, key ) || dataPriv.access( elem, key, {
-			empty: jQuery.Callbacks( "once memory" ).add( function() {
-				dataPriv.remove( elem, [ type + "queue", key ] );
-			} )
-		} );
-	}
-} );
-
-jQuery.fn.extend( {
-	queue: function( type, data ) {
-		var setter = 2;
-
-		if ( typeof type !== "string" ) {
-			data = type;
-			type = "fx";
-			setter--;
-		}
-
-		if ( arguments.length < setter ) {
-			return jQuery.queue( this[ 0 ], type );
-		}
-
-		return data === undefined ?
-			this :
-			this.each( function() {
-				var queue = jQuery.queue( this, type, data );
-
-				// Ensure a hooks for this queue
-				jQuery._queueHooks( this, type );
-
-				if ( type === "fx" && queue[ 0 ] !== "inprogress" ) {
-					jQuery.dequeue( this, type );
-				}
-			} );
-	},
-	dequeue: function( type ) {
-		return this.each( function() {
-			jQuery.dequeue( this, type );
-		} );
-	},
-	clearQueue: function( type ) {
-		return this.queue( type || "fx", [] );
-	},
-
-	// Get a promise resolved when queues of a certain type
-	// are emptied (fx is the type by default)
-	promise: function( type, obj ) {
-		var tmp,
-			count = 1,
-			defer = jQuery.Deferred(),
-			elements = this,
-			i = this.length,
-			resolve = function() {
-				if ( !( --count ) ) {
-					defer.resolveWith( elements, [ elements ] );
-				}
-			};
-
-		if ( typeof type !== "string" ) {
-			obj = type;
-			type = undefined;
-		}
-		type = type || "fx";
-
-		while ( i-- ) {
-			tmp = dataPriv.get( elements[ i ], type + "queueHooks" );
-			if ( tmp && tmp.empty ) {
-				count++;
-				tmp.empty.add( resolve );
-			}
-		}
-		resolve();
-		return defer.promise( obj );
-	}
-} );
-var pnum = ( /[+-]?(?:\d*\.|)\d+(?:[eE][+-]?\d+|)/ ).source;
-
-var rcssNum = new RegExp( "^(?:([+-])=|)(" + pnum + ")([a-z%]*)$", "i" );
-
-
-var cssExpand = [ "Top", "Right", "Bottom", "Left" ];
-
-var isHiddenWithinTree = function( elem, el ) {
-
-		// isHiddenWithinTree might be called from jQuery#filter function;
-		// in that case, element will be second argument
-		elem = el || elem;
-
-		// Inline style trumps all
-		return elem.style.display === "none" ||
-			elem.style.display === "" &&
-
-			// Otherwise, check computed style
-			// Support: Firefox <=43 - 45
-			// Disconnected elements can have computed display: none, so first confirm that elem is
-			// in the document.
-			jQuery.contains( elem.ownerDocument, elem ) &&
-
-			jQuery.css( elem, "display" ) === "none";
-	};
-
-var swap = function( elem, options, callback, args ) {
-	var ret, name,
-		old = {};
-
-	// Remember the old values, and insert the new ones
-	for ( name in options ) {
-		old[ name ] = elem.style[ name ];
-		elem.style[ name ] = options[ name ];
-	}
-
-	ret = callback.apply( elem, args || [] );
-
-	// Revert the old values
-	for ( name in options ) {
-		elem.style[ name ] = old[ name ];
-	}
-
-	return ret;
-};
-
-
-
-
-function adjustCSS( elem, prop, valueParts, tween ) {
-	var adjusted,
-		scale = 1,
-		maxIterations = 20,
-		currentValue = tween ?
-			function() {
-				return tween.cur();
-			} :
-			function() {
-				return jQuery.css( elem, prop, "" );
-			},
-		initial = currentValue(),
-		unit = valueParts && valueParts[ 3 ] || ( jQuery.cssNumber[ prop ] ? "" : "px" ),
-
-		// Starting value computation is required for potential unit mismatches
-		initialInUnit = ( jQuery.cssNumber[ prop ] || unit !== "px" && +initial ) &&
-			rcssNum.exec( jQuery.css( elem, prop ) );
-
-	if ( initialInUnit && initialInUnit[ 3 ] !== unit ) {
-
-		// Trust units reported by jQuery.css
-		unit = unit || initialInUnit[ 3 ];
-
-		// Make sure we update the tween properties later on
-		valueParts = valueParts || [];
-
-		// Iteratively approximate from a nonzero starting point
-		initialInUnit = +initial || 1;
-
-		do {
-
-			// If previous iteration zeroed out, double until we get *something*.
-			// Use string for doubling so we don't accidentally see scale as unchanged below
-			scale = scale || ".5";
-
-			// Adjust and apply
-			initialInUnit = initialInUnit / scale;
-			jQuery.style( elem, prop, initialInUnit + unit );
-
-		// Update scale, tolerating zero or NaN from tween.cur()
-		// Break the loop if scale is unchanged or perfect, or if we've just had enough.
-		} while (
-			scale !== ( scale = currentValue() / initial ) && scale !== 1 && --maxIterations
-		);
-	}
-
-	if ( valueParts ) {
-		initialInUnit = +initialInUnit || +initial || 0;
-
-		// Apply relative offset (+=/-=) if specified
-		adjusted = valueParts[ 1 ] ?
-			initialInUnit + ( valueParts[ 1 ] + 1 ) * valueParts[ 2 ] :
-			+valueParts[ 2 ];
-		if ( tween ) {
-			tween.unit = unit;
-			tween.start = initialInUnit;
-			tween.end = adjusted;
-		}
-	}
-	return adjusted;
-}
-
-
-var defaultDisplayMap = {};
-
-function getDefaultDisplay( elem ) {
-	var temp,
-		doc = elem.ownerDocument,
-		nodeName = elem.nodeName,
-		display = defaultDisplayMap[ nodeName ];
-
-	if ( display ) {
-		return display;
-	}
-
-	temp = doc.body.appendChild( doc.createElement( nodeName ) );
-	display = jQuery.css( temp, "display" );
-
-	temp.parentNode.removeChild( temp );
-
-	if ( display === "none" ) {
-		display = "block";
-	}
-	defaultDisplayMap[ nodeName ] = display;
-
-	return display;
-}
-
-function showHide( elements, show ) {
-	var display, elem,
-		values = [],
-		index = 0,
-		length = elements.length;
-
-	// Determine new display value for elements that need to change
-	for ( ; index < length; index++ ) {
-		elem = elements[ index ];
-		if ( !elem.style ) {
-			continue;
-		}
-
-		display = elem.style.display;
-		if ( show ) {
-
-			// Since we force visibility upon cascade-hidden elements, an immediate (and slow)
-			// check is required in this first loop unless we have a nonempty display value (either
-			// inline or about-to-be-restored)
-			if ( display === "none" ) {
-				values[ index ] = dataPriv.get( elem, "display" ) || null;
-				if ( !values[ index ] ) {
-					elem.style.display = "";
-				}
-			}
-			if ( elem.style.display === "" && isHiddenWithinTree( elem ) ) {
-				values[ index ] = getDefaultDisplay( elem );
-			}
-		} else {
-			if ( display !== "none" ) {
-				values[ index ] = "none";
-
-				// Remember what we're overwriting
-				dataPriv.set( elem, "display", display );
-			}
-		}
-	}
-
-	// Set the display of the elements in a second loop to avoid constant reflow
-	for ( index = 0; index < length; index++ ) {
-		if ( values[ index ] != null ) {
-			elements[ index ].style.display = values[ index ];
-		}
-	}
-
-	return elements;
-}
-
-jQuery.fn.extend( {
-	show: function() {
-		return showHide( this, true );
-	},
-	hide: function() {
-		return showHide( this );
-	},
-	toggle: function( state ) {
-		if ( typeof state === "boolean" ) {
-			return state ? this.show() : this.hide();
-		}
-
-		return this.each( function() {
-			if ( isHiddenWithinTree( this ) ) {
-				jQuery( this ).show();
-			} else {
-				jQuery( this ).hide();
-			}
-		} );
-	}
-} );
-var rcheckableType = ( /^(?:checkbox|radio)$/i );
-
-var rtagName = ( /<([a-z][^\/\0>\x20\t\r\n\f]+)/i );
-
-var rscriptType = ( /^$|\/(?:java|ecma)script/i );
-
-
-
-// We have to close these tags to support XHTML (#13200)
-var wrapMap = {
-
-	// Support: IE <=9 only
-	option: [ 1, "<select multiple='multiple'>", "</select>" ],
-
-	// XHTML parsers do not magically insert elements in the
-	// same way that tag soup parsers do. So we cannot shorten
-	// this by omitting <tbody> or other required elements.
-	thead: [ 1, "<table>", "</table>" ],
-	col: [ 2, "<table><colgroup>", "</colgroup></table>" ],
-	tr: [ 2, "<table><tbody>", "</tbody></table>" ],
-	td: [ 3, "<table><tbody><tr>", "</tr></tbody></table>" ],
-
-	_default: [ 0, "", "" ]
-};
-
-// Support: IE <=9 only
-wrapMap.optgroup = wrapMap.option;
-
-wrapMap.tbody = wrapMap.tfoot = wrapMap.colgroup = wrapMap.caption = wrapMap.thead;
-wrapMap.th = wrapMap.td;
-
-
-function getAll( context, tag ) {
-
-	// Support: IE <=9 - 11 only
-	// Use typeof to avoid zero-argument method invocation on host objects (#15151)
-	var ret;
-
-	if ( typeof context.getElementsByTagName !== "undefined" ) {
-		ret = context.getElementsByTagName( tag || "*" );
-
-	} else if ( typeof context.querySelectorAll !== "undefined" ) {
-		ret = context.querySelectorAll( tag || "*" );
-
-	} else {
-		ret = [];
-	}
-
-	if ( tag === undefined || tag && nodeName( context, tag ) ) {
-		return jQuery.merge( [ context ], ret );
-	}
-
-	return ret;
-}
-
-
-// Mark scripts as having already been evaluated
-function setGlobalEval( elems, refElements ) {
-	var i = 0,
-		l = elems.length;
-
-	for ( ; i < l; i++ ) {
-		dataPriv.set(
-			elems[ i ],
-			"globalEval",
-			!refElements || dataPriv.get( refElements[ i ], "globalEval" )
-		);
-	}
-}
-
-
-var rhtml = /<|&#?\w+;/;
-
-function buildFragment( elems, context, scripts, selection, ignored ) {
-	var elem, tmp, tag, wrap, contains, j,
-		fragment = context.createDocumentFragment(),
-		nodes = [],
-		i = 0,
-		l = elems.length;
-
-	for ( ; i < l; i++ ) {
-		elem = elems[ i ];
-
-		if ( elem || elem === 0 ) {
-
-			// Add nodes directly
-			if ( jQuery.type( elem ) === "object" ) {
-
-				// Support: Android <=4.0 only, PhantomJS 1 only
-				// push.apply(_, arraylike) throws on ancient WebKit
-				jQuery.merge( nodes, elem.nodeType ? [ elem ] : elem );
-
-			// Convert non-html into a text node
-			} else if ( !rhtml.test( elem ) ) {
-				nodes.push( context.createTextNode( elem ) );
-
-			// Convert html into DOM nodes
-			} else {
-				tmp = tmp || fragment.appendChild( context.createElement( "div" ) );
-
-				// Deserialize a standard representation
-				tag = ( rtagName.exec( elem ) || [ "", "" ] )[ 1 ].toLowerCase();
-				wrap = wrapMap[ tag ] || wrapMap._default;
-				tmp.innerHTML = wrap[ 1 ] + jQuery.htmlPrefilter( elem ) + wrap[ 2 ];
-
-				// Descend through wrappers to the right content
-				j = wrap[ 0 ];
-				while ( j-- ) {
-					tmp = tmp.lastChild;
-				}
-
-				// Support: Android <=4.0 only, PhantomJS 1 only
-				// push.apply(_, arraylike) throws on ancient WebKit
-				jQuery.merge( nodes, tmp.childNodes );
-
-				// Remember the top-level container
-				tmp = fragment.firstChild;
-
-				// Ensure the created nodes are orphaned (#12392)
-				tmp.textContent = "";
-			}
-		}
-	}
-
-	// Remove wrapper from fragment
-	fragment.textContent = "";
-
-	i = 0;
-	while ( ( elem = nodes[ i++ ] ) ) {
-
-		// Skip elements already in the context collection (trac-4087)
-		if ( selection && jQuery.inArray( elem, selection ) > -1 ) {
-			if ( ignored ) {
-				ignored.push( elem );
-			}
-			continue;
-		}
-
-		contains = jQuery.contains( elem.ownerDocument, elem );
-
-		// Append to fragment
-		tmp = getAll( fragment.appendChild( elem ), "script" );
-
-		// Preserve script evaluation history
-		if ( contains ) {
-			setGlobalEval( tmp );
-		}
-
-		// Capture executables
-		if ( scripts ) {
-			j = 0;
-			while ( ( elem = tmp[ j++ ] ) ) {
-				if ( rscriptType.test( elem.type || "" ) ) {
-					scripts.push( elem );
-				}
-			}
-		}
-	}
-
-	return fragment;
-}
-
-
-( function() {
-	var fragment = document.createDocumentFragment(),
-		div = fragment.appendChild( document.createElement( "div" ) ),
-		input = document.createElement( "input" );
-
-	// Support: Android 4.0 - 4.3 only
-	// Check state lost if the name is set (#11217)
-	// Support: Windows Web Apps (WWA)
-	// `name` and `type` must use .setAttribute for WWA (#14901)
-	input.setAttribute( "type", "radio" );
-	input.setAttribute( "checked", "checked" );
-	input.setAttribute( "name", "t" );
-
-	div.appendChild( input );
-
-	// Support: Android <=4.1 only
-	// Older WebKit doesn't clone checked state correctly in fragments
-	support.checkClone = div.cloneNode( true ).cloneNode( true ).lastChild.checked;
-
-	// Support: IE <=11 only
-	// Make sure textarea (and checkbox) defaultValue is properly cloned
-	div.innerHTML = "<textarea>x</textarea>";
-	support.noCloneChecked = !!div.cloneNode( true ).lastChild.defaultValue;
-} )();
-var documentElement = document.documentElement;
-
-
-
-var
-	rkeyEvent = /^key/,
-	rmouseEvent = /^(?:mouse|pointer|contextmenu|drag|drop)|click/,
-	rtypenamespace = /^([^.]*)(?:\.(.+)|)/;
-
-function returnTrue() {
-	return true;
-}
-
-function returnFalse() {
-	return false;
-}
-
-// Support: IE <=9 only
-// See #13393 for more info
-function safeActiveElement() {
-	try {
-		return document.activeElement;
-	} catch ( err ) { }
-}
-
-function on( elem, types, selector, data, fn, one ) {
-	var origFn, type;
-
-	// Types can be a map of types/handlers
-	if ( typeof types === "object" ) {
-
-		// ( types-Object, selector, data )
-		if ( typeof selector !== "string" ) {
-
-			// ( types-Object, data )
-			data = data || selector;
-			selector = undefined;
-		}
-		for ( type in types ) {
-			on( elem, type, selector, data, types[ type ], one );
-		}
-		return elem;
-	}
-
-	if ( data == null && fn == null ) {
-
-		// ( types, fn )
-		fn = selector;
-		data = selector = undefined;
-	} else if ( fn == null ) {
-		if ( typeof selector === "string" ) {
-
-			// ( types, selector, fn )
-			fn = data;
-			data = undefined;
-		} else {
-
-			// ( types, data, fn )
-			fn = data;
-			data = selector;
-			selector = undefined;
-		}
-	}
-	if ( fn === false ) {
-		fn = returnFalse;
-	} else if ( !fn ) {
-		return elem;
-	}
-
-	if ( one === 1 ) {
-		origFn = fn;
-		fn = function( event ) {
-
-			// Can use an empty set, since event contains the info
-			jQuery().off( event );
-			return origFn.apply( this, arguments );
-		};
-
-		// Use same guid so caller can remove using origFn
-		fn.guid = origFn.guid || ( origFn.guid = jQuery.guid++ );
-	}
-	return elem.each( function() {
-		jQuery.event.add( this, types, fn, data, selector );
-	} );
-}
-
-/*
- * Helper functions for managing events -- not part of the public interface.
- * Props to Dean Edwards' addEvent library for many of the ideas.
- */
-jQuery.event = {
-
-	global: {},
-
-	add: function( elem, types, handler, data, selector ) {
-
-		var handleObjIn, eventHandle, tmp,
-			events, t, handleObj,
-			special, handlers, type, namespaces, origType,
-			elemData = dataPriv.get( elem );
-
-		// Don't attach events to noData or text/comment nodes (but allow plain objects)
-		if ( !elemData ) {
-			return;
-		}
-
-		// Caller can pass in an object of custom data in lieu of the handler
-		if ( handler.handler ) {
-			handleObjIn = handler;
-			handler = handleObjIn.handler;
-			selector = handleObjIn.selector;
-		}
-
-		// Ensure that invalid selectors throw exceptions at attach time
-		// Evaluate against documentElement in case elem is a non-element node (e.g., document)
-		if ( selector ) {
-			jQuery.find.matchesSelector( documentElement, selector );
-		}
-
-		// Make sure that the handler has a unique ID, used to find/remove it later
-		if ( !handler.guid ) {
-			handler.guid = jQuery.guid++;
-		}
-
-		// Init the element's event structure and main handler, if this is the first
-		if ( !( events = elemData.events ) ) {
-			events = elemData.events = {};
-		}
-		if ( !( eventHandle = elemData.handle ) ) {
-			eventHandle = elemData.handle = function( e ) {
-
-				// Discard the second event of a jQuery.event.trigger() and
-				// when an event is called after a page has unloaded
-				return typeof jQuery !== "undefined" && jQuery.event.triggered !== e.type ?
-					jQuery.event.dispatch.apply( elem, arguments ) : undefined;
-			};
-		}
-
-		// Handle multiple events separated by a space
-		types = ( types || "" ).match( rnothtmlwhite ) || [ "" ];
-		t = types.length;
-		while ( t-- ) {
-			tmp = rtypenamespace.exec( types[ t ] ) || [];
-			type = origType = tmp[ 1 ];
-			namespaces = ( tmp[ 2 ] || "" ).split( "." ).sort();
-
-			// There *must* be a type, no attaching namespace-only handlers
-			if ( !type ) {
-				continue;
-			}
-
-			// If event changes its type, use the special event handlers for the changed type
-			special = jQuery.event.special[ type ] || {};
-
-			// If selector defined, determine special event api type, otherwise given type
-			type = ( selector ? special.delegateType : special.bindType ) || type;
-
-			// Update special based on newly reset type
-			special = jQuery.event.special[ type ] || {};
-
-			// handleObj is passed to all event handlers
-			handleObj = jQuery.extend( {
-				type: type,
-				origType: origType,
-				data: data,
-				handler: handler,
-				guid: handler.guid,
-				selector: selector,
-				needsContext: selector && jQuery.expr.match.needsContext.test( selector ),
-				namespace: namespaces.join( "." )
-			}, handleObjIn );
-
-			// Init the event handler queue if we're the first
-			if ( !( handlers = events[ type ] ) ) {
-				handlers = events[ type ] = [];
-				handlers.delegateCount = 0;
-
-				// Only use addEventListener if the special events handler returns false
-				if ( !special.setup ||
-					special.setup.call( elem, data, namespaces, eventHandle ) === false ) {
-
-					if ( elem.addEventListener ) {
-						elem.addEventListener( type, eventHandle );
-					}
-				}
-			}
-
-			if ( special.add ) {
-				special.add.call( elem, handleObj );
-
-				if ( !handleObj.handler.guid ) {
-					handleObj.handler.guid = handler.guid;
-				}
-			}
-
-			// Add to the element's handler list, delegates in front
-			if ( selector ) {
-				handlers.splice( handlers.delegateCount++, 0, handleObj );
-			} else {
-				handlers.push( handleObj );
-			}
-
-			// Keep track of which events have ever been used, for event optimization
-			jQuery.event.global[ type ] = true;
-		}
-
-	},
-
-	// Detach an event or set of events from an element
-	remove: function( elem, types, handler, selector, mappedTypes ) {
-
-		var j, origCount, tmp,
-			events, t, handleObj,
-			special, handlers, type, namespaces, origType,
-			elemData = dataPriv.hasData( elem ) && dataPriv.get( elem );
-
-		if ( !elemData || !( events = elemData.events ) ) {
-			return;
-		}
-
-		// Once for each type.namespace in types; type may be omitted
-		types = ( types || "" ).match( rnothtmlwhite ) || [ "" ];
-		t = types.length;
-		while ( t-- ) {
-			tmp = rtypenamespace.exec( types[ t ] ) || [];
-			type = origType = tmp[ 1 ];
-			namespaces = ( tmp[ 2 ] || "" ).split( "." ).sort();
-
-			// Unbind all events (on this namespace, if provided) for the element
-			if ( !type ) {
-				for ( type in events ) {
-					jQuery.event.remove( elem, type + types[ t ], handler, selector, true );
-				}
-				continue;
-			}
-
-			special = jQuery.event.special[ type ] || {};
-			type = ( selector ? special.delegateType : special.bindType ) || type;
-			handlers = events[ type ] || [];
-			tmp = tmp[ 2 ] &&
-				new RegExp( "(^|\\.)" + namespaces.join( "\\.(?:.*\\.|)" ) + "(\\.|$)" );
-
-			// Remove matching events
-			origCount = j = handlers.length;
-			while ( j-- ) {
-				handleObj = handlers[ j ];
-
-				if ( ( mappedTypes || origType === handleObj.origType ) &&
-					( !handler || handler.guid === handleObj.guid ) &&
-					( !tmp || tmp.test( handleObj.namespace ) ) &&
-					( !selector || selector === handleObj.selector ||
-						selector === "**" && handleObj.selector ) ) {
-					handlers.splice( j, 1 );
-
-					if ( handleObj.selector ) {
-						handlers.delegateCount--;
-					}
-					if ( special.remove ) {
-						special.remove.call( elem, handleObj );
-					}
-				}
-			}
-
-			// Remove generic event handler if we removed something and no more handlers exist
-			// (avoids potential for endless recursion during removal of special event handlers)
-			if ( origCount && !handlers.length ) {
-				if ( !special.teardown ||
-					special.teardown.call( elem, namespaces, elemData.handle ) === false ) {
-
-					jQuery.removeEvent( elem, type, elemData.handle );
-				}
-
-				delete events[ type ];
-			}
-		}
-
-		// Remove data and the expando if it's no longer used
-		if ( jQuery.isEmptyObject( events ) ) {
-			dataPriv.remove( elem, "handle events" );
-		}
-	},
-
-	dispatch: function( nativeEvent ) {
-
-		// Make a writable jQuery.Event from the native event object
-		var event = jQuery.event.fix( nativeEvent );
-
-		var i, j, ret, matched, handleObj, handlerQueue,
-			args = new Array( arguments.length ),
-			handlers = ( dataPriv.get( this, "events" ) || {} )[ event.type ] || [],
-			special = jQuery.event.special[ event.type ] || {};
-
-		// Use the fix-ed jQuery.Event rather than the (read-only) native event
-		args[ 0 ] = event;
-
-		for ( i = 1; i < arguments.length; i++ ) {
-			args[ i ] = arguments[ i ];
-		}
-
-		event.delegateTarget = this;
-
-		// Call the preDispatch hook for the mapped type, and let it bail if desired
-		if ( special.preDispatch && special.preDispatch.call( this, event ) === false ) {
-			return;
-		}
-
-		// Determine handlers
-		handlerQueue = jQuery.event.handlers.call( this, event, handlers );
-
-		// Run delegates first; they may want to stop propagation beneath us
-		i = 0;
-		while ( ( matched = handlerQueue[ i++ ] ) && !event.isPropagationStopped() ) {
-			event.currentTarget = matched.elem;
-
-			j = 0;
-			while ( ( handleObj = matched.handlers[ j++ ] ) &&
-				!event.isImmediatePropagationStopped() ) {
-
-				// Triggered event must either 1) have no namespace, or 2) have namespace(s)
-				// a subset or equal to those in the bound event (both can have no namespace).
-				if ( !event.rnamespace || event.rnamespace.test( handleObj.namespace ) ) {
-
-					event.handleObj = handleObj;
-					event.data = handleObj.data;
-
-					ret = ( ( jQuery.event.special[ handleObj.origType ] || {} ).handle ||
-						handleObj.handler ).apply( matched.elem, args );
-
-					if ( ret !== undefined ) {
-						if ( ( event.result = ret ) === false ) {
-							event.preventDefault();
-							event.stopPropagation();
-						}
-					}
-				}
-			}
-		}
-
-		// Call the postDispatch hook for the mapped type
-		if ( special.postDispatch ) {
-			special.postDispatch.call( this, event );
-		}
-
-		return event.result;
-	},
-
-	handlers: function( event, handlers ) {
-		var i, handleObj, sel, matchedHandlers, matchedSelectors,
-			handlerQueue = [],
-			delegateCount = handlers.delegateCount,
-			cur = event.target;
-
-		// Find delegate handlers
-		if ( delegateCount &&
-
-			// Support: IE <=9
-			// Black-hole SVG <use> instance trees (trac-13180)
-			cur.nodeType &&
-
-			// Support: Firefox <=42
-			// Suppress spec-violating clicks indicating a non-primary pointer button (trac-3861)
-			// https://www.w3.org/TR/DOM-Level-3-Events/#event-type-click
-			// Support: IE 11 only
-			// ...but not arrow key "clicks" of radio inputs, which can have `button` -1 (gh-2343)
-			!( event.type === "click" && event.button >= 1 ) ) {
-
-			for ( ; cur !== this; cur = cur.parentNode || this ) {
-
-				// Don't check non-elements (#13208)
-				// Don't process clicks on disabled elements (#6911, #8165, #11382, #11764)
-				if ( cur.nodeType === 1 && !( event.type === "click" && cur.disabled === true ) ) {
-					matchedHandlers = [];
-					matchedSelectors = {};
-					for ( i = 0; i < delegateCount; i++ ) {
-						handleObj = handlers[ i ];
-
-						// Don't conflict with Object.prototype properties (#13203)
-						sel = handleObj.selector + " ";
-
-						if ( matchedSelectors[ sel ] === undefined ) {
-							matchedSelectors[ sel ] = handleObj.needsContext ?
-								jQuery( sel, this ).index( cur ) > -1 :
-								jQuery.find( sel, this, null, [ cur ] ).length;
-						}
-						if ( matchedSelectors[ sel ] ) {
-							matchedHandlers.push( handleObj );
-						}
-					}
-					if ( matchedHandlers.length ) {
-						handlerQueue.push( { elem: cur, handlers: matchedHandlers } );
-					}
-				}
-			}
-		}
-
-		// Add the remaining (directly-bound) handlers
-		cur = this;
-		if ( delegateCount < handlers.length ) {
-			handlerQueue.push( { elem: cur, handlers: handlers.slice( delegateCount ) } );
-		}
-
-		return handlerQueue;
-	},
-
-	addProp: function( name, hook ) {
-		Object.defineProperty( jQuery.Event.prototype, name, {
-			enumerable: true,
-			configurable: true,
-
-			get: jQuery.isFunction( hook ) ?
-				function() {
-					if ( this.originalEvent ) {
-							return hook( this.originalEvent );
-					}
-				} :
-				function() {
-					if ( this.originalEvent ) {
-							return this.originalEvent[ name ];
-					}
-				},
-
-			set: function( value ) {
-				Object.defineProperty( this, name, {
-					enumerable: true,
-					configurable: true,
-					writable: true,
-					value: value
-				} );
-			}
-		} );
-	},
-
-	fix: function( originalEvent ) {
-		return originalEvent[ jQuery.expando ] ?
-			originalEvent :
-			new jQuery.Event( originalEvent );
-	},
-
-	special: {
-		load: {
-
-			// Prevent triggered image.load events from bubbling to window.load
-			noBubble: true
-		},
-		focus: {
-
-			// Fire native event if possible so blur/focus sequence is correct
-			trigger: function() {
-				if ( this !== safeActiveElement() && this.focus ) {
-					this.focus();
-					return false;
-				}
-			},
-			delegateType: "focusin"
-		},
-		blur: {
-			trigger: function() {
-				if ( this === safeActiveElement() && this.blur ) {
-					this.blur();
-					return false;
-				}
-			},
-			delegateType: "focusout"
-		},
-		click: {
-
-			// For checkbox, fire native event so checked state will be right
-			trigger: function() {
-				if ( this.type === "checkbox" && this.click && nodeName( this, "input" ) ) {
-					this.click();
-					return false;
-				}
-			},
-
-			// For cross-browser consistency, don't fire native .click() on links
-			_default: function( event ) {
-				return nodeName( event.target, "a" );
-			}
-		},
-
-		beforeunload: {
-			postDispatch: function( event ) {
-
-				// Support: Firefox 20+
-				// Firefox doesn't alert if the returnValue field is not set.
-				if ( event.result !== undefined && event.originalEvent ) {
-					event.originalEvent.returnValue = event.result;
-				}
-			}
-		}
-	}
-};
-
-jQuery.removeEvent = function( elem, type, handle ) {
-
-	// This "if" is needed for plain objects
-	if ( elem.removeEventListener ) {
-		elem.removeEventListener( type, handle );
-	}
-};
-
-jQuery.Event = function( src, props ) {
-
-	// Allow instantiation without the 'new' keyword
-	if ( !( this instanceof jQuery.Event ) ) {
-		return new jQuery.Event( src, props );
-	}
-
-	// Event object
-	if ( src && src.type ) {
-		this.originalEvent = src;
-		this.type = src.type;
-
-		// Events bubbling up the document may have been marked as prevented
-		// by a handler lower down the tree; reflect the correct value.
-		this.isDefaultPrevented = src.defaultPrevented ||
-				src.defaultPrevented === undefined &&
-
-				// Support: Android <=2.3 only
-				src.returnValue === false ?
-			returnTrue :
-			returnFalse;
-
-		// Create target properties
-		// Support: Safari <=6 - 7 only
-		// Target should not be a text node (#504, #13143)
-		this.target = ( src.target && src.target.nodeType === 3 ) ?
-			src.target.parentNode :
-			src.target;
-
-		this.currentTarget = src.currentTarget;
-		this.relatedTarget = src.relatedTarget;
-
-	// Event type
-	} else {
-		this.type = src;
-	}
-
-	// Put explicitly provided properties onto the event object
-	if ( props ) {
-		jQuery.extend( this, props );
-	}
-
-	// Create a timestamp if incoming event doesn't have one
-	this.timeStamp = src && src.timeStamp || jQuery.now();
-
-	// Mark it as fixed
-	this[ jQuery.expando ] = true;
-};
-
-// jQuery.Event is based on DOM3 Events as specified by the ECMAScript Language Binding
-// https://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html
-jQuery.Event.prototype = {
-	constructor: jQuery.Event,
-	isDefaultPrevented: returnFalse,
-	isPropagationStopped: returnFalse,
-	isImmediatePropagationStopped: returnFalse,
-	isSimulated: false,
-
-	preventDefault: function() {
-		var e = this.originalEvent;
-
-		this.isDefaultPrevented = returnTrue;
-
-		if ( e && !this.isSimulated ) {
-			e.preventDefault();
-		}
-	},
-	stopPropagation: function() {
-		var e = this.originalEvent;
-
-		this.isPropagationStopped = returnTrue;
-
-		if ( e && !this.isSimulated ) {
-			e.stopPropagation();
-		}
-	},
-	stopImmediatePropagation: function() {
-		var e = this.originalEvent;
-
-		this.isImmediatePropagationStopped = returnTrue;
-
-		if ( e && !this.isSimulated ) {
-			e.stopImmediatePropagation();
-		}
-
-		this.stopPropagation();
-	}
-};
-
-// Includes all common event props including KeyEvent and MouseEvent specific props
-jQuery.each( {
-	altKey: true,
-	bubbles: true,
-	cancelable: true,
-	changedTouches: true,
-	ctrlKey: true,
-	detail: true,
-	eventPhase: true,
-	metaKey: true,
-	pageX: true,
-	pageY: true,
-	shiftKey: true,
-	view: true,
-	"char": true,
-	charCode: true,
-	key: true,
-	keyCode: true,
-	button: true,
-	buttons: true,
-	clientX: true,
-	clientY: true,
-	offsetX: true,
-	offsetY: true,
-	pointerId: true,
-	pointerType: true,
-	screenX: true,
-	screenY: true,
-	targetTouches: true,
-	toElement: true,
-	touches: true,
-
-	which: function( event ) {
-		var button = event.button;
-
-		// Add which for key events
-		if ( event.which == null && rkeyEvent.test( event.type ) ) {
-			return event.charCode != null ? event.charCode : event.keyCode;
-		}
-
-		// Add which for click: 1 === left; 2 === middle; 3 === right
-		if ( !event.which && button !== undefined && rmouseEvent.test( event.type ) ) {
-			if ( button & 1 ) {
-				return 1;
-			}
-
-			if ( button & 2 ) {
-				return 3;
-			}
-
-			if ( button & 4 ) {
-				return 2;
-			}
-
-			return 0;
-		}
-
-		return event.which;
-	}
-}, jQuery.event.addProp );
-
-// Create mouseenter/leave events using mouseover/out and event-time checks
-// so that event delegation works in jQuery.
-// Do the same for pointerenter/pointerleave and pointerover/pointerout
-//
-// Support: Safari 7 only
-// Safari sends mouseenter too often; see:
-// https://bugs.chromium.org/p/chromium/issues/detail?id=470258
-// for the description of the bug (it existed in older Chrome versions as well).
-jQuery.each( {
-	mouseenter: "mouseover",
-	mouseleave: "mouseout",
-	pointerenter: "pointerover",
-	pointerleave: "pointerout"
-}, function( orig, fix ) {
-	jQuery.event.special[ orig ] = {
-		delegateType: fix,
-		bindType: fix,
-
-		handle: function( event ) {
-			var ret,
-				target = this,
-				related = event.relatedTarget,
-				handleObj = event.handleObj;
-
-			// For mouseenter/leave call the handler if related is outside the target.
-			// NB: No relatedTarget if the mouse left/entered the browser window
-			if ( !related || ( related !== target && !jQuery.contains( target, related ) ) ) {
-				event.type = handleObj.origType;
-				ret = handleObj.handler.apply( this, arguments );
-				event.type = fix;
-			}
-			return ret;
-		}
-	};
-} );
-
-jQuery.fn.extend( {
-
-	on: function( types, selector, data, fn ) {
-		return on( this, types, selector, data, fn );
-	},
-	one: function( types, selector, data, fn ) {
-		return on( this, types, selector, data, fn, 1 );
-	},
-	off: function( types, selector, fn ) {
-		var handleObj, type;
-		if ( types && types.preventDefault && types.handleObj ) {
-
-			// ( event )  dispatched jQuery.Event
-			handleObj = types.handleObj;
-			jQuery( types.delegateTarget ).off(
-				handleObj.namespace ?
-					handleObj.origType + "." + handleObj.namespace :
-					handleObj.origType,
-				handleObj.selector,
-				handleObj.handler
-			);
-			return this;
-		}
-		if ( typeof types === "object" ) {
-
-			// ( types-object [, selector] )
-			for ( type in types ) {
-				this.off( type, selector, types[ type ] );
-			}
-			return this;
-		}
-		if ( selector === false || typeof selector === "function" ) {
-
-			// ( types [, fn] )
-			fn = selector;
-			selector = undefined;
-		}
-		if ( fn === false ) {
-			fn = returnFalse;
-		}
-		return this.each( function() {
-			jQuery.event.remove( this, types, fn, selector );
-		} );
-	}
-} );
-
-
-var
-
-	/* eslint-disable max-len */
-
-	// See https://github.com/eslint/eslint/issues/3229
-	rxhtmlTag = /<(?!area|br|col|embed|hr|img|input|link|meta|param)(([a-z][^\/\0>\x20\t\r\n\f]*)[^>]*)\/>/gi,
-
-	/* eslint-enable */
-
-	// Support: IE <=10 - 11, Edge 12 - 13
-	// In IE/Edge using regex groups here causes severe slowdowns.
-	// See https://connect.microsoft.com/IE/feedback/details/1736512/
-	rnoInnerhtml = /<script|<style|<link/i,
-
-	// checked="checked" or checked
-	rchecked = /checked\s*(?:[^=]|=\s*.checked.)/i,
-	rscriptTypeMasked = /^true\/(.*)/,
-	rcleanScript = /^\s*<!(?:\[CDATA\[|--)|(?:\]\]|--)>\s*$/g;
-
-// Prefer a tbody over its parent table for containing new rows
-function manipulationTarget( elem, content ) {
-	if ( nodeName( elem, "table" ) &&
-		nodeName( content.nodeType !== 11 ? content : content.firstChild, "tr" ) ) {
-
-		return jQuery( ">tbody", elem )[ 0 ] || elem;
-	}
-
-	return elem;
-}
-
-// Replace/restore the type attribute of script elements for safe DOM manipulation
-function disableScript( elem ) {
-	elem.type = ( elem.getAttribute( "type" ) !== null ) + "/" + elem.type;
-	return elem;
-}
-function restoreScript( elem ) {
-	var match = rscriptTypeMasked.exec( elem.type );
-
-	if ( match ) {
-		elem.type = match[ 1 ];
-	} else {
-		elem.removeAttribute( "type" );
-	}
-
-	return elem;
-}
-
-function cloneCopyEvent( src, dest ) {
-	var i, l, type, pdataOld, pdataCur, udataOld, udataCur, events;
-
-	if ( dest.nodeType !== 1 ) {
-		return;
-	}
-
-	// 1. Copy private data: events, handlers, etc.
-	if ( dataPriv.hasData( src ) ) {
-		pdataOld = dataPriv.access( src );
-		pdataCur = dataPriv.set( dest, pdataOld );
-		events = pdataOld.events;
-
-		if ( events ) {
-			delete pdataCur.handle;
-			pdataCur.events = {};
-
-			for ( type in events ) {
-				for ( i = 0, l = events[ type ].length; i < l; i++ ) {
-					jQuery.event.add( dest, type, events[ type ][ i ] );
-				}
-			}
-		}
-	}
-
-	// 2. Copy user data
-	if ( dataUser.hasData( src ) ) {
-		udataOld = dataUser.access( src );
-		udataCur = jQuery.extend( {}, udataOld );
-
-		dataUser.set( dest, udataCur );
-	}
-}
-
-// Fix IE bugs, see support tests
-function fixInput( src, dest ) {
-	var nodeName = dest.nodeName.toLowerCase();
-
-	// Fails to persist the checked state of a cloned checkbox or radio button.
-	if ( nodeName === "input" && rcheckableType.test( src.type ) ) {
-		dest.checked = src.checked;
-
-	// Fails to return the selected option to the default selected state when cloning options
-	} else if ( nodeName === "input" || nodeName === "textarea" ) {
-		dest.defaultValue = src.defaultValue;
-	}
-}
-
-function domManip( collection, args, callback, ignored ) {
-
-	// Flatten any nested arrays
-	args = concat.apply( [], args );
-
-	var fragment, first, scripts, hasScripts, node, doc,
-		i = 0,
-		l = collection.length,
-		iNoClone = l - 1,
-		value = args[ 0 ],
-		isFunction = jQuery.isFunction( value );
-
-	// We can't cloneNode fragments that contain checked, in WebKit
-	if ( isFunction ||
-			( l > 1 && typeof value === "string" &&
-				!support.checkClone && rchecked.test( value ) ) ) {
-		return collection.each( function( index ) {
-			var self = collection.eq( index );
-			if ( isFunction ) {
-				args[ 0 ] = value.call( this, index, self.html() );
-			}
-			domManip( self, args, callback, ignored );
-		} );
-	}
-
-	if ( l ) {
-		fragment = buildFragment( args, collection[ 0 ].ownerDocument, false, collection, ignored );
-		first = fragment.firstChild;
-
-		if ( fragment.childNodes.length === 1 ) {
-			fragment = first;
-		}
-
-		// Require either new content or an interest in ignored elements to invoke the callback
-		if ( first || ignored ) {
-			scripts = jQuery.map( getAll( fragment, "script" ), disableScript );
-			hasScripts = scripts.length;
-
-			// Use the original fragment for the last item
-			// instead of the first because it can end up
-			// being emptied incorrectly in certain situations (#8070).
-			for ( ; i < l; i++ ) {
-				node = fragment;
-
-				if ( i !== iNoClone ) {
-					node = jQuery.clone( node, true, true );
-
-					// Keep references to cloned scripts for later restoration
-					if ( hasScripts ) {
-
-						// Support: Android <=4.0 only, PhantomJS 1 only
-						// push.apply(_, arraylike) throws on ancient WebKit
-						jQuery.merge( scripts, getAll( node, "script" ) );
-					}
-				}
-
-				callback.call( collection[ i ], node, i );
-			}
-
-			if ( hasScripts ) {
-				doc = scripts[ scripts.length - 1 ].ownerDocument;
-
-				// Reenable scripts
-				jQuery.map( scripts, restoreScript );
-
-				// Evaluate executable scripts on first document insertion
-				for ( i = 0; i < hasScripts; i++ ) {
-					node = scripts[ i ];
-					if ( rscriptType.test( node.type || "" ) &&
-						!dataPriv.access( node, "globalEval" ) &&
-						jQuery.contains( doc, node ) ) {
-
-						if ( node.src ) {
-
-							// Optional AJAX dependency, but won't run scripts if not present
-							if ( jQuery._evalUrl ) {
-								jQuery._evalUrl( node.src );
-							}
-						} else {
-							DOMEval( node.textContent.replace( rcleanScript, "" ), doc );
-						}
-					}
-				}
-			}
-		}
-	}
-
-	return collection;
-}
-
-function remove( elem, selector, keepData ) {
-	var node,
-		nodes = selector ? jQuery.filter( selector, elem ) : elem,
-		i = 0;
-
-	for ( ; ( node = nodes[ i ] ) != null; i++ ) {
-		if ( !keepData && node.nodeType === 1 ) {
-			jQuery.cleanData( getAll( node ) );
-		}
-
-		if ( node.parentNode ) {
-			if ( keepData && jQuery.contains( node.ownerDocument, node ) ) {
-				setGlobalEval( getAll( node, "script" ) );
-			}
-			node.parentNode.removeChild( node );
-		}
-	}
-
-	return elem;
-}
-
-jQuery.extend( {
-	htmlPrefilter: function( html ) {
-		return html.replace( rxhtmlTag, "<$1></$2>" );
-	},
-
-	clone: function( elem, dataAndEvents, deepDataAndEvents ) {
-		var i, l, srcElements, destElements,
-			clone = elem.cloneNode( true ),
-			inPage = jQuery.contains( elem.ownerDocument, elem );
-
-		// Fix IE cloning issues
-		if ( !support.noCloneChecked && ( elem.nodeType === 1 || elem.nodeType === 11 ) &&
-				!jQuery.isXMLDoc( elem ) ) {
-
-			// We eschew Sizzle here for performance reasons: https://jsperf.com/getall-vs-sizzle/2
-			destElements = getAll( clone );
-			srcElements = getAll( elem );
-
-			for ( i = 0, l = srcElements.length; i < l; i++ ) {
-				fixInput( srcElements[ i ], destElements[ i ] );
-			}
-		}
-
-		// Copy the events from the original to the clone
-		if ( dataAndEvents ) {
-			if ( deepDataAndEvents ) {
-				srcElements = srcElements || getAll( elem );
-				destElements = destElements || getAll( clone );
-
-				for ( i = 0, l = srcElements.length; i < l; i++ ) {
-					cloneCopyEvent( srcElements[ i ], destElements[ i ] );
-				}
-			} else {
-				cloneCopyEvent( elem, clone );
-			}
-		}
-
-		// Preserve script evaluation history
-		destElements = getAll( clone, "script" );
-		if ( destElements.length > 0 ) {
-			setGlobalEval( destElements, !inPage && getAll( elem, "script" ) );
-		}
-
-		// Return the cloned set
-		return clone;
-	},
-
-	cleanData: function( elems ) {
-		var data, elem, type,
-			special = jQuery.event.special,
-			i = 0;
-
-		for ( ; ( elem = elems[ i ] ) !== undefined; i++ ) {
-			if ( acceptData( elem ) ) {
-				if ( ( data = elem[ dataPriv.expando ] ) ) {
-					if ( data.events ) {
-						for ( type in data.events ) {
-							if ( special[ type ] ) {
-								jQuery.event.remove( elem, type );
-
-							// This is a shortcut to avoid jQuery.event.remove's overhead
-							} else {
-								jQuery.removeEvent( elem, type, data.handle );
-							}
-						}
-					}
-
-					// Support: Chrome <=35 - 45+
-					// Assign undefined instead of using delete, see Data#remove
-					elem[ dataPriv.expando ] = undefined;
-				}
-				if ( elem[ dataUser.expando ] ) {
-
-					// Support: Chrome <=35 - 45+
-					// Assign undefined instead of using delete, see Data#remove
-					elem[ dataUser.expando ] = undefined;
-				}
-			}
-		}
-	}
-} );
-
-jQuery.fn.extend( {
-	detach: function( selector ) {
-		return remove( this, selector, true );
-	},
-
-	remove: function( selector ) {
-		return remove( this, selector );
-	},
-
-	text: function( value ) {
-		return access( this, function( value ) {
-			return value === undefined ?
-				jQuery.text( this ) :
-				this.empty().each( function() {
-					if ( this.nodeType === 1 || this.nodeType === 11 || this.nodeType === 9 ) {
-						this.textContent = value;
-					}
-				} );
-		}, null, value, arguments.length );
-	},
-
-	append: function() {
-		return domManip( this, arguments, function( elem ) {
-			if ( this.nodeType === 1 || this.nodeType === 11 || this.nodeType === 9 ) {
-				var target = manipulationTarget( this, elem );
-				target.appendChild( elem );
-			}
-		} );
-	},
-
-	prepend: function() {
-		return domManip( this, arguments, function( elem ) {
-			if ( this.nodeType === 1 || this.nodeType === 11 || this.nodeType === 9 ) {
-				var target = manipulationTarget( this, elem );
-				target.insertBefore( elem, target.firstChild );
-			}
-		} );
-	},
-
-	before: function() {
-		return domManip( this, arguments, function( elem ) {
-			if ( this.parentNode ) {
-				this.parentNode.insertBefore( elem, this );
-			}
-		} );
-	},
-
-	after: function() {
-		return domManip( this, arguments, function( elem ) {
-			if ( this.parentNode ) {
-				this.parentNode.insertBefore( elem, this.nextSibling );
-			}
-		} );
-	},
-
-	empty: function() {
-		var elem,
-			i = 0;
-
-		for ( ; ( elem = this[ i ] ) != null; i++ ) {
-			if ( elem.nodeType === 1 ) {
-
-				// Prevent memory leaks
-				jQuery.cleanData( getAll( elem, false ) );
-
-				// Remove any remaining nodes
-				elem.textContent = "";
-			}
-		}
-
-		return this;
-	},
-
-	clone: function( dataAndEvents, deepDataAndEvents ) {
-		dataAndEvents = dataAndEvents == null ? false : dataAndEvents;
-		deepDataAndEvents = deepDataAndEvents == null ? dataAndEvents : deepDataAndEvents;
-
-		return this.map( function() {
-			return jQuery.clone( this, dataAndEvents, deepDataAndEvents );
-		} );
-	},
-
-	html: function( value ) {
-		return access( this, function( value ) {
-			var elem = this[ 0 ] || {},
-				i = 0,
-				l = this.length;
-
-			if ( value === undefined && elem.nodeType === 1 ) {
-				return elem.innerHTML;
-			}
-
-			// See if we can take a shortcut and just use innerHTML
-			if ( typeof value === "string" && !rnoInnerhtml.test( value ) &&
-				!wrapMap[ ( rtagName.exec( value ) || [ "", "" ] )[ 1 ].toLowerCase() ] ) {
-
-				value = jQuery.htmlPrefilter( value );
-
-				try {
-					for ( ; i < l; i++ ) {
-						elem = this[ i ] || {};
-
-						// Remove element nodes and prevent memory leaks
-						if ( elem.nodeType === 1 ) {
-							jQuery.cleanData( getAll( elem, false ) );
-							elem.innerHTML = value;
-						}
-					}
-
-					elem = 0;
-
-				// If using innerHTML throws an exception, use the fallback method
-				} catch ( e ) {}
-			}
-
-			if ( elem ) {
-				this.empty().append( value );
-			}
-		}, null, value, arguments.length );
-	},
-
-	replaceWith: function() {
-		var ignored = [];
-
-		// Make the changes, replacing each non-ignored context element with the new content
-		return domManip( this, arguments, function( elem ) {
-			var parent = this.parentNode;
-
-			if ( jQuery.inArray( this, ignored ) < 0 ) {
-				jQuery.cleanData( getAll( this ) );
-				if ( parent ) {
-					parent.replaceChild( elem, this );
-				}
-			}
-
-		// Force callback invocation
-		}, ignored );
-	}
-} );
-
-jQuery.each( {
-	appendTo: "append",
-	prependTo: "prepend",
-	insertBefore: "before",
-	insertAfter: "after",
-	replaceAll: "replaceWith"
-}, function( name, original ) {
-	jQuery.fn[ name ] = function( selector ) {
-		var elems,
-			ret = [],
-			insert = jQuery( selector ),
-			last = insert.length - 1,
-			i = 0;
-
-		for ( ; i <= last; i++ ) {
-			elems = i === last ? this : this.clone( true );
-			jQuery( insert[ i ] )[ original ]( elems );
-
-			// Support: Android <=4.0 only, PhantomJS 1 only
-			// .get() because push.apply(_, arraylike) throws on ancient WebKit
-			push.apply( ret, elems.get() );
-		}
-
-		return this.pushStack( ret );
-	};
-} );
-var rmargin = ( /^margin/ );
-
-var rnumnonpx = new RegExp( "^(" + pnum + ")(?!px)[a-z%]+$", "i" );
-
-var getStyles = function( elem ) {
-
-		// Support: IE <=11 only, Firefox <=30 (#15098, #14150)
-		// IE throws on elements created in popups
-		// FF meanwhile throws on frame elements through "defaultView.getComputedStyle"
-		var view = elem.ownerDocument.defaultView;
-
-		if ( !view || !view.opener ) {
-			view = window;
-		}
-
-		return view.getComputedStyle( elem );
-	};
-
-
-
-( function() {
-
-	// Executing both pixelPosition & boxSizingReliable tests require only one layout
-	// so they're executed at the same time to save the second computation.
-	function computeStyleTests() {
-
-		// This is a singleton, we need to execute it only once
-		if ( !div ) {
-			return;
-		}
-
-		div.style.cssText =
-			"box-sizing:border-box;" +
-			"position:relative;display:block;" +
-			"margin:auto;border:1px;padding:1px;" +
-			"top:1%;width:50%";
-		div.innerHTML = "";
-		documentElement.appendChild( container );
-
-		var divStyle = window.getComputedStyle( div );
-		pixelPositionVal = divStyle.top !== "1%";
-
-		// Support: Android 4.0 - 4.3 only, Firefox <=3 - 44
-		reliableMarginLeftVal = divStyle.marginLeft === "2px";
-		boxSizingReliableVal = divStyle.width === "4px";
-
-		// Support: Android 4.0 - 4.3 only
-		// Some styles come back with percentage values, even though they shouldn't
-		div.style.marginRight = "50%";
-		pixelMarginRightVal = divStyle.marginRight === "4px";
-
-		documentElement.removeChild( container );
-
-		// Nullify the div so it wouldn't be stored in the memory and
-		// it will also be a sign that checks already performed
-		div = null;
-	}
-
-	var pixelPositionVal, boxSizingReliableVal, pixelMarginRightVal, reliableMarginLeftVal,
-		container = document.createElement( "div" ),
-		div = document.createElement( "div" );
-
-	// Finish early in limited (non-browser) environments
-	if ( !div.style ) {
-		return;
-	}
-
-	// Support: IE <=9 - 11 only
-	// Style of cloned element affects source element cloned (#8908)
-	div.style.backgroundClip = "content-box";
-	div.cloneNode( true ).style.backgroundClip = "";
-	support.clearCloneStyle = div.style.backgroundClip === "content-box";
-
-	container.style.cssText = "border:0;width:8px;height:0;top:0;left:-9999px;" +
-		"padding:0;margin-top:1px;position:absolute";
-	container.appendChild( div );
-
-	jQuery.extend( support, {
-		pixelPosition: function() {
-			computeStyleTests();
-			return pixelPositionVal;
-		},
-		boxSizingReliable: function() {
-			computeStyleTests();
-			return boxSizingReliableVal;
-		},
-		pixelMarginRight: function() {
-			computeStyleTests();
-			return pixelMarginRightVal;
-		},
-		reliableMarginLeft: function() {
-			computeStyleTests();
-			return reliableMarginLeftVal;
-		}
-	} );
-} )();
-
-
-function curCSS( elem, name, computed ) {
-	var width, minWidth, maxWidth, ret,
-
-		// Support: Firefox 51+
-		// Retrieving style before computed somehow
-		// fixes an issue with getting wrong values
-		// on detached elements
-		style = elem.style;
-
-	computed = computed || getStyles( elem );
-
-	// getPropertyValue is needed for:
-	//   .css('filter') (IE 9 only, #12537)
-	//   .css('--customProperty) (#3144)
-	if ( computed ) {
-		ret = computed.getPropertyValue( name ) || computed[ name ];
-
-		if ( ret === "" && !jQuery.contains( elem.ownerDocument, elem ) ) {
-			ret = jQuery.style( elem, name );
-		}
-
-		// A tribute to the "awesome hack by Dean Edwards"
-		// Android Browser returns percentage for some values,
-		// but width seems to be reliably pixels.
-		// This is against the CSSOM draft spec:
-		// https://drafts.csswg.org/cssom/#resolved-values
-		if ( !support.pixelMarginRight() && rnumnonpx.test( ret ) && rmargin.test( name ) ) {
-
-			// Remember the original values
-			width = style.width;
-			minWidth = style.minWidth;
-			maxWidth = style.maxWidth;
-
-			// Put in the new values to get a computed value out
-			style.minWidth = style.maxWidth = style.width = ret;
-			ret = computed.width;
-
-			// Revert the changed values
-			style.width = width;
-			style.minWidth = minWidth;
-			style.maxWidth = maxWidth;
-		}
-	}
-
-	return ret !== undefined ?
-
-		// Support: IE <=9 - 11 only
-		// IE returns zIndex value as an integer.
-		ret + "" :
-		ret;
-}
-
-
-function addGetHookIf( conditionFn, hookFn ) {
-
-	// Define the hook, we'll check on the first run if it's really needed.
-	return {
-		get: function() {
-			if ( conditionFn() ) {
-
-				// Hook not needed (or it's not possible to use it due
-				// to missing dependency), remove it.
-				delete this.get;
-				return;
-			}
-
-			// Hook needed; redefine it so that the support test is not executed again.
-			return ( this.get = hookFn ).apply( this, arguments );
-		}
-	};
-}
-
-
-var
-
-	// Swappable if display is none or starts with table
-	// except "table", "table-cell", or "table-caption"
-	// See here for display values: https://developer.mozilla.org/en-US/docs/CSS/display
-	rdisplayswap = /^(none|table(?!-c[ea]).+)/,
-	rcustomProp = /^--/,
-	cssShow = { position: "absolute", visibility: "hidden", display: "block" },
-	cssNormalTransform = {
-		letterSpacing: "0",
-		fontWeight: "400"
-	},
-
-	cssPrefixes = [ "Webkit", "Moz", "ms" ],
-	emptyStyle = document.createElement( "div" ).style;
-
-// Return a css property mapped to a potentially vendor prefixed property
-function vendorPropName( name ) {
-
-	// Shortcut for names that are not vendor prefixed
-	if ( name in emptyStyle ) {
-		return name;
-	}
-
-	// Check for vendor prefixed names
-	var capName = name[ 0 ].toUpperCase() + name.slice( 1 ),
-		i = cssPrefixes.length;
-
-	while ( i-- ) {
-		name = cssPrefixes[ i ] + capName;
-		if ( name in emptyStyle ) {
-			return name;
-		}
-	}
-}
-
-// Return a property mapped along what jQuery.cssProps suggests or to
-// a vendor prefixed property.
-function finalPropName( name ) {
-	var ret = jQuery.cssProps[ name ];
-	if ( !ret ) {
-		ret = jQuery.cssProps[ name ] = vendorPropName( name ) || name;
-	}
-	return ret;
-}
-
-function setPositiveNumber( elem, value, subtract ) {
-
-	// Any relative (+/-) values have already been
-	// normalized at this point
-	var matches = rcssNum.exec( value );
-	return matches ?
-
-		// Guard against undefined "subtract", e.g., when used as in cssHooks
-		Math.max( 0, matches[ 2 ] - ( subtract || 0 ) ) + ( matches[ 3 ] || "px" ) :
-		value;
-}
-
-function augmentWidthOrHeight( elem, name, extra, isBorderBox, styles ) {
-	var i,
-		val = 0;
-
-	// If we already have the right measurement, avoid augmentation
-	if ( extra === ( isBorderBox ? "border" : "content" ) ) {
-		i = 4;
-
-	// Otherwise initialize for horizontal or vertical properties
-	} else {
-		i = name === "width" ? 1 : 0;
-	}
-
-	for ( ; i < 4; i += 2 ) {
-
-		// Both box models exclude margin, so add it if we want it
-		if ( extra === "margin" ) {
-			val += jQuery.css( elem, extra + cssExpand[ i ], true, styles );
-		}
-
-		if ( isBorderBox ) {
-
-			// border-box includes padding, so remove it if we want content
-			if ( extra === "content" ) {
-				val -= jQuery.css( elem, "padding" + cssExpand[ i ], true, styles );
-			}
-
-			// At this point, extra isn't border nor margin, so remove border
-			if ( extra !== "margin" ) {
-				val -= jQuery.css( elem, "border" + cssExpand[ i ] + "Width", true, styles );
-			}
-		} else {
-
-			// At this point, extra isn't content, so add padding
-			val += jQuery.css( elem, "padding" + cssExpand[ i ], true, styles );
-
-			// At this point, extra isn't content nor padding, so add border
-			if ( extra !== "padding" ) {
-				val += jQuery.css( elem, "border" + cssExpand[ i ] + "Width", true, styles );
-			}
-		}
-	}
-
-	return val;
-}
-
-function getWidthOrHeight( elem, name, extra ) {
-
-	// Start with computed style
-	var valueIsBorderBox,
-		styles = getStyles( elem ),
-		val = curCSS( elem, name, styles ),
-		isBorderBox = jQuery.css( elem, "boxSizing", false, styles ) === "border-box";
-
-	// Computed unit is not pixels. Stop here and return.
-	if ( rnumnonpx.test( val ) ) {
-		return val;
-	}
-
-	// Check for style in case a browser which returns unreliable values
-	// for getComputedStyle silently falls back to the reliable elem.style
-	valueIsBorderBox = isBorderBox &&
-		( support.boxSizingReliable() || val === elem.style[ name ] );
-
-	// Fall back to offsetWidth/Height when value is "auto"
-	// This happens for inline elements with no explicit setting (gh-3571)
-	if ( val === "auto" ) {
-		val = elem[ "offset" + name[ 0 ].toUpperCase() + name.slice( 1 ) ];
-	}
-
-	// Normalize "", auto, and prepare for extra
-	val = parseFloat( val ) || 0;
-
-	// Use the active box-sizing model to add/subtract irrelevant styles
-	return ( val +
-		augmentWidthOrHeight(
-			elem,
-			name,
-			extra || ( isBorderBox ? "border" : "content" ),
-			valueIsBorderBox,
-			styles
-		)
-	) + "px";
-}
-
-jQuery.extend( {
-
-	// Add in style property hooks for overriding the default
-	// behavior of getting and setting a style property
-	cssHooks: {
-		opacity: {
-			get: function( elem, computed ) {
-				if ( computed ) {
-
-					// We should always get a number back from opacity
-					var ret = curCSS( elem, "opacity" );
-					return ret === "" ? "1" : ret;
-				}
-			}
-		}
-	},
-
-	// Don't automatically add "px" to these possibly-unitless properties
-	cssNumber: {
-		"animationIterationCount": true,
-		"columnCount": true,
-		"fillOpacity": true,
-		"flexGrow": true,
-		"flexShrink": true,
-		"fontWeight": true,
-		"lineHeight": true,
-		"opacity": true,
-		"order": true,
-		"orphans": true,
-		"widows": true,
-		"zIndex": true,
-		"zoom": true
-	},
-
-	// Add in properties whose names you wish to fix before
-	// setting or getting the value
-	cssProps: {
-		"float": "cssFloat"
-	},
-
-	// Get and set the style property on a DOM Node
-	style: function( elem, name, value, extra ) {
-
-		// Don't set styles on text and comment nodes
-		if ( !elem || elem.nodeType === 3 || elem.nodeType === 8 || !elem.style ) {
-			return;
-		}
-
-		// Make sure that we're working with the right name
-		var ret, type, hooks,
-			origName = jQuery.camelCase( name ),
-			isCustomProp = rcustomProp.test( name ),
-			style = elem.style;
-
-		// Make sure that we're working with the right name. We don't
-		// want to query the value if it is a CSS custom property
-		// since they are user-defined.
-		if ( !isCustomProp ) {
-			name = finalPropName( origName );
-		}
-
-		// Gets hook for the prefixed version, then unprefixed version
-		hooks = jQuery.cssHooks[ name ] || jQuery.cssHooks[ origName ];
-
-		// Check if we're setting a value
-		if ( value !== undefined ) {
-			type = typeof value;
-
-			// Convert "+=" or "-=" to relative numbers (#7345)
-			if ( type === "string" && ( ret = rcssNum.exec( value ) ) && ret[ 1 ] ) {
-				value = adjustCSS( elem, name, ret );
-
-				// Fixes bug #9237
-				type = "number";
-			}
-
-			// Make sure that null and NaN values aren't set (#7116)
-			if ( value == null || value !== value ) {
-				return;
-			}
-
-			// If a number was passed in, add the unit (except for certain CSS properties)
-			if ( type === "number" ) {
-				value += ret && ret[ 3 ] || ( jQuery.cssNumber[ origName ] ? "" : "px" );
-			}
-
-			// background-* props affect original clone's values
-			if ( !support.clearCloneStyle && value === "" && name.indexOf( "background" ) === 0 ) {
-				style[ name ] = "inherit";
-			}
-
-			// If a hook was provided, use that value, otherwise just set the specified value
-			if ( !hooks || !( "set" in hooks ) ||
-				( value = hooks.set( elem, value, extra ) ) !== undefined ) {
-
-				if ( isCustomProp ) {
-					style.setProperty( name, value );
-				} else {
-					style[ name ] = value;
-				}
-			}
-
-		} else {
-
-			// If a hook was provided get the non-computed value from there
-			if ( hooks && "get" in hooks &&
-				( ret = hooks.get( elem, false, extra ) ) !== undefined ) {
-
-				return ret;
-			}
-
-			// Otherwise just get the value from the style object
-			return style[ name ];
-		}
-	},
-
-	css: function( elem, name, extra, styles ) {
-		var val, num, hooks,
-			origName = jQuery.camelCase( name ),
-			isCustomProp = rcustomProp.test( name );
-
-		// Make sure that we're working with the right name. We don't
-		// want to modify the value if it is a CSS custom property
-		// since they are user-defined.
-		if ( !isCustomProp ) {
-			name = finalPropName( origName );
-		}
-
-		// Try prefixed name followed by the unprefixed name
-		hooks = jQuery.cssHooks[ name ] || jQuery.cssHooks[ origName ];
-
-		// If a hook was provided get the computed value from there
-		if ( hooks && "get" in hooks ) {
-			val = hooks.get( elem, true, extra );
-		}
-
-		// Otherwise, if a way to get the computed value exists, use that
-		if ( val === undefined ) {
-			val = curCSS( elem, name, styles );
-		}
-
-		// Convert "normal" to computed value
-		if ( val === "normal" && name in cssNormalTransform ) {
-			val = cssNormalTransform[ name ];
-		}
-
-		// Make numeric if forced or a qualifier was provided and val looks numeric
-		if ( extra === "" || extra ) {
-			num = parseFloat( val );
-			return extra === true || isFinite( num ) ? num || 0 : val;
-		}
-
-		return val;
-	}
-} );
-
-jQuery.each( [ "height", "width" ], function( i, name ) {
-	jQuery.cssHooks[ name ] = {
-		get: function( elem, computed, extra ) {
-			if ( computed ) {
-
-				// Certain elements can have dimension info if we invisibly show them
-				// but it must have a current display style that would benefit
-				return rdisplayswap.test( jQuery.css( elem, "display" ) ) &&
-
-					// Support: Safari 8+
-					// Table columns in Safari have non-zero offsetWidth & zero
-					// getBoundingClientRect().width unless display is changed.
-					// Support: IE <=11 only
-					// Running getBoundingClientRect on a disconnected node
-					// in IE throws an error.
-					( !elem.getClientRects().length || !elem.getBoundingClientRect().width ) ?
-						swap( elem, cssShow, function() {
-							return getWidthOrHeight( elem, name, extra );
-						} ) :
-						getWidthOrHeight( elem, name, extra );
-			}
-		},
-
-		set: function( elem, value, extra ) {
-			var matches,
-				styles = extra && getStyles( elem ),
-				subtract = extra && augmentWidthOrHeight(
-					elem,
-					name,
-					extra,
-					jQuery.css( elem, "boxSizing", false, styles ) === "border-box",
-					styles
-				);
-
-			// Convert to pixels if value adjustment is needed
-			if ( subtract && ( matches = rcssNum.exec( value ) ) &&
-				( matches[ 3 ] || "px" ) !== "px" ) {
-
-				elem.style[ name ] = value;
-				value = jQuery.css( elem, name );
-			}
-
-			return setPositiveNumber( elem, value, subtract );
-		}
-	};
-} );
-
-jQuery.cssHooks.marginLeft = addGetHookIf( support.reliableMarginLeft,
-	function( elem, computed ) {
-		if ( computed ) {
-			return ( parseFloat( curCSS( elem, "marginLeft" ) ) ||
-				elem.getBoundingClientRect().left -
-					swap( elem, { marginLeft: 0 }, function() {
-						return elem.getBoundingClientRect().left;
-					} )
-				) + "px";
-		}
-	}
-);
-
-// These hooks are used by animate to expand properties
-jQuery.each( {
-	margin: "",
-	padding: "",
-	border: "Width"
-}, function( prefix, suffix ) {
-	jQuery.cssHooks[ prefix + suffix ] = {
-		expand: function( value ) {
-			var i = 0,
-				expanded = {},
-
-				// Assumes a single number if not a string
-				parts = typeof value === "string" ? value.split( " " ) : [ value ];
-
-			for ( ; i < 4; i++ ) {
-				expanded[ prefix + cssExpand[ i ] + suffix ] =
-					parts[ i ] || parts[ i - 2 ] || parts[ 0 ];
-			}
-
-			return expanded;
-		}
-	};
-
-	if ( !rmargin.test( prefix ) ) {
-		jQuery.cssHooks[ prefix + suffix ].set = setPositiveNumber;
-	}
-} );
-
-jQuery.fn.extend( {
-	css: function( name, value ) {
-		return access( this, function( elem, name, value ) {
-			var styles, len,
-				map = {},
-				i = 0;
-
-			if ( Array.isArray( name ) ) {
-				styles = getStyles( elem );
-				len = name.length;
-
-				for ( ; i < len; i++ ) {
-					map[ name[ i ] ] = jQuery.css( elem, name[ i ], false, styles );
-				}
-
-				return map;
-			}
-
-			return value !== undefined ?
-				jQuery.style( elem, name, value ) :
-				jQuery.css( elem, name );
-		}, name, value, arguments.length > 1 );
-	}
-} );
-
-
-function Tween( elem, options, prop, end, easing ) {
-	return new Tween.prototype.init( elem, options, prop, end, easing );
-}
-jQuery.Tween = Tween;
-
-Tween.prototype = {
-	constructor: Tween,
-	init: function( elem, options, prop, end, easing, unit ) {
-		this.elem = elem;
-		this.prop = prop;
-		this.easing = easing || jQuery.easing._default;
-		this.options = options;
-		this.start = this.now = this.cur();
-		this.end = end;
-		this.unit = unit || ( jQuery.cssNumber[ prop ] ? "" : "px" );
-	},
-	cur: function() {
-		var hooks = Tween.propHooks[ this.prop ];
-
-		return hooks && hooks.get ?
-			hooks.get( this ) :
-			Tween.propHooks._default.get( this );
-	},
-	run: function( percent ) {
-		var eased,
-			hooks = Tween.propHooks[ this.prop ];
-
-		if ( this.options.duration ) {
-			this.pos = eased = jQuery.easing[ this.easing ](
-				percent, this.options.duration * percent, 0, 1, this.options.duration
-			);
-		} else {
-			this.pos = eased = percent;
-		}
-		this.now = ( this.end - this.start ) * eased + this.start;
-
-		if ( this.options.step ) {
-			this.options.step.call( this.elem, this.now, this );
-		}
-
-		if ( hooks && hooks.set ) {
-			hooks.set( this );
-		} else {
-			Tween.propHooks._default.set( this );
-		}
-		return this;
-	}
-};
-
-Tween.prototype.init.prototype = Tween.prototype;
-
-Tween.propHooks = {
-	_default: {
-		get: function( tween ) {
-			var result;
-
-			// Use a property on the element directly when it is not a DOM element,
-			// or when there is no matching style property that exists.
-			if ( tween.elem.nodeType !== 1 ||
-				tween.elem[ tween.prop ] != null && tween.elem.style[ tween.prop ] == null ) {
-				return tween.elem[ tween.prop ];
-			}
-
-			// Passing an empty string as a 3rd parameter to .css will automatically
-			// attempt a parseFloat and fallback to a string if the parse fails.
-			// Simple values such as "10px" are parsed to Float;
-			// complex values such as "rotate(1rad)" are returned as-is.
-			result = jQuery.css( tween.elem, tween.prop, "" );
-
-			// Empty strings, null, undefined and "auto" are converted to 0.
-			return !result || result === "auto" ? 0 : result;
-		},
-		set: function( tween ) {
-
-			// Use step hook for back compat.
-			// Use cssHook if its there.
-			// Use .style if available and use plain properties where available.
-			if ( jQuery.fx.step[ tween.prop ] ) {
-				jQuery.fx.step[ tween.prop ]( tween );
-			} else if ( tween.elem.nodeType === 1 &&
-				( tween.elem.style[ jQuery.cssProps[ tween.prop ] ] != null ||
-					jQuery.cssHooks[ tween.prop ] ) ) {
-				jQuery.style( tween.elem, tween.prop, tween.now + tween.unit );
-			} else {
-				tween.elem[ tween.prop ] = tween.now;
-			}
-		}
-	}
-};
-
-// Support: IE <=9 only
-// Panic based approach to setting things on disconnected nodes
-Tween.propHooks.scrollTop = Tween.propHooks.scrollLeft = {
-	set: function( tween ) {
-		if ( tween.elem.nodeType && tween.elem.parentNode ) {
-			tween.elem[ tween.prop ] = tween.now;
-		}
-	}
-};
-
-jQuery.easing = {
-	linear: function( p ) {
-		return p;
-	},
-	swing: function( p ) {
-		return 0.5 - Math.cos( p * Math.PI ) / 2;
-	},
-	_default: "swing"
-};
-
-jQuery.fx = Tween.prototype.init;
-
-// Back compat <1.8 extension point
-jQuery.fx.step = {};
-
-
-
-
-var
-	fxNow, inProgress,
-	rfxtypes = /^(?:toggle|show|hide)$/,
-	rrun = /queueHooks$/;
-
-function schedule() {
-	if ( inProgress ) {
-		if ( document.hidden === false && window.requestAnimationFrame ) {
-			window.requestAnimationFrame( schedule );
-		} else {
-			window.setTimeout( schedule, jQuery.fx.interval );
-		}
-
-		jQuery.fx.tick();
-	}
-}
-
-// Animations created synchronously will run synchronously
-function createFxNow() {
-	window.setTimeout( function() {
-		fxNow = undefined;
-	} );
-	return ( fxNow = jQuery.now() );
-}
-
-// Generate parameters to create a standard animation
-function genFx( type, includeWidth ) {
-	var which,
-		i = 0,
-		attrs = { height: type };
-
-	// If we include width, step value is 1 to do all cssExpand values,
-	// otherwise step value is 2 to skip over Left and Right
-	includeWidth = includeWidth ? 1 : 0;
-	for ( ; i < 4; i += 2 - includeWidth ) {
-		which = cssExpand[ i ];
-		attrs[ "margin" + which ] = attrs[ "padding" + which ] = type;
-	}
-
-	if ( includeWidth ) {
-		attrs.opacity = attrs.width = type;
-	}
-
-	return attrs;
-}
-
-function createTween( value, prop, animation ) {
-	var tween,
-		collection = ( Animation.tweeners[ prop ] || [] ).concat( Animation.tweeners[ "*" ] ),
-		index = 0,
-		length = collection.length;
-	for ( ; index < length; index++ ) {
-		if ( ( tween = collection[ index ].call( animation, prop, value ) ) ) {
-
-			// We're done with this property
-			return tween;
-		}
-	}
-}
-
-function defaultPrefilter( elem, props, opts ) {
-	var prop, value, toggle, hooks, oldfire, propTween, restoreDisplay, display,
-		isBox = "width" in props || "height" in props,
-		anim = this,
-		orig = {},
-		style = elem.style,
-		hidden = elem.nodeType && isHiddenWithinTree( elem ),
-		dataShow = dataPriv.get( elem, "fxshow" );
-
-	// Queue-skipping animations hijack the fx hooks
-	if ( !opts.queue ) {
-		hooks = jQuery._queueHooks( elem, "fx" );
-		if ( hooks.unqueued == null ) {
-			hooks.unqueued = 0;
-			oldfire = hooks.empty.fire;
-			hooks.empty.fire = function() {
-				if ( !hooks.unqueued ) {
-					oldfire();
-				}
-			};
-		}
-		hooks.unqueued++;
-
-		anim.always( function() {
-
-			// Ensure the complete handler is called before this completes
-			anim.always( function() {
-				hooks.unqueued--;
-				if ( !jQuery.queue( elem, "fx" ).length ) {
-					hooks.empty.fire();
-				}
-			} );
-		} );
-	}
-
-	// Detect show/hide animations
-	for ( prop in props ) {
-		value = props[ prop ];
-		if ( rfxtypes.test( value ) ) {
-			delete props[ prop ];
-			toggle = toggle || value === "toggle";
-			if ( value === ( hidden ? "hide" : "show" ) ) {
-
-				// Pretend to be hidden if this is a "show" and
-				// there is still data from a stopped show/hide
-				if ( value === "show" && dataShow && dataShow[ prop ] !== undefined ) {
-					hidden = true;
-
-				// Ignore all other no-op show/hide data
-				} else {
-					continue;
-				}
-			}
-			orig[ prop ] = dataShow && dataShow[ prop ] || jQuery.style( elem, prop );
-		}
-	}
-
-	// Bail out if this is a no-op like .hide().hide()
-	propTween = !jQuery.isEmptyObject( props );
-	if ( !propTween && jQuery.isEmptyObject( orig ) ) {
-		return;
-	}
-
-	// Restrict "overflow" and "display" styles during box animations
-	if ( isBox && elem.nodeType === 1 ) {
-
-		// Support: IE <=9 - 11, Edge 12 - 13
-		// Record all 3 overflow attributes because IE does not infer the shorthand
-		// from identically-valued overflowX and overflowY
-		opts.overflow = [ style.overflow, style.overflowX, style.overflowY ];
-
-		// Identify a display type, preferring old show/hide data over the CSS cascade
-		restoreDisplay = dataShow && dataShow.display;
-		if ( restoreDisplay == null ) {
-			restoreDisplay = dataPriv.get( elem, "display" );
-		}
-		display = jQuery.css( elem, "display" );
-		if ( display === "none" ) {
-			if ( restoreDisplay ) {
-				display = restoreDisplay;
-			} else {
-
-				// Get nonempty value(s) by temporarily forcing visibility
-				showHide( [ elem ], true );
-				restoreDisplay = elem.style.display || restoreDisplay;
-				display = jQuery.css( elem, "display" );
-				showHide( [ elem ] );
-			}
-		}
-
-		// Animate inline elements as inline-block
-		if ( display === "inline" || display === "inline-block" && restoreDisplay != null ) {
-			if ( jQuery.css( elem, "float" ) === "none" ) {
-
-				// Restore the original display value at the end of pure show/hide animations
-				if ( !propTween ) {
-					anim.done( function() {
-						style.display = restoreDisplay;
-					} );
-					if ( restoreDisplay == null ) {
-						display = style.display;
-						restoreDisplay = display === "none" ? "" : display;
-					}
-				}
-				style.display = "inline-block";
-			}
-		}
-	}
-
-	if ( opts.overflow ) {
-		style.overflow = "hidden";
-		anim.always( function() {
-			style.overflow = opts.overflow[ 0 ];
-			style.overflowX = opts.overflow[ 1 ];
-			style.overflowY = opts.overflow[ 2 ];
-		} );
-	}
-
-	// Implement show/hide animations
-	propTween = false;
-	for ( prop in orig ) {
-
-		// General show/hide setup for this element animation
-		if ( !propTween ) {
-			if ( dataShow ) {
-				if ( "hidden" in dataShow ) {
-					hidden = dataShow.hidden;
-				}
-			} else {
-				dataShow = dataPriv.access( elem, "fxshow", { display: restoreDisplay } );
-			}
-
-			// Store hidden/visible for toggle so `.stop().toggle()` "reverses"
-			if ( toggle ) {
-				dataShow.hidden = !hidden;
-			}
-
-			// Show elements before animating them
-			if ( hidden ) {
-				showHide( [ elem ], true );
-			}
-
-			/* eslint-disable no-loop-func */
-
-			anim.done( function() {
-
-			/* eslint-enable no-loop-func */
-
-				// The final step of a "hide" animation is actually hiding the element
-				if ( !hidden ) {
-					showHide( [ elem ] );
-				}
-				dataPriv.remove( elem, "fxshow" );
-				for ( prop in orig ) {
-					jQuery.style( elem, prop, orig[ prop ] );
-				}
-			} );
-		}
-
-		// Per-property setup
-		propTween = createTween( hidden ? dataShow[ prop ] : 0, prop, anim );
-		if ( !( prop in dataShow ) ) {
-			dataShow[ prop ] = propTween.start;
-			if ( hidden ) {
-				propTween.end = propTween.start;
-				propTween.start = 0;
-			}
-		}
-	}
-}
-
-function propFilter( props, specialEasing ) {
-	var index, name, easing, value, hooks;
-
-	// camelCase, specialEasing and expand cssHook pass
-	for ( index in props ) {
-		name = jQuery.camelCase( index );
-		easing = specialEasing[ name ];
-		value = props[ index ];
-		if ( Array.isArray( value ) ) {
-			easing = value[ 1 ];
-			value = props[ index ] = value[ 0 ];
-		}
-
-		if ( index !== name ) {
-			props[ name ] = value;
-			delete props[ index ];
-		}
-
-		hooks = jQuery.cssHooks[ name ];
-		if ( hooks && "expand" in hooks ) {
-			value = hooks.expand( value );
-			delete props[ name ];
-
-			// Not quite $.extend, this won't overwrite existing keys.
-			// Reusing 'index' because we have the correct "name"
-			for ( index in value ) {
-				if ( !( index in props ) ) {
-					props[ index ] = value[ index ];
-					specialEasing[ index ] = easing;
-				}
-			}
-		} else {
-			specialEasing[ name ] = easing;
-		}
-	}
-}
-
-function Animation( elem, properties, options ) {
-	var result,
-		stopped,
-		index = 0,
-		length = Animation.prefilters.length,
-		deferred = jQuery.Deferred().always( function() {
-
-			// Don't match elem in the :animated selector
-			delete tick.elem;
-		} ),
-		tick = function() {
-			if ( stopped ) {
-				return false;
-			}
-			var currentTime = fxNow || createFxNow(),
-				remaining = Math.max( 0, animation.startTime + animation.duration - currentTime ),
-
-				// Support: Android 2.3 only
-				// Archaic crash bug won't allow us to use `1 - ( 0.5 || 0 )` (#12497)
-				temp = remaining / animation.duration || 0,
-				percent = 1 - temp,
-				index = 0,
-				length = animation.tweens.length;
-
-			for ( ; index < length; index++ ) {
-				animation.tweens[ index ].run( percent );
-			}
-
-			deferred.notifyWith( elem, [ animation, percent, remaining ] );
-
-			// If there's more to do, yield
-			if ( percent < 1 && length ) {
-				return remaining;
-			}
-
-			// If this was an empty animation, synthesize a final progress notification
-			if ( !length ) {
-				deferred.notifyWith( elem, [ animation, 1, 0 ] );
-			}
-
-			// Resolve the animation and report its conclusion
-			deferred.resolveWith( elem, [ animation ] );
-			return false;
-		},
-		animation = deferred.promise( {
-			elem: elem,
-			props: jQuery.extend( {}, properties ),
-			opts: jQuery.extend( true, {
-				specialEasing: {},
-				easing: jQuery.easing._default
-			}, options ),
-			originalProperties: properties,
-			originalOptions: options,
-			startTime: fxNow || createFxNow(),
-			duration: options.duration,
-			tweens: [],
-			createTween: function( prop, end ) {
-				var tween = jQuery.Tween( elem, animation.opts, prop, end,
-						animation.opts.specialEasing[ prop ] || animation.opts.easing );
-				animation.tweens.push( tween );
-				return tween;
-			},
-			stop: function( gotoEnd ) {
-				var index = 0,
-
-					// If we are going to the end, we want to run all the tweens
-					// otherwise we skip this part
-					length = gotoEnd ? animation.tweens.length : 0;
-				if ( stopped ) {
-					return this;
-				}
-				stopped = true;
-				for ( ; index < length; index++ ) {
-					animation.tweens[ index ].run( 1 );
-				}
-
-				// Resolve when we played the last frame; otherwise, reject
-				if ( gotoEnd ) {
-					deferred.notifyWith( elem, [ animation, 1, 0 ] );
-					deferred.resolveWith( elem, [ animation, gotoEnd ] );
-				} else {
-					deferred.rejectWith( elem, [ animation, gotoEnd ] );
-				}
-				return this;
-			}
-		} ),
-		props = animation.props;
-
-	propFilter( props, animation.opts.specialEasing );
-
-	for ( ; index < length; index++ ) {
-		result = Animation.prefilters[ index ].call( animation, elem, props, animation.opts );
-		if ( result ) {
-			if ( jQuery.isFunction( result.stop ) ) {
-				jQuery._queueHooks( animation.elem, animation.opts.queue ).stop =
-					jQuery.proxy( result.stop, result );
-			}
-			return result;
-		}
-	}
-
-	jQuery.map( props, createTween, animation );
-
-	if ( jQuery.isFunction( animation.opts.start ) ) {
-		animation.opts.start.call( elem, animation );
-	}
-
-	// Attach callbacks from options
-	animation
-		.progress( animation.opts.progress )
-		.done( animation.opts.done, animation.opts.complete )
-		.fail( animation.opts.fail )
-		.always( animation.opts.always );
-
-	jQuery.fx.timer(
-		jQuery.extend( tick, {
-			elem: elem,
-			anim: animation,
-			queue: animation.opts.queue
-		} )
-	);
-
-	return animation;
-}
-
-jQuery.Animation = jQuery.extend( Animation, {
-
-	tweeners: {
-		"*": [ function( prop, value ) {
-			var tween = this.createTween( prop, value );
-			adjustCSS( tween.elem, prop, rcssNum.exec( value ), tween );
-			return tween;
-		} ]
-	},
-
-	tweener: function( props, callback ) {
-		if ( jQuery.isFunction( props ) ) {
-			callback = props;
-			props = [ "*" ];
-		} else {
-			props = props.match( rnothtmlwhite );
-		}
-
-		var prop,
-			index = 0,
-			length = props.length;
-
-		for ( ; index < length; index++ ) {
-			prop = props[ index ];
-			Animation.tweeners[ prop ] = Animation.tweeners[ prop ] || [];
-			Animation.tweeners[ prop ].unshift( callback );
-		}
-	},
-
-	prefilters: [ defaultPrefilter ],
-
-	prefilter: function( callback, prepend ) {
-		if ( prepend ) {
-			Animation.prefilters.unshift( callback );
-		} else {
-			Animation.prefilters.push( callback );
-		}
-	}
-} );
-
-jQuery.speed = function( speed, easing, fn ) {
-	var opt = speed && typeof speed === "object" ? jQuery.extend( {}, speed ) : {
-		complete: fn || !fn && easing ||
-			jQuery.isFunction( speed ) && speed,
-		duration: speed,
-		easing: fn && easing || easing && !jQuery.isFunction( easing ) && easing
-	};
-
-	// Go to the end state if fx are off
-	if ( jQuery.fx.off ) {
-		opt.duration = 0;
-
-	} else {
-		if ( typeof opt.duration !== "number" ) {
-			if ( opt.duration in jQuery.fx.speeds ) {
-				opt.duration = jQuery.fx.speeds[ opt.duration ];
-
-			} else {
-				opt.duration = jQuery.fx.speeds._default;
-			}
-		}
-	}
-
-	// Normalize opt.queue - true/undefined/null -> "fx"
-	if ( opt.queue == null || opt.queue === true ) {
-		opt.queue = "fx";
-	}
-
-	// Queueing
-	opt.old = opt.complete;
-
-	opt.complete = function() {
-		if ( jQuery.isFunction( opt.old ) ) {
-			opt.old.call( this );
-		}
-
-		if ( opt.queue ) {
-			jQuery.dequeue( this, opt.queue );
-		}
-	};
-
-	return opt;
-};
-
-jQuery.fn.extend( {
-	fadeTo: function( speed, to, easing, callback ) {
-
-		// Show any hidden elements after setting opacity to 0
-		return this.filter( isHiddenWithinTree ).css( "opacity", 0 ).show()
-
-			// Animate to the value specified
-			.end().animate( { opacity: to }, speed, easing, callback );
-	},
-	animate: function( prop, speed, easing, callback ) {
-		var empty = jQuery.isEmptyObject( prop ),
-			optall = jQuery.speed( speed, easing, callback ),
-			doAnimation = function() {
-
-				// Operate on a copy of prop so per-property easing won't be lost
-				var anim = Animation( this, jQuery.extend( {}, prop ), optall );
-
-				// Empty animations, or finishing resolves immediately
-				if ( empty || dataPriv.get( this, "finish" ) ) {
-					anim.stop( true );
-				}
-			};
-			doAnimation.finish = doAnimation;
-
-		return empty || optall.queue === false ?
-			this.each( doAnimation ) :
-			this.queue( optall.queue, doAnimation );
-	},
-	stop: function( type, clearQueue, gotoEnd ) {
-		var stopQueue = function( hooks ) {
-			var stop = hooks.stop;
-			delete hooks.stop;
-			stop( gotoEnd );
-		};
-
-		if ( typeof type !== "string" ) {
-			gotoEnd = clearQueue;
-			clearQueue = type;
-			type = undefined;
-		}
-		if ( clearQueue && type !== false ) {
-			this.queue( type || "fx", [] );
-		}
-
-		return this.each( function() {
-			var dequeue = true,
-				index = type != null && type + "queueHooks",
-				timers = jQuery.timers,
-				data = dataPriv.get( this );
-
-			if ( index ) {
-				if ( data[ index ] && data[ index ].stop ) {
-					stopQueue( data[ index ] );
-				}
-			} else {
-				for ( index in data ) {
-					if ( data[ index ] && data[ index ].stop && rrun.test( index ) ) {
-						stopQueue( data[ index ] );
-					}
-				}
-			}
-
-			for ( index = timers.length; index--; ) {
-				if ( timers[ index ].elem === this &&
-					( type == null || timers[ index ].queue === type ) ) {
-
-					timers[ index ].anim.stop( gotoEnd );
-					dequeue = false;
-					timers.splice( index, 1 );
-				}
-			}
-
-			// Start the next in the queue if the last step wasn't forced.
-			// Timers currently will call their complete callbacks, which
-			// will dequeue but only if they were gotoEnd.
-			if ( dequeue || !gotoEnd ) {
-				jQuery.dequeue( this, type );
-			}
-		} );
-	},
-	finish: function( type ) {
-		if ( type !== false ) {
-			type = type || "fx";
-		}
-		return this.each( function() {
-			var index,
-				data = dataPriv.get( this ),
-				queue = data[ type + "queue" ],
-				hooks = data[ type + "queueHooks" ],
-				timers = jQuery.timers,
-				length = queue ? queue.length : 0;
-
-			// Enable finishing flag on private data
-			data.finish = true;
-
-			// Empty the queue first
-			jQuery.queue( this, type, [] );
-
-			if ( hooks && hooks.stop ) {
-				hooks.stop.call( this, true );
-			}
-
-			// Look for any active animations, and finish them
-			for ( index = timers.length; index--; ) {
-				if ( timers[ index ].elem === this && timers[ index ].queue === type ) {
-					timers[ index ].anim.stop( true );
-					timers.splice( index, 1 );
-				}
-			}
-
-			// Look for any animations in the old queue and finish them
-			for ( index = 0; index < length; index++ ) {
-				if ( queue[ index ] && queue[ index ].finish ) {
-					queue[ index ].finish.call( this );
-				}
-			}
-
-			// Turn off finishing flag
-			delete data.finish;
-		} );
-	}
-} );
-
-jQuery.each( [ "toggle", "show", "hide" ], function( i, name ) {
-	var cssFn = jQuery.fn[ name ];
-	jQuery.fn[ name ] = function( speed, easing, callback ) {
-		return speed == null || typeof speed === "boolean" ?
-			cssFn.apply( this, arguments ) :
-			this.animate( genFx( name, true ), speed, easing, callback );
-	};
-} );
-
-// Generate shortcuts for custom animations
-jQuery.each( {
-	slideDown: genFx( "show" ),
-	slideUp: genFx( "hide" ),
-	slideToggle: genFx( "toggle" ),
-	fadeIn: { opacity: "show" },
-	fadeOut: { opacity: "hide" },
-	fadeToggle: { opacity: "toggle" }
-}, function( name, props ) {
-	jQuery.fn[ name ] = function( speed, easing, callback ) {
-		return this.animate( props, speed, easing, callback );
-	};
-} );
-
-jQuery.timers = [];
-jQuery.fx.tick = function() {
-	var timer,
-		i = 0,
-		timers = jQuery.timers;
-
-	fxNow = jQuery.now();
-
-	for ( ; i < timers.length; i++ ) {
-		timer = timers[ i ];
-
-		// Run the timer and safely remove it when done (allowing for external removal)
-		if ( !timer() && timers[ i ] === timer ) {
-			timers.splice( i--, 1 );
-		}
-	}
-
-	if ( !timers.length ) {
-		jQuery.fx.stop();
-	}
-	fxNow = undefined;
-};
-
-jQuery.fx.timer = function( timer ) {
-	jQuery.timers.push( timer );
-	jQuery.fx.start();
-};
-
-jQuery.fx.interval = 13;
-jQuery.fx.start = function() {
-	if ( inProgress ) {
-		return;
-	}
-
-	inProgress = true;
-	schedule();
-};
-
-jQuery.fx.stop = function() {
-	inProgress = null;
-};
-
-jQuery.fx.speeds = {
-	slow: 600,
-	fast: 200,
-
-	// Default speed
-	_default: 400
-};
-
-
-// Based off of the plugin by Clint Helfers, with permission.
-// https://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/
-jQuery.fn.delay = function( time, type ) {
-	time = jQuery.fx ? jQuery.fx.speeds[ time ] || time : time;
-	type = type || "fx";
-
-	return this.queue( type, function( next, hooks ) {
-		var timeout = window.setTimeout( next, time );
-		hooks.stop = function() {
-			window.clearTimeout( timeout );
-		};
-	} );
-};
-
-
-( function() {
-	var input = document.createElement( "input" ),
-		select = document.createElement( "select" ),
-		opt = select.appendChild( document.createElement( "option" ) );
-
-	input.type = "checkbox";
-
-	// Support: Android <=4.3 only
-	// Default value for a checkbox should be "on"
-	support.checkOn = input.value !== "";
-
-	// Support: IE <=11 only
-	// Must access selectedIndex to make default options select
-	support.optSelected = opt.selected;
-
-	// Support: IE <=11 only
-	// An input loses its value after becoming a radio
-	input = document.createElement( "input" );
-	input.value = "t";
-	input.type = "radio";
-	support.radioValue = input.value === "t";
-} )();
-
-
-var boolHook,
-	attrHandle = jQuery.expr.attrHandle;
-
-jQuery.fn.extend( {
-	attr: function( name, value ) {
-		return access( this, jQuery.attr, name, value, arguments.length > 1 );
-	},
-
-	removeAttr: function( name ) {
-		return this.each( function() {
-			jQuery.removeAttr( this, name );
-		} );
-	}
-} );
-
-jQuery.extend( {
-	attr: function( elem, name, value ) {
-		var ret, hooks,
-			nType = elem.nodeType;
-
-		// Don't get/set attributes on text, comment and attribute nodes
-		if ( nType === 3 || nType === 8 || nType === 2 ) {
-			return;
-		}
-
-		// Fallback to prop when attributes are not supported
-		if ( typeof elem.getAttribute === "undefined" ) {
-			return jQuery.prop( elem, name, value );
-		}
-
-		// Attribute hooks are determined by the lowercase version
-		// Grab necessary hook if one is defined
-		if ( nType !== 1 || !jQuery.isXMLDoc( elem ) ) {
-			hooks = jQuery.attrHooks[ name.toLowerCase() ] ||
-				( jQuery.expr.match.bool.test( name ) ? boolHook : undefined );
-		}
-
-		if ( value !== undefined ) {
-			if ( value === null ) {
-				jQuery.removeAttr( elem, name );
-				return;
-			}
-
-			if ( hooks && "set" in hooks &&
-				( ret = hooks.set( elem, value, name ) ) !== undefined ) {
-				return ret;
-			}
-
-			elem.setAttribute( name, value + "" );
-			return value;
-		}
-
-		if ( hooks && "get" in hooks && ( ret = hooks.get( elem, name ) ) !== null ) {
-			return ret;
-		}
-
-		ret = jQuery.find.attr( elem, name );
-
-		// Non-existent attributes return null, we normalize to undefined
-		return ret == null ? undefined : ret;
-	},
-
-	attrHooks: {
-		type: {
-			set: function( elem, value ) {
-				if ( !support.radioValue && value === "radio" &&
-					nodeName( elem, "input" ) ) {
-					var val = elem.value;
-					elem.setAttribute( "type", value );
-					if ( val ) {
-						elem.value = val;
-					}
-					return value;
-				}
-			}
-		}
-	},
-
-	removeAttr: function( elem, value ) {
-		var name,
-			i = 0,
-
-			// Attribute names can contain non-HTML whitespace characters
-			// https://html.spec.whatwg.org/multipage/syntax.html#attributes-2
-			attrNames = value && value.match( rnothtmlwhite );
-
-		if ( attrNames && elem.nodeType === 1 ) {
-			while ( ( name = attrNames[ i++ ] ) ) {
-				elem.removeAttribute( name );
-			}
-		}
-	}
-} );
-
-// Hooks for boolean attributes
-boolHook = {
-	set: function( elem, value, name ) {
-		if ( value === false ) {
-
-			// Remove boolean attributes when set to false
-			jQuery.removeAttr( elem, name );
-		} else {
-			elem.setAttribute( name, name );
-		}
-		return name;
-	}
-};
-
-jQuery.each( jQuery.expr.match.bool.source.match( /\w+/g ), function( i, name ) {
-	var getter = attrHandle[ name ] || jQuery.find.attr;
-
-	attrHandle[ name ] = function( elem, name, isXML ) {
-		var ret, handle,
-			lowercaseName = name.toLowerCase();
-
-		if ( !isXML ) {
-
-			// Avoid an infinite loop by temporarily removing this function from the getter
-			handle = attrHandle[ lowercaseName ];
-			attrHandle[ lowercaseName ] = ret;
-			ret = getter( elem, name, isXML ) != null ?
-				lowercaseName :
-				null;
-			attrHandle[ lowercaseName ] = handle;
-		}
-		return ret;
-	};
-} );
-
-
-
-
-var rfocusable = /^(?:input|select|textarea|button)$/i,
-	rclickable = /^(?:a|area)$/i;
-
-jQuery.fn.extend( {
-	prop: function( name, value ) {
-		return access( this, jQuery.prop, name, value, arguments.length > 1 );
-	},
-
-	removeProp: function( name ) {
-		return this.each( function() {
-			delete this[ jQuery.propFix[ name ] || name ];
-		} );
-	}
-} );
-
-jQuery.extend( {
-	prop: function( elem, name, value ) {
-		var ret, hooks,
-			nType = elem.nodeType;
-
-		// Don't get/set properties on text, comment and attribute nodes
-		if ( nType === 3 || nType === 8 || nType === 2 ) {
-			return;
-		}
-
-		if ( nType !== 1 || !jQuery.isXMLDoc( elem ) ) {
-
-			// Fix name and attach hooks
-			name = jQuery.propFix[ name ] || name;
-			hooks = jQuery.propHooks[ name ];
-		}
-
-		if ( value !== undefined ) {
-			if ( hooks && "set" in hooks &&
-				( ret = hooks.set( elem, value, name ) ) !== undefined ) {
-				return ret;
-			}
-
-			return ( elem[ name ] = value );
-		}
-
-		if ( hooks && "get" in hooks && ( ret = hooks.get( elem, name ) ) !== null ) {
-			return ret;
-		}
-
-		return elem[ name ];
-	},
-
-	propHooks: {
-		tabIndex: {
-			get: function( elem ) {
-
-				// Support: IE <=9 - 11 only
-				// elem.tabIndex doesn't always return the
-				// correct value when it hasn't been explicitly set
-				// https://web.archive.org/web/20141116233347/http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/
-				// Use proper attribute retrieval(#12072)
-				var tabindex = jQuery.find.attr( elem, "tabindex" );
-
-				if ( tabindex ) {
-					return parseInt( tabindex, 10 );
-				}
-
-				if (
-					rfocusable.test( elem.nodeName ) ||
-					rclickable.test( elem.nodeName ) &&
-					elem.href
-				) {
-					return 0;
-				}
-
-				return -1;
-			}
-		}
-	},
-
-	propFix: {
-		"for": "htmlFor",
-		"class": "className"
-	}
-} );
-
-// Support: IE <=11 only
-// Accessing the selectedIndex property
-// forces the browser to respect setting selected
-// on the option
-// The getter ensures a default option is selected
-// when in an optgroup
-// eslint rule "no-unused-expressions" is disabled for this code
-// since it considers such accessions noop
-if ( !support.optSelected ) {
-	jQuery.propHooks.selected = {
-		get: function( elem ) {
-
-			/* eslint no-unused-expressions: "off" */
-
-			var parent = elem.parentNode;
-			if ( parent && parent.parentNode ) {
-				parent.parentNode.selectedIndex;
-			}
-			return null;
-		},
-		set: function( elem ) {
-
-			/* eslint no-unused-expressions: "off" */
-
-			var parent = elem.parentNode;
-			if ( parent ) {
-				parent.selectedIndex;
-
-				if ( parent.parentNode ) {
-					parent.parentNode.selectedIndex;
-				}
-			}
-		}
-	};
-}
-
-jQuery.each( [
-	"tabIndex",
-	"readOnly",
-	"maxLength",
-	"cellSpacing",
-	"cellPadding",
-	"rowSpan",
-	"colSpan",
-	"useMap",
-	"frameBorder",
-	"contentEditable"
-], function() {
-	jQuery.propFix[ this.toLowerCase() ] = this;
-} );
-
-
-
-
-	// Strip and collapse whitespace according to HTML spec
-	// https://html.spec.whatwg.org/multipage/infrastructure.html#strip-and-collapse-whitespace
-	function stripAndCollapse( value ) {
-		var tokens = value.match( rnothtmlwhite ) || [];
-		return tokens.join( " " );
-	}
-
-
-function getClass( elem ) {
-	return elem.getAttribute && elem.getAttribute( "class" ) || "";
-}
-
-jQuery.fn.extend( {
-	addClass: function( value ) {
-		var classes, elem, cur, curValue, clazz, j, finalValue,
-			i = 0;
-
-		if ( jQuery.isFunction( value ) ) {
-			return this.each( function( j ) {
-				jQuery( this ).addClass( value.call( this, j, getClass( this ) ) );
-			} );
-		}
-
-		if ( typeof value === "string" && value ) {
-			classes = value.match( rnothtmlwhite ) || [];
-
-			while ( ( elem = this[ i++ ] ) ) {
-				curValue = getClass( elem );
-				cur = elem.nodeType === 1 && ( " " + stripAndCollapse( curValue ) + " " );
-
-				if ( cur ) {
-					j = 0;
-					while ( ( clazz = classes[ j++ ] ) ) {
-						if ( cur.indexOf( " " + clazz + " " ) < 0 ) {
-							cur += clazz + " ";
-						}
-					}
-
-					// Only assign if different to avoid unneeded rendering.
-					finalValue = stripAndCollapse( cur );
-					if ( curValue !== finalValue ) {
-						elem.setAttribute( "class", finalValue );
-					}
-				}
-			}
-		}
-
-		return this;
-	},
-
-	removeClass: function( value ) {
-		var classes, elem, cur, curValue, clazz, j, finalValue,
-			i = 0;
-
-		if ( jQuery.isFunction( value ) ) {
-			return this.each( function( j ) {
-				jQuery( this ).removeClass( value.call( this, j, getClass( this ) ) );
-			} );
-		}
-
-		if ( !arguments.length ) {
-			return this.attr( "class", "" );
-		}
-
-		if ( typeof value === "string" && value ) {
-			classes = value.match( rnothtmlwhite ) || [];
-
-			while ( ( elem = this[ i++ ] ) ) {
-				curValue = getClass( elem );
-
-				// This expression is here for better compressibility (see addClass)
-				cur = elem.nodeType === 1 && ( " " + stripAndCollapse( curValue ) + " " );
-
-				if ( cur ) {
-					j = 0;
-					while ( ( clazz = classes[ j++ ] ) ) {
-
-						// Remove *all* instances
-						while ( cur.indexOf( " " + clazz + " " ) > -1 ) {
-							cur = cur.replace( " " + clazz + " ", " " );
-						}
-					}
-
-					// Only assign if different to avoid unneeded rendering.
-					finalValue = stripAndCollapse( cur );
-					if ( curValue !== finalValue ) {
-						elem.setAttribute( "class", finalValue );
-					}
-				}
-			}
-		}
-
-		return this;
-	},
-
-	toggleClass: function( value, stateVal ) {
-		var type = typeof value;
-
-		if ( typeof stateVal === "boolean" && type === "string" ) {
-			return stateVal ? this.addClass( value ) : this.removeClass( value );
-		}
-
-		if ( jQuery.isFunction( value ) ) {
-			return this.each( function( i ) {
-				jQuery( this ).toggleClass(
-					value.call( this, i, getClass( this ), stateVal ),
-					stateVal
-				);
-			} );
-		}
-
-		return this.each( function() {
-			var className, i, self, classNames;
-
-			if ( type === "string" ) {
-
-				// Toggle individual class names
-				i = 0;
-				self = jQuery( this );
-				classNames = value.match( rnothtmlwhite ) || [];
-
-				while ( ( className = classNames[ i++ ] ) ) {
-
-					// Check each className given, space separated list
-					if ( self.hasClass( className ) ) {
-						self.removeClass( className );
-					} else {
-						self.addClass( className );
-					}
-				}
-
-			// Toggle whole class name
-			} else if ( value === undefined || type === "boolean" ) {
-				className = getClass( this );
-				if ( className ) {
-
-					// Store className if set
-					dataPriv.set( this, "__className__", className );
-				}
-
-				// If the element has a class name or if we're passed `false`,
-				// then remove the whole classname (if there was one, the above saved it).
-				// Otherwise bring back whatever was previously saved (if anything),
-				// falling back to the empty string if nothing was stored.
-				if ( this.setAttribute ) {
-					this.setAttribute( "class",
-						className || value === false ?
-						"" :
-						dataPriv.get( this, "__className__" ) || ""
-					);
-				}
-			}
-		} );
-	},
-
-	hasClass: function( selector ) {
-		var className, elem,
-			i = 0;
-
-		className = " " + selector + " ";
-		while ( ( elem = this[ i++ ] ) ) {
-			if ( elem.nodeType === 1 &&
-				( " " + stripAndCollapse( getClass( elem ) ) + " " ).indexOf( className ) > -1 ) {
-					return true;
-			}
-		}
-
-		return false;
-	}
-} );
-
-
-
-
-var rreturn = /\r/g;
-
-jQuery.fn.extend( {
-	val: function( value ) {
-		var hooks, ret, isFunction,
-			elem = this[ 0 ];
-
-		if ( !arguments.length ) {
-			if ( elem ) {
-				hooks = jQuery.valHooks[ elem.type ] ||
-					jQuery.valHooks[ elem.nodeName.toLowerCase() ];
-
-				if ( hooks &&
-					"get" in hooks &&
-					( ret = hooks.get( elem, "value" ) ) !== undefined
-				) {
-					return ret;
-				}
-
-				ret = elem.value;
-
-				// Handle most common string cases
-				if ( typeof ret === "string" ) {
-					return ret.replace( rreturn, "" );
-				}
-
-				// Handle cases where value is null/undef or number
-				return ret == null ? "" : ret;
-			}
-
-			return;
-		}
-
-		isFunction = jQuery.isFunction( value );
-
-		return this.each( function( i ) {
-			var val;
-
-			if ( this.nodeType !== 1 ) {
-				return;
-			}
-
-			if ( isFunction ) {
-				val = value.call( this, i, jQuery( this ).val() );
-			} else {
-				val = value;
-			}
-
-			// Treat null/undefined as ""; convert numbers to string
-			if ( val == null ) {
-				val = "";
-
-			} else if ( typeof val === "number" ) {
-				val += "";
-
-			} else if ( Array.isArray( val ) ) {
-				val = jQuery.map( val, function( value ) {
-					return value == null ? "" : value + "";
-				} );
-			}
-
-			hooks = jQuery.valHooks[ this.type ] || jQuery.valHooks[ this.nodeName.toLowerCase() ];
-
-			// If set returns undefined, fall back to normal setting
-			if ( !hooks || !( "set" in hooks ) || hooks.set( this, val, "value" ) === undefined ) {
-				this.value = val;
-			}
-		} );
-	}
-} );
-
-jQuery.extend( {
-	valHooks: {
-		option: {
-			get: function( elem ) {
-
-				var val = jQuery.find.attr( elem, "value" );
-				return val != null ?
-					val :
-
-					// Support: IE <=10 - 11 only
-					// option.text throws exceptions (#14686, #14858)
-					// Strip and collapse whitespace
-					// https://html.spec.whatwg.org/#strip-and-collapse-whitespace
-					stripAndCollapse( jQuery.text( elem ) );
-			}
-		},
-		select: {
-			get: function( elem ) {
-				var value, option, i,
-					options = elem.options,
-					index = elem.selectedIndex,
-					one = elem.type === "select-one",
-					values = one ? null : [],
-					max = one ? index + 1 : options.length;
-
-				if ( index < 0 ) {
-					i = max;
-
-				} else {
-					i = one ? index : 0;
-				}
-
-				// Loop through all the selected options
-				for ( ; i < max; i++ ) {
-					option = options[ i ];
-
-					// Support: IE <=9 only
-					// IE8-9 doesn't update selected after form reset (#2551)
-					if ( ( option.selected || i === index ) &&
-
-							// Don't return options that are disabled or in a disabled optgroup
-							!option.disabled &&
-							( !option.parentNode.disabled ||
-								!nodeName( option.parentNode, "optgroup" ) ) ) {
-
-						// Get the specific value for the option
-						value = jQuery( option ).val();
-
-						// We don't need an array for one selects
-						if ( one ) {
-							return value;
-						}
-
-						// Multi-Selects return an array
-						values.push( value );
-					}
-				}
-
-				return values;
-			},
-
-			set: function( elem, value ) {
-				var optionSet, option,
-					options = elem.options,
-					values = jQuery.makeArray( value ),
-					i = options.length;
-
-				while ( i-- ) {
-					option = options[ i ];
-
-					/* eslint-disable no-cond-assign */
-
-					if ( option.selected =
-						jQuery.inArray( jQuery.valHooks.option.get( option ), values ) > -1
-					) {
-						optionSet = true;
-					}
-
-					/* eslint-enable no-cond-assign */
-				}
-
-				// Force browsers to behave consistently when non-matching value is set
-				if ( !optionSet ) {
-					elem.selectedIndex = -1;
-				}
-				return values;
-			}
-		}
-	}
-} );
-
-// Radios and checkboxes getter/setter
-jQuery.each( [ "radio", "checkbox" ], function() {
-	jQuery.valHooks[ this ] = {
-		set: function( elem, value ) {
-			if ( Array.isArray( value ) ) {
-				return ( elem.checked = jQuery.inArray( jQuery( elem ).val(), value ) > -1 );
-			}
-		}
-	};
-	if ( !support.checkOn ) {
-		jQuery.valHooks[ this ].get = function( elem ) {
-			return elem.getAttribute( "value" ) === null ? "on" : elem.value;
-		};
-	}
-} );
-
-
-
-
-// Return jQuery for attributes-only inclusion
-
-
-var rfocusMorph = /^(?:focusinfocus|focusoutblur)$/;
-
-jQuery.extend( jQuery.event, {
-
-	trigger: function( event, data, elem, onlyHandlers ) {
-
-		var i, cur, tmp, bubbleType, ontype, handle, special,
-			eventPath = [ elem || document ],
-			type = hasOwn.call( event, "type" ) ? event.type : event,
-			namespaces = hasOwn.call( event, "namespace" ) ? event.namespace.split( "." ) : [];
-
-		cur = tmp = elem = elem || document;
-
-		// Don't do events on text and comment nodes
-		if ( elem.nodeType === 3 || elem.nodeType === 8 ) {
-			return;
-		}
-
-		// focus/blur morphs to focusin/out; ensure we're not firing them right now
-		if ( rfocusMorph.test( type + jQuery.event.triggered ) ) {
-			return;
-		}
-
-		if ( type.indexOf( "." ) > -1 ) {
-
-			// Namespaced trigger; create a regexp to match event type in handle()
-			namespaces = type.split( "." );
-			type = namespaces.shift();
-			namespaces.sort();
-		}
-		ontype = type.indexOf( ":" ) < 0 && "on" + type;
-
-		// Caller can pass in a jQuery.Event object, Object, or just an event type string
-		event = event[ jQuery.expando ] ?
-			event :
-			new jQuery.Event( type, typeof event === "object" && event );
-
-		// Trigger bitmask: & 1 for native handlers; & 2 for jQuery (always true)
-		event.isTrigger = onlyHandlers ? 2 : 3;
-		event.namespace = namespaces.join( "." );
-		event.rnamespace = event.namespace ?
-			new RegExp( "(^|\\.)" + namespaces.join( "\\.(?:.*\\.|)" ) + "(\\.|$)" ) :
-			null;
-
-		// Clean up the event in case it is being reused
-		event.result = undefined;
-		if ( !event.target ) {
-			event.target = elem;
-		}
-
-		// Clone any incoming data and prepend the event, creating the handler arg list
-		data = data == null ?
-			[ event ] :
-			jQuery.makeArray( data, [ event ] );
-
-		// Allow special events to draw outside the lines
-		special = jQuery.event.special[ type ] || {};
-		if ( !onlyHandlers && special.trigger && special.trigger.apply( elem, data ) === false ) {
-			return;
-		}
-
-		// Determine event propagation path in advance, per W3C events spec (#9951)
-		// Bubble up to document, then to window; watch for a global ownerDocument var (#9724)
-		if ( !onlyHandlers && !special.noBubble && !jQuery.isWindow( elem ) ) {
-
-			bubbleType = special.delegateType || type;
-			if ( !rfocusMorph.test( bubbleType + type ) ) {
-				cur = cur.parentNode;
-			}
-			for ( ; cur; cur = cur.parentNode ) {
-				eventPath.push( cur );
-				tmp = cur;
-			}
-
-			// Only add window if we got to document (e.g., not plain obj or detached DOM)
-			if ( tmp === ( elem.ownerDocument || document ) ) {
-				eventPath.push( tmp.defaultView || tmp.parentWindow || window );
-			}
-		}
-
-		// Fire handlers on the event path
-		i = 0;
-		while ( ( cur = eventPath[ i++ ] ) && !event.isPropagationStopped() ) {
-
-			event.type = i > 1 ?
-				bubbleType :
-				special.bindType || type;
-
-			// jQuery handler
-			handle = ( dataPriv.get( cur, "events" ) || {} )[ event.type ] &&
-				dataPriv.get( cur, "handle" );
-			if ( handle ) {
-				handle.apply( cur, data );
-			}
-
-			// Native handler
-			handle = ontype && cur[ ontype ];
-			if ( handle && handle.apply && acceptData( cur ) ) {
-				event.result = handle.apply( cur, data );
-				if ( event.result === false ) {
-					event.preventDefault();
-				}
-			}
-		}
-		event.type = type;
-
-		// If nobody prevented the default action, do it now
-		if ( !onlyHandlers && !event.isDefaultPrevented() ) {
-
-			if ( ( !special._default ||
-				special._default.apply( eventPath.pop(), data ) === false ) &&
-				acceptData( elem ) ) {
-
-				// Call a native DOM method on the target with the same name as the event.
-				// Don't do default actions on window, that's where global variables be (#6170)
-				if ( ontype && jQuery.isFunction( elem[ type ] ) && !jQuery.isWindow( elem ) ) {
-
-					// Don't re-trigger an onFOO event when we call its FOO() method
-					tmp = elem[ ontype ];
-
-					if ( tmp ) {
-						elem[ ontype ] = null;
-					}
-
-					// Prevent re-triggering of the same event, since we already bubbled it above
-					jQuery.event.triggered = type;
-					elem[ type ]();
-					jQuery.event.triggered = undefined;
-
-					if ( tmp ) {
-						elem[ ontype ] = tmp;
-					}
-				}
-			}
-		}
-
-		return event.result;
-	},
-
-	// Piggyback on a donor event to simulate a different one
-	// Used only for `focus(in | out)` events
-	simulate: function( type, elem, event ) {
-		var e = jQuery.extend(
-			new jQuery.Event(),
-			event,
-			{
-				type: type,
-				isSimulated: true
-			}
-		);
-
-		jQuery.event.trigger( e, null, elem );
-	}
-
-} );
-
-jQuery.fn.extend( {
-
-	trigger: function( type, data ) {
-		return this.each( function() {
-			jQuery.event.trigger( type, data, this );
-		} );
-	},
-	triggerHandler: function( type, data ) {
-		var elem = this[ 0 ];
-		if ( elem ) {
-			return jQuery.event.trigger( type, data, elem, true );
-		}
-	}
-} );
-
-
-jQuery.each( ( "blur focus focusin focusout resize scroll click dblclick " +
-	"mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave " +
-	"change select submit keydown keypress keyup contextmenu" ).split( " " ),
-	function( i, name ) {
-
-	// Handle event binding
-	jQuery.fn[ name ] = function( data, fn ) {
-		return arguments.length > 0 ?
-			this.on( name, null, data, fn ) :
-			this.trigger( name );
-	};
-} );
-
-jQuery.fn.extend( {
-	hover: function( fnOver, fnOut ) {
-		return this.mouseenter( fnOver ).mouseleave( fnOut || fnOver );
-	}
-} );
-
-
-
-
-support.focusin = "onfocusin" in window;
-
-
-// Support: Firefox <=44
-// Firefox doesn't have focus(in | out) events
-// Related ticket - https://bugzilla.mozilla.org/show_bug.cgi?id=687787
-//
-// Support: Chrome <=48 - 49, Safari <=9.0 - 9.1
-// focus(in | out) events fire after focus & blur events,
-// which is spec violation - http://www.w3.org/TR/DOM-Level-3-Events/#events-focusevent-event-order
-// Related ticket - https://bugs.chromium.org/p/chromium/issues/detail?id=449857
-if ( !support.focusin ) {
-	jQuery.each( { focus: "focusin", blur: "focusout" }, function( orig, fix ) {
-
-		// Attach a single capturing handler on the document while someone wants focusin/focusout
-		var handler = function( event ) {
-			jQuery.event.simulate( fix, event.target, jQuery.event.fix( event ) );
-		};
-
-		jQuery.event.special[ fix ] = {
-			setup: function() {
-				var doc = this.ownerDocument || this,
-					attaches = dataPriv.access( doc, fix );
-
-				if ( !attaches ) {
-					doc.addEventListener( orig, handler, true );
-				}
-				dataPriv.access( doc, fix, ( attaches || 0 ) + 1 );
-			},
-			teardown: function() {
-				var doc = this.ownerDocument || this,
-					attaches = dataPriv.access( doc, fix ) - 1;
-
-				if ( !attaches ) {
-					doc.removeEventListener( orig, handler, true );
-					dataPriv.remove( doc, fix );
-
-				} else {
-					dataPriv.access( doc, fix, attaches );
-				}
-			}
-		};
-	} );
-}
-var location = window.location;
-
-var nonce = jQuery.now();
-
-var rquery = ( /\?/ );
-
-
-
-// Cross-browser xml parsing
-jQuery.parseXML = function( data ) {
-	var xml;
-	if ( !data || typeof data !== "string" ) {
-		return null;
-	}
-
-	// Support: IE 9 - 11 only
-	// IE throws on parseFromString with invalid input.
-	try {
-		xml = ( new window.DOMParser() ).parseFromString( data, "text/xml" );
-	} catch ( e ) {
-		xml = undefined;
-	}
-
-	if ( !xml || xml.getElementsByTagName( "parsererror" ).length ) {
-		jQuery.error( "Invalid XML: " + data );
-	}
-	return xml;
-};
-
-
-var
-	rbracket = /\[\]$/,
-	rCRLF = /\r?\n/g,
-	rsubmitterTypes = /^(?:submit|button|image|reset|file)$/i,
-	rsubmittable = /^(?:input|select|textarea|keygen)/i;
-
-function buildParams( prefix, obj, traditional, add ) {
-	var name;
-
-	if ( Array.isArray( obj ) ) {
-
-		// Serialize array item.
-		jQuery.each( obj, function( i, v ) {
-			if ( traditional || rbracket.test( prefix ) ) {
-
-				// Treat each array item as a scalar.
-				add( prefix, v );
-
-			} else {
-
-				// Item is non-scalar (array or object), encode its numeric index.
-				buildParams(
-					prefix + "[" + ( typeof v === "object" && v != null ? i : "" ) + "]",
-					v,
-					traditional,
-					add
-				);
-			}
-		} );
-
-	} else if ( !traditional && jQuery.type( obj ) === "object" ) {
-
-		// Serialize object item.
-		for ( name in obj ) {
-			buildParams( prefix + "[" + name + "]", obj[ name ], traditional, add );
-		}
-
-	} else {
-
-		// Serialize scalar item.
-		add( prefix, obj );
-	}
-}
-
-// Serialize an array of form elements or a set of
-// key/values into a query string
-jQuery.param = function( a, traditional ) {
-	var prefix,
-		s = [],
-		add = function( key, valueOrFunction ) {
-
-			// If value is a function, invoke it and use its return value
-			var value = jQuery.isFunction( valueOrFunction ) ?
-				valueOrFunction() :
-				valueOrFunction;
-
-			s[ s.length ] = encodeURIComponent( key ) + "=" +
-				encodeURIComponent( value == null ? "" : value );
-		};
-
-	// If an array was passed in, assume that it is an array of form elements.
-	if ( Array.isArray( a ) || ( a.jquery && !jQuery.isPlainObject( a ) ) ) {
-
-		// Serialize the form elements
-		jQuery.each( a, function() {
-			add( this.name, this.value );
-		} );
-
-	} else {
-
-		// If traditional, encode the "old" way (the way 1.3.2 or older
-		// did it), otherwise encode params recursively.
-		for ( prefix in a ) {
-			buildParams( prefix, a[ prefix ], traditional, add );
-		}
-	}
-
-	// Return the resulting serialization
-	return s.join( "&" );
-};
-
-jQuery.fn.extend( {
-	serialize: function() {
-		return jQuery.param( this.serializeArray() );
-	},
-	serializeArray: function() {
-		return this.map( function() {
-
-			// Can add propHook for "elements" to filter or add form elements
-			var elements = jQuery.prop( this, "elements" );
-			return elements ? jQuery.makeArray( elements ) : this;
-		} )
-		.filter( function() {
-			var type = this.type;
-
-			// Use .is( ":disabled" ) so that fieldset[disabled] works
-			return this.name && !jQuery( this ).is( ":disabled" ) &&
-				rsubmittable.test( this.nodeName ) && !rsubmitterTypes.test( type ) &&
-				( this.checked || !rcheckableType.test( type ) );
-		} )
-		.map( function( i, elem ) {
-			var val = jQuery( this ).val();
-
-			if ( val == null ) {
-				return null;
-			}
-
-			if ( Array.isArray( val ) ) {
-				return jQuery.map( val, function( val ) {
-					return { name: elem.name, value: val.replace( rCRLF, "\r\n" ) };
-				} );
-			}
-
-			return { name: elem.name, value: val.replace( rCRLF, "\r\n" ) };
-		} ).get();
-	}
-} );
-
-
-var
-	r20 = /%20/g,
-	rhash = /#.*$/,
-	rantiCache = /([?&])_=[^&]*/,
-	rheaders = /^(.*?):[ \t]*([^\r\n]*)$/mg,
-
-	// #7653, #8125, #8152: local protocol detection
-	rlocalProtocol = /^(?:about|app|app-storage|.+-extension|file|res|widget):$/,
-	rnoContent = /^(?:GET|HEAD)$/,
-	rprotocol = /^\/\//,
-
-	/* Prefilters
-	 * 1) They are useful to introduce custom dataTypes (see ajax/jsonp.js for an example)
-	 * 2) These are called:
-	 *    - BEFORE asking for a transport
-	 *    - AFTER param serialization (s.data is a string if s.processData is true)
-	 * 3) key is the dataType
-	 * 4) the catchall symbol "*" can be used
-	 * 5) execution will start with transport dataType and THEN continue down to "*" if needed
-	 */
-	prefilters = {},
-
-	/* Transports bindings
-	 * 1) key is the dataType
-	 * 2) the catchall symbol "*" can be used
-	 * 3) selection will start with transport dataType and THEN go to "*" if needed
-	 */
-	transports = {},
-
-	// Avoid comment-prolog char sequence (#10098); must appease lint and evade compression
-	allTypes = "*/".concat( "*" ),
-
-	// Anchor tag for parsing the document origin
-	originAnchor = document.createElement( "a" );
-	originAnchor.href = location.href;
-
-// Base "constructor" for jQuery.ajaxPrefilter and jQuery.ajaxTransport
-function addToPrefiltersOrTransports( structure ) {
-
-	// dataTypeExpression is optional and defaults to "*"
-	return function( dataTypeExpression, func ) {
-
-		if ( typeof dataTypeExpression !== "string" ) {
-			func = dataTypeExpression;
-			dataTypeExpression = "*";
-		}
-
-		var dataType,
-			i = 0,
-			dataTypes = dataTypeExpression.toLowerCase().match( rnothtmlwhite ) || [];
-
-		if ( jQuery.isFunction( func ) ) {
-
-			// For each dataType in the dataTypeExpression
-			while ( ( dataType = dataTypes[ i++ ] ) ) {
-
-				// Prepend if requested
-				if ( dataType[ 0 ] === "+" ) {
-					dataType = dataType.slice( 1 ) || "*";
-					( structure[ dataType ] = structure[ dataType ] || [] ).unshift( func );
-
-				// Otherwise append
-				} else {
-					( structure[ dataType ] = structure[ dataType ] || [] ).push( func );
-				}
-			}
-		}
-	};
-}
-
-// Base inspection function for prefilters and transports
-function inspectPrefiltersOrTransports( structure, options, originalOptions, jqXHR ) {
-
-	var inspected = {},
-		seekingTransport = ( structure === transports );
-
-	function inspect( dataType ) {
-		var selected;
-		inspected[ dataType ] = true;
-		jQuery.each( structure[ dataType ] || [], function( _, prefilterOrFactory ) {
-			var dataTypeOrTransport = prefilterOrFactory( options, originalOptions, jqXHR );
-			if ( typeof dataTypeOrTransport === "string" &&
-				!seekingTransport && !inspected[ dataTypeOrTransport ] ) {
-
-				options.dataTypes.unshift( dataTypeOrTransport );
-				inspect( dataTypeOrTransport );
-				return false;
-			} else if ( seekingTransport ) {
-				return !( selected = dataTypeOrTransport );
-			}
-		} );
-		return selected;
-	}
-
-	return inspect( options.dataTypes[ 0 ] ) || !inspected[ "*" ] && inspect( "*" );
-}
-
-// A special extend for ajax options
-// that takes "flat" options (not to be deep extended)
-// Fixes #9887
-function ajaxExtend( target, src ) {
-	var key, deep,
-		flatOptions = jQuery.ajaxSettings.flatOptions || {};
-
-	for ( key in src ) {
-		if ( src[ key ] !== undefined ) {
-			( flatOptions[ key ] ? target : ( deep || ( deep = {} ) ) )[ key ] = src[ key ];
-		}
-	}
-	if ( deep ) {
-		jQuery.extend( true, target, deep );
-	}
-
-	return target;
-}
-
-/* Handles responses to an ajax request:
- * - finds the right dataType (mediates between content-type and expected dataType)
- * - returns the corresponding response
- */
-function ajaxHandleResponses( s, jqXHR, responses ) {
-
-	var ct, type, finalDataType, firstDataType,
-		contents = s.contents,
-		dataTypes = s.dataTypes;
-
-	// Remove auto dataType and get content-type in the process
-	while ( dataTypes[ 0 ] === "*" ) {
-		dataTypes.shift();
-		if ( ct === undefined ) {
-			ct = s.mimeType || jqXHR.getResponseHeader( "Content-Type" );
-		}
-	}
-
-	// Check if we're dealing with a known content-type
-	if ( ct ) {
-		for ( type in contents ) {
-			if ( contents[ type ] && contents[ type ].test( ct ) ) {
-				dataTypes.unshift( type );
-				break;
-			}
-		}
-	}
-
-	// Check to see if we have a response for the expected dataType
-	if ( dataTypes[ 0 ] in responses ) {
-		finalDataType = dataTypes[ 0 ];
-	} else {
-
-		// Try convertible dataTypes
-		for ( type in responses ) {
-			if ( !dataTypes[ 0 ] || s.converters[ type + " " + dataTypes[ 0 ] ] ) {
-				finalDataType = type;
-				break;
-			}
-			if ( !firstDataType ) {
-				firstDataType = type;
-			}
-		}
-
-		// Or just use first one
-		finalDataType = finalDataType || firstDataType;
-	}
-
-	// If we found a dataType
-	// We add the dataType to the list if needed
-	// and return the corresponding response
-	if ( finalDataType ) {
-		if ( finalDataType !== dataTypes[ 0 ] ) {
-			dataTypes.unshift( finalDataType );
-		}
-		return responses[ finalDataType ];
-	}
-}
-
-/* Chain conversions given the request and the original response
- * Also sets the responseXXX fields on the jqXHR instance
- */
-function ajaxConvert( s, response, jqXHR, isSuccess ) {
-	var conv2, current, conv, tmp, prev,
-		converters = {},
-
-		// Work with a copy of dataTypes in case we need to modify it for conversion
-		dataTypes = s.dataTypes.slice();
-
-	// Create converters map with lowercased keys
-	if ( dataTypes[ 1 ] ) {
-		for ( conv in s.converters ) {
-			converters[ conv.toLowerCase() ] = s.converters[ conv ];
-		}
-	}
-
-	current = dataTypes.shift();
-
-	// Convert to each sequential dataType
-	while ( current ) {
-
-		if ( s.responseFields[ current ] ) {
-			jqXHR[ s.responseFields[ current ] ] = response;
-		}
-
-		// Apply the dataFilter if provided
-		if ( !prev && isSuccess && s.dataFilter ) {
-			response = s.dataFilter( response, s.dataType );
-		}
-
-		prev = current;
-		current = dataTypes.shift();
-
-		if ( current ) {
-
-			// There's only work to do if current dataType is non-auto
-			if ( current === "*" ) {
-
-				current = prev;
-
-			// Convert response if prev dataType is non-auto and differs from current
-			} else if ( prev !== "*" && prev !== current ) {
-
-				// Seek a direct converter
-				conv = converters[ prev + " " + current ] || converters[ "* " + current ];
-
-				// If none found, seek a pair
-				if ( !conv ) {
-					for ( conv2 in converters ) {
-
-						// If conv2 outputs current
-						tmp = conv2.split( " " );
-						if ( tmp[ 1 ] === current ) {
-
-							// If prev can be converted to accepted input
-							conv = converters[ prev + " " + tmp[ 0 ] ] ||
-								converters[ "* " + tmp[ 0 ] ];
-							if ( conv ) {
-
-								// Condense equivalence converters
-								if ( conv === true ) {
-									conv = converters[ conv2 ];
-
-								// Otherwise, insert the intermediate dataType
-								} else if ( converters[ conv2 ] !== true ) {
-									current = tmp[ 0 ];
-									dataTypes.unshift( tmp[ 1 ] );
-								}
-								break;
-							}
-						}
-					}
-				}
-
-				// Apply converter (if not an equivalence)
-				if ( conv !== true ) {
-
-					// Unless errors are allowed to bubble, catch and return them
-					if ( conv && s.throws ) {
-						response = conv( response );
-					} else {
-						try {
-							response = conv( response );
-						} catch ( e ) {
-							return {
-								state: "parsererror",
-								error: conv ? e : "No conversion from " + prev + " to " + current
-							};
-						}
-					}
-				}
-			}
-		}
-	}
-
-	return { state: "success", data: response };
-}
-
-jQuery.extend( {
-
-	// Counter for holding the number of active queries
-	active: 0,
-
-	// Last-Modified header cache for next request
-	lastModified: {},
-	etag: {},
-
-	ajaxSettings: {
-		url: location.href,
-		type: "GET",
-		isLocal: rlocalProtocol.test( location.protocol ),
-		global: true,
-		processData: true,
-		async: true,
-		contentType: "application/x-www-form-urlencoded; charset=UTF-8",
-
-		/*
-		timeout: 0,
-		data: null,
-		dataType: null,
-		username: null,
-		password: null,
-		cache: null,
-		throws: false,
-		traditional: false,
-		headers: {},
-		*/
-
-		accepts: {
-			"*": allTypes,
-			text: "text/plain",
-			html: "text/html",
-			xml: "application/xml, text/xml",
-			json: "application/json, text/javascript"
-		},
-
-		contents: {
-			xml: /\bxml\b/,
-			html: /\bhtml/,
-			json: /\bjson\b/
-		},
-
-		responseFields: {
-			xml: "responseXML",
-			text: "responseText",
-			json: "responseJSON"
-		},
-
-		// Data converters
-		// Keys separate source (or catchall "*") and destination types with a single space
-		converters: {
-
-			// Convert anything to text
-			"* text": String,
-
-			// Text to html (true = no transformation)
-			"text html": true,
-
-			// Evaluate text as a json expression
-			"text json": JSON.parse,
-
-			// Parse text as xml
-			"text xml": jQuery.parseXML
-		},
-
-		// For options that shouldn't be deep extended:
-		// you can add your own custom options here if
-		// and when you create one that shouldn't be
-		// deep extended (see ajaxExtend)
-		flatOptions: {
-			url: true,
-			context: true
-		}
-	},
-
-	// Creates a full fledged settings object into target
-	// with both ajaxSettings and settings fields.
-	// If target is omitted, writes into ajaxSettings.
-	ajaxSetup: function( target, settings ) {
-		return settings ?
-
-			// Building a settings object
-			ajaxExtend( ajaxExtend( target, jQuery.ajaxSettings ), settings ) :
-
-			// Extending ajaxSettings
-			ajaxExtend( jQuery.ajaxSettings, target );
-	},
-
-	ajaxPrefilter: addToPrefiltersOrTransports( prefilters ),
-	ajaxTransport: addToPrefiltersOrTransports( transports ),
-
-	// Main method
-	ajax: function( url, options ) {
-
-		// If url is an object, simulate pre-1.5 signature
-		if ( typeof url === "object" ) {
-			options = url;
-			url = undefined;
-		}
-
-		// Force options to be an object
-		options = options || {};
-
-		var transport,
-
-			// URL without anti-cache param
-			cacheURL,
-
-			// Response headers
-			responseHeadersString,
-			responseHeaders,
-
-			// timeout handle
-			timeoutTimer,
-
-			// Url cleanup var
-			urlAnchor,
-
-			// Request state (becomes false upon send and true upon completion)
-			completed,
-
-			// To know if global events are to be dispatched
-			fireGlobals,
-
-			// Loop variable
-			i,
-
-			// uncached part of the url
-			uncached,
-
-			// Create the final options object
-			s = jQuery.ajaxSetup( {}, options ),
-
-			// Callbacks context
-			callbackContext = s.context || s,
-
-			// Context for global events is callbackContext if it is a DOM node or jQuery collection
-			globalEventContext = s.context &&
-				( callbackContext.nodeType || callbackContext.jquery ) ?
-					jQuery( callbackContext ) :
-					jQuery.event,
-
-			// Deferreds
-			deferred = jQuery.Deferred(),
-			completeDeferred = jQuery.Callbacks( "once memory" ),
-
-			// Status-dependent callbacks
-			statusCode = s.statusCode || {},
-
-			// Headers (they are sent all at once)
-			requestHeaders = {},
-			requestHeadersNames = {},
-
-			// Default abort message
-			strAbort = "canceled",
-
-			// Fake xhr
-			jqXHR = {
-				readyState: 0,
-
-				// Builds headers hashtable if needed
-				getResponseHeader: function( key ) {
-					var match;
-					if ( completed ) {
-						if ( !responseHeaders ) {
-							responseHeaders = {};
-							while ( ( match = rheaders.exec( responseHeadersString ) ) ) {
-								responseHeaders[ match[ 1 ].toLowerCase() ] = match[ 2 ];
-							}
-						}
-						match = responseHeaders[ key.toLowerCase() ];
-					}
-					return match == null ? null : match;
-				},
-
-				// Raw string
-				getAllResponseHeaders: function() {
-					return completed ? responseHeadersString : null;
-				},
-
-				// Caches the header
-				setRequestHeader: function( name, value ) {
-					if ( completed == null ) {
-						name = requestHeadersNames[ name.toLowerCase() ] =
-							requestHeadersNames[ name.toLowerCase() ] || name;
-						requestHeaders[ name ] = value;
-					}
-					return this;
-				},
-
-				// Overrides response content-type header
-				overrideMimeType: function( type ) {
-					if ( completed == null ) {
-						s.mimeType = type;
-					}
-					return this;
-				},
-
-				// Status-dependent callbacks
-				statusCode: function( map ) {
-					var code;
-					if ( map ) {
-						if ( completed ) {
-
-							// Execute the appropriate callbacks
-							jqXHR.always( map[ jqXHR.status ] );
-						} else {
-
-							// Lazy-add the new callbacks in a way that preserves old ones
-							for ( code in map ) {
-								statusCode[ code ] = [ statusCode[ code ], map[ code ] ];
-							}
-						}
-					}
-					return this;
-				},
-
-				// Cancel the request
-				abort: function( statusText ) {
-					var finalText = statusText || strAbort;
-					if ( transport ) {
-						transport.abort( finalText );
-					}
-					done( 0, finalText );
-					return this;
-				}
-			};
-
-		// Attach deferreds
-		deferred.promise( jqXHR );
-
-		// Add protocol if not provided (prefilters might expect it)
-		// Handle falsy url in the settings object (#10093: consistency with old signature)
-		// We also use the url parameter if available
-		s.url = ( ( url || s.url || location.href ) + "" )
-			.replace( rprotocol, location.protocol + "//" );
-
-		// Alias method option to type as per ticket #12004
-		s.type = options.method || options.type || s.method || s.type;
-
-		// Extract dataTypes list
-		s.dataTypes = ( s.dataType || "*" ).toLowerCase().match( rnothtmlwhite ) || [ "" ];
-
-		// A cross-domain request is in order when the origin doesn't match the current origin.
-		if ( s.crossDomain == null ) {
-			urlAnchor = document.createElement( "a" );
-
-			// Support: IE <=8 - 11, Edge 12 - 13
-			// IE throws exception on accessing the href property if url is malformed,
-			// e.g. http://example.com:80x/
-			try {
-				urlAnchor.href = s.url;
-
-				// Support: IE <=8 - 11 only
-				// Anchor's host property isn't correctly set when s.url is relative
-				urlAnchor.href = urlAnchor.href;
-				s.crossDomain = originAnchor.protocol + "//" + originAnchor.host !==
-					urlAnchor.protocol + "//" + urlAnchor.host;
-			} catch ( e ) {
-
-				// If there is an error parsing the URL, assume it is crossDomain,
-				// it can be rejected by the transport if it is invalid
-				s.crossDomain = true;
-			}
-		}
-
-		// Convert data if not already a string
-		if ( s.data && s.processData && typeof s.data !== "string" ) {
-			s.data = jQuery.param( s.data, s.traditional );
-		}
-
-		// Apply prefilters
-		inspectPrefiltersOrTransports( prefilters, s, options, jqXHR );
-
-		// If request was aborted inside a prefilter, stop there
-		if ( completed ) {
-			return jqXHR;
-		}
-
-		// We can fire global events as of now if asked to
-		// Don't fire events if jQuery.event is undefined in an AMD-usage scenario (#15118)
-		fireGlobals = jQuery.event && s.global;
-
-		// Watch for a new set of requests
-		if ( fireGlobals && jQuery.active++ === 0 ) {
-			jQuery.event.trigger( "ajaxStart" );
-		}
-
-		// Uppercase the type
-		s.type = s.type.toUpperCase();
-
-		// Determine if request has content
-		s.hasContent = !rnoContent.test( s.type );
-
-		// Save the URL in case we're toying with the If-Modified-Since
-		// and/or If-None-Match header later on
-		// Remove hash to simplify url manipulation
-		cacheURL = s.url.replace( rhash, "" );
-
-		// More options handling for requests with no content
-		if ( !s.hasContent ) {
-
-			// Remember the hash so we can put it back
-			uncached = s.url.slice( cacheURL.length );
-
-			// If data is available, append data to url
-			if ( s.data ) {
-				cacheURL += ( rquery.test( cacheURL ) ? "&" : "?" ) + s.data;
-
-				// #9682: remove data so that it's not used in an eventual retry
-				delete s.data;
-			}
-
-			// Add or update anti-cache param if needed
-			if ( s.cache === false ) {
-				cacheURL = cacheURL.replace( rantiCache, "$1" );
-				uncached = ( rquery.test( cacheURL ) ? "&" : "?" ) + "_=" + ( nonce++ ) + uncached;
-			}
-
-			// Put hash and anti-cache on the URL that will be requested (gh-1732)
-			s.url = cacheURL + uncached;
-
-		// Change '%20' to '+' if this is encoded form body content (gh-2658)
-		} else if ( s.data && s.processData &&
-			( s.contentType || "" ).indexOf( "application/x-www-form-urlencoded" ) === 0 ) {
-			s.data = s.data.replace( r20, "+" );
-		}
-
-		// Set the If-Modified-Since and/or If-None-Match header, if in ifModified mode.
-		if ( s.ifModified ) {
-			if ( jQuery.lastModified[ cacheURL ] ) {
-				jqXHR.setRequestHeader( "If-Modified-Since", jQuery.lastModified[ cacheURL ] );
-			}
-			if ( jQuery.etag[ cacheURL ] ) {
-				jqXHR.setRequestHeader( "If-None-Match", jQuery.etag[ cacheURL ] );
-			}
-		}
-
-		// Set the correct header, if data is being sent
-		if ( s.data && s.hasContent && s.contentType !== false || options.contentType ) {
-			jqXHR.setRequestHeader( "Content-Type", s.contentType );
-		}
-
-		// Set the Accepts header for the server, depending on the dataType
-		jqXHR.setRequestHeader(
-			"Accept",
-			s.dataTypes[ 0 ] && s.accepts[ s.dataTypes[ 0 ] ] ?
-				s.accepts[ s.dataTypes[ 0 ] ] +
-					( s.dataTypes[ 0 ] !== "*" ? ", " + allTypes + "; q=0.01" : "" ) :
-				s.accepts[ "*" ]
-		);
-
-		// Check for headers option
-		for ( i in s.headers ) {
-			jqXHR.setRequestHeader( i, s.headers[ i ] );
-		}
-
-		// Allow custom headers/mimetypes and early abort
-		if ( s.beforeSend &&
-			( s.beforeSend.call( callbackContext, jqXHR, s ) === false || completed ) ) {
-
-			// Abort if not done already and return
-			return jqXHR.abort();
-		}
-
-		// Aborting is no longer a cancellation
-		strAbort = "abort";
-
-		// Install callbacks on deferreds
-		completeDeferred.add( s.complete );
-		jqXHR.done( s.success );
-		jqXHR.fail( s.error );
-
-		// Get transport
-		transport = inspectPrefiltersOrTransports( transports, s, options, jqXHR );
-
-		// If no transport, we auto-abort
-		if ( !transport ) {
-			done( -1, "No Transport" );
-		} else {
-			jqXHR.readyState = 1;
-
-			// Send global event
-			if ( fireGlobals ) {
-				globalEventContext.trigger( "ajaxSend", [ jqXHR, s ] );
-			}
-
-			// If request was aborted inside ajaxSend, stop there
-			if ( completed ) {
-				return jqXHR;
-			}
-
-			// Timeout
-			if ( s.async && s.timeout > 0 ) {
-				timeoutTimer = window.setTimeout( function() {
-					jqXHR.abort( "timeout" );
-				}, s.timeout );
-			}
-
-			try {
-				completed = false;
-				transport.send( requestHeaders, done );
-			} catch ( e ) {
-
-				// Rethrow post-completion exceptions
-				if ( completed ) {
-					throw e;
-				}
-
-				// Propagate others as results
-				done( -1, e );
-			}
-		}
-
-		// Callback for when everything is done
-		function done( status, nativeStatusText, responses, headers ) {
-			var isSuccess, success, error, response, modified,
-				statusText = nativeStatusText;
-
-			// Ignore repeat invocations
-			if ( completed ) {
-				return;
-			}
-
-			completed = true;
-
-			// Clear timeout if it exists
-			if ( timeoutTimer ) {
-				window.clearTimeout( timeoutTimer );
-			}
-
-			// Dereference transport for early garbage collection
-			// (no matter how long the jqXHR object will be used)
-			transport = undefined;
-
-			// Cache response headers
-			responseHeadersString = headers || "";
-
-			// Set readyState
-			jqXHR.readyState = status > 0 ? 4 : 0;
-
-			// Determine if successful
-			isSuccess = status >= 200 && status < 300 || status === 304;
-
-			// Get response data
-			if ( responses ) {
-				response = ajaxHandleResponses( s, jqXHR, responses );
-			}
-
-			// Convert no matter what (that way responseXXX fields are always set)
-			response = ajaxConvert( s, response, jqXHR, isSuccess );
-
-			// If successful, handle type chaining
-			if ( isSuccess ) {
-
-				// Set the If-Modified-Since and/or If-None-Match header, if in ifModified mode.
-				if ( s.ifModified ) {
-					modified = jqXHR.getResponseHeader( "Last-Modified" );
-					if ( modified ) {
-						jQuery.lastModified[ cacheURL ] = modified;
-					}
-					modified = jqXHR.getResponseHeader( "etag" );
-					if ( modified ) {
-						jQuery.etag[ cacheURL ] = modified;
-					}
-				}
-
-				// if no content
-				if ( status === 204 || s.type === "HEAD" ) {
-					statusText = "nocontent";
-
-				// if not modified
-				} else if ( status === 304 ) {
-					statusText = "notmodified";
-
-				// If we have data, let's convert it
-				} else {
-					statusText = response.state;
-					success = response.data;
-					error = response.error;
-					isSuccess = !error;
-				}
-			} else {
-
-				// Extract error from statusText and normalize for non-aborts
-				error = statusText;
-				if ( status || !statusText ) {
-					statusText = "error";
-					if ( status < 0 ) {
-						status = 0;
-					}
-				}
-			}
-
-			// Set data for the fake xhr object
-			jqXHR.status = status;
-			jqXHR.statusText = ( nativeStatusText || statusText ) + "";
-
-			// Success/Error
-			if ( isSuccess ) {
-				deferred.resolveWith( callbackContext, [ success, statusText, jqXHR ] );
-			} else {
-				deferred.rejectWith( callbackContext, [ jqXHR, statusText, error ] );
-			}
-
-			// Status-dependent callbacks
-			jqXHR.statusCode( statusCode );
-			statusCode = undefined;
-
-			if ( fireGlobals ) {
-				globalEventContext.trigger( isSuccess ? "ajaxSuccess" : "ajaxError",
-					[ jqXHR, s, isSuccess ? success : error ] );
-			}
-
-			// Complete
-			completeDeferred.fireWith( callbackContext, [ jqXHR, statusText ] );
-
-			if ( fireGlobals ) {
-				globalEventContext.trigger( "ajaxComplete", [ jqXHR, s ] );
-
-				// Handle the global AJAX counter
-				if ( !( --jQuery.active ) ) {
-					jQuery.event.trigger( "ajaxStop" );
-				}
-			}
-		}
-
-		return jqXHR;
-	},
-
-	getJSON: function( url, data, callback ) {
-		return jQuery.get( url, data, callback, "json" );
-	},
-
-	getScript: function( url, callback ) {
-		return jQuery.get( url, undefined, callback, "script" );
-	}
-} );
-
-jQuery.each( [ "get", "post" ], function( i, method ) {
-	jQuery[ method ] = function( url, data, callback, type ) {
-
-		// Shift arguments if data argument was omitted
-		if ( jQuery.isFunction( data ) ) {
-			type = type || callback;
-			callback = data;
-			data = undefined;
-		}
-
-		// The url can be an options object (which then must have .url)
-		return jQuery.ajax( jQuery.extend( {
-			url: url,
-			type: method,
-			dataType: type,
-			data: data,
-			success: callback
-		}, jQuery.isPlainObject( url ) && url ) );
-	};
-} );
-
-
-jQuery._evalUrl = function( url ) {
-	return jQuery.ajax( {
-		url: url,
-
-		// Make this explicit, since user can override this through ajaxSetup (#11264)
-		type: "GET",
-		dataType: "script",
-		cache: true,
-		async: false,
-		global: false,
-		"throws": true
-	} );
-};
-
-
-jQuery.fn.extend( {
-	wrapAll: function( html ) {
-		var wrap;
-
-		if ( this[ 0 ] ) {
-			if ( jQuery.isFunction( html ) ) {
-				html = html.call( this[ 0 ] );
-			}
-
-			// The elements to wrap the target around
-			wrap = jQuery( html, this[ 0 ].ownerDocument ).eq( 0 ).clone( true );
-
-			if ( this[ 0 ].parentNode ) {
-				wrap.insertBefore( this[ 0 ] );
-			}
-
-			wrap.map( function() {
-				var elem = this;
-
-				while ( elem.firstElementChild ) {
-					elem = elem.firstElementChild;
-				}
-
-				return elem;
-			} ).append( this );
-		}
-
-		return this;
-	},
-
-	wrapInner: function( html ) {
-		if ( jQuery.isFunction( html ) ) {
-			return this.each( function( i ) {
-				jQuery( this ).wrapInner( html.call( this, i ) );
-			} );
-		}
-
-		return this.each( function() {
-			var self = jQuery( this ),
-				contents = self.contents();
-
-			if ( contents.length ) {
-				contents.wrapAll( html );
-
-			} else {
-				self.append( html );
-			}
-		} );
-	},
-
-	wrap: function( html ) {
-		var isFunction = jQuery.isFunction( html );
-
-		return this.each( function( i ) {
-			jQuery( this ).wrapAll( isFunction ? html.call( this, i ) : html );
-		} );
-	},
-
-	unwrap: function( selector ) {
-		this.parent( selector ).not( "body" ).each( function() {
-			jQuery( this ).replaceWith( this.childNodes );
-		} );
-		return this;
-	}
-} );
-
-
-jQuery.expr.pseudos.hidden = function( elem ) {
-	return !jQuery.expr.pseudos.visible( elem );
-};
-jQuery.expr.pseudos.visible = function( elem ) {
-	return !!( elem.offsetWidth || elem.offsetHeight || elem.getClientRects().length );
-};
-
-
-
-
-jQuery.ajaxSettings.xhr = function() {
-	try {
-		return new window.XMLHttpRequest();
-	} catch ( e ) {}
-};
-
-var xhrSuccessStatus = {
-
-		// File protocol always yields status code 0, assume 200
-		0: 200,
-
-		// Support: IE <=9 only
-		// #1450: sometimes IE returns 1223 when it should be 204
-		1223: 204
-	},
-	xhrSupported = jQuery.ajaxSettings.xhr();
-
-support.cors = !!xhrSupported && ( "withCredentials" in xhrSupported );
-support.ajax = xhrSupported = !!xhrSupported;
-
-jQuery.ajaxTransport( function( options ) {
-	var callback, errorCallback;
-
-	// Cross domain only allowed if supported through XMLHttpRequest
-	if ( support.cors || xhrSupported && !options.crossDomain ) {
-		return {
-			send: function( headers, complete ) {
-				var i,
-					xhr = options.xhr();
-
-				xhr.open(
-					options.type,
-					options.url,
-					options.async,
-					options.username,
-					options.password
-				);
-
-				// Apply custom fields if provided
-				if ( options.xhrFields ) {
-					for ( i in options.xhrFields ) {
-						xhr[ i ] = options.xhrFields[ i ];
-					}
-				}
-
-				// Override mime type if needed
-				if ( options.mimeType && xhr.overrideMimeType ) {
-					xhr.overrideMimeType( options.mimeType );
-				}
-
-				// X-Requested-With header
-				// For cross-domain requests, seeing as conditions for a preflight are
-				// akin to a jigsaw puzzle, we simply never set it to be sure.
-				// (it can always be set on a per-request basis or even using ajaxSetup)
-				// For same-domain requests, won't change header if already provided.
-				if ( !options.crossDomain && !headers[ "X-Requested-With" ] ) {
-					headers[ "X-Requested-With" ] = "XMLHttpRequest";
-				}
-
-				// Set headers
-				for ( i in headers ) {
-					xhr.setRequestHeader( i, headers[ i ] );
-				}
-
-				// Callback
-				callback = function( type ) {
-					return function() {
-						if ( callback ) {
-							callback = errorCallback = xhr.onload =
-								xhr.onerror = xhr.onabort = xhr.onreadystatechange = null;
-
-							if ( type === "abort" ) {
-								xhr.abort();
-							} else if ( type === "error" ) {
-
-								// Support: IE <=9 only
-								// On a manual native abort, IE9 throws
-								// errors on any property access that is not readyState
-								if ( typeof xhr.status !== "number" ) {
-									complete( 0, "error" );
-								} else {
-									complete(
-
-										// File: protocol always yields status 0; see #8605, #14207
-										xhr.status,
-										xhr.statusText
-									);
-								}
-							} else {
-								complete(
-									xhrSuccessStatus[ xhr.status ] || xhr.status,
-									xhr.statusText,
-
-									// Support: IE <=9 only
-									// IE9 has no XHR2 but throws on binary (trac-11426)
-									// For XHR2 non-text, let the caller handle it (gh-2498)
-									( xhr.responseType || "text" ) !== "text"  ||
-									typeof xhr.responseText !== "string" ?
-										{ binary: xhr.response } :
-										{ text: xhr.responseText },
-									xhr.getAllResponseHeaders()
-								);
-							}
-						}
-					};
-				};
-
-				// Listen to events
-				xhr.onload = callback();
-				errorCallback = xhr.onerror = callback( "error" );
-
-				// Support: IE 9 only
-				// Use onreadystatechange to replace onabort
-				// to handle uncaught aborts
-				if ( xhr.onabort !== undefined ) {
-					xhr.onabort = errorCallback;
-				} else {
-					xhr.onreadystatechange = function() {
-
-						// Check readyState before timeout as it changes
-						if ( xhr.readyState === 4 ) {
-
-							// Allow onerror to be called first,
-							// but that will not handle a native abort
-							// Also, save errorCallback to a variable
-							// as xhr.onerror cannot be accessed
-							window.setTimeout( function() {
-								if ( callback ) {
-									errorCallback();
-								}
-							} );
-						}
-					};
-				}
-
-				// Create the abort callback
-				callback = callback( "abort" );
-
-				try {
-
-					// Do send the request (this may raise an exception)
-					xhr.send( options.hasContent && options.data || null );
-				} catch ( e ) {
-
-					// #14683: Only rethrow if this hasn't been notified as an error yet
-					if ( callback ) {
-						throw e;
-					}
-				}
-			},
-
-			abort: function() {
-				if ( callback ) {
-					callback();
-				}
-			}
-		};
-	}
-} );
-
-
-
-
-// Prevent auto-execution of scripts when no explicit dataType was provided (See gh-2432)
-jQuery.ajaxPrefilter( function( s ) {
-	if ( s.crossDomain ) {
-		s.contents.script = false;
-	}
-} );
-
-// Install script dataType
-jQuery.ajaxSetup( {
-	accepts: {
-		script: "text/javascript, application/javascript, " +
-			"application/ecmascript, application/x-ecmascript"
-	},
-	contents: {
-		script: /\b(?:java|ecma)script\b/
-	},
-	converters: {
-		"text script": function( text ) {
-			jQuery.globalEval( text );
-			return text;
-		}
-	}
-} );
-
-// Handle cache's special case and crossDomain
-jQuery.ajaxPrefilter( "script", function( s ) {
-	if ( s.cache === undefined ) {
-		s.cache = false;
-	}
-	if ( s.crossDomain ) {
-		s.type = "GET";
-	}
-} );
-
-// Bind script tag hack transport
-jQuery.ajaxTransport( "script", function( s ) {
-
-	// This transport only deals with cross domain requests
-	if ( s.crossDomain ) {
-		var script, callback;
-		return {
-			send: function( _, complete ) {
-				script = jQuery( "<script>" ).prop( {
-					charset: s.scriptCharset,
-					src: s.url
-				} ).on(
-					"load error",
-					callback = function( evt ) {
-						script.remove();
-						callback = null;
-						if ( evt ) {
-							complete( evt.type === "error" ? 404 : 200, evt.type );
-						}
-					}
-				);
-
-				// Use native DOM manipulation to avoid our domManip AJAX trickery
-				document.head.appendChild( script[ 0 ] );
-			},
-			abort: function() {
-				if ( callback ) {
-					callback();
-				}
-			}
-		};
-	}
-} );
-
-
-
-
-var oldCallbacks = [],
-	rjsonp = /(=)\?(?=&|$)|\?\?/;
-
-// Default jsonp settings
-jQuery.ajaxSetup( {
-	jsonp: "callback",
-	jsonpCallback: function() {
-		var callback = oldCallbacks.pop() || ( jQuery.expando + "_" + ( nonce++ ) );
-		this[ callback ] = true;
-		return callback;
-	}
-} );
-
-// Detect, normalize options and install callbacks for jsonp requests
-jQuery.ajaxPrefilter( "json jsonp", function( s, originalSettings, jqXHR ) {
-
-	var callbackName, overwritten, responseContainer,
-		jsonProp = s.jsonp !== false && ( rjsonp.test( s.url ) ?
-			"url" :
-			typeof s.data === "string" &&
-				( s.contentType || "" )
-					.indexOf( "application/x-www-form-urlencoded" ) === 0 &&
-				rjsonp.test( s.data ) && "data"
-		);
-
-	// Handle iff the expected data type is "jsonp" or we have a parameter to set
-	if ( jsonProp || s.dataTypes[ 0 ] === "jsonp" ) {
-
-		// Get callback name, remembering preexisting value associated with it
-		callbackName = s.jsonpCallback = jQuery.isFunction( s.jsonpCallback ) ?
-			s.jsonpCallback() :
-			s.jsonpCallback;
-
-		// Insert callback into url or form data
-		if ( jsonProp ) {
-			s[ jsonProp ] = s[ jsonProp ].replace( rjsonp, "$1" + callbackName );
-		} else if ( s.jsonp !== false ) {
-			s.url += ( rquery.test( s.url ) ? "&" : "?" ) + s.jsonp + "=" + callbackName;
-		}
-
-		// Use data converter to retrieve json after script execution
-		s.converters[ "script json" ] = function() {
-			if ( !responseContainer ) {
-				jQuery.error( callbackName + " was not called" );
-			}
-			return responseContainer[ 0 ];
-		};
-
-		// Force json dataType
-		s.dataTypes[ 0 ] = "json";
-
-		// Install callback
-		overwritten = window[ callbackName ];
-		window[ callbackName ] = function() {
-			responseContainer = arguments;
-		};
-
-		// Clean-up function (fires after converters)
-		jqXHR.always( function() {
-
-			// If previous value didn't exist - remove it
-			if ( overwritten === undefined ) {
-				jQuery( window ).removeProp( callbackName );
-
-			// Otherwise restore preexisting value
-			} else {
-				window[ callbackName ] = overwritten;
-			}
-
-			// Save back as free
-			if ( s[ callbackName ] ) {
-
-				// Make sure that re-using the options doesn't screw things around
-				s.jsonpCallback = originalSettings.jsonpCallback;
-
-				// Save the callback name for future use
-				oldCallbacks.push( callbackName );
-			}
-
-			// Call if it was a function and we have a response
-			if ( responseContainer && jQuery.isFunction( overwritten ) ) {
-				overwritten( responseContainer[ 0 ] );
-			}
-
-			responseContainer = overwritten = undefined;
-		} );
-
-		// Delegate to script
-		return "script";
-	}
-} );
-
-
-
-
-// Support: Safari 8 only
-// In Safari 8 documents created via document.implementation.createHTMLDocument
-// collapse sibling forms: the second one becomes a child of the first one.
-// Because of that, this security measure has to be disabled in Safari 8.
-// https://bugs.webkit.org/show_bug.cgi?id=137337
-support.createHTMLDocument = ( function() {
-	var body = document.implementation.createHTMLDocument( "" ).body;
-	body.innerHTML = "<form></form><form></form>";
-	return body.childNodes.length === 2;
-} )();
-
-
-// Argument "data" should be string of html
-// context (optional): If specified, the fragment will be created in this context,
-// defaults to document
-// keepScripts (optional): If true, will include scripts passed in the html string
-jQuery.parseHTML = function( data, context, keepScripts ) {
-	if ( typeof data !== "string" ) {
-		return [];
-	}
-	if ( typeof context === "boolean" ) {
-		keepScripts = context;
-		context = false;
-	}
-
-	var base, parsed, scripts;
-
-	if ( !context ) {
-
-		// Stop scripts or inline event handlers from being executed immediately
-		// by using document.implementation
-		if ( support.createHTMLDocument ) {
-			context = document.implementation.createHTMLDocument( "" );
-
-			// Set the base href for the created document
-			// so any parsed elements with URLs
-			// are based on the document's URL (gh-2965)
-			base = context.createElement( "base" );
-			base.href = document.location.href;
-			context.head.appendChild( base );
-		} else {
-			context = document;
-		}
-	}
-
-	parsed = rsingleTag.exec( data );
-	scripts = !keepScripts && [];
-
-	// Single tag
-	if ( parsed ) {
-		return [ context.createElement( parsed[ 1 ] ) ];
-	}
-
-	parsed = buildFragment( [ data ], context, scripts );
-
-	if ( scripts && scripts.length ) {
-		jQuery( scripts ).remove();
-	}
-
-	return jQuery.merge( [], parsed.childNodes );
-};
-
-
-/**
- * Load a url into a page
- */
-jQuery.fn.load = function( url, params, callback ) {
-	var selector, type, response,
-		self = this,
-		off = url.indexOf( " " );
-
-	if ( off > -1 ) {
-		selector = stripAndCollapse( url.slice( off ) );
-		url = url.slice( 0, off );
-	}
-
-	// If it's a function
-	if ( jQuery.isFunction( params ) ) {
-
-		// We assume that it's the callback
-		callback = params;
-		params = undefined;
-
-	// Otherwise, build a param string
-	} else if ( params && typeof params === "object" ) {
-		type = "POST";
-	}
-
-	// If we have elements to modify, make the request
-	if ( self.length > 0 ) {
-		jQuery.ajax( {
-			url: url,
-
-			// If "type" variable is undefined, then "GET" method will be used.
-			// Make value of this field explicit since
-			// user can override it through ajaxSetup method
-			type: type || "GET",
-			dataType: "html",
-			data: params
-		} ).done( function( responseText ) {
-
-			// Save response for use in complete callback
-			response = arguments;
-
-			self.html( selector ?
-
-				// If a selector was specified, locate the right elements in a dummy div
-				// Exclude scripts to avoid IE 'Permission Denied' errors
-				jQuery( "<div>" ).append( jQuery.parseHTML( responseText ) ).find( selector ) :
-
-				// Otherwise use the full result
-				responseText );
-
-		// If the request succeeds, this function gets "data", "status", "jqXHR"
-		// but they are ignored because response was set above.
-		// If it fails, this function gets "jqXHR", "status", "error"
-		} ).always( callback && function( jqXHR, status ) {
-			self.each( function() {
-				callback.apply( this, response || [ jqXHR.responseText, status, jqXHR ] );
-			} );
-		} );
-	}
-
-	return this;
-};
-
-
-
-
-// Attach a bunch of functions for handling common AJAX events
-jQuery.each( [
-	"ajaxStart",
-	"ajaxStop",
-	"ajaxComplete",
-	"ajaxError",
-	"ajaxSuccess",
-	"ajaxSend"
-], function( i, type ) {
-	jQuery.fn[ type ] = function( fn ) {
-		return this.on( type, fn );
-	};
-} );
-
-
-
-
-jQuery.expr.pseudos.animated = function( elem ) {
-	return jQuery.grep( jQuery.timers, function( fn ) {
-		return elem === fn.elem;
-	} ).length;
-};
-
-
-
-
-jQuery.offset = {
-	setOffset: function( elem, options, i ) {
-		var curPosition, curLeft, curCSSTop, curTop, curOffset, curCSSLeft, calculatePosition,
-			position = jQuery.css( elem, "position" ),
-			curElem = jQuery( elem ),
-			props = {};
-
-		// Set position first, in-case top/left are set even on static elem
-		if ( position === "static" ) {
-			elem.style.position = "relative";
-		}
-
-		curOffset = curElem.offset();
-		curCSSTop = jQuery.css( elem, "top" );
-		curCSSLeft = jQuery.css( elem, "left" );
-		calculatePosition = ( position === "absolute" || position === "fixed" ) &&
-			( curCSSTop + curCSSLeft ).indexOf( "auto" ) > -1;
-
-		// Need to be able to calculate position if either
-		// top or left is auto and position is either absolute or fixed
-		if ( calculatePosition ) {
-			curPosition = curElem.position();
-			curTop = curPosition.top;
-			curLeft = curPosition.left;
-
-		} else {
-			curTop = parseFloat( curCSSTop ) || 0;
-			curLeft = parseFloat( curCSSLeft ) || 0;
-		}
-
-		if ( jQuery.isFunction( options ) ) {
-
-			// Use jQuery.extend here to allow modification of coordinates argument (gh-1848)
-			options = options.call( elem, i, jQuery.extend( {}, curOffset ) );
-		}
-
-		if ( options.top != null ) {
-			props.top = ( options.top - curOffset.top ) + curTop;
-		}
-		if ( options.left != null ) {
-			props.left = ( options.left - curOffset.left ) + curLeft;
-		}
-
-		if ( "using" in options ) {
-			options.using.call( elem, props );
-
-		} else {
-			curElem.css( props );
-		}
-	}
-};
-
-jQuery.fn.extend( {
-	offset: function( options ) {
-
-		// Preserve chaining for setter
-		if ( arguments.length ) {
-			return options === undefined ?
-				this :
-				this.each( function( i ) {
-					jQuery.offset.setOffset( this, options, i );
-				} );
-		}
-
-		var doc, docElem, rect, win,
-			elem = this[ 0 ];
-
-		if ( !elem ) {
-			return;
-		}
-
-		// Return zeros for disconnected and hidden (display: none) elements (gh-2310)
-		// Support: IE <=11 only
-		// Running getBoundingClientRect on a
-		// disconnected node in IE throws an error
-		if ( !elem.getClientRects().length ) {
-			return { top: 0, left: 0 };
-		}
-
-		rect = elem.getBoundingClientRect();
-
-		doc = elem.ownerDocument;
-		docElem = doc.documentElement;
-		win = doc.defaultView;
-
-		return {
-			top: rect.top + win.pageYOffset - docElem.clientTop,
-			left: rect.left + win.pageXOffset - docElem.clientLeft
-		};
-	},
-
-	position: function() {
-		if ( !this[ 0 ] ) {
-			return;
-		}
-
-		var offsetParent, offset,
-			elem = this[ 0 ],
-			parentOffset = { top: 0, left: 0 };
-
-		// Fixed elements are offset from window (parentOffset = {top:0, left: 0},
-		// because it is its only offset parent
-		if ( jQuery.css( elem, "position" ) === "fixed" ) {
-
-			// Assume getBoundingClientRect is there when computed position is fixed
-			offset = elem.getBoundingClientRect();
-
-		} else {
-
-			// Get *real* offsetParent
-			offsetParent = this.offsetParent();
-
-			// Get correct offsets
-			offset = this.offset();
-			if ( !nodeName( offsetParent[ 0 ], "html" ) ) {
-				parentOffset = offsetParent.offset();
-			}
-
-			// Add offsetParent borders
-			parentOffset = {
-				top: parentOffset.top + jQuery.css( offsetParent[ 0 ], "borderTopWidth", true ),
-				left: parentOffset.left + jQuery.css( offsetParent[ 0 ], "borderLeftWidth", true )
-			};
-		}
-
-		// Subtract parent offsets and element margins
-		return {
-			top: offset.top - parentOffset.top - jQuery.css( elem, "marginTop", true ),
-			left: offset.left - parentOffset.left - jQuery.css( elem, "marginLeft", true )
-		};
-	},
-
-	// This method will return documentElement in the following cases:
-	// 1) For the element inside the iframe without offsetParent, this method will return
-	//    documentElement of the parent window
-	// 2) For the hidden or detached element
-	// 3) For body or html element, i.e. in case of the html node - it will return itself
-	//
-	// but those exceptions were never presented as a real life use-cases
-	// and might be considered as more preferable results.
-	//
-	// This logic, however, is not guaranteed and can change at any point in the future
-	offsetParent: function() {
-		return this.map( function() {
-			var offsetParent = this.offsetParent;
-
-			while ( offsetParent && jQuery.css( offsetParent, "position" ) === "static" ) {
-				offsetParent = offsetParent.offsetParent;
-			}
-
-			return offsetParent || documentElement;
-		} );
-	}
-} );
-
-// Create scrollLeft and scrollTop methods
-jQuery.each( { scrollLeft: "pageXOffset", scrollTop: "pageYOffset" }, function( method, prop ) {
-	var top = "pageYOffset" === prop;
-
-	jQuery.fn[ method ] = function( val ) {
-		return access( this, function( elem, method, val ) {
-
-			// Coalesce documents and windows
-			var win;
-			if ( jQuery.isWindow( elem ) ) {
-				win = elem;
-			} else if ( elem.nodeType === 9 ) {
-				win = elem.defaultView;
-			}
-
-			if ( val === undefined ) {
-				return win ? win[ prop ] : elem[ method ];
-			}
-
-			if ( win ) {
-				win.scrollTo(
-					!top ? val : win.pageXOffset,
-					top ? val : win.pageYOffset
-				);
-
-			} else {
-				elem[ method ] = val;
-			}
-		}, method, val, arguments.length );
-	};
-} );
-
-// Support: Safari <=7 - 9.1, Chrome <=37 - 49
-// Add the top/left cssHooks using jQuery.fn.position
-// Webkit bug: https://bugs.webkit.org/show_bug.cgi?id=29084
-// Blink bug: https://bugs.chromium.org/p/chromium/issues/detail?id=589347
-// getComputedStyle returns percent when specified for top/left/bottom/right;
-// rather than make the css module depend on the offset module, just check for it here
-jQuery.each( [ "top", "left" ], function( i, prop ) {
-	jQuery.cssHooks[ prop ] = addGetHookIf( support.pixelPosition,
-		function( elem, computed ) {
-			if ( computed ) {
-				computed = curCSS( elem, prop );
-
-				// If curCSS returns percentage, fallback to offset
-				return rnumnonpx.test( computed ) ?
-					jQuery( elem ).position()[ prop ] + "px" :
-					computed;
-			}
-		}
-	);
-} );
-
-
-// Create innerHeight, innerWidth, height, width, outerHeight and outerWidth methods
-jQuery.each( { Height: "height", Width: "width" }, function( name, type ) {
-	jQuery.each( { padding: "inner" + name, content: type, "": "outer" + name },
-		function( defaultExtra, funcName ) {
-
-		// Margin is only for outerHeight, outerWidth
-		jQuery.fn[ funcName ] = function( margin, value ) {
-			var chainable = arguments.length && ( defaultExtra || typeof margin !== "boolean" ),
-				extra = defaultExtra || ( margin === true || value === true ? "margin" : "border" );
-
-			return access( this, function( elem, type, value ) {
-				var doc;
-
-				if ( jQuery.isWindow( elem ) ) {
-
-					// $( window ).outerWidth/Height return w/h including scrollbars (gh-1729)
-					return funcName.indexOf( "outer" ) === 0 ?
-						elem[ "inner" + name ] :
-						elem.document.documentElement[ "client" + name ];
-				}
-
-				// Get document width or height
-				if ( elem.nodeType === 9 ) {
-					doc = elem.documentElement;
-
-					// Either scroll[Width/Height] or offset[Width/Height] or client[Width/Height],
-					// whichever is greatest
-					return Math.max(
-						elem.body[ "scroll" + name ], doc[ "scroll" + name ],
-						elem.body[ "offset" + name ], doc[ "offset" + name ],
-						doc[ "client" + name ]
-					);
-				}
-
-				return value === undefined ?
-
-					// Get width or height on the element, requesting but not forcing parseFloat
-					jQuery.css( elem, type, extra ) :
-
-					// Set width or height on the element
-					jQuery.style( elem, type, value, extra );
-			}, type, chainable ? margin : undefined, chainable );
-		};
-	} );
-} );
-
-
-jQuery.fn.extend( {
-
-	bind: function( types, data, fn ) {
-		return this.on( types, null, data, fn );
-	},
-	unbind: function( types, fn ) {
-		return this.off( types, null, fn );
-	},
-
-	delegate: function( selector, types, data, fn ) {
-		return this.on( types, selector, data, fn );
-	},
-	undelegate: function( selector, types, fn ) {
-
-		// ( namespace ) or ( selector, types [, fn] )
-		return arguments.length === 1 ?
-			this.off( selector, "**" ) :
-			this.off( types, selector || "**", fn );
-	}
-} );
-
-jQuery.holdReady = function( hold ) {
-	if ( hold ) {
-		jQuery.readyWait++;
-	} else {
-		jQuery.ready( true );
-	}
-};
-jQuery.isArray = Array.isArray;
-jQuery.parseJSON = JSON.parse;
-jQuery.nodeName = nodeName;
-
-
-
-
-// Register as a named AMD module, since jQuery can be concatenated with other
-// files that may use define, but not via a proper concatenation script that
-// understands anonymous AMD modules. A named AMD is safest and most robust
-// way to register. Lowercase jquery is used because AMD module names are
-// derived from file names, and jQuery is normally delivered in a lowercase
-// file name. Do this after creating the global so that if an AMD module wants
-// to call noConflict to hide this version of jQuery, it will work.
-
-// Note that for maximum portability, libraries that are not jQuery should
-// declare themselves as anonymous modules, and avoid setting a global if an
-// AMD loader is present. jQuery is a special case. For more information, see
-// https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon
-
-if ( typeof define === "function" && define.amd ) {
-	define( "jquery", [], function() {
-		return jQuery;
-	} );
-}
-
-
-
-
-var
-
-	// Map over jQuery in case of overwrite
-	_jQuery = window.jQuery,
-
-	// Map over the $ in case of overwrite
-	_$ = window.$;
-
-jQuery.noConflict = function( deep ) {
-	if ( window.$ === jQuery ) {
-		window.$ = _$;
-	}
-
-	if ( deep && window.jQuery === jQuery ) {
-		window.jQuery = _jQuery;
-	}
-
-	return jQuery;
-};
-
-// Expose jQuery and $ identifiers, even in AMD
-// (#7102#comment:10, https://github.com/jquery/jquery/pull/557)
-// and CommonJS for browser emulators (#13566)
-if ( !noGlobal ) {
-	window.jQuery = window.$ = jQuery;
-}
-
-
-
-
-return jQuery;
-} );
diff --git a/docs/html/_static/jquery.js b/docs/html/_static/jquery.js
index 644d35e..ba171ca 100644
--- a/docs/html/_static/jquery.js
+++ b/docs/html/_static/jquery.js
@@ -1,4 +1,10253 @@
-/*! jQuery v3.2.1 | (c) JS Foundation and other contributors | jquery.org/license */
-!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b||d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.2.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var b=r.merge(this.constructor(),a);return b.prevObject=this,b},each:function(a){return r.each(this,a)},map:function(a){return this.pushStack(r.map(this,function(b,c){return a.call(b,c,b)}))},slice:function(){return this.pushStack(f.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(a){var b=this.length,c=+a+(a<0?b:0);return this.pushStack(c>=0&&c<b?[this[c]]:[])},end:function(){return this.prevObject||this.constructor()},push:h,sort:c.sort,splice:c.splice},r.extend=r.fn.extend=function(){var a,b,c,d,e,f,g=arguments[0]||{},h=1,i=arguments.length,j=!1;for("boolean"==typeof g&&(j=g,g=arguments[h]||{},h++),"object"==typeof g||r.isFunction(g)||(g={}),h===i&&(g=this,h--);h<i;h++)if(null!=(a=arguments[h]))for(b in a)c=g[b],d=a[b],g!==d&&(j&&d&&(r.isPlainObject(d)||(e=Array.isArray(d)))?(e?(e=!1,f=c&&Array.isArray(c)?c:[]):f=c&&r.isPlainObject(c)?c:{},g[b]=r.extend(j,f,d)):void 0!==d&&(g[b]=d));return g},r.extend({expando:"jQuery"+(q+Math.random()).replace(/\D/g,""),isReady:!0,error:function(a){throw new Error(a)},noop:function(){},isFunction:function(a){return"function"===r.type(a)},isWindow:function(a){return null!=a&&a===a.window},isNumeric:function(a){var b=r.type(a);return("number"===b||"string"===b)&&!isNaN(a-parseFloat(a))},isPlainObject:function(a){var b,c;return!(!a||"[object Object]"!==k.call(a))&&(!(b=e(a))||(c=l.call(b,"constructor")&&b.constructor,"function"==typeof c&&m.call(c)===n))},isEmptyObject:function(a){var b;for(b in a)return!1;return!0},type:function(a){return null==a?a+"":"object"==typeof a||"function"==typeof a?j[k.call(a)]||"object":typeof a},globalEval:function(a){p(a)},camelCase:function(a){return a.replace(t,"ms-").replace(u,v)},each:function(a,b){var c,d=0;if(w(a)){for(c=a.length;d<c;d++)if(b.call(a[d],d,a[d])===!1)break}else for(d in a)if(b.call(a[d],d,a[d])===!1)break;return a},trim:function(a){return null==a?"":(a+"").replace(s,"")},makeArray:function(a,b){var c=b||[];return null!=a&&(w(Object(a))?r.merge(c,"string"==typeof a?[a]:a):h.call(c,a)),c},inArray:function(a,b,c){return null==b?-1:i.call(b,a,c)},merge:function(a,b){for(var c=+b.length,d=0,e=a.length;d<c;d++)a[e++]=b[d];return a.length=e,a},grep:function(a,b,c){for(var d,e=[],f=0,g=a.length,h=!c;f<g;f++)d=!b(a[f],f),d!==h&&e.push(a[f]);return e},map:function(a,b,c){var d,e,f=0,h=[];if(w(a))for(d=a.length;f<d;f++)e=b(a[f],f,c),null!=e&&h.push(e);else for(f in a)e=b(a[f],f,c),null!=e&&h.push(e);return g.apply([],h)},guid:1,proxy:function(a,b){var c,d,e;if("string"==typeof b&&(c=a[b],b=a,a=c),r.isFunction(a))return d=f.call(arguments,2),e=function(){return a.apply(b||this,d.concat(f.call(arguments)))},e.guid=a.guid=a.guid||r.guid++,e},now:Date.now,support:o}),"function"==typeof Symbol&&(r.fn[Symbol.iterator]=c[Symbol.iterator]),r.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(a,b){j["[object "+b+"]"]=b.toLowerCase()});function w(a){var b=!!a&&"length"in a&&a.length,c=r.type(a);return"function"!==c&&!r.isWindow(a)&&("array"===c||0===b||"number"==typeof b&&b>0&&b-1 in a)}var x=function(a){var b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u="sizzle"+1*new Date,v=a.document,w=0,x=0,y=ha(),z=ha(),A=ha(),B=function(a,b){return a===b&&(l=!0),0},C={}.hasOwnProperty,D=[],E=D.pop,F=D.push,G=D.push,H=D.slice,I=function(a,b){for(var c=0,d=a.length;c<d;c++)if(a[c]===b)return c;return-1},J="checked|selected|async|autofocus|autoplay|controls|defer|disabled|hidden|ismap|loop|multiple|open|readonly|required|scoped",K="[\\x20\\t\\r\\n\\f]",L="(?:\\\\.|[\\w-]|[^\0-\\xa0])+",M="\\["+K+"*("+L+")(?:"+K+"*([*^$|!~]?=)"+K+"*(?:'((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\"|("+L+"))|)"+K+"*\\]",N=":("+L+")(?:\\((('((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\")|((?:\\\\.|[^\\\\()[\\]]|"+M+")*)|.*)\\)|)",O=new RegExp(K+"+","g"),P=new RegExp("^"+K+"+|((?:^|[^\\\\])(?:\\\\.)*)"+K+"+$","g"),Q=new RegExp("^"+K+"*,"+K+"*"),R=new RegExp("^"+K+"*([>+~]|"+K+")"+K+"*"),S=new RegExp("="+K+"*([^\\]'\"]*?)"+K+"*\\]","g"),T=new RegExp(N),U=new RegExp("^"+L+"$"),V={ID:new RegExp("^#("+L+")"),CLASS:new RegExp("^\\.("+L+")"),TAG:new RegExp("^("+L+"|[*])"),ATTR:new RegExp("^"+M),PSEUDO:new RegExp("^"+N),CHILD:new RegExp("^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\("+K+"*(even|odd|(([+-]|)(\\d*)n|)"+K+"*(?:([+-]|)"+K+"*(\\d+)|))"+K+"*\\)|)","i"),bool:new RegExp("^(?:"+J+")$","i"),needsContext:new RegExp("^"+K+"*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\("+K+"*((?:-\\d)?\\d*)"+K+"*\\)|)(?=[^-]|$)","i")},W=/^(?:input|select|textarea|button)$/i,X=/^h\d$/i,Y=/^[^{]+\{\s*\[native \w/,Z=/^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/,$=/[+~]/,_=new RegExp("\\\\([\\da-f]{1,6}"+K+"?|("+K+")|.)","ig"),aa=function(a,b,c){var d="0x"+b-65536;return d!==d||c?b:d<0?String.fromCharCode(d+65536):String.fromCharCode(d>>10|55296,1023&d|56320)},ba=/([\0-\x1f\x7f]|^-?\d)|^-$|[^\0-\x1f\x7f-\uFFFF\w-]/g,ca=function(a,b){return b?"\0"===a?"\ufffd":a.slice(0,-1)+"\\"+a.charCodeAt(a.length-1).toString(16)+" ":"\\"+a},da=function(){m()},ea=ta(function(a){return a.disabled===!0&&("form"in a||"label"in a)},{dir:"parentNode",next:"legend"});try{G.apply(D=H.call(v.childNodes),v.childNodes),D[v.childNodes.length].nodeType}catch(fa){G={apply:D.length?function(a,b){F.apply(a,H.call(b))}:function(a,b){var c=a.length,d=0;while(a[c++]=b[d++]);a.length=c-1}}}function ga(a,b,d,e){var f,h,j,k,l,o,r,s=b&&b.ownerDocument,w=b?b.nodeType:9;if(d=d||[],"string"!=typeof a||!a||1!==w&&9!==w&&11!==w)return d;if(!e&&((b?b.ownerDocument||b:v)!==n&&m(b),b=b||n,p)){if(11!==w&&(l=Z.exec(a)))if(f=l[1]){if(9===w){if(!(j=b.getElementById(f)))return d;if(j.id===f)return d.push(j),d}else if(s&&(j=s.getElementById(f))&&t(b,j)&&j.id===f)return d.push(j),d}else{if(l[2])return G.apply(d,b.getElementsByTagName(a)),d;if((f=l[3])&&c.getElementsByClassName&&b.getElementsByClassName)return G.apply(d,b.getElementsByClassName(f)),d}if(c.qsa&&!A[a+" "]&&(!q||!q.test(a))){if(1!==w)s=b,r=a;else if("object"!==b.nodeName.toLowerCase()){(k=b.getAttribute("id"))?k=k.replace(ba,ca):b.setAttribute("id",k=u),o=g(a),h=o.length;while(h--)o[h]="#"+k+" "+sa(o[h]);r=o.join(","),s=$.test(a)&&qa(b.parentNode)||b}if(r)try{return G.apply(d,s.querySelectorAll(r)),d}catch(x){}finally{k===u&&b.removeAttribute("id")}}}return i(a.replace(P,"$1"),b,d,e)}function ha(){var a=[];function b(c,e){return a.push(c+" ")>d.cacheLength&&delete b[a.shift()],b[c+" "]=e}return b}function ia(a){return a[u]=!0,a}function ja(a){var b=n.createElement("fieldset");try{return!!a(b)}catch(c){return!1}finally{b.parentNode&&b.parentNode.removeChild(b),b=null}}function ka(a,b){var c=a.split("|"),e=c.length;while(e--)d.attrHandle[c[e]]=b}function la(a,b){var c=b&&a,d=c&&1===a.nodeType&&1===b.nodeType&&a.sourceIndex-b.sourceIndex;if(d)return d;if(c)while(c=c.nextSibling)if(c===b)return-1;return a?1:-1}function ma(a){return function(b){var c=b.nodeName.toLowerCase();return"input"===c&&b.type===a}}function na(a){return function(b){var c=b.nodeName.toLowerCase();return("input"===c||"button"===c)&&b.type===a}}function oa(a){return function(b){return"form"in b?b.parentNode&&b.disabled===!1?"label"in b?"label"in b.parentNode?b.parentNode.disabled===a:b.disabled===a:b.isDisabled===a||b.isDisabled!==!a&&ea(b)===a:b.disabled===a:"label"in b&&b.disabled===a}}function pa(a){return ia(function(b){return b=+b,ia(function(c,d){var e,f=a([],c.length,b),g=f.length;while(g--)c[e=f[g]]&&(c[e]=!(d[e]=c[e]))})})}function qa(a){return a&&"undefined"!=typeof a.getElementsByTagName&&a}c=ga.support={},f=ga.isXML=function(a){var b=a&&(a.ownerDocument||a).documentElement;return!!b&&"HTML"!==b.nodeName},m=ga.setDocument=function(a){var b,e,g=a?a.ownerDocument||a:v;return g!==n&&9===g.nodeType&&g.documentElement?(n=g,o=n.documentElement,p=!f(n),v!==n&&(e=n.defaultView)&&e.top!==e&&(e.addEventListener?e.addEventListener("unload",da,!1):e.attachEvent&&e.attachEvent("onunload",da)),c.attributes=ja(function(a){return a.className="i",!a.getAttribute("className")}),c.getElementsByTagName=ja(function(a){return a.appendChild(n.createComment("")),!a.getElementsByTagName("*").length}),c.getElementsByClassName=Y.test(n.getElementsByClassName),c.getById=ja(function(a){return o.appendChild(a).id=u,!n.getElementsByName||!n.getElementsByName(u).length}),c.getById?(d.filter.ID=function(a){var b=a.replace(_,aa);return function(a){return a.getAttribute("id")===b}},d.find.ID=function(a,b){if("undefined"!=typeof b.getElementById&&p){var c=b.getElementById(a);return c?[c]:[]}}):(d.filter.ID=function(a){var b=a.replace(_,aa);return function(a){var c="undefined"!=typeof a.getAttributeNode&&a.getAttributeNode("id");return c&&c.value===b}},d.find.ID=function(a,b){if("undefined"!=typeof b.getElementById&&p){var c,d,e,f=b.getElementById(a);if(f){if(c=f.getAttributeNode("id"),c&&c.value===a)return[f];e=b.getElementsByName(a),d=0;while(f=e[d++])if(c=f.getAttributeNode("id"),c&&c.value===a)return[f]}return[]}}),d.find.TAG=c.getElementsByTagName?function(a,b){return"undefined"!=typeof b.getElementsByTagName?b.getElementsByTagName(a):c.qsa?b.querySelectorAll(a):void 0}:function(a,b){var c,d=[],e=0,f=b.getElementsByTagName(a);if("*"===a){while(c=f[e++])1===c.nodeType&&d.push(c);return d}return f},d.find.CLASS=c.getElementsByClassName&&function(a,b){if("undefined"!=typeof b.getElementsByClassName&&p)return b.getElementsByClassName(a)},r=[],q=[],(c.qsa=Y.test(n.querySelectorAll))&&(ja(function(a){o.appendChild(a).innerHTML="<a id='"+u+"'></a><select id='"+u+"-\r\\' msallowcapture=''><option selected=''></option></select>",a.querySelectorAll("[msallowcapture^='']").length&&q.push("[*^$]="+K+"*(?:''|\"\")"),a.querySelectorAll("[selected]").length||q.push("\\["+K+"*(?:value|"+J+")"),a.querySelectorAll("[id~="+u+"-]").length||q.push("~="),a.querySelectorAll(":checked").length||q.push(":checked"),a.querySelectorAll("a#"+u+"+*").length||q.push(".#.+[+~]")}),ja(function(a){a.innerHTML="<a href='' disabled='disabled'></a><select disabled='disabled'><option/></select>";var b=n.createElement("input");b.setAttribute("type","hidden"),a.appendChild(b).setAttribute("name","D"),a.querySelectorAll("[name=d]").length&&q.push("name"+K+"*[*^$|!~]?="),2!==a.querySelectorAll(":enabled").length&&q.push(":enabled",":disabled"),o.appendChild(a).disabled=!0,2!==a.querySelectorAll(":disabled").length&&q.push(":enabled",":disabled"),a.querySelectorAll("*,:x"),q.push(",.*:")})),(c.matchesSelector=Y.test(s=o.matches||o.webkitMatchesSelector||o.mozMatchesSelector||o.oMatchesSelector||o.msMatchesSelector))&&ja(function(a){c.disconnectedMatch=s.call(a,"*"),s.call(a,"[s!='']:x"),r.push("!=",N)}),q=q.length&&new RegExp(q.join("|")),r=r.length&&new RegExp(r.join("|")),b=Y.test(o.compareDocumentPosition),t=b||Y.test(o.contains)?function(a,b){var c=9===a.nodeType?a.documentElement:a,d=b&&b.parentNode;return a===d||!(!d||1!==d.nodeType||!(c.contains?c.contains(d):a.compareDocumentPosition&&16&a.compareDocumentPosition(d)))}:function(a,b){if(b)while(b=b.parentNode)if(b===a)return!0;return!1},B=b?function(a,b){if(a===b)return l=!0,0;var d=!a.compareDocumentPosition-!b.compareDocumentPosition;return d?d:(d=(a.ownerDocument||a)===(b.ownerDocument||b)?a.compareDocumentPosition(b):1,1&d||!c.sortDetached&&b.compareDocumentPosition(a)===d?a===n||a.ownerDocument===v&&t(v,a)?-1:b===n||b.ownerDocument===v&&t(v,b)?1:k?I(k,a)-I(k,b):0:4&d?-1:1)}:function(a,b){if(a===b)return l=!0,0;var c,d=0,e=a.parentNode,f=b.parentNode,g=[a],h=[b];if(!e||!f)return a===n?-1:b===n?1:e?-1:f?1:k?I(k,a)-I(k,b):0;if(e===f)return la(a,b);c=a;while(c=c.parentNode)g.unshift(c);c=b;while(c=c.parentNode)h.unshift(c);while(g[d]===h[d])d++;return d?la(g[d],h[d]):g[d]===v?-1:h[d]===v?1:0},n):n},ga.matches=function(a,b){return ga(a,null,null,b)},ga.matchesSelector=function(a,b){if((a.ownerDocument||a)!==n&&m(a),b=b.replace(S,"='$1']"),c.matchesSelector&&p&&!A[b+" "]&&(!r||!r.test(b))&&(!q||!q.test(b)))try{var d=s.call(a,b);if(d||c.disconnectedMatch||a.document&&11!==a.document.nodeType)return d}catch(e){}return ga(b,n,null,[a]).length>0},ga.contains=function(a,b){return(a.ownerDocument||a)!==n&&m(a),t(a,b)},ga.attr=function(a,b){(a.ownerDocument||a)!==n&&m(a);var e=d.attrHandle[b.toLowerCase()],f=e&&C.call(d.attrHandle,b.toLowerCase())?e(a,b,!p):void 0;return void 0!==f?f:c.attributes||!p?a.getAttribute(b):(f=a.getAttributeNode(b))&&f.specified?f.value:null},ga.escape=function(a){return(a+"").replace(ba,ca)},ga.error=function(a){throw new Error("Syntax error, unrecognized expression: "+a)},ga.uniqueSort=function(a){var b,d=[],e=0,f=0;if(l=!c.detectDuplicates,k=!c.sortStable&&a.slice(0),a.sort(B),l){while(b=a[f++])b===a[f]&&(e=d.push(f));while(e--)a.splice(d[e],1)}return k=null,a},e=ga.getText=function(a){var b,c="",d=0,f=a.nodeType;if(f){if(1===f||9===f||11===f){if("string"==typeof a.textContent)return a.textContent;for(a=a.firstChild;a;a=a.nextSibling)c+=e(a)}else if(3===f||4===f)return a.nodeValue}else while(b=a[d++])c+=e(b);return c},d=ga.selectors={cacheLength:50,createPseudo:ia,match:V,attrHandle:{},find:{},relative:{">":{dir:"parentNode",first:!0}," ":{dir:"parentNode"},"+":{dir:"previousSibling",first:!0},"~":{dir:"previousSibling"}},preFilter:{ATTR:function(a){return a[1]=a[1].replace(_,aa),a[3]=(a[3]||a[4]||a[5]||"").replace(_,aa),"~="===a[2]&&(a[3]=" "+a[3]+" "),a.slice(0,4)},CHILD:function(a){return a[1]=a[1].toLowerCase(),"nth"===a[1].slice(0,3)?(a[3]||ga.error(a[0]),a[4]=+(a[4]?a[5]+(a[6]||1):2*("even"===a[3]||"odd"===a[3])),a[5]=+(a[7]+a[8]||"odd"===a[3])):a[3]&&ga.error(a[0]),a},PSEUDO:function(a){var b,c=!a[6]&&a[2];return V.CHILD.test(a[0])?null:(a[3]?a[2]=a[4]||a[5]||"":c&&T.test(c)&&(b=g(c,!0))&&(b=c.indexOf(")",c.length-b)-c.length)&&(a[0]=a[0].slice(0,b),a[2]=c.slice(0,b)),a.slice(0,3))}},filter:{TAG:function(a){var b=a.replace(_,aa).toLowerCase();return"*"===a?function(){return!0}:function(a){return a.nodeName&&a.nodeName.toLowerCase()===b}},CLASS:function(a){var b=y[a+" "];return b||(b=new RegExp("(^|"+K+")"+a+"("+K+"|$)"))&&y(a,function(a){return b.test("string"==typeof a.className&&a.className||"undefined"!=typeof a.getAttribute&&a.getAttribute("class")||"")})},ATTR:function(a,b,c){return function(d){var e=ga.attr(d,a);return null==e?"!="===b:!b||(e+="","="===b?e===c:"!="===b?e!==c:"^="===b?c&&0===e.indexOf(c):"*="===b?c&&e.indexOf(c)>-1:"$="===b?c&&e.slice(-c.length)===c:"~="===b?(" "+e.replace(O," ")+" ").indexOf(c)>-1:"|="===b&&(e===c||e.slice(0,c.length+1)===c+"-"))}},CHILD:function(a,b,c,d,e){var f="nth"!==a.slice(0,3),g="last"!==a.slice(-4),h="of-type"===b;return 1===d&&0===e?function(a){return!!a.parentNode}:function(b,c,i){var j,k,l,m,n,o,p=f!==g?"nextSibling":"previousSibling",q=b.parentNode,r=h&&b.nodeName.toLowerCase(),s=!i&&!h,t=!1;if(q){if(f){while(p){m=b;while(m=m[p])if(h?m.nodeName.toLowerCase()===r:1===m.nodeType)return!1;o=p="only"===a&&!o&&"nextSibling"}return!0}if(o=[g?q.firstChild:q.lastChild],g&&s){m=q,l=m[u]||(m[u]={}),k=l[m.uniqueID]||(l[m.uniqueID]={}),j=k[a]||[],n=j[0]===w&&j[1],t=n&&j[2],m=n&&q.childNodes[n];while(m=++n&&m&&m[p]||(t=n=0)||o.pop())if(1===m.nodeType&&++t&&m===b){k[a]=[w,n,t];break}}else if(s&&(m=b,l=m[u]||(m[u]={}),k=l[m.uniqueID]||(l[m.uniqueID]={}),j=k[a]||[],n=j[0]===w&&j[1],t=n),t===!1)while(m=++n&&m&&m[p]||(t=n=0)||o.pop())if((h?m.nodeName.toLowerCase()===r:1===m.nodeType)&&++t&&(s&&(l=m[u]||(m[u]={}),k=l[m.uniqueID]||(l[m.uniqueID]={}),k[a]=[w,t]),m===b))break;return t-=e,t===d||t%d===0&&t/d>=0}}},PSEUDO:function(a,b){var c,e=d.pseudos[a]||d.setFilters[a.toLowerCase()]||ga.error("unsupported pseudo: "+a);return e[u]?e(b):e.length>1?(c=[a,a,"",b],d.setFilters.hasOwnProperty(a.toLowerCase())?ia(function(a,c){var d,f=e(a,b),g=f.length;while(g--)d=I(a,f[g]),a[d]=!(c[d]=f[g])}):function(a){return e(a,0,c)}):e}},pseudos:{not:ia(function(a){var b=[],c=[],d=h(a.replace(P,"$1"));return d[u]?ia(function(a,b,c,e){var f,g=d(a,null,e,[]),h=a.length;while(h--)(f=g[h])&&(a[h]=!(b[h]=f))}):function(a,e,f){return b[0]=a,d(b,null,f,c),b[0]=null,!c.pop()}}),has:ia(function(a){return function(b){return ga(a,b).length>0}}),contains:ia(function(a){return a=a.replace(_,aa),function(b){return(b.textContent||b.innerText||e(b)).indexOf(a)>-1}}),lang:ia(function(a){return U.test(a||"")||ga.error("unsupported lang: "+a),a=a.replace(_,aa).toLowerCase(),function(b){var c;do if(c=p?b.lang:b.getAttribute("xml:lang")||b.getAttribute("lang"))return c=c.toLowerCase(),c===a||0===c.indexOf(a+"-");while((b=b.parentNode)&&1===b.nodeType);return!1}}),target:function(b){var c=a.location&&a.location.hash;return c&&c.slice(1)===b.id},root:function(a){return a===o},focus:function(a){return a===n.activeElement&&(!n.hasFocus||n.hasFocus())&&!!(a.type||a.href||~a.tabIndex)},enabled:oa(!1),disabled:oa(!0),checked:function(a){var b=a.nodeName.toLowerCase();return"input"===b&&!!a.checked||"option"===b&&!!a.selected},selected:function(a){return a.parentNode&&a.parentNode.selectedIndex,a.selected===!0},empty:function(a){for(a=a.firstChild;a;a=a.nextSibling)if(a.nodeType<6)return!1;return!0},parent:function(a){return!d.pseudos.empty(a)},header:function(a){return X.test(a.nodeName)},input:function(a){return W.test(a.nodeName)},button:function(a){var b=a.nodeName.toLowerCase();return"input"===b&&"button"===a.type||"button"===b},text:function(a){var b;return"input"===a.nodeName.toLowerCase()&&"text"===a.type&&(null==(b=a.getAttribute("type"))||"text"===b.toLowerCase())},first:pa(function(){return[0]}),last:pa(function(a,b){return[b-1]}),eq:pa(function(a,b,c){return[c<0?c+b:c]}),even:pa(function(a,b){for(var c=0;c<b;c+=2)a.push(c);return a}),odd:pa(function(a,b){for(var c=1;c<b;c+=2)a.push(c);return a}),lt:pa(function(a,b,c){for(var d=c<0?c+b:c;--d>=0;)a.push(d);return a}),gt:pa(function(a,b,c){for(var d=c<0?c+b:c;++d<b;)a.push(d);return a})}},d.pseudos.nth=d.pseudos.eq;for(b in{radio:!0,checkbox:!0,file:!0,password:!0,image:!0})d.pseudos[b]=ma(b);for(b in{submit:!0,reset:!0})d.pseudos[b]=na(b);function ra(){}ra.prototype=d.filters=d.pseudos,d.setFilters=new ra,g=ga.tokenize=function(a,b){var c,e,f,g,h,i,j,k=z[a+" "];if(k)return b?0:k.slice(0);h=a,i=[],j=d.preFilter;while(h){c&&!(e=Q.exec(h))||(e&&(h=h.slice(e[0].length)||h),i.push(f=[])),c=!1,(e=R.exec(h))&&(c=e.shift(),f.push({value:c,type:e[0].replace(P," ")}),h=h.slice(c.length));for(g in d.filter)!(e=V[g].exec(h))||j[g]&&!(e=j[g](e))||(c=e.shift(),f.push({value:c,type:g,matches:e}),h=h.slice(c.length));if(!c)break}return b?h.length:h?ga.error(a):z(a,i).slice(0)};function sa(a){for(var b=0,c=a.length,d="";b<c;b++)d+=a[b].value;return d}function ta(a,b,c){var d=b.dir,e=b.next,f=e||d,g=c&&"parentNode"===f,h=x++;return b.first?function(b,c,e){while(b=b[d])if(1===b.nodeType||g)return a(b,c,e);return!1}:function(b,c,i){var j,k,l,m=[w,h];if(i){while(b=b[d])if((1===b.nodeType||g)&&a(b,c,i))return!0}else while(b=b[d])if(1===b.nodeType||g)if(l=b[u]||(b[u]={}),k=l[b.uniqueID]||(l[b.uniqueID]={}),e&&e===b.nodeName.toLowerCase())b=b[d]||b;else{if((j=k[f])&&j[0]===w&&j[1]===h)return m[2]=j[2];if(k[f]=m,m[2]=a(b,c,i))return!0}return!1}}function ua(a){return a.length>1?function(b,c,d){var e=a.length;while(e--)if(!a[e](b,c,d))return!1;return!0}:a[0]}function va(a,b,c){for(var d=0,e=b.length;d<e;d++)ga(a,b[d],c);return c}function wa(a,b,c,d,e){for(var f,g=[],h=0,i=a.length,j=null!=b;h<i;h++)(f=a[h])&&(c&&!c(f,d,e)||(g.push(f),j&&b.push(h)));return g}function xa(a,b,c,d,e,f){return d&&!d[u]&&(d=xa(d)),e&&!e[u]&&(e=xa(e,f)),ia(function(f,g,h,i){var j,k,l,m=[],n=[],o=g.length,p=f||va(b||"*",h.nodeType?[h]:h,[]),q=!a||!f&&b?p:wa(p,m,a,h,i),r=c?e||(f?a:o||d)?[]:g:q;if(c&&c(q,r,h,i),d){j=wa(r,n),d(j,[],h,i),k=j.length;while(k--)(l=j[k])&&(r[n[k]]=!(q[n[k]]=l))}if(f){if(e||a){if(e){j=[],k=r.length;while(k--)(l=r[k])&&j.push(q[k]=l);e(null,r=[],j,i)}k=r.length;while(k--)(l=r[k])&&(j=e?I(f,l):m[k])>-1&&(f[j]=!(g[j]=l))}}else r=wa(r===g?r.splice(o,r.length):r),e?e(null,g,r,i):G.apply(g,r)})}function ya(a){for(var b,c,e,f=a.length,g=d.relative[a[0].type],h=g||d.relative[" "],i=g?1:0,k=ta(function(a){return a===b},h,!0),l=ta(function(a){return I(b,a)>-1},h,!0),m=[function(a,c,d){var e=!g&&(d||c!==j)||((b=c).nodeType?k(a,c,d):l(a,c,d));return b=null,e}];i<f;i++)if(c=d.relative[a[i].type])m=[ta(ua(m),c)];else{if(c=d.filter[a[i].type].apply(null,a[i].matches),c[u]){for(e=++i;e<f;e++)if(d.relative[a[e].type])break;return xa(i>1&&ua(m),i>1&&sa(a.slice(0,i-1).concat({value:" "===a[i-2].type?"*":""})).replace(P,"$1"),c,i<e&&ya(a.slice(i,e)),e<f&&ya(a=a.slice(e)),e<f&&sa(a))}m.push(c)}return ua(m)}function za(a,b){var c=b.length>0,e=a.length>0,f=function(f,g,h,i,k){var l,o,q,r=0,s="0",t=f&&[],u=[],v=j,x=f||e&&d.find.TAG("*",k),y=w+=null==v?1:Math.random()||.1,z=x.length;for(k&&(j=g===n||g||k);s!==z&&null!=(l=x[s]);s++){if(e&&l){o=0,g||l.ownerDocument===n||(m(l),h=!p);while(q=a[o++])if(q(l,g||n,h)){i.push(l);break}k&&(w=y)}c&&((l=!q&&l)&&r--,f&&t.push(l))}if(r+=s,c&&s!==r){o=0;while(q=b[o++])q(t,u,g,h);if(f){if(r>0)while(s--)t[s]||u[s]||(u[s]=E.call(i));u=wa(u)}G.apply(i,u),k&&!f&&u.length>0&&r+b.length>1&&ga.uniqueSort(i)}return k&&(w=y,j=v),t};return c?ia(f):f}return h=ga.compile=function(a,b){var c,d=[],e=[],f=A[a+" "];if(!f){b||(b=g(a)),c=b.length;while(c--)f=ya(b[c]),f[u]?d.push(f):e.push(f);f=A(a,za(e,d)),f.selector=a}return f},i=ga.select=function(a,b,c,e){var f,i,j,k,l,m="function"==typeof a&&a,n=!e&&g(a=m.selector||a);if(c=c||[],1===n.length){if(i=n[0]=n[0].slice(0),i.length>2&&"ID"===(j=i[0]).type&&9===b.nodeType&&p&&d.relative[i[1].type]){if(b=(d.find.ID(j.matches[0].replace(_,aa),b)||[])[0],!b)return c;m&&(b=b.parentNode),a=a.slice(i.shift().value.length)}f=V.needsContext.test(a)?0:i.length;while(f--){if(j=i[f],d.relative[k=j.type])break;if((l=d.find[k])&&(e=l(j.matches[0].replace(_,aa),$.test(i[0].type)&&qa(b.parentNode)||b))){if(i.splice(f,1),a=e.length&&sa(i),!a)return G.apply(c,e),c;break}}}return(m||h(a,n))(e,b,!p,c,!b||$.test(a)&&qa(b.parentNode)||b),c},c.sortStable=u.split("").sort(B).join("")===u,c.detectDuplicates=!!l,m(),c.sortDetached=ja(function(a){return 1&a.compareDocumentPosition(n.createElement("fieldset"))}),ja(function(a){return a.innerHTML="<a href='#'></a>","#"===a.firstChild.getAttribute("href")})||ka("type|href|height|width",function(a,b,c){if(!c)return a.getAttribute(b,"type"===b.toLowerCase()?1:2)}),c.attributes&&ja(function(a){return a.innerHTML="<input/>",a.firstChild.setAttribute("value",""),""===a.firstChild.getAttribute("value")})||ka("value",function(a,b,c){if(!c&&"input"===a.nodeName.toLowerCase())return a.defaultValue}),ja(function(a){return null==a.getAttribute("disabled")})||ka(J,function(a,b,c){var d;if(!c)return a[b]===!0?b.toLowerCase():(d=a.getAttributeNode(b))&&d.specified?d.value:null}),ga}(a);r.find=x,r.expr=x.selectors,r.expr[":"]=r.expr.pseudos,r.uniqueSort=r.unique=x.uniqueSort,r.text=x.getText,r.isXMLDoc=x.isXML,r.contains=x.contains,r.escapeSelector=x.escape;var y=function(a,b,c){var d=[],e=void 0!==c;while((a=a[b])&&9!==a.nodeType)if(1===a.nodeType){if(e&&r(a).is(c))break;d.push(a)}return d},z=function(a,b){for(var c=[];a;a=a.nextSibling)1===a.nodeType&&a!==b&&c.push(a);return c},A=r.expr.match.needsContext;function B(a,b){return a.nodeName&&a.nodeName.toLowerCase()===b.toLowerCase()}var C=/^<([a-z][^\/\0>:\x20\t\r\n\f]*)[\x20\t\r\n\f]*\/?>(?:<\/\1>|)$/i,D=/^.[^:#\[\.,]*$/;function E(a,b,c){return r.isFunction(b)?r.grep(a,function(a,d){return!!b.call(a,d,a)!==c}):b.nodeType?r.grep(a,function(a){return a===b!==c}):"string"!=typeof b?r.grep(a,function(a){return i.call(b,a)>-1!==c}):D.test(b)?r.filter(b,a,c):(b=r.filter(b,a),r.grep(a,function(a){return i.call(b,a)>-1!==c&&1===a.nodeType}))}r.filter=function(a,b,c){var d=b[0];return c&&(a=":not("+a+")"),1===b.length&&1===d.nodeType?r.find.matchesSelector(d,a)?[d]:[]:r.find.matches(a,r.grep(b,function(a){return 1===a.nodeType}))},r.fn.extend({find:function(a){var b,c,d=this.length,e=this;if("string"!=typeof a)return this.pushStack(r(a).filter(function(){for(b=0;b<d;b++)if(r.contains(e[b],this))return!0}));for(c=this.pushStack([]),b=0;b<d;b++)r.find(a,e[b],c);return d>1?r.uniqueSort(c):c},filter:function(a){return this.pushStack(E(this,a||[],!1))},not:function(a){return this.pushStack(E(this,a||[],!0))},is:function(a){return!!E(this,"string"==typeof a&&A.test(a)?r(a):a||[],!1).length}});var F,G=/^(?:\s*(<[\w\W]+>)[^>]*|#([\w-]+))$/,H=r.fn.init=function(a,b,c){var e,f;if(!a)return this;if(c=c||F,"string"==typeof a){if(e="<"===a[0]&&">"===a[a.length-1]&&a.length>=3?[null,a,null]:G.exec(a),!e||!e[1]&&b)return!b||b.jquery?(b||c).find(a):this.constructor(b).find(a);if(e[1]){if(b=b instanceof r?b[0]:b,r.merge(this,r.parseHTML(e[1],b&&b.nodeType?b.ownerDocument||b:d,!0)),C.test(e[1])&&r.isPlainObject(b))for(e in b)r.isFunction(this[e])?this[e](b[e]):this.attr(e,b[e]);return this}return f=d.getElementById(e[2]),f&&(this[0]=f,this.length=1),this}return a.nodeType?(this[0]=a,this.length=1,this):r.isFunction(a)?void 0!==c.ready?c.ready(a):a(r):r.makeArray(a,this)};H.prototype=r.fn,F=r(d);var I=/^(?:parents|prev(?:Until|All))/,J={children:!0,contents:!0,next:!0,prev:!0};r.fn.extend({has:function(a){var b=r(a,this),c=b.length;return this.filter(function(){for(var a=0;a<c;a++)if(r.contains(this,b[a]))return!0})},closest:function(a,b){var c,d=0,e=this.length,f=[],g="string"!=typeof a&&r(a);if(!A.test(a))for(;d<e;d++)for(c=this[d];c&&c!==b;c=c.parentNode)if(c.nodeType<11&&(g?g.index(c)>-1:1===c.nodeType&&r.find.matchesSelector(c,a))){f.push(c);break}return this.pushStack(f.length>1?r.uniqueSort(f):f)},index:function(a){return a?"string"==typeof a?i.call(r(a),this[0]):i.call(this,a.jquery?a[0]:a):this[0]&&this[0].parentNode?this.first().prevAll().length:-1},add:function(a,b){return this.pushStack(r.uniqueSort(r.merge(this.get(),r(a,b))))},addBack:function(a){return this.add(null==a?this.prevObject:this.prevObject.filter(a))}});function K(a,b){while((a=a[b])&&1!==a.nodeType);return a}r.each({parent:function(a){var b=a.parentNode;return b&&11!==b.nodeType?b:null},parents:function(a){return y(a,"parentNode")},parentsUntil:function(a,b,c){return y(a,"parentNode",c)},next:function(a){return K(a,"nextSibling")},prev:function(a){return K(a,"previousSibling")},nextAll:function(a){return y(a,"nextSibling")},prevAll:function(a){return y(a,"previousSibling")},nextUntil:function(a,b,c){return y(a,"nextSibling",c)},prevUntil:function(a,b,c){return y(a,"previousSibling",c)},siblings:function(a){return z((a.parentNode||{}).firstChild,a)},children:function(a){return z(a.firstChild)},contents:function(a){return B(a,"iframe")?a.contentDocument:(B(a,"template")&&(a=a.content||a),r.merge([],a.childNodes))}},function(a,b){r.fn[a]=function(c,d){var e=r.map(this,b,c);return"Until"!==a.slice(-5)&&(d=c),d&&"string"==typeof d&&(e=r.filter(d,e)),this.length>1&&(J[a]||r.uniqueSort(e),I.test(a)&&e.reverse()),this.pushStack(e)}});var L=/[^\x20\t\r\n\f]+/g;function M(a){var b={};return r.each(a.match(L)||[],function(a,c){b[c]=!0}),b}r.Callbacks=function(a){a="string"==typeof a?M(a):r.extend({},a);var b,c,d,e,f=[],g=[],h=-1,i=function(){for(e=e||a.once,d=b=!0;g.length;h=-1){c=g.shift();while(++h<f.length)f[h].apply(c[0],c[1])===!1&&a.stopOnFalse&&(h=f.length,c=!1)}a.memory||(c=!1),b=!1,e&&(f=c?[]:"")},j={add:function(){return f&&(c&&!b&&(h=f.length-1,g.push(c)),function d(b){r.each(b,function(b,c){r.isFunction(c)?a.unique&&j.has(c)||f.push(c):c&&c.length&&"string"!==r.type(c)&&d(c)})}(arguments),c&&!b&&i()),this},remove:function(){return r.each(arguments,function(a,b){var c;while((c=r.inArray(b,f,c))>-1)f.splice(c,1),c<=h&&h--}),this},has:function(a){return a?r.inArray(a,f)>-1:f.length>0},empty:function(){return f&&(f=[]),this},disable:function(){return e=g=[],f=c="",this},disabled:function(){return!f},lock:function(){return e=g=[],c||b||(f=c=""),this},locked:function(){return!!e},fireWith:function(a,c){return e||(c=c||[],c=[a,c.slice?c.slice():c],g.push(c),b||i()),this},fire:function(){return j.fireWith(this,arguments),this},fired:function(){return!!d}};return j};function N(a){return a}function O(a){throw a}function P(a,b,c,d){var e;try{a&&r.isFunction(e=a.promise)?e.call(a).done(b).fail(c):a&&r.isFunction(e=a.then)?e.call(a,b,c):b.apply(void 0,[a].slice(d))}catch(a){c.apply(void 0,[a])}}r.extend({Deferred:function(b){var c=[["notify","progress",r.Callbacks("memory"),r.Callbacks("memory"),2],["resolve","done",r.Callbacks("once memory"),r.Callbacks("once memory"),0,"resolved"],["reject","fail",r.Callbacks("once memory"),r.Callbacks("once memory"),1,"rejected"]],d="pending",e={state:function(){return d},always:function(){return f.done(arguments).fail(arguments),this},"catch":function(a){return e.then(null,a)},pipe:function(){var a=arguments;return r.Deferred(function(b){r.each(c,function(c,d){var e=r.isFunction(a[d[4]])&&a[d[4]];f[d[1]](function(){var a=e&&e.apply(this,arguments);a&&r.isFunction(a.promise)?a.promise().progress(b.notify).done(b.resolve).fail(b.reject):b[d[0]+"With"](this,e?[a]:arguments)})}),a=null}).promise()},then:function(b,d,e){var f=0;function g(b,c,d,e){return function(){var h=this,i=arguments,j=function(){var a,j;if(!(b<f)){if(a=d.apply(h,i),a===c.promise())throw new TypeError("Thenable self-resolution");j=a&&("object"==typeof a||"function"==typeof a)&&a.then,r.isFunction(j)?e?j.call(a,g(f,c,N,e),g(f,c,O,e)):(f++,j.call(a,g(f,c,N,e),g(f,c,O,e),g(f,c,N,c.notifyWith))):(d!==N&&(h=void 0,i=[a]),(e||c.resolveWith)(h,i))}},k=e?j:function(){try{j()}catch(a){r.Deferred.exceptionHook&&r.Deferred.exceptionHook(a,k.stackTrace),b+1>=f&&(d!==O&&(h=void 0,i=[a]),c.rejectWith(h,i))}};b?k():(r.Deferred.getStackHook&&(k.stackTrace=r.Deferred.getStackHook()),a.setTimeout(k))}}return r.Deferred(function(a){c[0][3].add(g(0,a,r.isFunction(e)?e:N,a.notifyWith)),c[1][3].add(g(0,a,r.isFunction(b)?b:N)),c[2][3].add(g(0,a,r.isFunction(d)?d:O))}).promise()},promise:function(a){return null!=a?r.extend(a,e):e}},f={};return r.each(c,function(a,b){var g=b[2],h=b[5];e[b[1]]=g.add,h&&g.add(function(){d=h},c[3-a][2].disable,c[0][2].lock),g.add(b[3].fire),f[b[0]]=function(){return f[b[0]+"With"](this===f?void 0:this,arguments),this},f[b[0]+"With"]=g.fireWith}),e.promise(f),b&&b.call(f,f),f},when:function(a){var b=arguments.length,c=b,d=Array(c),e=f.call(arguments),g=r.Deferred(),h=function(a){return function(c){d[a]=this,e[a]=arguments.length>1?f.call(arguments):c,--b||g.resolveWith(d,e)}};if(b<=1&&(P(a,g.done(h(c)).resolve,g.reject,!b),"pending"===g.state()||r.isFunction(e[c]&&e[c].then)))return g.then();while(c--)P(e[c],h(c),g.reject);return g.promise()}});var Q=/^(Eval|Internal|Range|Reference|Syntax|Type|URI)Error$/;r.Deferred.exceptionHook=function(b,c){a.console&&a.console.warn&&b&&Q.test(b.name)&&a.console.warn("jQuery.Deferred exception: "+b.message,b.stack,c)},r.readyException=function(b){a.setTimeout(function(){throw b})};var R=r.Deferred();r.fn.ready=function(a){return R.then(a)["catch"](function(a){r.readyException(a)}),this},r.extend({isReady:!1,readyWait:1,ready:function(a){(a===!0?--r.readyWait:r.isReady)||(r.isReady=!0,a!==!0&&--r.readyWait>0||R.resolveWith(d,[r]))}}),r.ready.then=R.then;function S(){d.removeEventListener("DOMContentLoaded",S),
-a.removeEventListener("load",S),r.ready()}"complete"===d.readyState||"loading"!==d.readyState&&!d.documentElement.doScroll?a.setTimeout(r.ready):(d.addEventListener("DOMContentLoaded",S),a.addEventListener("load",S));var T=function(a,b,c,d,e,f,g){var h=0,i=a.length,j=null==c;if("object"===r.type(c)){e=!0;for(h in c)T(a,b,h,c[h],!0,f,g)}else if(void 0!==d&&(e=!0,r.isFunction(d)||(g=!0),j&&(g?(b.call(a,d),b=null):(j=b,b=function(a,b,c){return j.call(r(a),c)})),b))for(;h<i;h++)b(a[h],c,g?d:d.call(a[h],h,b(a[h],c)));return e?a:j?b.call(a):i?b(a[0],c):f},U=function(a){return 1===a.nodeType||9===a.nodeType||!+a.nodeType};function V(){this.expando=r.expando+V.uid++}V.uid=1,V.prototype={cache:function(a){var b=a[this.expando];return b||(b={},U(a)&&(a.nodeType?a[this.expando]=b:Object.defineProperty(a,this.expando,{value:b,configurable:!0}))),b},set:function(a,b,c){var d,e=this.cache(a);if("string"==typeof b)e[r.camelCase(b)]=c;else for(d in b)e[r.camelCase(d)]=b[d];return e},get:function(a,b){return void 0===b?this.cache(a):a[this.expando]&&a[this.expando][r.camelCase(b)]},access:function(a,b,c){return void 0===b||b&&"string"==typeof b&&void 0===c?this.get(a,b):(this.set(a,b,c),void 0!==c?c:b)},remove:function(a,b){var c,d=a[this.expando];if(void 0!==d){if(void 0!==b){Array.isArray(b)?b=b.map(r.camelCase):(b=r.camelCase(b),b=b in d?[b]:b.match(L)||[]),c=b.length;while(c--)delete d[b[c]]}(void 0===b||r.isEmptyObject(d))&&(a.nodeType?a[this.expando]=void 0:delete a[this.expando])}},hasData:function(a){var b=a[this.expando];return void 0!==b&&!r.isEmptyObject(b)}};var W=new V,X=new V,Y=/^(?:\{[\w\W]*\}|\[[\w\W]*\])$/,Z=/[A-Z]/g;function $(a){return"true"===a||"false"!==a&&("null"===a?null:a===+a+""?+a:Y.test(a)?JSON.parse(a):a)}function _(a,b,c){var d;if(void 0===c&&1===a.nodeType)if(d="data-"+b.replace(Z,"-$&").toLowerCase(),c=a.getAttribute(d),"string"==typeof c){try{c=$(c)}catch(e){}X.set(a,b,c)}else c=void 0;return c}r.extend({hasData:function(a){return X.hasData(a)||W.hasData(a)},data:function(a,b,c){return X.access(a,b,c)},removeData:function(a,b){X.remove(a,b)},_data:function(a,b,c){return W.access(a,b,c)},_removeData:function(a,b){W.remove(a,b)}}),r.fn.extend({data:function(a,b){var c,d,e,f=this[0],g=f&&f.attributes;if(void 0===a){if(this.length&&(e=X.get(f),1===f.nodeType&&!W.get(f,"hasDataAttrs"))){c=g.length;while(c--)g[c]&&(d=g[c].name,0===d.indexOf("data-")&&(d=r.camelCase(d.slice(5)),_(f,d,e[d])));W.set(f,"hasDataAttrs",!0)}return e}return"object"==typeof a?this.each(function(){X.set(this,a)}):T(this,function(b){var c;if(f&&void 0===b){if(c=X.get(f,a),void 0!==c)return c;if(c=_(f,a),void 0!==c)return c}else this.each(function(){X.set(this,a,b)})},null,b,arguments.length>1,null,!0)},removeData:function(a){return this.each(function(){X.remove(this,a)})}}),r.extend({queue:function(a,b,c){var d;if(a)return b=(b||"fx")+"queue",d=W.get(a,b),c&&(!d||Array.isArray(c)?d=W.access(a,b,r.makeArray(c)):d.push(c)),d||[]},dequeue:function(a,b){b=b||"fx";var c=r.queue(a,b),d=c.length,e=c.shift(),f=r._queueHooks(a,b),g=function(){r.dequeue(a,b)};"inprogress"===e&&(e=c.shift(),d--),e&&("fx"===b&&c.unshift("inprogress"),delete f.stop,e.call(a,g,f)),!d&&f&&f.empty.fire()},_queueHooks:function(a,b){var c=b+"queueHooks";return W.get(a,c)||W.access(a,c,{empty:r.Callbacks("once memory").add(function(){W.remove(a,[b+"queue",c])})})}}),r.fn.extend({queue:function(a,b){var c=2;return"string"!=typeof a&&(b=a,a="fx",c--),arguments.length<c?r.queue(this[0],a):void 0===b?this:this.each(function(){var c=r.queue(this,a,b);r._queueHooks(this,a),"fx"===a&&"inprogress"!==c[0]&&r.dequeue(this,a)})},dequeue:function(a){return this.each(function(){r.dequeue(this,a)})},clearQueue:function(a){return this.queue(a||"fx",[])},promise:function(a,b){var c,d=1,e=r.Deferred(),f=this,g=this.length,h=function(){--d||e.resolveWith(f,[f])};"string"!=typeof a&&(b=a,a=void 0),a=a||"fx";while(g--)c=W.get(f[g],a+"queueHooks"),c&&c.empty&&(d++,c.empty.add(h));return h(),e.promise(b)}});var aa=/[+-]?(?:\d*\.|)\d+(?:[eE][+-]?\d+|)/.source,ba=new RegExp("^(?:([+-])=|)("+aa+")([a-z%]*)$","i"),ca=["Top","Right","Bottom","Left"],da=function(a,b){return a=b||a,"none"===a.style.display||""===a.style.display&&r.contains(a.ownerDocument,a)&&"none"===r.css(a,"display")},ea=function(a,b,c,d){var e,f,g={};for(f in b)g[f]=a.style[f],a.style[f]=b[f];e=c.apply(a,d||[]);for(f in b)a.style[f]=g[f];return e};function fa(a,b,c,d){var e,f=1,g=20,h=d?function(){return d.cur()}:function(){return r.css(a,b,"")},i=h(),j=c&&c[3]||(r.cssNumber[b]?"":"px"),k=(r.cssNumber[b]||"px"!==j&&+i)&&ba.exec(r.css(a,b));if(k&&k[3]!==j){j=j||k[3],c=c||[],k=+i||1;do f=f||".5",k/=f,r.style(a,b,k+j);while(f!==(f=h()/i)&&1!==f&&--g)}return c&&(k=+k||+i||0,e=c[1]?k+(c[1]+1)*c[2]:+c[2],d&&(d.unit=j,d.start=k,d.end=e)),e}var ga={};function ha(a){var b,c=a.ownerDocument,d=a.nodeName,e=ga[d];return e?e:(b=c.body.appendChild(c.createElement(d)),e=r.css(b,"display"),b.parentNode.removeChild(b),"none"===e&&(e="block"),ga[d]=e,e)}function ia(a,b){for(var c,d,e=[],f=0,g=a.length;f<g;f++)d=a[f],d.style&&(c=d.style.display,b?("none"===c&&(e[f]=W.get(d,"display")||null,e[f]||(d.style.display="")),""===d.style.display&&da(d)&&(e[f]=ha(d))):"none"!==c&&(e[f]="none",W.set(d,"display",c)));for(f=0;f<g;f++)null!=e[f]&&(a[f].style.display=e[f]);return a}r.fn.extend({show:function(){return ia(this,!0)},hide:function(){return ia(this)},toggle:function(a){return"boolean"==typeof a?a?this.show():this.hide():this.each(function(){da(this)?r(this).show():r(this).hide()})}});var ja=/^(?:checkbox|radio)$/i,ka=/<([a-z][^\/\0>\x20\t\r\n\f]+)/i,la=/^$|\/(?:java|ecma)script/i,ma={option:[1,"<select multiple='multiple'>","</select>"],thead:[1,"<table>","</table>"],col:[2,"<table><colgroup>","</colgroup></table>"],tr:[2,"<table><tbody>","</tbody></table>"],td:[3,"<table><tbody><tr>","</tr></tbody></table>"],_default:[0,"",""]};ma.optgroup=ma.option,ma.tbody=ma.tfoot=ma.colgroup=ma.caption=ma.thead,ma.th=ma.td;function na(a,b){var c;return c="undefined"!=typeof a.getElementsByTagName?a.getElementsByTagName(b||"*"):"undefined"!=typeof a.querySelectorAll?a.querySelectorAll(b||"*"):[],void 0===b||b&&B(a,b)?r.merge([a],c):c}function oa(a,b){for(var c=0,d=a.length;c<d;c++)W.set(a[c],"globalEval",!b||W.get(b[c],"globalEval"))}var pa=/<|&#?\w+;/;function qa(a,b,c,d,e){for(var f,g,h,i,j,k,l=b.createDocumentFragment(),m=[],n=0,o=a.length;n<o;n++)if(f=a[n],f||0===f)if("object"===r.type(f))r.merge(m,f.nodeType?[f]:f);else if(pa.test(f)){g=g||l.appendChild(b.createElement("div")),h=(ka.exec(f)||["",""])[1].toLowerCase(),i=ma[h]||ma._default,g.innerHTML=i[1]+r.htmlPrefilter(f)+i[2],k=i[0];while(k--)g=g.lastChild;r.merge(m,g.childNodes),g=l.firstChild,g.textContent=""}else m.push(b.createTextNode(f));l.textContent="",n=0;while(f=m[n++])if(d&&r.inArray(f,d)>-1)e&&e.push(f);else if(j=r.contains(f.ownerDocument,f),g=na(l.appendChild(f),"script"),j&&oa(g),c){k=0;while(f=g[k++])la.test(f.type||"")&&c.push(f)}return l}!function(){var a=d.createDocumentFragment(),b=a.appendChild(d.createElement("div")),c=d.createElement("input");c.setAttribute("type","radio"),c.setAttribute("checked","checked"),c.setAttribute("name","t"),b.appendChild(c),o.checkClone=b.cloneNode(!0).cloneNode(!0).lastChild.checked,b.innerHTML="<textarea>x</textarea>",o.noCloneChecked=!!b.cloneNode(!0).lastChild.defaultValue}();var ra=d.documentElement,sa=/^key/,ta=/^(?:mouse|pointer|contextmenu|drag|drop)|click/,ua=/^([^.]*)(?:\.(.+)|)/;function va(){return!0}function wa(){return!1}function xa(){try{return d.activeElement}catch(a){}}function ya(a,b,c,d,e,f){var g,h;if("object"==typeof b){"string"!=typeof c&&(d=d||c,c=void 0);for(h in b)ya(a,h,c,d,b[h],f);return a}if(null==d&&null==e?(e=c,d=c=void 0):null==e&&("string"==typeof c?(e=d,d=void 0):(e=d,d=c,c=void 0)),e===!1)e=wa;else if(!e)return a;return 1===f&&(g=e,e=function(a){return r().off(a),g.apply(this,arguments)},e.guid=g.guid||(g.guid=r.guid++)),a.each(function(){r.event.add(this,b,e,d,c)})}r.event={global:{},add:function(a,b,c,d,e){var f,g,h,i,j,k,l,m,n,o,p,q=W.get(a);if(q){c.handler&&(f=c,c=f.handler,e=f.selector),e&&r.find.matchesSelector(ra,e),c.guid||(c.guid=r.guid++),(i=q.events)||(i=q.events={}),(g=q.handle)||(g=q.handle=function(b){return"undefined"!=typeof r&&r.event.triggered!==b.type?r.event.dispatch.apply(a,arguments):void 0}),b=(b||"").match(L)||[""],j=b.length;while(j--)h=ua.exec(b[j])||[],n=p=h[1],o=(h[2]||"").split(".").sort(),n&&(l=r.event.special[n]||{},n=(e?l.delegateType:l.bindType)||n,l=r.event.special[n]||{},k=r.extend({type:n,origType:p,data:d,handler:c,guid:c.guid,selector:e,needsContext:e&&r.expr.match.needsContext.test(e),namespace:o.join(".")},f),(m=i[n])||(m=i[n]=[],m.delegateCount=0,l.setup&&l.setup.call(a,d,o,g)!==!1||a.addEventListener&&a.addEventListener(n,g)),l.add&&(l.add.call(a,k),k.handler.guid||(k.handler.guid=c.guid)),e?m.splice(m.delegateCount++,0,k):m.push(k),r.event.global[n]=!0)}},remove:function(a,b,c,d,e){var f,g,h,i,j,k,l,m,n,o,p,q=W.hasData(a)&&W.get(a);if(q&&(i=q.events)){b=(b||"").match(L)||[""],j=b.length;while(j--)if(h=ua.exec(b[j])||[],n=p=h[1],o=(h[2]||"").split(".").sort(),n){l=r.event.special[n]||{},n=(d?l.delegateType:l.bindType)||n,m=i[n]||[],h=h[2]&&new RegExp("(^|\\.)"+o.join("\\.(?:.*\\.|)")+"(\\.|$)"),g=f=m.length;while(f--)k=m[f],!e&&p!==k.origType||c&&c.guid!==k.guid||h&&!h.test(k.namespace)||d&&d!==k.selector&&("**"!==d||!k.selector)||(m.splice(f,1),k.selector&&m.delegateCount--,l.remove&&l.remove.call(a,k));g&&!m.length&&(l.teardown&&l.teardown.call(a,o,q.handle)!==!1||r.removeEvent(a,n,q.handle),delete i[n])}else for(n in i)r.event.remove(a,n+b[j],c,d,!0);r.isEmptyObject(i)&&W.remove(a,"handle events")}},dispatch:function(a){var b=r.event.fix(a),c,d,e,f,g,h,i=new Array(arguments.length),j=(W.get(this,"events")||{})[b.type]||[],k=r.event.special[b.type]||{};for(i[0]=b,c=1;c<arguments.length;c++)i[c]=arguments[c];if(b.delegateTarget=this,!k.preDispatch||k.preDispatch.call(this,b)!==!1){h=r.event.handlers.call(this,b,j),c=0;while((f=h[c++])&&!b.isPropagationStopped()){b.currentTarget=f.elem,d=0;while((g=f.handlers[d++])&&!b.isImmediatePropagationStopped())b.rnamespace&&!b.rnamespace.test(g.namespace)||(b.handleObj=g,b.data=g.data,e=((r.event.special[g.origType]||{}).handle||g.handler).apply(f.elem,i),void 0!==e&&(b.result=e)===!1&&(b.preventDefault(),b.stopPropagation()))}return k.postDispatch&&k.postDispatch.call(this,b),b.result}},handlers:function(a,b){var c,d,e,f,g,h=[],i=b.delegateCount,j=a.target;if(i&&j.nodeType&&!("click"===a.type&&a.button>=1))for(;j!==this;j=j.parentNode||this)if(1===j.nodeType&&("click"!==a.type||j.disabled!==!0)){for(f=[],g={},c=0;c<i;c++)d=b[c],e=d.selector+" ",void 0===g[e]&&(g[e]=d.needsContext?r(e,this).index(j)>-1:r.find(e,this,null,[j]).length),g[e]&&f.push(d);f.length&&h.push({elem:j,handlers:f})}return j=this,i<b.length&&h.push({elem:j,handlers:b.slice(i)}),h},addProp:function(a,b){Object.defineProperty(r.Event.prototype,a,{enumerable:!0,configurable:!0,get:r.isFunction(b)?function(){if(this.originalEvent)return b(this.originalEvent)}:function(){if(this.originalEvent)return this.originalEvent[a]},set:function(b){Object.defineProperty(this,a,{enumerable:!0,configurable:!0,writable:!0,value:b})}})},fix:function(a){return a[r.expando]?a:new r.Event(a)},special:{load:{noBubble:!0},focus:{trigger:function(){if(this!==xa()&&this.focus)return this.focus(),!1},delegateType:"focusin"},blur:{trigger:function(){if(this===xa()&&this.blur)return this.blur(),!1},delegateType:"focusout"},click:{trigger:function(){if("checkbox"===this.type&&this.click&&B(this,"input"))return this.click(),!1},_default:function(a){return B(a.target,"a")}},beforeunload:{postDispatch:function(a){void 0!==a.result&&a.originalEvent&&(a.originalEvent.returnValue=a.result)}}}},r.removeEvent=function(a,b,c){a.removeEventListener&&a.removeEventListener(b,c)},r.Event=function(a,b){return this instanceof r.Event?(a&&a.type?(this.originalEvent=a,this.type=a.type,this.isDefaultPrevented=a.defaultPrevented||void 0===a.defaultPrevented&&a.returnValue===!1?va:wa,this.target=a.target&&3===a.target.nodeType?a.target.parentNode:a.target,this.currentTarget=a.currentTarget,this.relatedTarget=a.relatedTarget):this.type=a,b&&r.extend(this,b),this.timeStamp=a&&a.timeStamp||r.now(),void(this[r.expando]=!0)):new r.Event(a,b)},r.Event.prototype={constructor:r.Event,isDefaultPrevented:wa,isPropagationStopped:wa,isImmediatePropagationStopped:wa,isSimulated:!1,preventDefault:function(){var a=this.originalEvent;this.isDefaultPrevented=va,a&&!this.isSimulated&&a.preventDefault()},stopPropagation:function(){var a=this.originalEvent;this.isPropagationStopped=va,a&&!this.isSimulated&&a.stopPropagation()},stopImmediatePropagation:function(){var a=this.originalEvent;this.isImmediatePropagationStopped=va,a&&!this.isSimulated&&a.stopImmediatePropagation(),this.stopPropagation()}},r.each({altKey:!0,bubbles:!0,cancelable:!0,changedTouches:!0,ctrlKey:!0,detail:!0,eventPhase:!0,metaKey:!0,pageX:!0,pageY:!0,shiftKey:!0,view:!0,"char":!0,charCode:!0,key:!0,keyCode:!0,button:!0,buttons:!0,clientX:!0,clientY:!0,offsetX:!0,offsetY:!0,pointerId:!0,pointerType:!0,screenX:!0,screenY:!0,targetTouches:!0,toElement:!0,touches:!0,which:function(a){var b=a.button;return null==a.which&&sa.test(a.type)?null!=a.charCode?a.charCode:a.keyCode:!a.which&&void 0!==b&&ta.test(a.type)?1&b?1:2&b?3:4&b?2:0:a.which}},r.event.addProp),r.each({mouseenter:"mouseover",mouseleave:"mouseout",pointerenter:"pointerover",pointerleave:"pointerout"},function(a,b){r.event.special[a]={delegateType:b,bindType:b,handle:function(a){var c,d=this,e=a.relatedTarget,f=a.handleObj;return e&&(e===d||r.contains(d,e))||(a.type=f.origType,c=f.handler.apply(this,arguments),a.type=b),c}}}),r.fn.extend({on:function(a,b,c,d){return ya(this,a,b,c,d)},one:function(a,b,c,d){return ya(this,a,b,c,d,1)},off:function(a,b,c){var d,e;if(a&&a.preventDefault&&a.handleObj)return d=a.handleObj,r(a.delegateTarget).off(d.namespace?d.origType+"."+d.namespace:d.origType,d.selector,d.handler),this;if("object"==typeof a){for(e in a)this.off(e,b,a[e]);return this}return b!==!1&&"function"!=typeof b||(c=b,b=void 0),c===!1&&(c=wa),this.each(function(){r.event.remove(this,a,c,b)})}});var za=/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([a-z][^\/\0>\x20\t\r\n\f]*)[^>]*)\/>/gi,Aa=/<script|<style|<link/i,Ba=/checked\s*(?:[^=]|=\s*.checked.)/i,Ca=/^true\/(.*)/,Da=/^\s*<!(?:\[CDATA\[|--)|(?:\]\]|--)>\s*$/g;function Ea(a,b){return B(a,"table")&&B(11!==b.nodeType?b:b.firstChild,"tr")?r(">tbody",a)[0]||a:a}function Fa(a){return a.type=(null!==a.getAttribute("type"))+"/"+a.type,a}function Ga(a){var b=Ca.exec(a.type);return b?a.type=b[1]:a.removeAttribute("type"),a}function Ha(a,b){var c,d,e,f,g,h,i,j;if(1===b.nodeType){if(W.hasData(a)&&(f=W.access(a),g=W.set(b,f),j=f.events)){delete g.handle,g.events={};for(e in j)for(c=0,d=j[e].length;c<d;c++)r.event.add(b,e,j[e][c])}X.hasData(a)&&(h=X.access(a),i=r.extend({},h),X.set(b,i))}}function Ia(a,b){var c=b.nodeName.toLowerCase();"input"===c&&ja.test(a.type)?b.checked=a.checked:"input"!==c&&"textarea"!==c||(b.defaultValue=a.defaultValue)}function Ja(a,b,c,d){b=g.apply([],b);var e,f,h,i,j,k,l=0,m=a.length,n=m-1,q=b[0],s=r.isFunction(q);if(s||m>1&&"string"==typeof q&&!o.checkClone&&Ba.test(q))return a.each(function(e){var f=a.eq(e);s&&(b[0]=q.call(this,e,f.html())),Ja(f,b,c,d)});if(m&&(e=qa(b,a[0].ownerDocument,!1,a,d),f=e.firstChild,1===e.childNodes.length&&(e=f),f||d)){for(h=r.map(na(e,"script"),Fa),i=h.length;l<m;l++)j=e,l!==n&&(j=r.clone(j,!0,!0),i&&r.merge(h,na(j,"script"))),c.call(a[l],j,l);if(i)for(k=h[h.length-1].ownerDocument,r.map(h,Ga),l=0;l<i;l++)j=h[l],la.test(j.type||"")&&!W.access(j,"globalEval")&&r.contains(k,j)&&(j.src?r._evalUrl&&r._evalUrl(j.src):p(j.textContent.replace(Da,""),k))}return a}function Ka(a,b,c){for(var d,e=b?r.filter(b,a):a,f=0;null!=(d=e[f]);f++)c||1!==d.nodeType||r.cleanData(na(d)),d.parentNode&&(c&&r.contains(d.ownerDocument,d)&&oa(na(d,"script")),d.parentNode.removeChild(d));return a}r.extend({htmlPrefilter:function(a){return a.replace(za,"<$1></$2>")},clone:function(a,b,c){var d,e,f,g,h=a.cloneNode(!0),i=r.contains(a.ownerDocument,a);if(!(o.noCloneChecked||1!==a.nodeType&&11!==a.nodeType||r.isXMLDoc(a)))for(g=na(h),f=na(a),d=0,e=f.length;d<e;d++)Ia(f[d],g[d]);if(b)if(c)for(f=f||na(a),g=g||na(h),d=0,e=f.length;d<e;d++)Ha(f[d],g[d]);else Ha(a,h);return g=na(h,"script"),g.length>0&&oa(g,!i&&na(a,"script")),h},cleanData:function(a){for(var b,c,d,e=r.event.special,f=0;void 0!==(c=a[f]);f++)if(U(c)){if(b=c[W.expando]){if(b.events)for(d in b.events)e[d]?r.event.remove(c,d):r.removeEvent(c,d,b.handle);c[W.expando]=void 0}c[X.expando]&&(c[X.expando]=void 0)}}}),r.fn.extend({detach:function(a){return Ka(this,a,!0)},remove:function(a){return Ka(this,a)},text:function(a){return T(this,function(a){return void 0===a?r.text(this):this.empty().each(function(){1!==this.nodeType&&11!==this.nodeType&&9!==this.nodeType||(this.textContent=a)})},null,a,arguments.length)},append:function(){return Ja(this,arguments,function(a){if(1===this.nodeType||11===this.nodeType||9===this.nodeType){var b=Ea(this,a);b.appendChild(a)}})},prepend:function(){return Ja(this,arguments,function(a){if(1===this.nodeType||11===this.nodeType||9===this.nodeType){var b=Ea(this,a);b.insertBefore(a,b.firstChild)}})},before:function(){return Ja(this,arguments,function(a){this.parentNode&&this.parentNode.insertBefore(a,this)})},after:function(){return Ja(this,arguments,function(a){this.parentNode&&this.parentNode.insertBefore(a,this.nextSibling)})},empty:function(){for(var a,b=0;null!=(a=this[b]);b++)1===a.nodeType&&(r.cleanData(na(a,!1)),a.textContent="");return this},clone:function(a,b){return a=null!=a&&a,b=null==b?a:b,this.map(function(){return r.clone(this,a,b)})},html:function(a){return T(this,function(a){var b=this[0]||{},c=0,d=this.length;if(void 0===a&&1===b.nodeType)return b.innerHTML;if("string"==typeof a&&!Aa.test(a)&&!ma[(ka.exec(a)||["",""])[1].toLowerCase()]){a=r.htmlPrefilter(a);try{for(;c<d;c++)b=this[c]||{},1===b.nodeType&&(r.cleanData(na(b,!1)),b.innerHTML=a);b=0}catch(e){}}b&&this.empty().append(a)},null,a,arguments.length)},replaceWith:function(){var a=[];return Ja(this,arguments,function(b){var c=this.parentNode;r.inArray(this,a)<0&&(r.cleanData(na(this)),c&&c.replaceChild(b,this))},a)}}),r.each({appendTo:"append",prependTo:"prepend",insertBefore:"before",insertAfter:"after",replaceAll:"replaceWith"},function(a,b){r.fn[a]=function(a){for(var c,d=[],e=r(a),f=e.length-1,g=0;g<=f;g++)c=g===f?this:this.clone(!0),r(e[g])[b](c),h.apply(d,c.get());return this.pushStack(d)}});var La=/^margin/,Ma=new RegExp("^("+aa+")(?!px)[a-z%]+$","i"),Na=function(b){var c=b.ownerDocument.defaultView;return c&&c.opener||(c=a),c.getComputedStyle(b)};!function(){function b(){if(i){i.style.cssText="box-sizing:border-box;position:relative;display:block;margin:auto;border:1px;padding:1px;top:1%;width:50%",i.innerHTML="",ra.appendChild(h);var b=a.getComputedStyle(i);c="1%"!==b.top,g="2px"===b.marginLeft,e="4px"===b.width,i.style.marginRight="50%",f="4px"===b.marginRight,ra.removeChild(h),i=null}}var c,e,f,g,h=d.createElement("div"),i=d.createElement("div");i.style&&(i.style.backgroundClip="content-box",i.cloneNode(!0).style.backgroundClip="",o.clearCloneStyle="content-box"===i.style.backgroundClip,h.style.cssText="border:0;width:8px;height:0;top:0;left:-9999px;padding:0;margin-top:1px;position:absolute",h.appendChild(i),r.extend(o,{pixelPosition:function(){return b(),c},boxSizingReliable:function(){return b(),e},pixelMarginRight:function(){return b(),f},reliableMarginLeft:function(){return b(),g}}))}();function Oa(a,b,c){var d,e,f,g,h=a.style;return c=c||Na(a),c&&(g=c.getPropertyValue(b)||c[b],""!==g||r.contains(a.ownerDocument,a)||(g=r.style(a,b)),!o.pixelMarginRight()&&Ma.test(g)&&La.test(b)&&(d=h.width,e=h.minWidth,f=h.maxWidth,h.minWidth=h.maxWidth=h.width=g,g=c.width,h.width=d,h.minWidth=e,h.maxWidth=f)),void 0!==g?g+"":g}function Pa(a,b){return{get:function(){return a()?void delete this.get:(this.get=b).apply(this,arguments)}}}var Qa=/^(none|table(?!-c[ea]).+)/,Ra=/^--/,Sa={position:"absolute",visibility:"hidden",display:"block"},Ta={letterSpacing:"0",fontWeight:"400"},Ua=["Webkit","Moz","ms"],Va=d.createElement("div").style;function Wa(a){if(a in Va)return a;var b=a[0].toUpperCase()+a.slice(1),c=Ua.length;while(c--)if(a=Ua[c]+b,a in Va)return a}function Xa(a){var b=r.cssProps[a];return b||(b=r.cssProps[a]=Wa(a)||a),b}function Ya(a,b,c){var d=ba.exec(b);return d?Math.max(0,d[2]-(c||0))+(d[3]||"px"):b}function Za(a,b,c,d,e){var f,g=0;for(f=c===(d?"border":"content")?4:"width"===b?1:0;f<4;f+=2)"margin"===c&&(g+=r.css(a,c+ca[f],!0,e)),d?("content"===c&&(g-=r.css(a,"padding"+ca[f],!0,e)),"margin"!==c&&(g-=r.css(a,"border"+ca[f]+"Width",!0,e))):(g+=r.css(a,"padding"+ca[f],!0,e),"padding"!==c&&(g+=r.css(a,"border"+ca[f]+"Width",!0,e)));return g}function $a(a,b,c){var d,e=Na(a),f=Oa(a,b,e),g="border-box"===r.css(a,"boxSizing",!1,e);return Ma.test(f)?f:(d=g&&(o.boxSizingReliable()||f===a.style[b]),"auto"===f&&(f=a["offset"+b[0].toUpperCase()+b.slice(1)]),f=parseFloat(f)||0,f+Za(a,b,c||(g?"border":"content"),d,e)+"px")}r.extend({cssHooks:{opacity:{get:function(a,b){if(b){var c=Oa(a,"opacity");return""===c?"1":c}}}},cssNumber:{animationIterationCount:!0,columnCount:!0,fillOpacity:!0,flexGrow:!0,flexShrink:!0,fontWeight:!0,lineHeight:!0,opacity:!0,order:!0,orphans:!0,widows:!0,zIndex:!0,zoom:!0},cssProps:{"float":"cssFloat"},style:function(a,b,c,d){if(a&&3!==a.nodeType&&8!==a.nodeType&&a.style){var e,f,g,h=r.camelCase(b),i=Ra.test(b),j=a.style;return i||(b=Xa(h)),g=r.cssHooks[b]||r.cssHooks[h],void 0===c?g&&"get"in g&&void 0!==(e=g.get(a,!1,d))?e:j[b]:(f=typeof c,"string"===f&&(e=ba.exec(c))&&e[1]&&(c=fa(a,b,e),f="number"),null!=c&&c===c&&("number"===f&&(c+=e&&e[3]||(r.cssNumber[h]?"":"px")),o.clearCloneStyle||""!==c||0!==b.indexOf("background")||(j[b]="inherit"),g&&"set"in g&&void 0===(c=g.set(a,c,d))||(i?j.setProperty(b,c):j[b]=c)),void 0)}},css:function(a,b,c,d){var e,f,g,h=r.camelCase(b),i=Ra.test(b);return i||(b=Xa(h)),g=r.cssHooks[b]||r.cssHooks[h],g&&"get"in g&&(e=g.get(a,!0,c)),void 0===e&&(e=Oa(a,b,d)),"normal"===e&&b in Ta&&(e=Ta[b]),""===c||c?(f=parseFloat(e),c===!0||isFinite(f)?f||0:e):e}}),r.each(["height","width"],function(a,b){r.cssHooks[b]={get:function(a,c,d){if(c)return!Qa.test(r.css(a,"display"))||a.getClientRects().length&&a.getBoundingClientRect().width?$a(a,b,d):ea(a,Sa,function(){return $a(a,b,d)})},set:function(a,c,d){var e,f=d&&Na(a),g=d&&Za(a,b,d,"border-box"===r.css(a,"boxSizing",!1,f),f);return g&&(e=ba.exec(c))&&"px"!==(e[3]||"px")&&(a.style[b]=c,c=r.css(a,b)),Ya(a,c,g)}}}),r.cssHooks.marginLeft=Pa(o.reliableMarginLeft,function(a,b){if(b)return(parseFloat(Oa(a,"marginLeft"))||a.getBoundingClientRect().left-ea(a,{marginLeft:0},function(){return a.getBoundingClientRect().left}))+"px"}),r.each({margin:"",padding:"",border:"Width"},function(a,b){r.cssHooks[a+b]={expand:function(c){for(var d=0,e={},f="string"==typeof c?c.split(" "):[c];d<4;d++)e[a+ca[d]+b]=f[d]||f[d-2]||f[0];return e}},La.test(a)||(r.cssHooks[a+b].set=Ya)}),r.fn.extend({css:function(a,b){return T(this,function(a,b,c){var d,e,f={},g=0;if(Array.isArray(b)){for(d=Na(a),e=b.length;g<e;g++)f[b[g]]=r.css(a,b[g],!1,d);return f}return void 0!==c?r.style(a,b,c):r.css(a,b)},a,b,arguments.length>1)}});function _a(a,b,c,d,e){return new _a.prototype.init(a,b,c,d,e)}r.Tween=_a,_a.prototype={constructor:_a,init:function(a,b,c,d,e,f){this.elem=a,this.prop=c,this.easing=e||r.easing._default,this.options=b,this.start=this.now=this.cur(),this.end=d,this.unit=f||(r.cssNumber[c]?"":"px")},cur:function(){var a=_a.propHooks[this.prop];return a&&a.get?a.get(this):_a.propHooks._default.get(this)},run:function(a){var b,c=_a.propHooks[this.prop];return this.options.duration?this.pos=b=r.easing[this.easing](a,this.options.duration*a,0,1,this.options.duration):this.pos=b=a,this.now=(this.end-this.start)*b+this.start,this.options.step&&this.options.step.call(this.elem,this.now,this),c&&c.set?c.set(this):_a.propHooks._default.set(this),this}},_a.prototype.init.prototype=_a.prototype,_a.propHooks={_default:{get:function(a){var b;return 1!==a.elem.nodeType||null!=a.elem[a.prop]&&null==a.elem.style[a.prop]?a.elem[a.prop]:(b=r.css(a.elem,a.prop,""),b&&"auto"!==b?b:0)},set:function(a){r.fx.step[a.prop]?r.fx.step[a.prop](a):1!==a.elem.nodeType||null==a.elem.style[r.cssProps[a.prop]]&&!r.cssHooks[a.prop]?a.elem[a.prop]=a.now:r.style(a.elem,a.prop,a.now+a.unit)}}},_a.propHooks.scrollTop=_a.propHooks.scrollLeft={set:function(a){a.elem.nodeType&&a.elem.parentNode&&(a.elem[a.prop]=a.now)}},r.easing={linear:function(a){return a},swing:function(a){return.5-Math.cos(a*Math.PI)/2},_default:"swing"},r.fx=_a.prototype.init,r.fx.step={};var ab,bb,cb=/^(?:toggle|show|hide)$/,db=/queueHooks$/;function eb(){bb&&(d.hidden===!1&&a.requestAnimationFrame?a.requestAnimationFrame(eb):a.setTimeout(eb,r.fx.interval),r.fx.tick())}function fb(){return a.setTimeout(function(){ab=void 0}),ab=r.now()}function gb(a,b){var c,d=0,e={height:a};for(b=b?1:0;d<4;d+=2-b)c=ca[d],e["margin"+c]=e["padding"+c]=a;return b&&(e.opacity=e.width=a),e}function hb(a,b,c){for(var d,e=(kb.tweeners[b]||[]).concat(kb.tweeners["*"]),f=0,g=e.length;f<g;f++)if(d=e[f].call(c,b,a))return d}function ib(a,b,c){var d,e,f,g,h,i,j,k,l="width"in b||"height"in b,m=this,n={},o=a.style,p=a.nodeType&&da(a),q=W.get(a,"fxshow");c.queue||(g=r._queueHooks(a,"fx"),null==g.unqueued&&(g.unqueued=0,h=g.empty.fire,g.empty.fire=function(){g.unqueued||h()}),g.unqueued++,m.always(function(){m.always(function(){g.unqueued--,r.queue(a,"fx").length||g.empty.fire()})}));for(d in b)if(e=b[d],cb.test(e)){if(delete b[d],f=f||"toggle"===e,e===(p?"hide":"show")){if("show"!==e||!q||void 0===q[d])continue;p=!0}n[d]=q&&q[d]||r.style(a,d)}if(i=!r.isEmptyObject(b),i||!r.isEmptyObject(n)){l&&1===a.nodeType&&(c.overflow=[o.overflow,o.overflowX,o.overflowY],j=q&&q.display,null==j&&(j=W.get(a,"display")),k=r.css(a,"display"),"none"===k&&(j?k=j:(ia([a],!0),j=a.style.display||j,k=r.css(a,"display"),ia([a]))),("inline"===k||"inline-block"===k&&null!=j)&&"none"===r.css(a,"float")&&(i||(m.done(function(){o.display=j}),null==j&&(k=o.display,j="none"===k?"":k)),o.display="inline-block")),c.overflow&&(o.overflow="hidden",m.always(function(){o.overflow=c.overflow[0],o.overflowX=c.overflow[1],o.overflowY=c.overflow[2]})),i=!1;for(d in n)i||(q?"hidden"in q&&(p=q.hidden):q=W.access(a,"fxshow",{display:j}),f&&(q.hidden=!p),p&&ia([a],!0),m.done(function(){p||ia([a]),W.remove(a,"fxshow");for(d in n)r.style(a,d,n[d])})),i=hb(p?q[d]:0,d,m),d in q||(q[d]=i.start,p&&(i.end=i.start,i.start=0))}}function jb(a,b){var c,d,e,f,g;for(c in a)if(d=r.camelCase(c),e=b[d],f=a[c],Array.isArray(f)&&(e=f[1],f=a[c]=f[0]),c!==d&&(a[d]=f,delete a[c]),g=r.cssHooks[d],g&&"expand"in g){f=g.expand(f),delete a[d];for(c in f)c in a||(a[c]=f[c],b[c]=e)}else b[d]=e}function kb(a,b,c){var d,e,f=0,g=kb.prefilters.length,h=r.Deferred().always(function(){delete i.elem}),i=function(){if(e)return!1;for(var b=ab||fb(),c=Math.max(0,j.startTime+j.duration-b),d=c/j.duration||0,f=1-d,g=0,i=j.tweens.length;g<i;g++)j.tweens[g].run(f);return h.notifyWith(a,[j,f,c]),f<1&&i?c:(i||h.notifyWith(a,[j,1,0]),h.resolveWith(a,[j]),!1)},j=h.promise({elem:a,props:r.extend({},b),opts:r.extend(!0,{specialEasing:{},easing:r.easing._default},c),originalProperties:b,originalOptions:c,startTime:ab||fb(),duration:c.duration,tweens:[],createTween:function(b,c){var d=r.Tween(a,j.opts,b,c,j.opts.specialEasing[b]||j.opts.easing);return j.tweens.push(d),d},stop:function(b){var c=0,d=b?j.tweens.length:0;if(e)return this;for(e=!0;c<d;c++)j.tweens[c].run(1);return b?(h.notifyWith(a,[j,1,0]),h.resolveWith(a,[j,b])):h.rejectWith(a,[j,b]),this}}),k=j.props;for(jb(k,j.opts.specialEasing);f<g;f++)if(d=kb.prefilters[f].call(j,a,k,j.opts))return r.isFunction(d.stop)&&(r._queueHooks(j.elem,j.opts.queue).stop=r.proxy(d.stop,d)),d;return r.map(k,hb,j),r.isFunction(j.opts.start)&&j.opts.start.call(a,j),j.progress(j.opts.progress).done(j.opts.done,j.opts.complete).fail(j.opts.fail).always(j.opts.always),r.fx.timer(r.extend(i,{elem:a,anim:j,queue:j.opts.queue})),j}r.Animation=r.extend(kb,{tweeners:{"*":[function(a,b){var c=this.createTween(a,b);return fa(c.elem,a,ba.exec(b),c),c}]},tweener:function(a,b){r.isFunction(a)?(b=a,a=["*"]):a=a.match(L);for(var c,d=0,e=a.length;d<e;d++)c=a[d],kb.tweeners[c]=kb.tweeners[c]||[],kb.tweeners[c].unshift(b)},prefilters:[ib],prefilter:function(a,b){b?kb.prefilters.unshift(a):kb.prefilters.push(a)}}),r.speed=function(a,b,c){var d=a&&"object"==typeof a?r.extend({},a):{complete:c||!c&&b||r.isFunction(a)&&a,duration:a,easing:c&&b||b&&!r.isFunction(b)&&b};return r.fx.off?d.duration=0:"number"!=typeof d.duration&&(d.duration in r.fx.speeds?d.duration=r.fx.speeds[d.duration]:d.duration=r.fx.speeds._default),null!=d.queue&&d.queue!==!0||(d.queue="fx"),d.old=d.complete,d.complete=function(){r.isFunction(d.old)&&d.old.call(this),d.queue&&r.dequeue(this,d.queue)},d},r.fn.extend({fadeTo:function(a,b,c,d){return this.filter(da).css("opacity",0).show().end().animate({opacity:b},a,c,d)},animate:function(a,b,c,d){var e=r.isEmptyObject(a),f=r.speed(b,c,d),g=function(){var b=kb(this,r.extend({},a),f);(e||W.get(this,"finish"))&&b.stop(!0)};return g.finish=g,e||f.queue===!1?this.each(g):this.queue(f.queue,g)},stop:function(a,b,c){var d=function(a){var b=a.stop;delete a.stop,b(c)};return"string"!=typeof a&&(c=b,b=a,a=void 0),b&&a!==!1&&this.queue(a||"fx",[]),this.each(function(){var b=!0,e=null!=a&&a+"queueHooks",f=r.timers,g=W.get(this);if(e)g[e]&&g[e].stop&&d(g[e]);else for(e in g)g[e]&&g[e].stop&&db.test(e)&&d(g[e]);for(e=f.length;e--;)f[e].elem!==this||null!=a&&f[e].queue!==a||(f[e].anim.stop(c),b=!1,f.splice(e,1));!b&&c||r.dequeue(this,a)})},finish:function(a){return a!==!1&&(a=a||"fx"),this.each(function(){var b,c=W.get(this),d=c[a+"queue"],e=c[a+"queueHooks"],f=r.timers,g=d?d.length:0;for(c.finish=!0,r.queue(this,a,[]),e&&e.stop&&e.stop.call(this,!0),b=f.length;b--;)f[b].elem===this&&f[b].queue===a&&(f[b].anim.stop(!0),f.splice(b,1));for(b=0;b<g;b++)d[b]&&d[b].finish&&d[b].finish.call(this);delete c.finish})}}),r.each(["toggle","show","hide"],function(a,b){var c=r.fn[b];r.fn[b]=function(a,d,e){return null==a||"boolean"==typeof a?c.apply(this,arguments):this.animate(gb(b,!0),a,d,e)}}),r.each({slideDown:gb("show"),slideUp:gb("hide"),slideToggle:gb("toggle"),fadeIn:{opacity:"show"},fadeOut:{opacity:"hide"},fadeToggle:{opacity:"toggle"}},function(a,b){r.fn[a]=function(a,c,d){return this.animate(b,a,c,d)}}),r.timers=[],r.fx.tick=function(){var a,b=0,c=r.timers;for(ab=r.now();b<c.length;b++)a=c[b],a()||c[b]!==a||c.splice(b--,1);c.length||r.fx.stop(),ab=void 0},r.fx.timer=function(a){r.timers.push(a),r.fx.start()},r.fx.interval=13,r.fx.start=function(){bb||(bb=!0,eb())},r.fx.stop=function(){bb=null},r.fx.speeds={slow:600,fast:200,_default:400},r.fn.delay=function(b,c){return b=r.fx?r.fx.speeds[b]||b:b,c=c||"fx",this.queue(c,function(c,d){var e=a.setTimeout(c,b);d.stop=function(){a.clearTimeout(e)}})},function(){var a=d.createElement("input"),b=d.createElement("select"),c=b.appendChild(d.createElement("option"));a.type="checkbox",o.checkOn=""!==a.value,o.optSelected=c.selected,a=d.createElement("input"),a.value="t",a.type="radio",o.radioValue="t"===a.value}();var lb,mb=r.expr.attrHandle;r.fn.extend({attr:function(a,b){return T(this,r.attr,a,b,arguments.length>1)},removeAttr:function(a){return this.each(function(){r.removeAttr(this,a)})}}),r.extend({attr:function(a,b,c){var d,e,f=a.nodeType;if(3!==f&&8!==f&&2!==f)return"undefined"==typeof a.getAttribute?r.prop(a,b,c):(1===f&&r.isXMLDoc(a)||(e=r.attrHooks[b.toLowerCase()]||(r.expr.match.bool.test(b)?lb:void 0)),void 0!==c?null===c?void r.removeAttr(a,b):e&&"set"in e&&void 0!==(d=e.set(a,c,b))?d:(a.setAttribute(b,c+""),c):e&&"get"in e&&null!==(d=e.get(a,b))?d:(d=r.find.attr(a,b),
-null==d?void 0:d))},attrHooks:{type:{set:function(a,b){if(!o.radioValue&&"radio"===b&&B(a,"input")){var c=a.value;return a.setAttribute("type",b),c&&(a.value=c),b}}}},removeAttr:function(a,b){var c,d=0,e=b&&b.match(L);if(e&&1===a.nodeType)while(c=e[d++])a.removeAttribute(c)}}),lb={set:function(a,b,c){return b===!1?r.removeAttr(a,c):a.setAttribute(c,c),c}},r.each(r.expr.match.bool.source.match(/\w+/g),function(a,b){var c=mb[b]||r.find.attr;mb[b]=function(a,b,d){var e,f,g=b.toLowerCase();return d||(f=mb[g],mb[g]=e,e=null!=c(a,b,d)?g:null,mb[g]=f),e}});var nb=/^(?:input|select|textarea|button)$/i,ob=/^(?:a|area)$/i;r.fn.extend({prop:function(a,b){return T(this,r.prop,a,b,arguments.length>1)},removeProp:function(a){return this.each(function(){delete this[r.propFix[a]||a]})}}),r.extend({prop:function(a,b,c){var d,e,f=a.nodeType;if(3!==f&&8!==f&&2!==f)return 1===f&&r.isXMLDoc(a)||(b=r.propFix[b]||b,e=r.propHooks[b]),void 0!==c?e&&"set"in e&&void 0!==(d=e.set(a,c,b))?d:a[b]=c:e&&"get"in e&&null!==(d=e.get(a,b))?d:a[b]},propHooks:{tabIndex:{get:function(a){var b=r.find.attr(a,"tabindex");return b?parseInt(b,10):nb.test(a.nodeName)||ob.test(a.nodeName)&&a.href?0:-1}}},propFix:{"for":"htmlFor","class":"className"}}),o.optSelected||(r.propHooks.selected={get:function(a){var b=a.parentNode;return b&&b.parentNode&&b.parentNode.selectedIndex,null},set:function(a){var b=a.parentNode;b&&(b.selectedIndex,b.parentNode&&b.parentNode.selectedIndex)}}),r.each(["tabIndex","readOnly","maxLength","cellSpacing","cellPadding","rowSpan","colSpan","useMap","frameBorder","contentEditable"],function(){r.propFix[this.toLowerCase()]=this});function pb(a){var b=a.match(L)||[];return b.join(" ")}function qb(a){return a.getAttribute&&a.getAttribute("class")||""}r.fn.extend({addClass:function(a){var b,c,d,e,f,g,h,i=0;if(r.isFunction(a))return this.each(function(b){r(this).addClass(a.call(this,b,qb(this)))});if("string"==typeof a&&a){b=a.match(L)||[];while(c=this[i++])if(e=qb(c),d=1===c.nodeType&&" "+pb(e)+" "){g=0;while(f=b[g++])d.indexOf(" "+f+" ")<0&&(d+=f+" ");h=pb(d),e!==h&&c.setAttribute("class",h)}}return this},removeClass:function(a){var b,c,d,e,f,g,h,i=0;if(r.isFunction(a))return this.each(function(b){r(this).removeClass(a.call(this,b,qb(this)))});if(!arguments.length)return this.attr("class","");if("string"==typeof a&&a){b=a.match(L)||[];while(c=this[i++])if(e=qb(c),d=1===c.nodeType&&" "+pb(e)+" "){g=0;while(f=b[g++])while(d.indexOf(" "+f+" ")>-1)d=d.replace(" "+f+" "," ");h=pb(d),e!==h&&c.setAttribute("class",h)}}return this},toggleClass:function(a,b){var c=typeof a;return"boolean"==typeof b&&"string"===c?b?this.addClass(a):this.removeClass(a):r.isFunction(a)?this.each(function(c){r(this).toggleClass(a.call(this,c,qb(this),b),b)}):this.each(function(){var b,d,e,f;if("string"===c){d=0,e=r(this),f=a.match(L)||[];while(b=f[d++])e.hasClass(b)?e.removeClass(b):e.addClass(b)}else void 0!==a&&"boolean"!==c||(b=qb(this),b&&W.set(this,"__className__",b),this.setAttribute&&this.setAttribute("class",b||a===!1?"":W.get(this,"__className__")||""))})},hasClass:function(a){var b,c,d=0;b=" "+a+" ";while(c=this[d++])if(1===c.nodeType&&(" "+pb(qb(c))+" ").indexOf(b)>-1)return!0;return!1}});var rb=/\r/g;r.fn.extend({val:function(a){var b,c,d,e=this[0];{if(arguments.length)return d=r.isFunction(a),this.each(function(c){var e;1===this.nodeType&&(e=d?a.call(this,c,r(this).val()):a,null==e?e="":"number"==typeof e?e+="":Array.isArray(e)&&(e=r.map(e,function(a){return null==a?"":a+""})),b=r.valHooks[this.type]||r.valHooks[this.nodeName.toLowerCase()],b&&"set"in b&&void 0!==b.set(this,e,"value")||(this.value=e))});if(e)return b=r.valHooks[e.type]||r.valHooks[e.nodeName.toLowerCase()],b&&"get"in b&&void 0!==(c=b.get(e,"value"))?c:(c=e.value,"string"==typeof c?c.replace(rb,""):null==c?"":c)}}}),r.extend({valHooks:{option:{get:function(a){var b=r.find.attr(a,"value");return null!=b?b:pb(r.text(a))}},select:{get:function(a){var b,c,d,e=a.options,f=a.selectedIndex,g="select-one"===a.type,h=g?null:[],i=g?f+1:e.length;for(d=f<0?i:g?f:0;d<i;d++)if(c=e[d],(c.selected||d===f)&&!c.disabled&&(!c.parentNode.disabled||!B(c.parentNode,"optgroup"))){if(b=r(c).val(),g)return b;h.push(b)}return h},set:function(a,b){var c,d,e=a.options,f=r.makeArray(b),g=e.length;while(g--)d=e[g],(d.selected=r.inArray(r.valHooks.option.get(d),f)>-1)&&(c=!0);return c||(a.selectedIndex=-1),f}}}}),r.each(["radio","checkbox"],function(){r.valHooks[this]={set:function(a,b){if(Array.isArray(b))return a.checked=r.inArray(r(a).val(),b)>-1}},o.checkOn||(r.valHooks[this].get=function(a){return null===a.getAttribute("value")?"on":a.value})});var sb=/^(?:focusinfocus|focusoutblur)$/;r.extend(r.event,{trigger:function(b,c,e,f){var g,h,i,j,k,m,n,o=[e||d],p=l.call(b,"type")?b.type:b,q=l.call(b,"namespace")?b.namespace.split("."):[];if(h=i=e=e||d,3!==e.nodeType&&8!==e.nodeType&&!sb.test(p+r.event.triggered)&&(p.indexOf(".")>-1&&(q=p.split("."),p=q.shift(),q.sort()),k=p.indexOf(":")<0&&"on"+p,b=b[r.expando]?b:new r.Event(p,"object"==typeof b&&b),b.isTrigger=f?2:3,b.namespace=q.join("."),b.rnamespace=b.namespace?new RegExp("(^|\\.)"+q.join("\\.(?:.*\\.|)")+"(\\.|$)"):null,b.result=void 0,b.target||(b.target=e),c=null==c?[b]:r.makeArray(c,[b]),n=r.event.special[p]||{},f||!n.trigger||n.trigger.apply(e,c)!==!1)){if(!f&&!n.noBubble&&!r.isWindow(e)){for(j=n.delegateType||p,sb.test(j+p)||(h=h.parentNode);h;h=h.parentNode)o.push(h),i=h;i===(e.ownerDocument||d)&&o.push(i.defaultView||i.parentWindow||a)}g=0;while((h=o[g++])&&!b.isPropagationStopped())b.type=g>1?j:n.bindType||p,m=(W.get(h,"events")||{})[b.type]&&W.get(h,"handle"),m&&m.apply(h,c),m=k&&h[k],m&&m.apply&&U(h)&&(b.result=m.apply(h,c),b.result===!1&&b.preventDefault());return b.type=p,f||b.isDefaultPrevented()||n._default&&n._default.apply(o.pop(),c)!==!1||!U(e)||k&&r.isFunction(e[p])&&!r.isWindow(e)&&(i=e[k],i&&(e[k]=null),r.event.triggered=p,e[p](),r.event.triggered=void 0,i&&(e[k]=i)),b.result}},simulate:function(a,b,c){var d=r.extend(new r.Event,c,{type:a,isSimulated:!0});r.event.trigger(d,null,b)}}),r.fn.extend({trigger:function(a,b){return this.each(function(){r.event.trigger(a,b,this)})},triggerHandler:function(a,b){var c=this[0];if(c)return r.event.trigger(a,b,c,!0)}}),r.each("blur focus focusin focusout resize scroll click dblclick mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave change select submit keydown keypress keyup contextmenu".split(" "),function(a,b){r.fn[b]=function(a,c){return arguments.length>0?this.on(b,null,a,c):this.trigger(b)}}),r.fn.extend({hover:function(a,b){return this.mouseenter(a).mouseleave(b||a)}}),o.focusin="onfocusin"in a,o.focusin||r.each({focus:"focusin",blur:"focusout"},function(a,b){var c=function(a){r.event.simulate(b,a.target,r.event.fix(a))};r.event.special[b]={setup:function(){var d=this.ownerDocument||this,e=W.access(d,b);e||d.addEventListener(a,c,!0),W.access(d,b,(e||0)+1)},teardown:function(){var d=this.ownerDocument||this,e=W.access(d,b)-1;e?W.access(d,b,e):(d.removeEventListener(a,c,!0),W.remove(d,b))}}});var tb=a.location,ub=r.now(),vb=/\?/;r.parseXML=function(b){var c;if(!b||"string"!=typeof b)return null;try{c=(new a.DOMParser).parseFromString(b,"text/xml")}catch(d){c=void 0}return c&&!c.getElementsByTagName("parsererror").length||r.error("Invalid XML: "+b),c};var wb=/\[\]$/,xb=/\r?\n/g,yb=/^(?:submit|button|image|reset|file)$/i,zb=/^(?:input|select|textarea|keygen)/i;function Ab(a,b,c,d){var e;if(Array.isArray(b))r.each(b,function(b,e){c||wb.test(a)?d(a,e):Ab(a+"["+("object"==typeof e&&null!=e?b:"")+"]",e,c,d)});else if(c||"object"!==r.type(b))d(a,b);else for(e in b)Ab(a+"["+e+"]",b[e],c,d)}r.param=function(a,b){var c,d=[],e=function(a,b){var c=r.isFunction(b)?b():b;d[d.length]=encodeURIComponent(a)+"="+encodeURIComponent(null==c?"":c)};if(Array.isArray(a)||a.jquery&&!r.isPlainObject(a))r.each(a,function(){e(this.name,this.value)});else for(c in a)Ab(c,a[c],b,e);return d.join("&")},r.fn.extend({serialize:function(){return r.param(this.serializeArray())},serializeArray:function(){return this.map(function(){var a=r.prop(this,"elements");return a?r.makeArray(a):this}).filter(function(){var a=this.type;return this.name&&!r(this).is(":disabled")&&zb.test(this.nodeName)&&!yb.test(a)&&(this.checked||!ja.test(a))}).map(function(a,b){var c=r(this).val();return null==c?null:Array.isArray(c)?r.map(c,function(a){return{name:b.name,value:a.replace(xb,"\r\n")}}):{name:b.name,value:c.replace(xb,"\r\n")}}).get()}});var Bb=/%20/g,Cb=/#.*$/,Db=/([?&])_=[^&]*/,Eb=/^(.*?):[ \t]*([^\r\n]*)$/gm,Fb=/^(?:about|app|app-storage|.+-extension|file|res|widget):$/,Gb=/^(?:GET|HEAD)$/,Hb=/^\/\//,Ib={},Jb={},Kb="*/".concat("*"),Lb=d.createElement("a");Lb.href=tb.href;function Mb(a){return function(b,c){"string"!=typeof b&&(c=b,b="*");var d,e=0,f=b.toLowerCase().match(L)||[];if(r.isFunction(c))while(d=f[e++])"+"===d[0]?(d=d.slice(1)||"*",(a[d]=a[d]||[]).unshift(c)):(a[d]=a[d]||[]).push(c)}}function Nb(a,b,c,d){var e={},f=a===Jb;function g(h){var i;return e[h]=!0,r.each(a[h]||[],function(a,h){var j=h(b,c,d);return"string"!=typeof j||f||e[j]?f?!(i=j):void 0:(b.dataTypes.unshift(j),g(j),!1)}),i}return g(b.dataTypes[0])||!e["*"]&&g("*")}function Ob(a,b){var c,d,e=r.ajaxSettings.flatOptions||{};for(c in b)void 0!==b[c]&&((e[c]?a:d||(d={}))[c]=b[c]);return d&&r.extend(!0,a,d),a}function Pb(a,b,c){var d,e,f,g,h=a.contents,i=a.dataTypes;while("*"===i[0])i.shift(),void 0===d&&(d=a.mimeType||b.getResponseHeader("Content-Type"));if(d)for(e in h)if(h[e]&&h[e].test(d)){i.unshift(e);break}if(i[0]in c)f=i[0];else{for(e in c){if(!i[0]||a.converters[e+" "+i[0]]){f=e;break}g||(g=e)}f=f||g}if(f)return f!==i[0]&&i.unshift(f),c[f]}function Qb(a,b,c,d){var e,f,g,h,i,j={},k=a.dataTypes.slice();if(k[1])for(g in a.converters)j[g.toLowerCase()]=a.converters[g];f=k.shift();while(f)if(a.responseFields[f]&&(c[a.responseFields[f]]=b),!i&&d&&a.dataFilter&&(b=a.dataFilter(b,a.dataType)),i=f,f=k.shift())if("*"===f)f=i;else if("*"!==i&&i!==f){if(g=j[i+" "+f]||j["* "+f],!g)for(e in j)if(h=e.split(" "),h[1]===f&&(g=j[i+" "+h[0]]||j["* "+h[0]])){g===!0?g=j[e]:j[e]!==!0&&(f=h[0],k.unshift(h[1]));break}if(g!==!0)if(g&&a["throws"])b=g(b);else try{b=g(b)}catch(l){return{state:"parsererror",error:g?l:"No conversion from "+i+" to "+f}}}return{state:"success",data:b}}r.extend({active:0,lastModified:{},etag:{},ajaxSettings:{url:tb.href,type:"GET",isLocal:Fb.test(tb.protocol),global:!0,processData:!0,async:!0,contentType:"application/x-www-form-urlencoded; charset=UTF-8",accepts:{"*":Kb,text:"text/plain",html:"text/html",xml:"application/xml, text/xml",json:"application/json, text/javascript"},contents:{xml:/\bxml\b/,html:/\bhtml/,json:/\bjson\b/},responseFields:{xml:"responseXML",text:"responseText",json:"responseJSON"},converters:{"* text":String,"text html":!0,"text json":JSON.parse,"text xml":r.parseXML},flatOptions:{url:!0,context:!0}},ajaxSetup:function(a,b){return b?Ob(Ob(a,r.ajaxSettings),b):Ob(r.ajaxSettings,a)},ajaxPrefilter:Mb(Ib),ajaxTransport:Mb(Jb),ajax:function(b,c){"object"==typeof b&&(c=b,b=void 0),c=c||{};var e,f,g,h,i,j,k,l,m,n,o=r.ajaxSetup({},c),p=o.context||o,q=o.context&&(p.nodeType||p.jquery)?r(p):r.event,s=r.Deferred(),t=r.Callbacks("once memory"),u=o.statusCode||{},v={},w={},x="canceled",y={readyState:0,getResponseHeader:function(a){var b;if(k){if(!h){h={};while(b=Eb.exec(g))h[b[1].toLowerCase()]=b[2]}b=h[a.toLowerCase()]}return null==b?null:b},getAllResponseHeaders:function(){return k?g:null},setRequestHeader:function(a,b){return null==k&&(a=w[a.toLowerCase()]=w[a.toLowerCase()]||a,v[a]=b),this},overrideMimeType:function(a){return null==k&&(o.mimeType=a),this},statusCode:function(a){var b;if(a)if(k)y.always(a[y.status]);else for(b in a)u[b]=[u[b],a[b]];return this},abort:function(a){var b=a||x;return e&&e.abort(b),A(0,b),this}};if(s.promise(y),o.url=((b||o.url||tb.href)+"").replace(Hb,tb.protocol+"//"),o.type=c.method||c.type||o.method||o.type,o.dataTypes=(o.dataType||"*").toLowerCase().match(L)||[""],null==o.crossDomain){j=d.createElement("a");try{j.href=o.url,j.href=j.href,o.crossDomain=Lb.protocol+"//"+Lb.host!=j.protocol+"//"+j.host}catch(z){o.crossDomain=!0}}if(o.data&&o.processData&&"string"!=typeof o.data&&(o.data=r.param(o.data,o.traditional)),Nb(Ib,o,c,y),k)return y;l=r.event&&o.global,l&&0===r.active++&&r.event.trigger("ajaxStart"),o.type=o.type.toUpperCase(),o.hasContent=!Gb.test(o.type),f=o.url.replace(Cb,""),o.hasContent?o.data&&o.processData&&0===(o.contentType||"").indexOf("application/x-www-form-urlencoded")&&(o.data=o.data.replace(Bb,"+")):(n=o.url.slice(f.length),o.data&&(f+=(vb.test(f)?"&":"?")+o.data,delete o.data),o.cache===!1&&(f=f.replace(Db,"$1"),n=(vb.test(f)?"&":"?")+"_="+ub++ +n),o.url=f+n),o.ifModified&&(r.lastModified[f]&&y.setRequestHeader("If-Modified-Since",r.lastModified[f]),r.etag[f]&&y.setRequestHeader("If-None-Match",r.etag[f])),(o.data&&o.hasContent&&o.contentType!==!1||c.contentType)&&y.setRequestHeader("Content-Type",o.contentType),y.setRequestHeader("Accept",o.dataTypes[0]&&o.accepts[o.dataTypes[0]]?o.accepts[o.dataTypes[0]]+("*"!==o.dataTypes[0]?", "+Kb+"; q=0.01":""):o.accepts["*"]);for(m in o.headers)y.setRequestHeader(m,o.headers[m]);if(o.beforeSend&&(o.beforeSend.call(p,y,o)===!1||k))return y.abort();if(x="abort",t.add(o.complete),y.done(o.success),y.fail(o.error),e=Nb(Jb,o,c,y)){if(y.readyState=1,l&&q.trigger("ajaxSend",[y,o]),k)return y;o.async&&o.timeout>0&&(i=a.setTimeout(function(){y.abort("timeout")},o.timeout));try{k=!1,e.send(v,A)}catch(z){if(k)throw z;A(-1,z)}}else A(-1,"No Transport");function A(b,c,d,h){var j,m,n,v,w,x=c;k||(k=!0,i&&a.clearTimeout(i),e=void 0,g=h||"",y.readyState=b>0?4:0,j=b>=200&&b<300||304===b,d&&(v=Pb(o,y,d)),v=Qb(o,v,y,j),j?(o.ifModified&&(w=y.getResponseHeader("Last-Modified"),w&&(r.lastModified[f]=w),w=y.getResponseHeader("etag"),w&&(r.etag[f]=w)),204===b||"HEAD"===o.type?x="nocontent":304===b?x="notmodified":(x=v.state,m=v.data,n=v.error,j=!n)):(n=x,!b&&x||(x="error",b<0&&(b=0))),y.status=b,y.statusText=(c||x)+"",j?s.resolveWith(p,[m,x,y]):s.rejectWith(p,[y,x,n]),y.statusCode(u),u=void 0,l&&q.trigger(j?"ajaxSuccess":"ajaxError",[y,o,j?m:n]),t.fireWith(p,[y,x]),l&&(q.trigger("ajaxComplete",[y,o]),--r.active||r.event.trigger("ajaxStop")))}return y},getJSON:function(a,b,c){return r.get(a,b,c,"json")},getScript:function(a,b){return r.get(a,void 0,b,"script")}}),r.each(["get","post"],function(a,b){r[b]=function(a,c,d,e){return r.isFunction(c)&&(e=e||d,d=c,c=void 0),r.ajax(r.extend({url:a,type:b,dataType:e,data:c,success:d},r.isPlainObject(a)&&a))}}),r._evalUrl=function(a){return r.ajax({url:a,type:"GET",dataType:"script",cache:!0,async:!1,global:!1,"throws":!0})},r.fn.extend({wrapAll:function(a){var b;return this[0]&&(r.isFunction(a)&&(a=a.call(this[0])),b=r(a,this[0].ownerDocument).eq(0).clone(!0),this[0].parentNode&&b.insertBefore(this[0]),b.map(function(){var a=this;while(a.firstElementChild)a=a.firstElementChild;return a}).append(this)),this},wrapInner:function(a){return r.isFunction(a)?this.each(function(b){r(this).wrapInner(a.call(this,b))}):this.each(function(){var b=r(this),c=b.contents();c.length?c.wrapAll(a):b.append(a)})},wrap:function(a){var b=r.isFunction(a);return this.each(function(c){r(this).wrapAll(b?a.call(this,c):a)})},unwrap:function(a){return this.parent(a).not("body").each(function(){r(this).replaceWith(this.childNodes)}),this}}),r.expr.pseudos.hidden=function(a){return!r.expr.pseudos.visible(a)},r.expr.pseudos.visible=function(a){return!!(a.offsetWidth||a.offsetHeight||a.getClientRects().length)},r.ajaxSettings.xhr=function(){try{return new a.XMLHttpRequest}catch(b){}};var Rb={0:200,1223:204},Sb=r.ajaxSettings.xhr();o.cors=!!Sb&&"withCredentials"in Sb,o.ajax=Sb=!!Sb,r.ajaxTransport(function(b){var c,d;if(o.cors||Sb&&!b.crossDomain)return{send:function(e,f){var g,h=b.xhr();if(h.open(b.type,b.url,b.async,b.username,b.password),b.xhrFields)for(g in b.xhrFields)h[g]=b.xhrFields[g];b.mimeType&&h.overrideMimeType&&h.overrideMimeType(b.mimeType),b.crossDomain||e["X-Requested-With"]||(e["X-Requested-With"]="XMLHttpRequest");for(g in e)h.setRequestHeader(g,e[g]);c=function(a){return function(){c&&(c=d=h.onload=h.onerror=h.onabort=h.onreadystatechange=null,"abort"===a?h.abort():"error"===a?"number"!=typeof h.status?f(0,"error"):f(h.status,h.statusText):f(Rb[h.status]||h.status,h.statusText,"text"!==(h.responseType||"text")||"string"!=typeof h.responseText?{binary:h.response}:{text:h.responseText},h.getAllResponseHeaders()))}},h.onload=c(),d=h.onerror=c("error"),void 0!==h.onabort?h.onabort=d:h.onreadystatechange=function(){4===h.readyState&&a.setTimeout(function(){c&&d()})},c=c("abort");try{h.send(b.hasContent&&b.data||null)}catch(i){if(c)throw i}},abort:function(){c&&c()}}}),r.ajaxPrefilter(function(a){a.crossDomain&&(a.contents.script=!1)}),r.ajaxSetup({accepts:{script:"text/javascript, application/javascript, application/ecmascript, application/x-ecmascript"},contents:{script:/\b(?:java|ecma)script\b/},converters:{"text script":function(a){return r.globalEval(a),a}}}),r.ajaxPrefilter("script",function(a){void 0===a.cache&&(a.cache=!1),a.crossDomain&&(a.type="GET")}),r.ajaxTransport("script",function(a){if(a.crossDomain){var b,c;return{send:function(e,f){b=r("<script>").prop({charset:a.scriptCharset,src:a.url}).on("load error",c=function(a){b.remove(),c=null,a&&f("error"===a.type?404:200,a.type)}),d.head.appendChild(b[0])},abort:function(){c&&c()}}}});var Tb=[],Ub=/(=)\?(?=&|$)|\?\?/;r.ajaxSetup({jsonp:"callback",jsonpCallback:function(){var a=Tb.pop()||r.expando+"_"+ub++;return this[a]=!0,a}}),r.ajaxPrefilter("json jsonp",function(b,c,d){var e,f,g,h=b.jsonp!==!1&&(Ub.test(b.url)?"url":"string"==typeof b.data&&0===(b.contentType||"").indexOf("application/x-www-form-urlencoded")&&Ub.test(b.data)&&"data");if(h||"jsonp"===b.dataTypes[0])return e=b.jsonpCallback=r.isFunction(b.jsonpCallback)?b.jsonpCallback():b.jsonpCallback,h?b[h]=b[h].replace(Ub,"$1"+e):b.jsonp!==!1&&(b.url+=(vb.test(b.url)?"&":"?")+b.jsonp+"="+e),b.converters["script json"]=function(){return g||r.error(e+" was not called"),g[0]},b.dataTypes[0]="json",f=a[e],a[e]=function(){g=arguments},d.always(function(){void 0===f?r(a).removeProp(e):a[e]=f,b[e]&&(b.jsonpCallback=c.jsonpCallback,Tb.push(e)),g&&r.isFunction(f)&&f(g[0]),g=f=void 0}),"script"}),o.createHTMLDocument=function(){var a=d.implementation.createHTMLDocument("").body;return a.innerHTML="<form></form><form></form>",2===a.childNodes.length}(),r.parseHTML=function(a,b,c){if("string"!=typeof a)return[];"boolean"==typeof b&&(c=b,b=!1);var e,f,g;return b||(o.createHTMLDocument?(b=d.implementation.createHTMLDocument(""),e=b.createElement("base"),e.href=d.location.href,b.head.appendChild(e)):b=d),f=C.exec(a),g=!c&&[],f?[b.createElement(f[1])]:(f=qa([a],b,g),g&&g.length&&r(g).remove(),r.merge([],f.childNodes))},r.fn.load=function(a,b,c){var d,e,f,g=this,h=a.indexOf(" ");return h>-1&&(d=pb(a.slice(h)),a=a.slice(0,h)),r.isFunction(b)?(c=b,b=void 0):b&&"object"==typeof b&&(e="POST"),g.length>0&&r.ajax({url:a,type:e||"GET",dataType:"html",data:b}).done(function(a){f=arguments,g.html(d?r("<div>").append(r.parseHTML(a)).find(d):a)}).always(c&&function(a,b){g.each(function(){c.apply(this,f||[a.responseText,b,a])})}),this},r.each(["ajaxStart","ajaxStop","ajaxComplete","ajaxError","ajaxSuccess","ajaxSend"],function(a,b){r.fn[b]=function(a){return this.on(b,a)}}),r.expr.pseudos.animated=function(a){return r.grep(r.timers,function(b){return a===b.elem}).length},r.offset={setOffset:function(a,b,c){var d,e,f,g,h,i,j,k=r.css(a,"position"),l=r(a),m={};"static"===k&&(a.style.position="relative"),h=l.offset(),f=r.css(a,"top"),i=r.css(a,"left"),j=("absolute"===k||"fixed"===k)&&(f+i).indexOf("auto")>-1,j?(d=l.position(),g=d.top,e=d.left):(g=parseFloat(f)||0,e=parseFloat(i)||0),r.isFunction(b)&&(b=b.call(a,c,r.extend({},h))),null!=b.top&&(m.top=b.top-h.top+g),null!=b.left&&(m.left=b.left-h.left+e),"using"in b?b.using.call(a,m):l.css(m)}},r.fn.extend({offset:function(a){if(arguments.length)return void 0===a?this:this.each(function(b){r.offset.setOffset(this,a,b)});var b,c,d,e,f=this[0];if(f)return f.getClientRects().length?(d=f.getBoundingClientRect(),b=f.ownerDocument,c=b.documentElement,e=b.defaultView,{top:d.top+e.pageYOffset-c.clientTop,left:d.left+e.pageXOffset-c.clientLeft}):{top:0,left:0}},position:function(){if(this[0]){var a,b,c=this[0],d={top:0,left:0};return"fixed"===r.css(c,"position")?b=c.getBoundingClientRect():(a=this.offsetParent(),b=this.offset(),B(a[0],"html")||(d=a.offset()),d={top:d.top+r.css(a[0],"borderTopWidth",!0),left:d.left+r.css(a[0],"borderLeftWidth",!0)}),{top:b.top-d.top-r.css(c,"marginTop",!0),left:b.left-d.left-r.css(c,"marginLeft",!0)}}},offsetParent:function(){return this.map(function(){var a=this.offsetParent;while(a&&"static"===r.css(a,"position"))a=a.offsetParent;return a||ra})}}),r.each({scrollLeft:"pageXOffset",scrollTop:"pageYOffset"},function(a,b){var c="pageYOffset"===b;r.fn[a]=function(d){return T(this,function(a,d,e){var f;return r.isWindow(a)?f=a:9===a.nodeType&&(f=a.defaultView),void 0===e?f?f[b]:a[d]:void(f?f.scrollTo(c?f.pageXOffset:e,c?e:f.pageYOffset):a[d]=e)},a,d,arguments.length)}}),r.each(["top","left"],function(a,b){r.cssHooks[b]=Pa(o.pixelPosition,function(a,c){if(c)return c=Oa(a,b),Ma.test(c)?r(a).position()[b]+"px":c})}),r.each({Height:"height",Width:"width"},function(a,b){r.each({padding:"inner"+a,content:b,"":"outer"+a},function(c,d){r.fn[d]=function(e,f){var g=arguments.length&&(c||"boolean"!=typeof e),h=c||(e===!0||f===!0?"margin":"border");return T(this,function(b,c,e){var f;return r.isWindow(b)?0===d.indexOf("outer")?b["inner"+a]:b.document.documentElement["client"+a]:9===b.nodeType?(f=b.documentElement,Math.max(b.body["scroll"+a],f["scroll"+a],b.body["offset"+a],f["offset"+a],f["client"+a])):void 0===e?r.css(b,c,h):r.style(b,c,e,h)},b,g?e:void 0,g)}})}),r.fn.extend({bind:function(a,b,c){return this.on(a,null,b,c)},unbind:function(a,b){return this.off(a,null,b)},delegate:function(a,b,c,d){return this.on(b,a,c,d)},undelegate:function(a,b,c){return 1===arguments.length?this.off(a,"**"):this.off(b,a||"**",c)}}),r.holdReady=function(a){a?r.readyWait++:r.ready(!0)},r.isArray=Array.isArray,r.parseJSON=JSON.parse,r.nodeName=B,"function"==typeof define&&define.amd&&define("jquery",[],function(){return r});var Vb=a.jQuery,Wb=a.$;return r.noConflict=function(b){return a.$===r&&(a.$=Wb),b&&a.jQuery===r&&(a.jQuery=Vb),r},b||(a.jQuery=a.$=r),r});
+/*!
+ * jQuery JavaScript Library v3.2.1
+ * https://jquery.com/
+ *
+ * Includes Sizzle.js
+ * https://sizzlejs.com/
+ *
+ * Copyright JS Foundation and other contributors
+ * Released under the MIT license
+ * https://jquery.org/license
+ *
+ * Date: 2017-09-03T00:14Z
+ */
+( function( global, factory ) {
+
+	"use strict";
+
+	if ( typeof module === "object" && typeof module.exports === "object" ) {
+
+		// For CommonJS and CommonJS-like environments where a proper `window`
+		// is present, execute the factory and get jQuery.
+		// For environments that do not have a `window` with a `document`
+		// (such as Node.js), expose a factory as module.exports.
+		// This accentuates the need for the creation of a real `window`.
+		// e.g. var jQuery = require("jquery")(window);
+		// See ticket #14549 for more info.
+		module.exports = global.document ?
+			factory( global, true ) :
+			function( w ) {
+				if ( !w.document ) {
+					throw new Error( "jQuery requires a window with a document" );
+				}
+				return factory( w );
+			};
+	} else {
+		factory( global );
+	}
+
+// Pass this if window is not defined yet
+} )( typeof window !== "undefined" ? window : this, function( window, noGlobal ) {
+
+// Edge <= 12 - 13+, Firefox <=18 - 45+, IE 10 - 11, Safari 5.1 - 9+, iOS 6 - 9.1
+// throw exceptions when non-strict code (e.g., ASP.NET 4.5) accesses strict mode
+// arguments.callee.caller (trac-13335). But as of jQuery 3.0 (2016), strict mode should be common
+// enough that all such attempts are guarded in a try block.
+
+
+var arr = [];
+
+var document = window.document;
+
+var getProto = Object.getPrototypeOf;
+
+var slice = arr.slice;
+
+var concat = arr.concat;
+
+var push = arr.push;
+
+var indexOf = arr.indexOf;
+
+var class2type = {};
+
+var toString = class2type.toString;
+
+var hasOwn = class2type.hasOwnProperty;
+
+var fnToString = hasOwn.toString;
+
+var ObjectFunctionString = fnToString.call( Object );
+
+var support = {};
+
+
+
+	function DOMEval( code, doc ) {
+		doc = doc || document;
+
+		var script = doc.createElement( "script" );
+
+		script.text = code;
+		doc.head.appendChild( script ).parentNode.removeChild( script );
+	}
+/* global Symbol */
+// Defining this global in .eslintrc.json would create a danger of using the global
+// unguarded in another place, it seems safer to define global only for this module
+
+
+
+var
+	version = "3.2.1",
+
+	// Define a local copy of jQuery
+	jQuery = function( selector, context ) {
+
+		// The jQuery object is actually just the init constructor 'enhanced'
+		// Need init if jQuery is called (just allow error to be thrown if not included)
+		return new jQuery.fn.init( selector, context );
+	},
+
+	// Support: Android <=4.0 only
+	// Make sure we trim BOM and NBSP
+	rtrim = /^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,
+
+	// Matches dashed string for camelizing
+	rmsPrefix = /^-ms-/,
+	rdashAlpha = /-([a-z])/g,
+
+	// Used by jQuery.camelCase as callback to replace()
+	fcamelCase = function( all, letter ) {
+		return letter.toUpperCase();
+	};
+
+jQuery.fn = jQuery.prototype = {
+
+	// The current version of jQuery being used
+	jquery: version,
+
+	constructor: jQuery,
+
+	// The default length of a jQuery object is 0
+	length: 0,
+
+	toArray: function() {
+		return slice.call( this );
+	},
+
+	// Get the Nth element in the matched element set OR
+	// Get the whole matched element set as a clean array
+	get: function( num ) {
+
+		// Return all the elements in a clean array
+		if ( num == null ) {
+			return slice.call( this );
+		}
+
+		// Return just the one element from the set
+		return num < 0 ? this[ num + this.length ] : this[ num ];
+	},
+
+	// Take an array of elements and push it onto the stack
+	// (returning the new matched element set)
+	pushStack: function( elems ) {
+
+		// Build a new jQuery matched element set
+		var ret = jQuery.merge( this.constructor(), elems );
+
+		// Add the old object onto the stack (as a reference)
+		ret.prevObject = this;
+
+		// Return the newly-formed element set
+		return ret;
+	},
+
+	// Execute a callback for every element in the matched set.
+	each: function( callback ) {
+		return jQuery.each( this, callback );
+	},
+
+	map: function( callback ) {
+		return this.pushStack( jQuery.map( this, function( elem, i ) {
+			return callback.call( elem, i, elem );
+		} ) );
+	},
+
+	slice: function() {
+		return this.pushStack( slice.apply( this, arguments ) );
+	},
+
+	first: function() {
+		return this.eq( 0 );
+	},
+
+	last: function() {
+		return this.eq( -1 );
+	},
+
+	eq: function( i ) {
+		var len = this.length,
+			j = +i + ( i < 0 ? len : 0 );
+		return this.pushStack( j >= 0 && j < len ? [ this[ j ] ] : [] );
+	},
+
+	end: function() {
+		return this.prevObject || this.constructor();
+	},
+
+	// For internal use only.
+	// Behaves like an Array's method, not like a jQuery method.
+	push: push,
+	sort: arr.sort,
+	splice: arr.splice
+};
+
+jQuery.extend = jQuery.fn.extend = function() {
+	var options, name, src, copy, copyIsArray, clone,
+		target = arguments[ 0 ] || {},
+		i = 1,
+		length = arguments.length,
+		deep = false;
+
+	// Handle a deep copy situation
+	if ( typeof target === "boolean" ) {
+		deep = target;
+
+		// Skip the boolean and the target
+		target = arguments[ i ] || {};
+		i++;
+	}
+
+	// Handle case when target is a string or something (possible in deep copy)
+	if ( typeof target !== "object" && !jQuery.isFunction( target ) ) {
+		target = {};
+	}
+
+	// Extend jQuery itself if only one argument is passed
+	if ( i === length ) {
+		target = this;
+		i--;
+	}
+
+	for ( ; i < length; i++ ) {
+
+		// Only deal with non-null/undefined values
+		if ( ( options = arguments[ i ] ) != null ) {
+
+			// Extend the base object
+			for ( name in options ) {
+				src = target[ name ];
+				copy = options[ name ];
+
+				// Prevent never-ending loop
+				if ( target === copy ) {
+					continue;
+				}
+
+				// Recurse if we're merging plain objects or arrays
+				if ( deep && copy && ( jQuery.isPlainObject( copy ) ||
+					( copyIsArray = Array.isArray( copy ) ) ) ) {
+
+					if ( copyIsArray ) {
+						copyIsArray = false;
+						clone = src && Array.isArray( src ) ? src : [];
+
+					} else {
+						clone = src && jQuery.isPlainObject( src ) ? src : {};
+					}
+
+					// Never move original objects, clone them
+					target[ name ] = jQuery.extend( deep, clone, copy );
+
+				// Don't bring in undefined values
+				} else if ( copy !== undefined ) {
+					target[ name ] = copy;
+				}
+			}
+		}
+	}
+
+	// Return the modified object
+	return target;
+};
+
+jQuery.extend( {
+
+	// Unique for each copy of jQuery on the page
+	expando: "jQuery" + ( version + Math.random() ).replace( /\D/g, "" ),
+
+	// Assume jQuery is ready without the ready module
+	isReady: true,
+
+	error: function( msg ) {
+		throw new Error( msg );
+	},
+
+	noop: function() {},
+
+	isFunction: function( obj ) {
+		return jQuery.type( obj ) === "function";
+	},
+
+	isWindow: function( obj ) {
+		return obj != null && obj === obj.window;
+	},
+
+	isNumeric: function( obj ) {
+
+		// As of jQuery 3.0, isNumeric is limited to
+		// strings and numbers (primitives or objects)
+		// that can be coerced to finite numbers (gh-2662)
+		var type = jQuery.type( obj );
+		return ( type === "number" || type === "string" ) &&
+
+			// parseFloat NaNs numeric-cast false positives ("")
+			// ...but misinterprets leading-number strings, particularly hex literals ("0x...")
+			// subtraction forces infinities to NaN
+			!isNaN( obj - parseFloat( obj ) );
+	},
+
+	isPlainObject: function( obj ) {
+		var proto, Ctor;
+
+		// Detect obvious negatives
+		// Use toString instead of jQuery.type to catch host objects
+		if ( !obj || toString.call( obj ) !== "[object Object]" ) {
+			return false;
+		}
+
+		proto = getProto( obj );
+
+		// Objects with no prototype (e.g., `Object.create( null )`) are plain
+		if ( !proto ) {
+			return true;
+		}
+
+		// Objects with prototype are plain iff they were constructed by a global Object function
+		Ctor = hasOwn.call( proto, "constructor" ) && proto.constructor;
+		return typeof Ctor === "function" && fnToString.call( Ctor ) === ObjectFunctionString;
+	},
+
+	isEmptyObject: function( obj ) {
+
+		/* eslint-disable no-unused-vars */
+		// See https://github.com/eslint/eslint/issues/6125
+		var name;
+
+		for ( name in obj ) {
+			return false;
+		}
+		return true;
+	},
+
+	type: function( obj ) {
+		if ( obj == null ) {
+			return obj + "";
+		}
+
+		// Support: Android <=2.3 only (functionish RegExp)
+		return typeof obj === "object" || typeof obj === "function" ?
+			class2type[ toString.call( obj ) ] || "object" :
+			typeof obj;
+	},
+
+	// Evaluates a script in a global context
+	globalEval: function( code ) {
+		DOMEval( code );
+	},
+
+	// Convert dashed to camelCase; used by the css and data modules
+	// Support: IE <=9 - 11, Edge 12 - 13
+	// Microsoft forgot to hump their vendor prefix (#9572)
+	camelCase: function( string ) {
+		return string.replace( rmsPrefix, "ms-" ).replace( rdashAlpha, fcamelCase );
+	},
+
+	each: function( obj, callback ) {
+		var length, i = 0;
+
+		if ( isArrayLike( obj ) ) {
+			length = obj.length;
+			for ( ; i < length; i++ ) {
+				if ( callback.call( obj[ i ], i, obj[ i ] ) === false ) {
+					break;
+				}
+			}
+		} else {
+			for ( i in obj ) {
+				if ( callback.call( obj[ i ], i, obj[ i ] ) === false ) {
+					break;
+				}
+			}
+		}
+
+		return obj;
+	},
+
+	// Support: Android <=4.0 only
+	trim: function( text ) {
+		return text == null ?
+			"" :
+			( text + "" ).replace( rtrim, "" );
+	},
+
+	// results is for internal usage only
+	makeArray: function( arr, results ) {
+		var ret = results || [];
+
+		if ( arr != null ) {
+			if ( isArrayLike( Object( arr ) ) ) {
+				jQuery.merge( ret,
+					typeof arr === "string" ?
+					[ arr ] : arr
+				);
+			} else {
+				push.call( ret, arr );
+			}
+		}
+
+		return ret;
+	},
+
+	inArray: function( elem, arr, i ) {
+		return arr == null ? -1 : indexOf.call( arr, elem, i );
+	},
+
+	// Support: Android <=4.0 only, PhantomJS 1 only
+	// push.apply(_, arraylike) throws on ancient WebKit
+	merge: function( first, second ) {
+		var len = +second.length,
+			j = 0,
+			i = first.length;
+
+		for ( ; j < len; j++ ) {
+			first[ i++ ] = second[ j ];
+		}
+
+		first.length = i;
+
+		return first;
+	},
+
+	grep: function( elems, callback, invert ) {
+		var callbackInverse,
+			matches = [],
+			i = 0,
+			length = elems.length,
+			callbackExpect = !invert;
+
+		// Go through the array, only saving the items
+		// that pass the validator function
+		for ( ; i < length; i++ ) {
+			callbackInverse = !callback( elems[ i ], i );
+			if ( callbackInverse !== callbackExpect ) {
+				matches.push( elems[ i ] );
+			}
+		}
+
+		return matches;
+	},
+
+	// arg is for internal usage only
+	map: function( elems, callback, arg ) {
+		var length, value,
+			i = 0,
+			ret = [];
+
+		// Go through the array, translating each of the items to their new values
+		if ( isArrayLike( elems ) ) {
+			length = elems.length;
+			for ( ; i < length; i++ ) {
+				value = callback( elems[ i ], i, arg );
+
+				if ( value != null ) {
+					ret.push( value );
+				}
+			}
+
+		// Go through every key on the object,
+		} else {
+			for ( i in elems ) {
+				value = callback( elems[ i ], i, arg );
+
+				if ( value != null ) {
+					ret.push( value );
+				}
+			}
+		}
+
+		// Flatten any nested arrays
+		return concat.apply( [], ret );
+	},
+
+	// A global GUID counter for objects
+	guid: 1,
+
+	// Bind a function to a context, optionally partially applying any
+	// arguments.
+	proxy: function( fn, context ) {
+		var tmp, args, proxy;
+
+		if ( typeof context === "string" ) {
+			tmp = fn[ context ];
+			context = fn;
+			fn = tmp;
+		}
+
+		// Quick check to determine if target is callable, in the spec
+		// this throws a TypeError, but we will just return undefined.
+		if ( !jQuery.isFunction( fn ) ) {
+			return undefined;
+		}
+
+		// Simulated bind
+		args = slice.call( arguments, 2 );
+		proxy = function() {
+			return fn.apply( context || this, args.concat( slice.call( arguments ) ) );
+		};
+
+		// Set the guid of unique handler to the same of original handler, so it can be removed
+		proxy.guid = fn.guid = fn.guid || jQuery.guid++;
+
+		return proxy;
+	},
+
+	now: Date.now,
+
+	// jQuery.support is not used in Core but other projects attach their
+	// properties to it so it needs to exist.
+	support: support
+} );
+
+if ( typeof Symbol === "function" ) {
+	jQuery.fn[ Symbol.iterator ] = arr[ Symbol.iterator ];
+}
+
+// Populate the class2type map
+jQuery.each( "Boolean Number String Function Array Date RegExp Object Error Symbol".split( " " ),
+function( i, name ) {
+	class2type[ "[object " + name + "]" ] = name.toLowerCase();
+} );
+
+function isArrayLike( obj ) {
+
+	// Support: real iOS 8.2 only (not reproducible in simulator)
+	// `in` check used to prevent JIT error (gh-2145)
+	// hasOwn isn't used here due to false negatives
+	// regarding Nodelist length in IE
+	var length = !!obj && "length" in obj && obj.length,
+		type = jQuery.type( obj );
+
+	if ( type === "function" || jQuery.isWindow( obj ) ) {
+		return false;
+	}
+
+	return type === "array" || length === 0 ||
+		typeof length === "number" && length > 0 && ( length - 1 ) in obj;
+}
+var Sizzle =
+/*!
+ * Sizzle CSS Selector Engine v2.3.3
+ * https://sizzlejs.com/
+ *
+ * Copyright jQuery Foundation and other contributors
+ * Released under the MIT license
+ * http://jquery.org/license
+ *
+ * Date: 2016-08-08
+ */
+(function( window ) {
+
+var i,
+	support,
+	Expr,
+	getText,
+	isXML,
+	tokenize,
+	compile,
+	select,
+	outermostContext,
+	sortInput,
+	hasDuplicate,
+
+	// Local document vars
+	setDocument,
+	document,
+	docElem,
+	documentIsHTML,
+	rbuggyQSA,
+	rbuggyMatches,
+	matches,
+	contains,
+
+	// Instance-specific data
+	expando = "sizzle" + 1 * new Date(),
+	preferredDoc = window.document,
+	dirruns = 0,
+	done = 0,
+	classCache = createCache(),
+	tokenCache = createCache(),
+	compilerCache = createCache(),
+	sortOrder = function( a, b ) {
+		if ( a === b ) {
+			hasDuplicate = true;
+		}
+		return 0;
+	},
+
+	// Instance methods
+	hasOwn = ({}).hasOwnProperty,
+	arr = [],
+	pop = arr.pop,
+	push_native = arr.push,
+	push = arr.push,
+	slice = arr.slice,
+	// Use a stripped-down indexOf as it's faster than native
+	// https://jsperf.com/thor-indexof-vs-for/5
+	indexOf = function( list, elem ) {
+		var i = 0,
+			len = list.length;
+		for ( ; i < len; i++ ) {
+			if ( list[i] === elem ) {
+				return i;
+			}
+		}
+		return -1;
+	},
+
+	booleans = "checked|selected|async|autofocus|autoplay|controls|defer|disabled|hidden|ismap|loop|multiple|open|readonly|required|scoped",
+
+	// Regular expressions
+
+	// http://www.w3.org/TR/css3-selectors/#whitespace
+	whitespace = "[\\x20\\t\\r\\n\\f]",
+
+	// http://www.w3.org/TR/CSS21/syndata.html#value-def-identifier
+	identifier = "(?:\\\\.|[\\w-]|[^\0-\\xa0])+",
+
+	// Attribute selectors: http://www.w3.org/TR/selectors/#attribute-selectors
+	attributes = "\\[" + whitespace + "*(" + identifier + ")(?:" + whitespace +
+		// Operator (capture 2)
+		"*([*^$|!~]?=)" + whitespace +
+		// "Attribute values must be CSS identifiers [capture 5] or strings [capture 3 or capture 4]"
+		"*(?:'((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\"|(" + identifier + "))|)" + whitespace +
+		"*\\]",
+
+	pseudos = ":(" + identifier + ")(?:\\((" +
+		// To reduce the number of selectors needing tokenize in the preFilter, prefer arguments:
+		// 1. quoted (capture 3; capture 4 or capture 5)
+		"('((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\")|" +
+		// 2. simple (capture 6)
+		"((?:\\\\.|[^\\\\()[\\]]|" + attributes + ")*)|" +
+		// 3. anything else (capture 2)
+		".*" +
+		")\\)|)",
+
+	// Leading and non-escaped trailing whitespace, capturing some non-whitespace characters preceding the latter
+	rwhitespace = new RegExp( whitespace + "+", "g" ),
+	rtrim = new RegExp( "^" + whitespace + "+|((?:^|[^\\\\])(?:\\\\.)*)" + whitespace + "+$", "g" ),
+
+	rcomma = new RegExp( "^" + whitespace + "*," + whitespace + "*" ),
+	rcombinators = new RegExp( "^" + whitespace + "*([>+~]|" + whitespace + ")" + whitespace + "*" ),
+
+	rattributeQuotes = new RegExp( "=" + whitespace + "*([^\\]'\"]*?)" + whitespace + "*\\]", "g" ),
+
+	rpseudo = new RegExp( pseudos ),
+	ridentifier = new RegExp( "^" + identifier + "$" ),
+
+	matchExpr = {
+		"ID": new RegExp( "^#(" + identifier + ")" ),
+		"CLASS": new RegExp( "^\\.(" + identifier + ")" ),
+		"TAG": new RegExp( "^(" + identifier + "|[*])" ),
+		"ATTR": new RegExp( "^" + attributes ),
+		"PSEUDO": new RegExp( "^" + pseudos ),
+		"CHILD": new RegExp( "^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\(" + whitespace +
+			"*(even|odd|(([+-]|)(\\d*)n|)" + whitespace + "*(?:([+-]|)" + whitespace +
+			"*(\\d+)|))" + whitespace + "*\\)|)", "i" ),
+		"bool": new RegExp( "^(?:" + booleans + ")$", "i" ),
+		// For use in libraries implementing .is()
+		// We use this for POS matching in `select`
+		"needsContext": new RegExp( "^" + whitespace + "*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\(" +
+			whitespace + "*((?:-\\d)?\\d*)" + whitespace + "*\\)|)(?=[^-]|$)", "i" )
+	},
+
+	rinputs = /^(?:input|select|textarea|button)$/i,
+	rheader = /^h\d$/i,
+
+	rnative = /^[^{]+\{\s*\[native \w/,
+
+	// Easily-parseable/retrievable ID or TAG or CLASS selectors
+	rquickExpr = /^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/,
+
+	rsibling = /[+~]/,
+
+	// CSS escapes
+	// http://www.w3.org/TR/CSS21/syndata.html#escaped-characters
+	runescape = new RegExp( "\\\\([\\da-f]{1,6}" + whitespace + "?|(" + whitespace + ")|.)", "ig" ),
+	funescape = function( _, escaped, escapedWhitespace ) {
+		var high = "0x" + escaped - 0x10000;
+		// NaN means non-codepoint
+		// Support: Firefox<24
+		// Workaround erroneous numeric interpretation of +"0x"
+		return high !== high || escapedWhitespace ?
+			escaped :
+			high < 0 ?
+				// BMP codepoint
+				String.fromCharCode( high + 0x10000 ) :
+				// Supplemental Plane codepoint (surrogate pair)
+				String.fromCharCode( high >> 10 | 0xD800, high & 0x3FF | 0xDC00 );
+	},
+
+	// CSS string/identifier serialization
+	// https://drafts.csswg.org/cssom/#common-serializing-idioms
+	rcssescape = /([\0-\x1f\x7f]|^-?\d)|^-$|[^\0-\x1f\x7f-\uFFFF\w-]/g,
+	fcssescape = function( ch, asCodePoint ) {
+		if ( asCodePoint ) {
+
+			// U+0000 NULL becomes U+FFFD REPLACEMENT CHARACTER
+			if ( ch === "\0" ) {
+				return "\uFFFD";
+			}
+
+			// Control characters and (dependent upon position) numbers get escaped as code points
+			return ch.slice( 0, -1 ) + "\\" + ch.charCodeAt( ch.length - 1 ).toString( 16 ) + " ";
+		}
+
+		// Other potentially-special ASCII characters get backslash-escaped
+		return "\\" + ch;
+	},
+
+	// Used for iframes
+	// See setDocument()
+	// Removing the function wrapper causes a "Permission Denied"
+	// error in IE
+	unloadHandler = function() {
+		setDocument();
+	},
+
+	disabledAncestor = addCombinator(
+		function( elem ) {
+			return elem.disabled === true && ("form" in elem || "label" in elem);
+		},
+		{ dir: "parentNode", next: "legend" }
+	);
+
+// Optimize for push.apply( _, NodeList )
+try {
+	push.apply(
+		(arr = slice.call( preferredDoc.childNodes )),
+		preferredDoc.childNodes
+	);
+	// Support: Android<4.0
+	// Detect silently failing push.apply
+	arr[ preferredDoc.childNodes.length ].nodeType;
+} catch ( e ) {
+	push = { apply: arr.length ?
+
+		// Leverage slice if possible
+		function( target, els ) {
+			push_native.apply( target, slice.call(els) );
+		} :
+
+		// Support: IE<9
+		// Otherwise append directly
+		function( target, els ) {
+			var j = target.length,
+				i = 0;
+			// Can't trust NodeList.length
+			while ( (target[j++] = els[i++]) ) {}
+			target.length = j - 1;
+		}
+	};
+}
+
+function Sizzle( selector, context, results, seed ) {
+	var m, i, elem, nid, match, groups, newSelector,
+		newContext = context && context.ownerDocument,
+
+		// nodeType defaults to 9, since context defaults to document
+		nodeType = context ? context.nodeType : 9;
+
+	results = results || [];
+
+	// Return early from calls with invalid selector or context
+	if ( typeof selector !== "string" || !selector ||
+		nodeType !== 1 && nodeType !== 9 && nodeType !== 11 ) {
+
+		return results;
+	}
+
+	// Try to shortcut find operations (as opposed to filters) in HTML documents
+	if ( !seed ) {
+
+		if ( ( context ? context.ownerDocument || context : preferredDoc ) !== document ) {
+			setDocument( context );
+		}
+		context = context || document;
+
+		if ( documentIsHTML ) {
+
+			// If the selector is sufficiently simple, try using a "get*By*" DOM method
+			// (excepting DocumentFragment context, where the methods don't exist)
+			if ( nodeType !== 11 && (match = rquickExpr.exec( selector )) ) {
+
+				// ID selector
+				if ( (m = match[1]) ) {
+
+					// Document context
+					if ( nodeType === 9 ) {
+						if ( (elem = context.getElementById( m )) ) {
+
+							// Support: IE, Opera, Webkit
+							// TODO: identify versions
+							// getElementById can match elements by name instead of ID
+							if ( elem.id === m ) {
+								results.push( elem );
+								return results;
+							}
+						} else {
+							return results;
+						}
+
+					// Element context
+					} else {
+
+						// Support: IE, Opera, Webkit
+						// TODO: identify versions
+						// getElementById can match elements by name instead of ID
+						if ( newContext && (elem = newContext.getElementById( m )) &&
+							contains( context, elem ) &&
+							elem.id === m ) {
+
+							results.push( elem );
+							return results;
+						}
+					}
+
+				// Type selector
+				} else if ( match[2] ) {
+					push.apply( results, context.getElementsByTagName( selector ) );
+					return results;
+
+				// Class selector
+				} else if ( (m = match[3]) && support.getElementsByClassName &&
+					context.getElementsByClassName ) {
+
+					push.apply( results, context.getElementsByClassName( m ) );
+					return results;
+				}
+			}
+
+			// Take advantage of querySelectorAll
+			if ( support.qsa &&
+				!compilerCache[ selector + " " ] &&
+				(!rbuggyQSA || !rbuggyQSA.test( selector )) ) {
+
+				if ( nodeType !== 1 ) {
+					newContext = context;
+					newSelector = selector;
+
+				// qSA looks outside Element context, which is not what we want
+				// Thanks to Andrew Dupont for this workaround technique
+				// Support: IE <=8
+				// Exclude object elements
+				} else if ( context.nodeName.toLowerCase() !== "object" ) {
+
+					// Capture the context ID, setting it first if necessary
+					if ( (nid = context.getAttribute( "id" )) ) {
+						nid = nid.replace( rcssescape, fcssescape );
+					} else {
+						context.setAttribute( "id", (nid = expando) );
+					}
+
+					// Prefix every selector in the list
+					groups = tokenize( selector );
+					i = groups.length;
+					while ( i-- ) {
+						groups[i] = "#" + nid + " " + toSelector( groups[i] );
+					}
+					newSelector = groups.join( "," );
+
+					// Expand context for sibling selectors
+					newContext = rsibling.test( selector ) && testContext( context.parentNode ) ||
+						context;
+				}
+
+				if ( newSelector ) {
+					try {
+						push.apply( results,
+							newContext.querySelectorAll( newSelector )
+						);
+						return results;
+					} catch ( qsaError ) {
+					} finally {
+						if ( nid === expando ) {
+							context.removeAttribute( "id" );
+						}
+					}
+				}
+			}
+		}
+	}
+
+	// All others
+	return select( selector.replace( rtrim, "$1" ), context, results, seed );
+}
+
+/**
+ * Create key-value caches of limited size
+ * @returns {function(string, object)} Returns the Object data after storing it on itself with
+ *	property name the (space-suffixed) string and (if the cache is larger than Expr.cacheLength)
+ *	deleting the oldest entry
+ */
+function createCache() {
+	var keys = [];
+
+	function cache( key, value ) {
+		// Use (key + " ") to avoid collision with native prototype properties (see Issue #157)
+		if ( keys.push( key + " " ) > Expr.cacheLength ) {
+			// Only keep the most recent entries
+			delete cache[ keys.shift() ];
+		}
+		return (cache[ key + " " ] = value);
+	}
+	return cache;
+}
+
+/**
+ * Mark a function for special use by Sizzle
+ * @param {Function} fn The function to mark
+ */
+function markFunction( fn ) {
+	fn[ expando ] = true;
+	return fn;
+}
+
+/**
+ * Support testing using an element
+ * @param {Function} fn Passed the created element and returns a boolean result
+ */
+function assert( fn ) {
+	var el = document.createElement("fieldset");
+
+	try {
+		return !!fn( el );
+	} catch (e) {
+		return false;
+	} finally {
+		// Remove from its parent by default
+		if ( el.parentNode ) {
+			el.parentNode.removeChild( el );
+		}
+		// release memory in IE
+		el = null;
+	}
+}
+
+/**
+ * Adds the same handler for all of the specified attrs
+ * @param {String} attrs Pipe-separated list of attributes
+ * @param {Function} handler The method that will be applied
+ */
+function addHandle( attrs, handler ) {
+	var arr = attrs.split("|"),
+		i = arr.length;
+
+	while ( i-- ) {
+		Expr.attrHandle[ arr[i] ] = handler;
+	}
+}
+
+/**
+ * Checks document order of two siblings
+ * @param {Element} a
+ * @param {Element} b
+ * @returns {Number} Returns less than 0 if a precedes b, greater than 0 if a follows b
+ */
+function siblingCheck( a, b ) {
+	var cur = b && a,
+		diff = cur && a.nodeType === 1 && b.nodeType === 1 &&
+			a.sourceIndex - b.sourceIndex;
+
+	// Use IE sourceIndex if available on both nodes
+	if ( diff ) {
+		return diff;
+	}
+
+	// Check if b follows a
+	if ( cur ) {
+		while ( (cur = cur.nextSibling) ) {
+			if ( cur === b ) {
+				return -1;
+			}
+		}
+	}
+
+	return a ? 1 : -1;
+}
+
+/**
+ * Returns a function to use in pseudos for input types
+ * @param {String} type
+ */
+function createInputPseudo( type ) {
+	return function( elem ) {
+		var name = elem.nodeName.toLowerCase();
+		return name === "input" && elem.type === type;
+	};
+}
+
+/**
+ * Returns a function to use in pseudos for buttons
+ * @param {String} type
+ */
+function createButtonPseudo( type ) {
+	return function( elem ) {
+		var name = elem.nodeName.toLowerCase();
+		return (name === "input" || name === "button") && elem.type === type;
+	};
+}
+
+/**
+ * Returns a function to use in pseudos for :enabled/:disabled
+ * @param {Boolean} disabled true for :disabled; false for :enabled
+ */
+function createDisabledPseudo( disabled ) {
+
+	// Known :disabled false positives: fieldset[disabled] > legend:nth-of-type(n+2) :can-disable
+	return function( elem ) {
+
+		// Only certain elements can match :enabled or :disabled
+		// https://html.spec.whatwg.org/multipage/scripting.html#selector-enabled
+		// https://html.spec.whatwg.org/multipage/scripting.html#selector-disabled
+		if ( "form" in elem ) {
+
+			// Check for inherited disabledness on relevant non-disabled elements:
+			// * listed form-associated elements in a disabled fieldset
+			//   https://html.spec.whatwg.org/multipage/forms.html#category-listed
+			//   https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled
+			// * option elements in a disabled optgroup
+			//   https://html.spec.whatwg.org/multipage/forms.html#concept-option-disabled
+			// All such elements have a "form" property.
+			if ( elem.parentNode && elem.disabled === false ) {
+
+				// Option elements defer to a parent optgroup if present
+				if ( "label" in elem ) {
+					if ( "label" in elem.parentNode ) {
+						return elem.parentNode.disabled === disabled;
+					} else {
+						return elem.disabled === disabled;
+					}
+				}
+
+				// Support: IE 6 - 11
+				// Use the isDisabled shortcut property to check for disabled fieldset ancestors
+				return elem.isDisabled === disabled ||
+
+					// Where there is no isDisabled, check manually
+					/* jshint -W018 */
+					elem.isDisabled !== !disabled &&
+						disabledAncestor( elem ) === disabled;
+			}
+
+			return elem.disabled === disabled;
+
+		// Try to winnow out elements that can't be disabled before trusting the disabled property.
+		// Some victims get caught in our net (label, legend, menu, track), but it shouldn't
+		// even exist on them, let alone have a boolean value.
+		} else if ( "label" in elem ) {
+			return elem.disabled === disabled;
+		}
+
+		// Remaining elements are neither :enabled nor :disabled
+		return false;
+	};
+}
+
+/**
+ * Returns a function to use in pseudos for positionals
+ * @param {Function} fn
+ */
+function createPositionalPseudo( fn ) {
+	return markFunction(function( argument ) {
+		argument = +argument;
+		return markFunction(function( seed, matches ) {
+			var j,
+				matchIndexes = fn( [], seed.length, argument ),
+				i = matchIndexes.length;
+
+			// Match elements found at the specified indexes
+			while ( i-- ) {
+				if ( seed[ (j = matchIndexes[i]) ] ) {
+					seed[j] = !(matches[j] = seed[j]);
+				}
+			}
+		});
+	});
+}
+
+/**
+ * Checks a node for validity as a Sizzle context
+ * @param {Element|Object=} context
+ * @returns {Element|Object|Boolean} The input node if acceptable, otherwise a falsy value
+ */
+function testContext( context ) {
+	return context && typeof context.getElementsByTagName !== "undefined" && context;
+}
+
+// Expose support vars for convenience
+support = Sizzle.support = {};
+
+/**
+ * Detects XML nodes
+ * @param {Element|Object} elem An element or a document
+ * @returns {Boolean} True iff elem is a non-HTML XML node
+ */
+isXML = Sizzle.isXML = function( elem ) {
+	// documentElement is verified for cases where it doesn't yet exist
+	// (such as loading iframes in IE - #4833)
+	var documentElement = elem && (elem.ownerDocument || elem).documentElement;
+	return documentElement ? documentElement.nodeName !== "HTML" : false;
+};
+
+/**
+ * Sets document-related variables once based on the current document
+ * @param {Element|Object} [doc] An element or document object to use to set the document
+ * @returns {Object} Returns the current document
+ */
+setDocument = Sizzle.setDocument = function( node ) {
+	var hasCompare, subWindow,
+		doc = node ? node.ownerDocument || node : preferredDoc;
+
+	// Return early if doc is invalid or already selected
+	if ( doc === document || doc.nodeType !== 9 || !doc.documentElement ) {
+		return document;
+	}
+
+	// Update global variables
+	document = doc;
+	docElem = document.documentElement;
+	documentIsHTML = !isXML( document );
+
+	// Support: IE 9-11, Edge
+	// Accessing iframe documents after unload throws "permission denied" errors (jQuery #13936)
+	if ( preferredDoc !== document &&
+		(subWindow = document.defaultView) && subWindow.top !== subWindow ) {
+
+		// Support: IE 11, Edge
+		if ( subWindow.addEventListener ) {
+			subWindow.addEventListener( "unload", unloadHandler, false );
+
+		// Support: IE 9 - 10 only
+		} else if ( subWindow.attachEvent ) {
+			subWindow.attachEvent( "onunload", unloadHandler );
+		}
+	}
+
+	/* Attributes
+	---------------------------------------------------------------------- */
+
+	// Support: IE<8
+	// Verify that getAttribute really returns attributes and not properties
+	// (excepting IE8 booleans)
+	support.attributes = assert(function( el ) {
+		el.className = "i";
+		return !el.getAttribute("className");
+	});
+
+	/* getElement(s)By*
+	---------------------------------------------------------------------- */
+
+	// Check if getElementsByTagName("*") returns only elements
+	support.getElementsByTagName = assert(function( el ) {
+		el.appendChild( document.createComment("") );
+		return !el.getElementsByTagName("*").length;
+	});
+
+	// Support: IE<9
+	support.getElementsByClassName = rnative.test( document.getElementsByClassName );
+
+	// Support: IE<10
+	// Check if getElementById returns elements by name
+	// The broken getElementById methods don't pick up programmatically-set names,
+	// so use a roundabout getElementsByName test
+	support.getById = assert(function( el ) {
+		docElem.appendChild( el ).id = expando;
+		return !document.getElementsByName || !document.getElementsByName( expando ).length;
+	});
+
+	// ID filter and find
+	if ( support.getById ) {
+		Expr.filter["ID"] = function( id ) {
+			var attrId = id.replace( runescape, funescape );
+			return function( elem ) {
+				return elem.getAttribute("id") === attrId;
+			};
+		};
+		Expr.find["ID"] = function( id, context ) {
+			if ( typeof context.getElementById !== "undefined" && documentIsHTML ) {
+				var elem = context.getElementById( id );
+				return elem ? [ elem ] : [];
+			}
+		};
+	} else {
+		Expr.filter["ID"] =  function( id ) {
+			var attrId = id.replace( runescape, funescape );
+			return function( elem ) {
+				var node = typeof elem.getAttributeNode !== "undefined" &&
+					elem.getAttributeNode("id");
+				return node && node.value === attrId;
+			};
+		};
+
+		// Support: IE 6 - 7 only
+		// getElementById is not reliable as a find shortcut
+		Expr.find["ID"] = function( id, context ) {
+			if ( typeof context.getElementById !== "undefined" && documentIsHTML ) {
+				var node, i, elems,
+					elem = context.getElementById( id );
+
+				if ( elem ) {
+
+					// Verify the id attribute
+					node = elem.getAttributeNode("id");
+					if ( node && node.value === id ) {
+						return [ elem ];
+					}
+
+					// Fall back on getElementsByName
+					elems = context.getElementsByName( id );
+					i = 0;
+					while ( (elem = elems[i++]) ) {
+						node = elem.getAttributeNode("id");
+						if ( node && node.value === id ) {
+							return [ elem ];
+						}
+					}
+				}
+
+				return [];
+			}
+		};
+	}
+
+	// Tag
+	Expr.find["TAG"] = support.getElementsByTagName ?
+		function( tag, context ) {
+			if ( typeof context.getElementsByTagName !== "undefined" ) {
+				return context.getElementsByTagName( tag );
+
+			// DocumentFragment nodes don't have gEBTN
+			} else if ( support.qsa ) {
+				return context.querySelectorAll( tag );
+			}
+		} :
+
+		function( tag, context ) {
+			var elem,
+				tmp = [],
+				i = 0,
+				// By happy coincidence, a (broken) gEBTN appears on DocumentFragment nodes too
+				results = context.getElementsByTagName( tag );
+
+			// Filter out possible comments
+			if ( tag === "*" ) {
+				while ( (elem = results[i++]) ) {
+					if ( elem.nodeType === 1 ) {
+						tmp.push( elem );
+					}
+				}
+
+				return tmp;
+			}
+			return results;
+		};
+
+	// Class
+	Expr.find["CLASS"] = support.getElementsByClassName && function( className, context ) {
+		if ( typeof context.getElementsByClassName !== "undefined" && documentIsHTML ) {
+			return context.getElementsByClassName( className );
+		}
+	};
+
+	/* QSA/matchesSelector
+	---------------------------------------------------------------------- */
+
+	// QSA and matchesSelector support
+
+	// matchesSelector(:active) reports false when true (IE9/Opera 11.5)
+	rbuggyMatches = [];
+
+	// qSa(:focus) reports false when true (Chrome 21)
+	// We allow this because of a bug in IE8/9 that throws an error
+	// whenever `document.activeElement` is accessed on an iframe
+	// So, we allow :focus to pass through QSA all the time to avoid the IE error
+	// See https://bugs.jquery.com/ticket/13378
+	rbuggyQSA = [];
+
+	if ( (support.qsa = rnative.test( document.querySelectorAll )) ) {
+		// Build QSA regex
+		// Regex strategy adopted from Diego Perini
+		assert(function( el ) {
+			// Select is set to empty string on purpose
+			// This is to test IE's treatment of not explicitly
+			// setting a boolean content attribute,
+			// since its presence should be enough
+			// https://bugs.jquery.com/ticket/12359
+			docElem.appendChild( el ).innerHTML = "<a id='" + expando + "'></a>" +
+				"<select id='" + expando + "-\r\\' msallowcapture=''>" +
+				"<option selected=''></option></select>";
+
+			// Support: IE8, Opera 11-12.16
+			// Nothing should be selected when empty strings follow ^= or $= or *=
+			// The test attribute must be unknown in Opera but "safe" for WinRT
+			// https://msdn.microsoft.com/en-us/library/ie/hh465388.aspx#attribute_section
+			if ( el.querySelectorAll("[msallowcapture^='']").length ) {
+				rbuggyQSA.push( "[*^$]=" + whitespace + "*(?:''|\"\")" );
+			}
+
+			// Support: IE8
+			// Boolean attributes and "value" are not treated correctly
+			if ( !el.querySelectorAll("[selected]").length ) {
+				rbuggyQSA.push( "\\[" + whitespace + "*(?:value|" + booleans + ")" );
+			}
+
+			// Support: Chrome<29, Android<4.4, Safari<7.0+, iOS<7.0+, PhantomJS<1.9.8+
+			if ( !el.querySelectorAll( "[id~=" + expando + "-]" ).length ) {
+				rbuggyQSA.push("~=");
+			}
+
+			// Webkit/Opera - :checked should return selected option elements
+			// http://www.w3.org/TR/2011/REC-css3-selectors-20110929/#checked
+			// IE8 throws error here and will not see later tests
+			if ( !el.querySelectorAll(":checked").length ) {
+				rbuggyQSA.push(":checked");
+			}
+
+			// Support: Safari 8+, iOS 8+
+			// https://bugs.webkit.org/show_bug.cgi?id=136851
+			// In-page `selector#id sibling-combinator selector` fails
+			if ( !el.querySelectorAll( "a#" + expando + "+*" ).length ) {
+				rbuggyQSA.push(".#.+[+~]");
+			}
+		});
+
+		assert(function( el ) {
+			el.innerHTML = "<a href='' disabled='disabled'></a>" +
+				"<select disabled='disabled'><option/></select>";
+
+			// Support: Windows 8 Native Apps
+			// The type and name attributes are restricted during .innerHTML assignment
+			var input = document.createElement("input");
+			input.setAttribute( "type", "hidden" );
+			el.appendChild( input ).setAttribute( "name", "D" );
+
+			// Support: IE8
+			// Enforce case-sensitivity of name attribute
+			if ( el.querySelectorAll("[name=d]").length ) {
+				rbuggyQSA.push( "name" + whitespace + "*[*^$|!~]?=" );
+			}
+
+			// FF 3.5 - :enabled/:disabled and hidden elements (hidden elements are still enabled)
+			// IE8 throws error here and will not see later tests
+			if ( el.querySelectorAll(":enabled").length !== 2 ) {
+				rbuggyQSA.push( ":enabled", ":disabled" );
+			}
+
+			// Support: IE9-11+
+			// IE's :disabled selector does not pick up the children of disabled fieldsets
+			docElem.appendChild( el ).disabled = true;
+			if ( el.querySelectorAll(":disabled").length !== 2 ) {
+				rbuggyQSA.push( ":enabled", ":disabled" );
+			}
+
+			// Opera 10-11 does not throw on post-comma invalid pseudos
+			el.querySelectorAll("*,:x");
+			rbuggyQSA.push(",.*:");
+		});
+	}
+
+	if ( (support.matchesSelector = rnative.test( (matches = docElem.matches ||
+		docElem.webkitMatchesSelector ||
+		docElem.mozMatchesSelector ||
+		docElem.oMatchesSelector ||
+		docElem.msMatchesSelector) )) ) {
+
+		assert(function( el ) {
+			// Check to see if it's possible to do matchesSelector
+			// on a disconnected node (IE 9)
+			support.disconnectedMatch = matches.call( el, "*" );
+
+			// This should fail with an exception
+			// Gecko does not error, returns false instead
+			matches.call( el, "[s!='']:x" );
+			rbuggyMatches.push( "!=", pseudos );
+		});
+	}
+
+	rbuggyQSA = rbuggyQSA.length && new RegExp( rbuggyQSA.join("|") );
+	rbuggyMatches = rbuggyMatches.length && new RegExp( rbuggyMatches.join("|") );
+
+	/* Contains
+	---------------------------------------------------------------------- */
+	hasCompare = rnative.test( docElem.compareDocumentPosition );
+
+	// Element contains another
+	// Purposefully self-exclusive
+	// As in, an element does not contain itself
+	contains = hasCompare || rnative.test( docElem.contains ) ?
+		function( a, b ) {
+			var adown = a.nodeType === 9 ? a.documentElement : a,
+				bup = b && b.parentNode;
+			return a === bup || !!( bup && bup.nodeType === 1 && (
+				adown.contains ?
+					adown.contains( bup ) :
+					a.compareDocumentPosition && a.compareDocumentPosition( bup ) & 16
+			));
+		} :
+		function( a, b ) {
+			if ( b ) {
+				while ( (b = b.parentNode) ) {
+					if ( b === a ) {
+						return true;
+					}
+				}
+			}
+			return false;
+		};
+
+	/* Sorting
+	---------------------------------------------------------------------- */
+
+	// Document order sorting
+	sortOrder = hasCompare ?
+	function( a, b ) {
+
+		// Flag for duplicate removal
+		if ( a === b ) {
+			hasDuplicate = true;
+			return 0;
+		}
+
+		// Sort on method existence if only one input has compareDocumentPosition
+		var compare = !a.compareDocumentPosition - !b.compareDocumentPosition;
+		if ( compare ) {
+			return compare;
+		}
+
+		// Calculate position if both inputs belong to the same document
+		compare = ( a.ownerDocument || a ) === ( b.ownerDocument || b ) ?
+			a.compareDocumentPosition( b ) :
+
+			// Otherwise we know they are disconnected
+			1;
+
+		// Disconnected nodes
+		if ( compare & 1 ||
+			(!support.sortDetached && b.compareDocumentPosition( a ) === compare) ) {
+
+			// Choose the first element that is related to our preferred document
+			if ( a === document || a.ownerDocument === preferredDoc && contains(preferredDoc, a) ) {
+				return -1;
+			}
+			if ( b === document || b.ownerDocument === preferredDoc && contains(preferredDoc, b) ) {
+				return 1;
+			}
+
+			// Maintain original order
+			return sortInput ?
+				( indexOf( sortInput, a ) - indexOf( sortInput, b ) ) :
+				0;
+		}
+
+		return compare & 4 ? -1 : 1;
+	} :
+	function( a, b ) {
+		// Exit early if the nodes are identical
+		if ( a === b ) {
+			hasDuplicate = true;
+			return 0;
+		}
+
+		var cur,
+			i = 0,
+			aup = a.parentNode,
+			bup = b.parentNode,
+			ap = [ a ],
+			bp = [ b ];
+
+		// Parentless nodes are either documents or disconnected
+		if ( !aup || !bup ) {
+			return a === document ? -1 :
+				b === document ? 1 :
+				aup ? -1 :
+				bup ? 1 :
+				sortInput ?
+				( indexOf( sortInput, a ) - indexOf( sortInput, b ) ) :
+				0;
+
+		// If the nodes are siblings, we can do a quick check
+		} else if ( aup === bup ) {
+			return siblingCheck( a, b );
+		}
+
+		// Otherwise we need full lists of their ancestors for comparison
+		cur = a;
+		while ( (cur = cur.parentNode) ) {
+			ap.unshift( cur );
+		}
+		cur = b;
+		while ( (cur = cur.parentNode) ) {
+			bp.unshift( cur );
+		}
+
+		// Walk down the tree looking for a discrepancy
+		while ( ap[i] === bp[i] ) {
+			i++;
+		}
+
+		return i ?
+			// Do a sibling check if the nodes have a common ancestor
+			siblingCheck( ap[i], bp[i] ) :
+
+			// Otherwise nodes in our document sort first
+			ap[i] === preferredDoc ? -1 :
+			bp[i] === preferredDoc ? 1 :
+			0;
+	};
+
+	return document;
+};
+
+Sizzle.matches = function( expr, elements ) {
+	return Sizzle( expr, null, null, elements );
+};
+
+Sizzle.matchesSelector = function( elem, expr ) {
+	// Set document vars if needed
+	if ( ( elem.ownerDocument || elem ) !== document ) {
+		setDocument( elem );
+	}
+
+	// Make sure that attribute selectors are quoted
+	expr = expr.replace( rattributeQuotes, "='$1']" );
+
+	if ( support.matchesSelector && documentIsHTML &&
+		!compilerCache[ expr + " " ] &&
+		( !rbuggyMatches || !rbuggyMatches.test( expr ) ) &&
+		( !rbuggyQSA     || !rbuggyQSA.test( expr ) ) ) {
+
+		try {
+			var ret = matches.call( elem, expr );
+
+			// IE 9's matchesSelector returns false on disconnected nodes
+			if ( ret || support.disconnectedMatch ||
+					// As well, disconnected nodes are said to be in a document
+					// fragment in IE 9
+					elem.document && elem.document.nodeType !== 11 ) {
+				return ret;
+			}
+		} catch (e) {}
+	}
+
+	return Sizzle( expr, document, null, [ elem ] ).length > 0;
+};
+
+Sizzle.contains = function( context, elem ) {
+	// Set document vars if needed
+	if ( ( context.ownerDocument || context ) !== document ) {
+		setDocument( context );
+	}
+	return contains( context, elem );
+};
+
+Sizzle.attr = function( elem, name ) {
+	// Set document vars if needed
+	if ( ( elem.ownerDocument || elem ) !== document ) {
+		setDocument( elem );
+	}
+
+	var fn = Expr.attrHandle[ name.toLowerCase() ],
+		// Don't get fooled by Object.prototype properties (jQuery #13807)
+		val = fn && hasOwn.call( Expr.attrHandle, name.toLowerCase() ) ?
+			fn( elem, name, !documentIsHTML ) :
+			undefined;
+
+	return val !== undefined ?
+		val :
+		support.attributes || !documentIsHTML ?
+			elem.getAttribute( name ) :
+			(val = elem.getAttributeNode(name)) && val.specified ?
+				val.value :
+				null;
+};
+
+Sizzle.escape = function( sel ) {
+	return (sel + "").replace( rcssescape, fcssescape );
+};
+
+Sizzle.error = function( msg ) {
+	throw new Error( "Syntax error, unrecognized expression: " + msg );
+};
+
+/**
+ * Document sorting and removing duplicates
+ * @param {ArrayLike} results
+ */
+Sizzle.uniqueSort = function( results ) {
+	var elem,
+		duplicates = [],
+		j = 0,
+		i = 0;
+
+	// Unless we *know* we can detect duplicates, assume their presence
+	hasDuplicate = !support.detectDuplicates;
+	sortInput = !support.sortStable && results.slice( 0 );
+	results.sort( sortOrder );
+
+	if ( hasDuplicate ) {
+		while ( (elem = results[i++]) ) {
+			if ( elem === results[ i ] ) {
+				j = duplicates.push( i );
+			}
+		}
+		while ( j-- ) {
+			results.splice( duplicates[ j ], 1 );
+		}
+	}
+
+	// Clear input after sorting to release objects
+	// See https://github.com/jquery/sizzle/pull/225
+	sortInput = null;
+
+	return results;
+};
+
+/**
+ * Utility function for retrieving the text value of an array of DOM nodes
+ * @param {Array|Element} elem
+ */
+getText = Sizzle.getText = function( elem ) {
+	var node,
+		ret = "",
+		i = 0,
+		nodeType = elem.nodeType;
+
+	if ( !nodeType ) {
+		// If no nodeType, this is expected to be an array
+		while ( (node = elem[i++]) ) {
+			// Do not traverse comment nodes
+			ret += getText( node );
+		}
+	} else if ( nodeType === 1 || nodeType === 9 || nodeType === 11 ) {
+		// Use textContent for elements
+		// innerText usage removed for consistency of new lines (jQuery #11153)
+		if ( typeof elem.textContent === "string" ) {
+			return elem.textContent;
+		} else {
+			// Traverse its children
+			for ( elem = elem.firstChild; elem; elem = elem.nextSibling ) {
+				ret += getText( elem );
+			}
+		}
+	} else if ( nodeType === 3 || nodeType === 4 ) {
+		return elem.nodeValue;
+	}
+	// Do not include comment or processing instruction nodes
+
+	return ret;
+};
+
+Expr = Sizzle.selectors = {
+
+	// Can be adjusted by the user
+	cacheLength: 50,
+
+	createPseudo: markFunction,
+
+	match: matchExpr,
+
+	attrHandle: {},
+
+	find: {},
+
+	relative: {
+		">": { dir: "parentNode", first: true },
+		" ": { dir: "parentNode" },
+		"+": { dir: "previousSibling", first: true },
+		"~": { dir: "previousSibling" }
+	},
+
+	preFilter: {
+		"ATTR": function( match ) {
+			match[1] = match[1].replace( runescape, funescape );
+
+			// Move the given value to match[3] whether quoted or unquoted
+			match[3] = ( match[3] || match[4] || match[5] || "" ).replace( runescape, funescape );
+
+			if ( match[2] === "~=" ) {
+				match[3] = " " + match[3] + " ";
+			}
+
+			return match.slice( 0, 4 );
+		},
+
+		"CHILD": function( match ) {
+			/* matches from matchExpr["CHILD"]
+				1 type (only|nth|...)
+				2 what (child|of-type)
+				3 argument (even|odd|\d*|\d*n([+-]\d+)?|...)
+				4 xn-component of xn+y argument ([+-]?\d*n|)
+				5 sign of xn-component
+				6 x of xn-component
+				7 sign of y-component
+				8 y of y-component
+			*/
+			match[1] = match[1].toLowerCase();
+
+			if ( match[1].slice( 0, 3 ) === "nth" ) {
+				// nth-* requires argument
+				if ( !match[3] ) {
+					Sizzle.error( match[0] );
+				}
+
+				// numeric x and y parameters for Expr.filter.CHILD
+				// remember that false/true cast respectively to 0/1
+				match[4] = +( match[4] ? match[5] + (match[6] || 1) : 2 * ( match[3] === "even" || match[3] === "odd" ) );
+				match[5] = +( ( match[7] + match[8] ) || match[3] === "odd" );
+
+			// other types prohibit arguments
+			} else if ( match[3] ) {
+				Sizzle.error( match[0] );
+			}
+
+			return match;
+		},
+
+		"PSEUDO": function( match ) {
+			var excess,
+				unquoted = !match[6] && match[2];
+
+			if ( matchExpr["CHILD"].test( match[0] ) ) {
+				return null;
+			}
+
+			// Accept quoted arguments as-is
+			if ( match[3] ) {
+				match[2] = match[4] || match[5] || "";
+
+			// Strip excess characters from unquoted arguments
+			} else if ( unquoted && rpseudo.test( unquoted ) &&
+				// Get excess from tokenize (recursively)
+				(excess = tokenize( unquoted, true )) &&
+				// advance to the next closing parenthesis
+				(excess = unquoted.indexOf( ")", unquoted.length - excess ) - unquoted.length) ) {
+
+				// excess is a negative index
+				match[0] = match[0].slice( 0, excess );
+				match[2] = unquoted.slice( 0, excess );
+			}
+
+			// Return only captures needed by the pseudo filter method (type and argument)
+			return match.slice( 0, 3 );
+		}
+	},
+
+	filter: {
+
+		"TAG": function( nodeNameSelector ) {
+			var nodeName = nodeNameSelector.replace( runescape, funescape ).toLowerCase();
+			return nodeNameSelector === "*" ?
+				function() { return true; } :
+				function( elem ) {
+					return elem.nodeName && elem.nodeName.toLowerCase() === nodeName;
+				};
+		},
+
+		"CLASS": function( className ) {
+			var pattern = classCache[ className + " " ];
+
+			return pattern ||
+				(pattern = new RegExp( "(^|" + whitespace + ")" + className + "(" + whitespace + "|$)" )) &&
+				classCache( className, function( elem ) {
+					return pattern.test( typeof elem.className === "string" && elem.className || typeof elem.getAttribute !== "undefined" && elem.getAttribute("class") || "" );
+				});
+		},
+
+		"ATTR": function( name, operator, check ) {
+			return function( elem ) {
+				var result = Sizzle.attr( elem, name );
+
+				if ( result == null ) {
+					return operator === "!=";
+				}
+				if ( !operator ) {
+					return true;
+				}
+
+				result += "";
+
+				return operator === "=" ? result === check :
+					operator === "!=" ? result !== check :
+					operator === "^=" ? check && result.indexOf( check ) === 0 :
+					operator === "*=" ? check && result.indexOf( check ) > -1 :
+					operator === "$=" ? check && result.slice( -check.length ) === check :
+					operator === "~=" ? ( " " + result.replace( rwhitespace, " " ) + " " ).indexOf( check ) > -1 :
+					operator === "|=" ? result === check || result.slice( 0, check.length + 1 ) === check + "-" :
+					false;
+			};
+		},
+
+		"CHILD": function( type, what, argument, first, last ) {
+			var simple = type.slice( 0, 3 ) !== "nth",
+				forward = type.slice( -4 ) !== "last",
+				ofType = what === "of-type";
+
+			return first === 1 && last === 0 ?
+
+				// Shortcut for :nth-*(n)
+				function( elem ) {
+					return !!elem.parentNode;
+				} :
+
+				function( elem, context, xml ) {
+					var cache, uniqueCache, outerCache, node, nodeIndex, start,
+						dir = simple !== forward ? "nextSibling" : "previousSibling",
+						parent = elem.parentNode,
+						name = ofType && elem.nodeName.toLowerCase(),
+						useCache = !xml && !ofType,
+						diff = false;
+
+					if ( parent ) {
+
+						// :(first|last|only)-(child|of-type)
+						if ( simple ) {
+							while ( dir ) {
+								node = elem;
+								while ( (node = node[ dir ]) ) {
+									if ( ofType ?
+										node.nodeName.toLowerCase() === name :
+										node.nodeType === 1 ) {
+
+										return false;
+									}
+								}
+								// Reverse direction for :only-* (if we haven't yet done so)
+								start = dir = type === "only" && !start && "nextSibling";
+							}
+							return true;
+						}
+
+						start = [ forward ? parent.firstChild : parent.lastChild ];
+
+						// non-xml :nth-child(...) stores cache data on `parent`
+						if ( forward && useCache ) {
+
+							// Seek `elem` from a previously-cached index
+
+							// ...in a gzip-friendly way
+							node = parent;
+							outerCache = node[ expando ] || (node[ expando ] = {});
+
+							// Support: IE <9 only
+							// Defend against cloned attroperties (jQuery gh-1709)
+							uniqueCache = outerCache[ node.uniqueID ] ||
+								(outerCache[ node.uniqueID ] = {});
+
+							cache = uniqueCache[ type ] || [];
+							nodeIndex = cache[ 0 ] === dirruns && cache[ 1 ];
+							diff = nodeIndex && cache[ 2 ];
+							node = nodeIndex && parent.childNodes[ nodeIndex ];
+
+							while ( (node = ++nodeIndex && node && node[ dir ] ||
+
+								// Fallback to seeking `elem` from the start
+								(diff = nodeIndex = 0) || start.pop()) ) {
+
+								// When found, cache indexes on `parent` and break
+								if ( node.nodeType === 1 && ++diff && node === elem ) {
+									uniqueCache[ type ] = [ dirruns, nodeIndex, diff ];
+									break;
+								}
+							}
+
+						} else {
+							// Use previously-cached element index if available
+							if ( useCache ) {
+								// ...in a gzip-friendly way
+								node = elem;
+								outerCache = node[ expando ] || (node[ expando ] = {});
+
+								// Support: IE <9 only
+								// Defend against cloned attroperties (jQuery gh-1709)
+								uniqueCache = outerCache[ node.uniqueID ] ||
+									(outerCache[ node.uniqueID ] = {});
+
+								cache = uniqueCache[ type ] || [];
+								nodeIndex = cache[ 0 ] === dirruns && cache[ 1 ];
+								diff = nodeIndex;
+							}
+
+							// xml :nth-child(...)
+							// or :nth-last-child(...) or :nth(-last)?-of-type(...)
+							if ( diff === false ) {
+								// Use the same loop as above to seek `elem` from the start
+								while ( (node = ++nodeIndex && node && node[ dir ] ||
+									(diff = nodeIndex = 0) || start.pop()) ) {
+
+									if ( ( ofType ?
+										node.nodeName.toLowerCase() === name :
+										node.nodeType === 1 ) &&
+										++diff ) {
+
+										// Cache the index of each encountered element
+										if ( useCache ) {
+											outerCache = node[ expando ] || (node[ expando ] = {});
+
+											// Support: IE <9 only
+											// Defend against cloned attroperties (jQuery gh-1709)
+											uniqueCache = outerCache[ node.uniqueID ] ||
+												(outerCache[ node.uniqueID ] = {});
+
+											uniqueCache[ type ] = [ dirruns, diff ];
+										}
+
+										if ( node === elem ) {
+											break;
+										}
+									}
+								}
+							}
+						}
+
+						// Incorporate the offset, then check against cycle size
+						diff -= last;
+						return diff === first || ( diff % first === 0 && diff / first >= 0 );
+					}
+				};
+		},
+
+		"PSEUDO": function( pseudo, argument ) {
+			// pseudo-class names are case-insensitive
+			// http://www.w3.org/TR/selectors/#pseudo-classes
+			// Prioritize by case sensitivity in case custom pseudos are added with uppercase letters
+			// Remember that setFilters inherits from pseudos
+			var args,
+				fn = Expr.pseudos[ pseudo ] || Expr.setFilters[ pseudo.toLowerCase() ] ||
+					Sizzle.error( "unsupported pseudo: " + pseudo );
+
+			// The user may use createPseudo to indicate that
+			// arguments are needed to create the filter function
+			// just as Sizzle does
+			if ( fn[ expando ] ) {
+				return fn( argument );
+			}
+
+			// But maintain support for old signatures
+			if ( fn.length > 1 ) {
+				args = [ pseudo, pseudo, "", argument ];
+				return Expr.setFilters.hasOwnProperty( pseudo.toLowerCase() ) ?
+					markFunction(function( seed, matches ) {
+						var idx,
+							matched = fn( seed, argument ),
+							i = matched.length;
+						while ( i-- ) {
+							idx = indexOf( seed, matched[i] );
+							seed[ idx ] = !( matches[ idx ] = matched[i] );
+						}
+					}) :
+					function( elem ) {
+						return fn( elem, 0, args );
+					};
+			}
+
+			return fn;
+		}
+	},
+
+	pseudos: {
+		// Potentially complex pseudos
+		"not": markFunction(function( selector ) {
+			// Trim the selector passed to compile
+			// to avoid treating leading and trailing
+			// spaces as combinators
+			var input = [],
+				results = [],
+				matcher = compile( selector.replace( rtrim, "$1" ) );
+
+			return matcher[ expando ] ?
+				markFunction(function( seed, matches, context, xml ) {
+					var elem,
+						unmatched = matcher( seed, null, xml, [] ),
+						i = seed.length;
+
+					// Match elements unmatched by `matcher`
+					while ( i-- ) {
+						if ( (elem = unmatched[i]) ) {
+							seed[i] = !(matches[i] = elem);
+						}
+					}
+				}) :
+				function( elem, context, xml ) {
+					input[0] = elem;
+					matcher( input, null, xml, results );
+					// Don't keep the element (issue #299)
+					input[0] = null;
+					return !results.pop();
+				};
+		}),
+
+		"has": markFunction(function( selector ) {
+			return function( elem ) {
+				return Sizzle( selector, elem ).length > 0;
+			};
+		}),
+
+		"contains": markFunction(function( text ) {
+			text = text.replace( runescape, funescape );
+			return function( elem ) {
+				return ( elem.textContent || elem.innerText || getText( elem ) ).indexOf( text ) > -1;
+			};
+		}),
+
+		// "Whether an element is represented by a :lang() selector
+		// is based solely on the element's language value
+		// being equal to the identifier C,
+		// or beginning with the identifier C immediately followed by "-".
+		// The matching of C against the element's language value is performed case-insensitively.
+		// The identifier C does not have to be a valid language name."
+		// http://www.w3.org/TR/selectors/#lang-pseudo
+		"lang": markFunction( function( lang ) {
+			// lang value must be a valid identifier
+			if ( !ridentifier.test(lang || "") ) {
+				Sizzle.error( "unsupported lang: " + lang );
+			}
+			lang = lang.replace( runescape, funescape ).toLowerCase();
+			return function( elem ) {
+				var elemLang;
+				do {
+					if ( (elemLang = documentIsHTML ?
+						elem.lang :
+						elem.getAttribute("xml:lang") || elem.getAttribute("lang")) ) {
+
+						elemLang = elemLang.toLowerCase();
+						return elemLang === lang || elemLang.indexOf( lang + "-" ) === 0;
+					}
+				} while ( (elem = elem.parentNode) && elem.nodeType === 1 );
+				return false;
+			};
+		}),
+
+		// Miscellaneous
+		"target": function( elem ) {
+			var hash = window.location && window.location.hash;
+			return hash && hash.slice( 1 ) === elem.id;
+		},
+
+		"root": function( elem ) {
+			return elem === docElem;
+		},
+
+		"focus": function( elem ) {
+			return elem === document.activeElement && (!document.hasFocus || document.hasFocus()) && !!(elem.type || elem.href || ~elem.tabIndex);
+		},
+
+		// Boolean properties
+		"enabled": createDisabledPseudo( false ),
+		"disabled": createDisabledPseudo( true ),
+
+		"checked": function( elem ) {
+			// In CSS3, :checked should return both checked and selected elements
+			// http://www.w3.org/TR/2011/REC-css3-selectors-20110929/#checked
+			var nodeName = elem.nodeName.toLowerCase();
+			return (nodeName === "input" && !!elem.checked) || (nodeName === "option" && !!elem.selected);
+		},
+
+		"selected": function( elem ) {
+			// Accessing this property makes selected-by-default
+			// options in Safari work properly
+			if ( elem.parentNode ) {
+				elem.parentNode.selectedIndex;
+			}
+
+			return elem.selected === true;
+		},
+
+		// Contents
+		"empty": function( elem ) {
+			// http://www.w3.org/TR/selectors/#empty-pseudo
+			// :empty is negated by element (1) or content nodes (text: 3; cdata: 4; entity ref: 5),
+			//   but not by others (comment: 8; processing instruction: 7; etc.)
+			// nodeType < 6 works because attributes (2) do not appear as children
+			for ( elem = elem.firstChild; elem; elem = elem.nextSibling ) {
+				if ( elem.nodeType < 6 ) {
+					return false;
+				}
+			}
+			return true;
+		},
+
+		"parent": function( elem ) {
+			return !Expr.pseudos["empty"]( elem );
+		},
+
+		// Element/input types
+		"header": function( elem ) {
+			return rheader.test( elem.nodeName );
+		},
+
+		"input": function( elem ) {
+			return rinputs.test( elem.nodeName );
+		},
+
+		"button": function( elem ) {
+			var name = elem.nodeName.toLowerCase();
+			return name === "input" && elem.type === "button" || name === "button";
+		},
+
+		"text": function( elem ) {
+			var attr;
+			return elem.nodeName.toLowerCase() === "input" &&
+				elem.type === "text" &&
+
+				// Support: IE<8
+				// New HTML5 attribute values (e.g., "search") appear with elem.type === "text"
+				( (attr = elem.getAttribute("type")) == null || attr.toLowerCase() === "text" );
+		},
+
+		// Position-in-collection
+		"first": createPositionalPseudo(function() {
+			return [ 0 ];
+		}),
+
+		"last": createPositionalPseudo(function( matchIndexes, length ) {
+			return [ length - 1 ];
+		}),
+
+		"eq": createPositionalPseudo(function( matchIndexes, length, argument ) {
+			return [ argument < 0 ? argument + length : argument ];
+		}),
+
+		"even": createPositionalPseudo(function( matchIndexes, length ) {
+			var i = 0;
+			for ( ; i < length; i += 2 ) {
+				matchIndexes.push( i );
+			}
+			return matchIndexes;
+		}),
+
+		"odd": createPositionalPseudo(function( matchIndexes, length ) {
+			var i = 1;
+			for ( ; i < length; i += 2 ) {
+				matchIndexes.push( i );
+			}
+			return matchIndexes;
+		}),
+
+		"lt": createPositionalPseudo(function( matchIndexes, length, argument ) {
+			var i = argument < 0 ? argument + length : argument;
+			for ( ; --i >= 0; ) {
+				matchIndexes.push( i );
+			}
+			return matchIndexes;
+		}),
+
+		"gt": createPositionalPseudo(function( matchIndexes, length, argument ) {
+			var i = argument < 0 ? argument + length : argument;
+			for ( ; ++i < length; ) {
+				matchIndexes.push( i );
+			}
+			return matchIndexes;
+		})
+	}
+};
+
+Expr.pseudos["nth"] = Expr.pseudos["eq"];
+
+// Add button/input type pseudos
+for ( i in { radio: true, checkbox: true, file: true, password: true, image: true } ) {
+	Expr.pseudos[ i ] = createInputPseudo( i );
+}
+for ( i in { submit: true, reset: true } ) {
+	Expr.pseudos[ i ] = createButtonPseudo( i );
+}
+
+// Easy API for creating new setFilters
+function setFilters() {}
+setFilters.prototype = Expr.filters = Expr.pseudos;
+Expr.setFilters = new setFilters();
+
+tokenize = Sizzle.tokenize = function( selector, parseOnly ) {
+	var matched, match, tokens, type,
+		soFar, groups, preFilters,
+		cached = tokenCache[ selector + " " ];
+
+	if ( cached ) {
+		return parseOnly ? 0 : cached.slice( 0 );
+	}
+
+	soFar = selector;
+	groups = [];
+	preFilters = Expr.preFilter;
+
+	while ( soFar ) {
+
+		// Comma and first run
+		if ( !matched || (match = rcomma.exec( soFar )) ) {
+			if ( match ) {
+				// Don't consume trailing commas as valid
+				soFar = soFar.slice( match[0].length ) || soFar;
+			}
+			groups.push( (tokens = []) );
+		}
+
+		matched = false;
+
+		// Combinators
+		if ( (match = rcombinators.exec( soFar )) ) {
+			matched = match.shift();
+			tokens.push({
+				value: matched,
+				// Cast descendant combinators to space
+				type: match[0].replace( rtrim, " " )
+			});
+			soFar = soFar.slice( matched.length );
+		}
+
+		// Filters
+		for ( type in Expr.filter ) {
+			if ( (match = matchExpr[ type ].exec( soFar )) && (!preFilters[ type ] ||
+				(match = preFilters[ type ]( match ))) ) {
+				matched = match.shift();
+				tokens.push({
+					value: matched,
+					type: type,
+					matches: match
+				});
+				soFar = soFar.slice( matched.length );
+			}
+		}
+
+		if ( !matched ) {
+			break;
+		}
+	}
+
+	// Return the length of the invalid excess
+	// if we're just parsing
+	// Otherwise, throw an error or return tokens
+	return parseOnly ?
+		soFar.length :
+		soFar ?
+			Sizzle.error( selector ) :
+			// Cache the tokens
+			tokenCache( selector, groups ).slice( 0 );
+};
+
+function toSelector( tokens ) {
+	var i = 0,
+		len = tokens.length,
+		selector = "";
+	for ( ; i < len; i++ ) {
+		selector += tokens[i].value;
+	}
+	return selector;
+}
+
+function addCombinator( matcher, combinator, base ) {
+	var dir = combinator.dir,
+		skip = combinator.next,
+		key = skip || dir,
+		checkNonElements = base && key === "parentNode",
+		doneName = done++;
+
+	return combinator.first ?
+		// Check against closest ancestor/preceding element
+		function( elem, context, xml ) {
+			while ( (elem = elem[ dir ]) ) {
+				if ( elem.nodeType === 1 || checkNonElements ) {
+					return matcher( elem, context, xml );
+				}
+			}
+			return false;
+		} :
+
+		// Check against all ancestor/preceding elements
+		function( elem, context, xml ) {
+			var oldCache, uniqueCache, outerCache,
+				newCache = [ dirruns, doneName ];
+
+			// We can't set arbitrary data on XML nodes, so they don't benefit from combinator caching
+			if ( xml ) {
+				while ( (elem = elem[ dir ]) ) {
+					if ( elem.nodeType === 1 || checkNonElements ) {
+						if ( matcher( elem, context, xml ) ) {
+							return true;
+						}
+					}
+				}
+			} else {
+				while ( (elem = elem[ dir ]) ) {
+					if ( elem.nodeType === 1 || checkNonElements ) {
+						outerCache = elem[ expando ] || (elem[ expando ] = {});
+
+						// Support: IE <9 only
+						// Defend against cloned attroperties (jQuery gh-1709)
+						uniqueCache = outerCache[ elem.uniqueID ] || (outerCache[ elem.uniqueID ] = {});
+
+						if ( skip && skip === elem.nodeName.toLowerCase() ) {
+							elem = elem[ dir ] || elem;
+						} else if ( (oldCache = uniqueCache[ key ]) &&
+							oldCache[ 0 ] === dirruns && oldCache[ 1 ] === doneName ) {
+
+							// Assign to newCache so results back-propagate to previous elements
+							return (newCache[ 2 ] = oldCache[ 2 ]);
+						} else {
+							// Reuse newcache so results back-propagate to previous elements
+							uniqueCache[ key ] = newCache;
+
+							// A match means we're done; a fail means we have to keep checking
+							if ( (newCache[ 2 ] = matcher( elem, context, xml )) ) {
+								return true;
+							}
+						}
+					}
+				}
+			}
+			return false;
+		};
+}
+
+function elementMatcher( matchers ) {
+	return matchers.length > 1 ?
+		function( elem, context, xml ) {
+			var i = matchers.length;
+			while ( i-- ) {
+				if ( !matchers[i]( elem, context, xml ) ) {
+					return false;
+				}
+			}
+			return true;
+		} :
+		matchers[0];
+}
+
+function multipleContexts( selector, contexts, results ) {
+	var i = 0,
+		len = contexts.length;
+	for ( ; i < len; i++ ) {
+		Sizzle( selector, contexts[i], results );
+	}
+	return results;
+}
+
+function condense( unmatched, map, filter, context, xml ) {
+	var elem,
+		newUnmatched = [],
+		i = 0,
+		len = unmatched.length,
+		mapped = map != null;
+
+	for ( ; i < len; i++ ) {
+		if ( (elem = unmatched[i]) ) {
+			if ( !filter || filter( elem, context, xml ) ) {
+				newUnmatched.push( elem );
+				if ( mapped ) {
+					map.push( i );
+				}
+			}
+		}
+	}
+
+	return newUnmatched;
+}
+
+function setMatcher( preFilter, selector, matcher, postFilter, postFinder, postSelector ) {
+	if ( postFilter && !postFilter[ expando ] ) {
+		postFilter = setMatcher( postFilter );
+	}
+	if ( postFinder && !postFinder[ expando ] ) {
+		postFinder = setMatcher( postFinder, postSelector );
+	}
+	return markFunction(function( seed, results, context, xml ) {
+		var temp, i, elem,
+			preMap = [],
+			postMap = [],
+			preexisting = results.length,
+
+			// Get initial elements from seed or context
+			elems = seed || multipleContexts( selector || "*", context.nodeType ? [ context ] : context, [] ),
+
+			// Prefilter to get matcher input, preserving a map for seed-results synchronization
+			matcherIn = preFilter && ( seed || !selector ) ?
+				condense( elems, preMap, preFilter, context, xml ) :
+				elems,
+
+			matcherOut = matcher ?
+				// If we have a postFinder, or filtered seed, or non-seed postFilter or preexisting results,
+				postFinder || ( seed ? preFilter : preexisting || postFilter ) ?
+
+					// ...intermediate processing is necessary
+					[] :
+
+					// ...otherwise use results directly
+					results :
+				matcherIn;
+
+		// Find primary matches
+		if ( matcher ) {
+			matcher( matcherIn, matcherOut, context, xml );
+		}
+
+		// Apply postFilter
+		if ( postFilter ) {
+			temp = condense( matcherOut, postMap );
+			postFilter( temp, [], context, xml );
+
+			// Un-match failing elements by moving them back to matcherIn
+			i = temp.length;
+			while ( i-- ) {
+				if ( (elem = temp[i]) ) {
+					matcherOut[ postMap[i] ] = !(matcherIn[ postMap[i] ] = elem);
+				}
+			}
+		}
+
+		if ( seed ) {
+			if ( postFinder || preFilter ) {
+				if ( postFinder ) {
+					// Get the final matcherOut by condensing this intermediate into postFinder contexts
+					temp = [];
+					i = matcherOut.length;
+					while ( i-- ) {
+						if ( (elem = matcherOut[i]) ) {
+							// Restore matcherIn since elem is not yet a final match
+							temp.push( (matcherIn[i] = elem) );
+						}
+					}
+					postFinder( null, (matcherOut = []), temp, xml );
+				}
+
+				// Move matched elements from seed to results to keep them synchronized
+				i = matcherOut.length;
+				while ( i-- ) {
+					if ( (elem = matcherOut[i]) &&
+						(temp = postFinder ? indexOf( seed, elem ) : preMap[i]) > -1 ) {
+
+						seed[temp] = !(results[temp] = elem);
+					}
+				}
+			}
+
+		// Add elements to results, through postFinder if defined
+		} else {
+			matcherOut = condense(
+				matcherOut === results ?
+					matcherOut.splice( preexisting, matcherOut.length ) :
+					matcherOut
+			);
+			if ( postFinder ) {
+				postFinder( null, results, matcherOut, xml );
+			} else {
+				push.apply( results, matcherOut );
+			}
+		}
+	});
+}
+
+function matcherFromTokens( tokens ) {
+	var checkContext, matcher, j,
+		len = tokens.length,
+		leadingRelative = Expr.relative[ tokens[0].type ],
+		implicitRelative = leadingRelative || Expr.relative[" "],
+		i = leadingRelative ? 1 : 0,
+
+		// The foundational matcher ensures that elements are reachable from top-level context(s)
+		matchContext = addCombinator( function( elem ) {
+			return elem === checkContext;
+		}, implicitRelative, true ),
+		matchAnyContext = addCombinator( function( elem ) {
+			return indexOf( checkContext, elem ) > -1;
+		}, implicitRelative, true ),
+		matchers = [ function( elem, context, xml ) {
+			var ret = ( !leadingRelative && ( xml || context !== outermostContext ) ) || (
+				(checkContext = context).nodeType ?
+					matchContext( elem, context, xml ) :
+					matchAnyContext( elem, context, xml ) );
+			// Avoid hanging onto element (issue #299)
+			checkContext = null;
+			return ret;
+		} ];
+
+	for ( ; i < len; i++ ) {
+		if ( (matcher = Expr.relative[ tokens[i].type ]) ) {
+			matchers = [ addCombinator(elementMatcher( matchers ), matcher) ];
+		} else {
+			matcher = Expr.filter[ tokens[i].type ].apply( null, tokens[i].matches );
+
+			// Return special upon seeing a positional matcher
+			if ( matcher[ expando ] ) {
+				// Find the next relative operator (if any) for proper handling
+				j = ++i;
+				for ( ; j < len; j++ ) {
+					if ( Expr.relative[ tokens[j].type ] ) {
+						break;
+					}
+				}
+				return setMatcher(
+					i > 1 && elementMatcher( matchers ),
+					i > 1 && toSelector(
+						// If the preceding token was a descendant combinator, insert an implicit any-element `*`
+						tokens.slice( 0, i - 1 ).concat({ value: tokens[ i - 2 ].type === " " ? "*" : "" })
+					).replace( rtrim, "$1" ),
+					matcher,
+					i < j && matcherFromTokens( tokens.slice( i, j ) ),
+					j < len && matcherFromTokens( (tokens = tokens.slice( j )) ),
+					j < len && toSelector( tokens )
+				);
+			}
+			matchers.push( matcher );
+		}
+	}
+
+	return elementMatcher( matchers );
+}
+
+function matcherFromGroupMatchers( elementMatchers, setMatchers ) {
+	var bySet = setMatchers.length > 0,
+		byElement = elementMatchers.length > 0,
+		superMatcher = function( seed, context, xml, results, outermost ) {
+			var elem, j, matcher,
+				matchedCount = 0,
+				i = "0",
+				unmatched = seed && [],
+				setMatched = [],
+				contextBackup = outermostContext,
+				// We must always have either seed elements or outermost context
+				elems = seed || byElement && Expr.find["TAG"]( "*", outermost ),
+				// Use integer dirruns iff this is the outermost matcher
+				dirrunsUnique = (dirruns += contextBackup == null ? 1 : Math.random() || 0.1),
+				len = elems.length;
+
+			if ( outermost ) {
+				outermostContext = context === document || context || outermost;
+			}
+
+			// Add elements passing elementMatchers directly to results
+			// Support: IE<9, Safari
+			// Tolerate NodeList properties (IE: "length"; Safari: <number>) matching elements by id
+			for ( ; i !== len && (elem = elems[i]) != null; i++ ) {
+				if ( byElement && elem ) {
+					j = 0;
+					if ( !context && elem.ownerDocument !== document ) {
+						setDocument( elem );
+						xml = !documentIsHTML;
+					}
+					while ( (matcher = elementMatchers[j++]) ) {
+						if ( matcher( elem, context || document, xml) ) {
+							results.push( elem );
+							break;
+						}
+					}
+					if ( outermost ) {
+						dirruns = dirrunsUnique;
+					}
+				}
+
+				// Track unmatched elements for set filters
+				if ( bySet ) {
+					// They will have gone through all possible matchers
+					if ( (elem = !matcher && elem) ) {
+						matchedCount--;
+					}
+
+					// Lengthen the array for every element, matched or not
+					if ( seed ) {
+						unmatched.push( elem );
+					}
+				}
+			}
+
+			// `i` is now the count of elements visited above, and adding it to `matchedCount`
+			// makes the latter nonnegative.
+			matchedCount += i;
+
+			// Apply set filters to unmatched elements
+			// NOTE: This can be skipped if there are no unmatched elements (i.e., `matchedCount`
+			// equals `i`), unless we didn't visit _any_ elements in the above loop because we have
+			// no element matchers and no seed.
+			// Incrementing an initially-string "0" `i` allows `i` to remain a string only in that
+			// case, which will result in a "00" `matchedCount` that differs from `i` but is also
+			// numerically zero.
+			if ( bySet && i !== matchedCount ) {
+				j = 0;
+				while ( (matcher = setMatchers[j++]) ) {
+					matcher( unmatched, setMatched, context, xml );
+				}
+
+				if ( seed ) {
+					// Reintegrate element matches to eliminate the need for sorting
+					if ( matchedCount > 0 ) {
+						while ( i-- ) {
+							if ( !(unmatched[i] || setMatched[i]) ) {
+								setMatched[i] = pop.call( results );
+							}
+						}
+					}
+
+					// Discard index placeholder values to get only actual matches
+					setMatched = condense( setMatched );
+				}
+
+				// Add matches to results
+				push.apply( results, setMatched );
+
+				// Seedless set matches succeeding multiple successful matchers stipulate sorting
+				if ( outermost && !seed && setMatched.length > 0 &&
+					( matchedCount + setMatchers.length ) > 1 ) {
+
+					Sizzle.uniqueSort( results );
+				}
+			}
+
+			// Override manipulation of globals by nested matchers
+			if ( outermost ) {
+				dirruns = dirrunsUnique;
+				outermostContext = contextBackup;
+			}
+
+			return unmatched;
+		};
+
+	return bySet ?
+		markFunction( superMatcher ) :
+		superMatcher;
+}
+
+compile = Sizzle.compile = function( selector, match /* Internal Use Only */ ) {
+	var i,
+		setMatchers = [],
+		elementMatchers = [],
+		cached = compilerCache[ selector + " " ];
+
+	if ( !cached ) {
+		// Generate a function of recursive functions that can be used to check each element
+		if ( !match ) {
+			match = tokenize( selector );
+		}
+		i = match.length;
+		while ( i-- ) {
+			cached = matcherFromTokens( match[i] );
+			if ( cached[ expando ] ) {
+				setMatchers.push( cached );
+			} else {
+				elementMatchers.push( cached );
+			}
+		}
+
+		// Cache the compiled function
+		cached = compilerCache( selector, matcherFromGroupMatchers( elementMatchers, setMatchers ) );
+
+		// Save selector and tokenization
+		cached.selector = selector;
+	}
+	return cached;
+};
+
+/**
+ * A low-level selection function that works with Sizzle's compiled
+ *  selector functions
+ * @param {String|Function} selector A selector or a pre-compiled
+ *  selector function built with Sizzle.compile
+ * @param {Element} context
+ * @param {Array} [results]
+ * @param {Array} [seed] A set of elements to match against
+ */
+select = Sizzle.select = function( selector, context, results, seed ) {
+	var i, tokens, token, type, find,
+		compiled = typeof selector === "function" && selector,
+		match = !seed && tokenize( (selector = compiled.selector || selector) );
+
+	results = results || [];
+
+	// Try to minimize operations if there is only one selector in the list and no seed
+	// (the latter of which guarantees us context)
+	if ( match.length === 1 ) {
+
+		// Reduce context if the leading compound selector is an ID
+		tokens = match[0] = match[0].slice( 0 );
+		if ( tokens.length > 2 && (token = tokens[0]).type === "ID" &&
+				context.nodeType === 9 && documentIsHTML && Expr.relative[ tokens[1].type ] ) {
+
+			context = ( Expr.find["ID"]( token.matches[0].replace(runescape, funescape), context ) || [] )[0];
+			if ( !context ) {
+				return results;
+
+			// Precompiled matchers will still verify ancestry, so step up a level
+			} else if ( compiled ) {
+				context = context.parentNode;
+			}
+
+			selector = selector.slice( tokens.shift().value.length );
+		}
+
+		// Fetch a seed set for right-to-left matching
+		i = matchExpr["needsContext"].test( selector ) ? 0 : tokens.length;
+		while ( i-- ) {
+			token = tokens[i];
+
+			// Abort if we hit a combinator
+			if ( Expr.relative[ (type = token.type) ] ) {
+				break;
+			}
+			if ( (find = Expr.find[ type ]) ) {
+				// Search, expanding context for leading sibling combinators
+				if ( (seed = find(
+					token.matches[0].replace( runescape, funescape ),
+					rsibling.test( tokens[0].type ) && testContext( context.parentNode ) || context
+				)) ) {
+
+					// If seed is empty or no tokens remain, we can return early
+					tokens.splice( i, 1 );
+					selector = seed.length && toSelector( tokens );
+					if ( !selector ) {
+						push.apply( results, seed );
+						return results;
+					}
+
+					break;
+				}
+			}
+		}
+	}
+
+	// Compile and execute a filtering function if one is not provided
+	// Provide `match` to avoid retokenization if we modified the selector above
+	( compiled || compile( selector, match ) )(
+		seed,
+		context,
+		!documentIsHTML,
+		results,
+		!context || rsibling.test( selector ) && testContext( context.parentNode ) || context
+	);
+	return results;
+};
+
+// One-time assignments
+
+// Sort stability
+support.sortStable = expando.split("").sort( sortOrder ).join("") === expando;
+
+// Support: Chrome 14-35+
+// Always assume duplicates if they aren't passed to the comparison function
+support.detectDuplicates = !!hasDuplicate;
+
+// Initialize against the default document
+setDocument();
+
+// Support: Webkit<537.32 - Safari 6.0.3/Chrome 25 (fixed in Chrome 27)
+// Detached nodes confoundingly follow *each other*
+support.sortDetached = assert(function( el ) {
+	// Should return 1, but returns 4 (following)
+	return el.compareDocumentPosition( document.createElement("fieldset") ) & 1;
+});
+
+// Support: IE<8
+// Prevent attribute/property "interpolation"
+// https://msdn.microsoft.com/en-us/library/ms536429%28VS.85%29.aspx
+if ( !assert(function( el ) {
+	el.innerHTML = "<a href='#'></a>";
+	return el.firstChild.getAttribute("href") === "#" ;
+}) ) {
+	addHandle( "type|href|height|width", function( elem, name, isXML ) {
+		if ( !isXML ) {
+			return elem.getAttribute( name, name.toLowerCase() === "type" ? 1 : 2 );
+		}
+	});
+}
+
+// Support: IE<9
+// Use defaultValue in place of getAttribute("value")
+if ( !support.attributes || !assert(function( el ) {
+	el.innerHTML = "<input/>";
+	el.firstChild.setAttribute( "value", "" );
+	return el.firstChild.getAttribute( "value" ) === "";
+}) ) {
+	addHandle( "value", function( elem, name, isXML ) {
+		if ( !isXML && elem.nodeName.toLowerCase() === "input" ) {
+			return elem.defaultValue;
+		}
+	});
+}
+
+// Support: IE<9
+// Use getAttributeNode to fetch booleans when getAttribute lies
+if ( !assert(function( el ) {
+	return el.getAttribute("disabled") == null;
+}) ) {
+	addHandle( booleans, function( elem, name, isXML ) {
+		var val;
+		if ( !isXML ) {
+			return elem[ name ] === true ? name.toLowerCase() :
+					(val = elem.getAttributeNode( name )) && val.specified ?
+					val.value :
+				null;
+		}
+	});
+}
+
+return Sizzle;
+
+})( window );
+
+
+
+jQuery.find = Sizzle;
+jQuery.expr = Sizzle.selectors;
+
+// Deprecated
+jQuery.expr[ ":" ] = jQuery.expr.pseudos;
+jQuery.uniqueSort = jQuery.unique = Sizzle.uniqueSort;
+jQuery.text = Sizzle.getText;
+jQuery.isXMLDoc = Sizzle.isXML;
+jQuery.contains = Sizzle.contains;
+jQuery.escapeSelector = Sizzle.escape;
+
+
+
+
+var dir = function( elem, dir, until ) {
+	var matched = [],
+		truncate = until !== undefined;
+
+	while ( ( elem = elem[ dir ] ) && elem.nodeType !== 9 ) {
+		if ( elem.nodeType === 1 ) {
+			if ( truncate && jQuery( elem ).is( until ) ) {
+				break;
+			}
+			matched.push( elem );
+		}
+	}
+	return matched;
+};
+
+
+var siblings = function( n, elem ) {
+	var matched = [];
+
+	for ( ; n; n = n.nextSibling ) {
+		if ( n.nodeType === 1 && n !== elem ) {
+			matched.push( n );
+		}
+	}
+
+	return matched;
+};
+
+
+var rneedsContext = jQuery.expr.match.needsContext;
+
+
+
+function nodeName( elem, name ) {
+
+  return elem.nodeName && elem.nodeName.toLowerCase() === name.toLowerCase();
+
+};
+var rsingleTag = ( /^<([a-z][^\/\0>:\x20\t\r\n\f]*)[\x20\t\r\n\f]*\/?>(?:<\/\1>|)$/i );
+
+
+
+var risSimple = /^.[^:#\[\.,]*$/;
+
+// Implement the identical functionality for filter and not
+function winnow( elements, qualifier, not ) {
+	if ( jQuery.isFunction( qualifier ) ) {
+		return jQuery.grep( elements, function( elem, i ) {
+			return !!qualifier.call( elem, i, elem ) !== not;
+		} );
+	}
+
+	// Single element
+	if ( qualifier.nodeType ) {
+		return jQuery.grep( elements, function( elem ) {
+			return ( elem === qualifier ) !== not;
+		} );
+	}
+
+	// Arraylike of elements (jQuery, arguments, Array)
+	if ( typeof qualifier !== "string" ) {
+		return jQuery.grep( elements, function( elem ) {
+			return ( indexOf.call( qualifier, elem ) > -1 ) !== not;
+		} );
+	}
+
+	// Simple selector that can be filtered directly, removing non-Elements
+	if ( risSimple.test( qualifier ) ) {
+		return jQuery.filter( qualifier, elements, not );
+	}
+
+	// Complex selector, compare the two sets, removing non-Elements
+	qualifier = jQuery.filter( qualifier, elements );
+	return jQuery.grep( elements, function( elem ) {
+		return ( indexOf.call( qualifier, elem ) > -1 ) !== not && elem.nodeType === 1;
+	} );
+}
+
+jQuery.filter = function( expr, elems, not ) {
+	var elem = elems[ 0 ];
+
+	if ( not ) {
+		expr = ":not(" + expr + ")";
+	}
+
+	if ( elems.length === 1 && elem.nodeType === 1 ) {
+		return jQuery.find.matchesSelector( elem, expr ) ? [ elem ] : [];
+	}
+
+	return jQuery.find.matches( expr, jQuery.grep( elems, function( elem ) {
+		return elem.nodeType === 1;
+	} ) );
+};
+
+jQuery.fn.extend( {
+	find: function( selector ) {
+		var i, ret,
+			len = this.length,
+			self = this;
+
+		if ( typeof selector !== "string" ) {
+			return this.pushStack( jQuery( selector ).filter( function() {
+				for ( i = 0; i < len; i++ ) {
+					if ( jQuery.contains( self[ i ], this ) ) {
+						return true;
+					}
+				}
+			} ) );
+		}
+
+		ret = this.pushStack( [] );
+
+		for ( i = 0; i < len; i++ ) {
+			jQuery.find( selector, self[ i ], ret );
+		}
+
+		return len > 1 ? jQuery.uniqueSort( ret ) : ret;
+	},
+	filter: function( selector ) {
+		return this.pushStack( winnow( this, selector || [], false ) );
+	},
+	not: function( selector ) {
+		return this.pushStack( winnow( this, selector || [], true ) );
+	},
+	is: function( selector ) {
+		return !!winnow(
+			this,
+
+			// If this is a positional/relative selector, check membership in the returned set
+			// so $("p:first").is("p:last") won't return true for a doc with two "p".
+			typeof selector === "string" && rneedsContext.test( selector ) ?
+				jQuery( selector ) :
+				selector || [],
+			false
+		).length;
+	}
+} );
+
+
+// Initialize a jQuery object
+
+
+// A central reference to the root jQuery(document)
+var rootjQuery,
+
+	// A simple way to check for HTML strings
+	// Prioritize #id over <tag> to avoid XSS via location.hash (#9521)
+	// Strict HTML recognition (#11290: must start with <)
+	// Shortcut simple #id case for speed
+	rquickExpr = /^(?:\s*(<[\w\W]+>)[^>]*|#([\w-]+))$/,
+
+	init = jQuery.fn.init = function( selector, context, root ) {
+		var match, elem;
+
+		// HANDLE: $(""), $(null), $(undefined), $(false)
+		if ( !selector ) {
+			return this;
+		}
+
+		// Method init() accepts an alternate rootjQuery
+		// so migrate can support jQuery.sub (gh-2101)
+		root = root || rootjQuery;
+
+		// Handle HTML strings
+		if ( typeof selector === "string" ) {
+			if ( selector[ 0 ] === "<" &&
+				selector[ selector.length - 1 ] === ">" &&
+				selector.length >= 3 ) {
+
+				// Assume that strings that start and end with <> are HTML and skip the regex check
+				match = [ null, selector, null ];
+
+			} else {
+				match = rquickExpr.exec( selector );
+			}
+
+			// Match html or make sure no context is specified for #id
+			if ( match && ( match[ 1 ] || !context ) ) {
+
+				// HANDLE: $(html) -> $(array)
+				if ( match[ 1 ] ) {
+					context = context instanceof jQuery ? context[ 0 ] : context;
+
+					// Option to run scripts is true for back-compat
+					// Intentionally let the error be thrown if parseHTML is not present
+					jQuery.merge( this, jQuery.parseHTML(
+						match[ 1 ],
+						context && context.nodeType ? context.ownerDocument || context : document,
+						true
+					) );
+
+					// HANDLE: $(html, props)
+					if ( rsingleTag.test( match[ 1 ] ) && jQuery.isPlainObject( context ) ) {
+						for ( match in context ) {
+
+							// Properties of context are called as methods if possible
+							if ( jQuery.isFunction( this[ match ] ) ) {
+								this[ match ]( context[ match ] );
+
+							// ...and otherwise set as attributes
+							} else {
+								this.attr( match, context[ match ] );
+							}
+						}
+					}
+
+					return this;
+
+				// HANDLE: $(#id)
+				} else {
+					elem = document.getElementById( match[ 2 ] );
+
+					if ( elem ) {
+
+						// Inject the element directly into the jQuery object
+						this[ 0 ] = elem;
+						this.length = 1;
+					}
+					return this;
+				}
+
+			// HANDLE: $(expr, $(...))
+			} else if ( !context || context.jquery ) {
+				return ( context || root ).find( selector );
+
+			// HANDLE: $(expr, context)
+			// (which is just equivalent to: $(context).find(expr)
+			} else {
+				return this.constructor( context ).find( selector );
+			}
+
+		// HANDLE: $(DOMElement)
+		} else if ( selector.nodeType ) {
+			this[ 0 ] = selector;
+			this.length = 1;
+			return this;
+
+		// HANDLE: $(function)
+		// Shortcut for document ready
+		} else if ( jQuery.isFunction( selector ) ) {
+			return root.ready !== undefined ?
+				root.ready( selector ) :
+
+				// Execute immediately if ready is not present
+				selector( jQuery );
+		}
+
+		return jQuery.makeArray( selector, this );
+	};
+
+// Give the init function the jQuery prototype for later instantiation
+init.prototype = jQuery.fn;
+
+// Initialize central reference
+rootjQuery = jQuery( document );
+
+
+var rparentsprev = /^(?:parents|prev(?:Until|All))/,
+
+	// Methods guaranteed to produce a unique set when starting from a unique set
+	guaranteedUnique = {
+		children: true,
+		contents: true,
+		next: true,
+		prev: true
+	};
+
+jQuery.fn.extend( {
+	has: function( target ) {
+		var targets = jQuery( target, this ),
+			l = targets.length;
+
+		return this.filter( function() {
+			var i = 0;
+			for ( ; i < l; i++ ) {
+				if ( jQuery.contains( this, targets[ i ] ) ) {
+					return true;
+				}
+			}
+		} );
+	},
+
+	closest: function( selectors, context ) {
+		var cur,
+			i = 0,
+			l = this.length,
+			matched = [],
+			targets = typeof selectors !== "string" && jQuery( selectors );
+
+		// Positional selectors never match, since there's no _selection_ context
+		if ( !rneedsContext.test( selectors ) ) {
+			for ( ; i < l; i++ ) {
+				for ( cur = this[ i ]; cur && cur !== context; cur = cur.parentNode ) {
+
+					// Always skip document fragments
+					if ( cur.nodeType < 11 && ( targets ?
+						targets.index( cur ) > -1 :
+
+						// Don't pass non-elements to Sizzle
+						cur.nodeType === 1 &&
+							jQuery.find.matchesSelector( cur, selectors ) ) ) {
+
+						matched.push( cur );
+						break;
+					}
+				}
+			}
+		}
+
+		return this.pushStack( matched.length > 1 ? jQuery.uniqueSort( matched ) : matched );
+	},
+
+	// Determine the position of an element within the set
+	index: function( elem ) {
+
+		// No argument, return index in parent
+		if ( !elem ) {
+			return ( this[ 0 ] && this[ 0 ].parentNode ) ? this.first().prevAll().length : -1;
+		}
+
+		// Index in selector
+		if ( typeof elem === "string" ) {
+			return indexOf.call( jQuery( elem ), this[ 0 ] );
+		}
+
+		// Locate the position of the desired element
+		return indexOf.call( this,
+
+			// If it receives a jQuery object, the first element is used
+			elem.jquery ? elem[ 0 ] : elem
+		);
+	},
+
+	add: function( selector, context ) {
+		return this.pushStack(
+			jQuery.uniqueSort(
+				jQuery.merge( this.get(), jQuery( selector, context ) )
+			)
+		);
+	},
+
+	addBack: function( selector ) {
+		return this.add( selector == null ?
+			this.prevObject : this.prevObject.filter( selector )
+		);
+	}
+} );
+
+function sibling( cur, dir ) {
+	while ( ( cur = cur[ dir ] ) && cur.nodeType !== 1 ) {}
+	return cur;
+}
+
+jQuery.each( {
+	parent: function( elem ) {
+		var parent = elem.parentNode;
+		return parent && parent.nodeType !== 11 ? parent : null;
+	},
+	parents: function( elem ) {
+		return dir( elem, "parentNode" );
+	},
+	parentsUntil: function( elem, i, until ) {
+		return dir( elem, "parentNode", until );
+	},
+	next: function( elem ) {
+		return sibling( elem, "nextSibling" );
+	},
+	prev: function( elem ) {
+		return sibling( elem, "previousSibling" );
+	},
+	nextAll: function( elem ) {
+		return dir( elem, "nextSibling" );
+	},
+	prevAll: function( elem ) {
+		return dir( elem, "previousSibling" );
+	},
+	nextUntil: function( elem, i, until ) {
+		return dir( elem, "nextSibling", until );
+	},
+	prevUntil: function( elem, i, until ) {
+		return dir( elem, "previousSibling", until );
+	},
+	siblings: function( elem ) {
+		return siblings( ( elem.parentNode || {} ).firstChild, elem );
+	},
+	children: function( elem ) {
+		return siblings( elem.firstChild );
+	},
+	contents: function( elem ) {
+        if ( nodeName( elem, "iframe" ) ) {
+            return elem.contentDocument;
+        }
+
+        // Support: IE 9 - 11 only, iOS 7 only, Android Browser <=4.3 only
+        // Treat the template element as a regular one in browsers that
+        // don't support it.
+        if ( nodeName( elem, "template" ) ) {
+            elem = elem.content || elem;
+        }
+
+        return jQuery.merge( [], elem.childNodes );
+	}
+}, function( name, fn ) {
+	jQuery.fn[ name ] = function( until, selector ) {
+		var matched = jQuery.map( this, fn, until );
+
+		if ( name.slice( -5 ) !== "Until" ) {
+			selector = until;
+		}
+
+		if ( selector && typeof selector === "string" ) {
+			matched = jQuery.filter( selector, matched );
+		}
+
+		if ( this.length > 1 ) {
+
+			// Remove duplicates
+			if ( !guaranteedUnique[ name ] ) {
+				jQuery.uniqueSort( matched );
+			}
+
+			// Reverse order for parents* and prev-derivatives
+			if ( rparentsprev.test( name ) ) {
+				matched.reverse();
+			}
+		}
+
+		return this.pushStack( matched );
+	};
+} );
+var rnothtmlwhite = ( /[^\x20\t\r\n\f]+/g );
+
+
+
+// Convert String-formatted options into Object-formatted ones
+function createOptions( options ) {
+	var object = {};
+	jQuery.each( options.match( rnothtmlwhite ) || [], function( _, flag ) {
+		object[ flag ] = true;
+	} );
+	return object;
+}
+
+/*
+ * Create a callback list using the following parameters:
+ *
+ *	options: an optional list of space-separated options that will change how
+ *			the callback list behaves or a more traditional option object
+ *
+ * By default a callback list will act like an event callback list and can be
+ * "fired" multiple times.
+ *
+ * Possible options:
+ *
+ *	once:			will ensure the callback list can only be fired once (like a Deferred)
+ *
+ *	memory:			will keep track of previous values and will call any callback added
+ *					after the list has been fired right away with the latest "memorized"
+ *					values (like a Deferred)
+ *
+ *	unique:			will ensure a callback can only be added once (no duplicate in the list)
+ *
+ *	stopOnFalse:	interrupt callings when a callback returns false
+ *
+ */
+jQuery.Callbacks = function( options ) {
+
+	// Convert options from String-formatted to Object-formatted if needed
+	// (we check in cache first)
+	options = typeof options === "string" ?
+		createOptions( options ) :
+		jQuery.extend( {}, options );
+
+	var // Flag to know if list is currently firing
+		firing,
+
+		// Last fire value for non-forgettable lists
+		memory,
+
+		// Flag to know if list was already fired
+		fired,
+
+		// Flag to prevent firing
+		locked,
+
+		// Actual callback list
+		list = [],
+
+		// Queue of execution data for repeatable lists
+		queue = [],
+
+		// Index of currently firing callback (modified by add/remove as needed)
+		firingIndex = -1,
+
+		// Fire callbacks
+		fire = function() {
+
+			// Enforce single-firing
+			locked = locked || options.once;
+
+			// Execute callbacks for all pending executions,
+			// respecting firingIndex overrides and runtime changes
+			fired = firing = true;
+			for ( ; queue.length; firingIndex = -1 ) {
+				memory = queue.shift();
+				while ( ++firingIndex < list.length ) {
+
+					// Run callback and check for early termination
+					if ( list[ firingIndex ].apply( memory[ 0 ], memory[ 1 ] ) === false &&
+						options.stopOnFalse ) {
+
+						// Jump to end and forget the data so .add doesn't re-fire
+						firingIndex = list.length;
+						memory = false;
+					}
+				}
+			}
+
+			// Forget the data if we're done with it
+			if ( !options.memory ) {
+				memory = false;
+			}
+
+			firing = false;
+
+			// Clean up if we're done firing for good
+			if ( locked ) {
+
+				// Keep an empty list if we have data for future add calls
+				if ( memory ) {
+					list = [];
+
+				// Otherwise, this object is spent
+				} else {
+					list = "";
+				}
+			}
+		},
+
+		// Actual Callbacks object
+		self = {
+
+			// Add a callback or a collection of callbacks to the list
+			add: function() {
+				if ( list ) {
+
+					// If we have memory from a past run, we should fire after adding
+					if ( memory && !firing ) {
+						firingIndex = list.length - 1;
+						queue.push( memory );
+					}
+
+					( function add( args ) {
+						jQuery.each( args, function( _, arg ) {
+							if ( jQuery.isFunction( arg ) ) {
+								if ( !options.unique || !self.has( arg ) ) {
+									list.push( arg );
+								}
+							} else if ( arg && arg.length && jQuery.type( arg ) !== "string" ) {
+
+								// Inspect recursively
+								add( arg );
+							}
+						} );
+					} )( arguments );
+
+					if ( memory && !firing ) {
+						fire();
+					}
+				}
+				return this;
+			},
+
+			// Remove a callback from the list
+			remove: function() {
+				jQuery.each( arguments, function( _, arg ) {
+					var index;
+					while ( ( index = jQuery.inArray( arg, list, index ) ) > -1 ) {
+						list.splice( index, 1 );
+
+						// Handle firing indexes
+						if ( index <= firingIndex ) {
+							firingIndex--;
+						}
+					}
+				} );
+				return this;
+			},
+
+			// Check if a given callback is in the list.
+			// If no argument is given, return whether or not list has callbacks attached.
+			has: function( fn ) {
+				return fn ?
+					jQuery.inArray( fn, list ) > -1 :
+					list.length > 0;
+			},
+
+			// Remove all callbacks from the list
+			empty: function() {
+				if ( list ) {
+					list = [];
+				}
+				return this;
+			},
+
+			// Disable .fire and .add
+			// Abort any current/pending executions
+			// Clear all callbacks and values
+			disable: function() {
+				locked = queue = [];
+				list = memory = "";
+				return this;
+			},
+			disabled: function() {
+				return !list;
+			},
+
+			// Disable .fire
+			// Also disable .add unless we have memory (since it would have no effect)
+			// Abort any pending executions
+			lock: function() {
+				locked = queue = [];
+				if ( !memory && !firing ) {
+					list = memory = "";
+				}
+				return this;
+			},
+			locked: function() {
+				return !!locked;
+			},
+
+			// Call all callbacks with the given context and arguments
+			fireWith: function( context, args ) {
+				if ( !locked ) {
+					args = args || [];
+					args = [ context, args.slice ? args.slice() : args ];
+					queue.push( args );
+					if ( !firing ) {
+						fire();
+					}
+				}
+				return this;
+			},
+
+			// Call all the callbacks with the given arguments
+			fire: function() {
+				self.fireWith( this, arguments );
+				return this;
+			},
+
+			// To know if the callbacks have already been called at least once
+			fired: function() {
+				return !!fired;
+			}
+		};
+
+	return self;
+};
+
+
+function Identity( v ) {
+	return v;
+}
+function Thrower( ex ) {
+	throw ex;
+}
+
+function adoptValue( value, resolve, reject, noValue ) {
+	var method;
+
+	try {
+
+		// Check for promise aspect first to privilege synchronous behavior
+		if ( value && jQuery.isFunction( ( method = value.promise ) ) ) {
+			method.call( value ).done( resolve ).fail( reject );
+
+		// Other thenables
+		} else if ( value && jQuery.isFunction( ( method = value.then ) ) ) {
+			method.call( value, resolve, reject );
+
+		// Other non-thenables
+		} else {
+
+			// Control `resolve` arguments by letting Array#slice cast boolean `noValue` to integer:
+			// * false: [ value ].slice( 0 ) => resolve( value )
+			// * true: [ value ].slice( 1 ) => resolve()
+			resolve.apply( undefined, [ value ].slice( noValue ) );
+		}
+
+	// For Promises/A+, convert exceptions into rejections
+	// Since jQuery.when doesn't unwrap thenables, we can skip the extra checks appearing in
+	// Deferred#then to conditionally suppress rejection.
+	} catch ( value ) {
+
+		// Support: Android 4.0 only
+		// Strict mode functions invoked without .call/.apply get global-object context
+		reject.apply( undefined, [ value ] );
+	}
+}
+
+jQuery.extend( {
+
+	Deferred: function( func ) {
+		var tuples = [
+
+				// action, add listener, callbacks,
+				// ... .then handlers, argument index, [final state]
+				[ "notify", "progress", jQuery.Callbacks( "memory" ),
+					jQuery.Callbacks( "memory" ), 2 ],
+				[ "resolve", "done", jQuery.Callbacks( "once memory" ),
+					jQuery.Callbacks( "once memory" ), 0, "resolved" ],
+				[ "reject", "fail", jQuery.Callbacks( "once memory" ),
+					jQuery.Callbacks( "once memory" ), 1, "rejected" ]
+			],
+			state = "pending",
+			promise = {
+				state: function() {
+					return state;
+				},
+				always: function() {
+					deferred.done( arguments ).fail( arguments );
+					return this;
+				},
+				"catch": function( fn ) {
+					return promise.then( null, fn );
+				},
+
+				// Keep pipe for back-compat
+				pipe: function( /* fnDone, fnFail, fnProgress */ ) {
+					var fns = arguments;
+
+					return jQuery.Deferred( function( newDefer ) {
+						jQuery.each( tuples, function( i, tuple ) {
+
+							// Map tuples (progress, done, fail) to arguments (done, fail, progress)
+							var fn = jQuery.isFunction( fns[ tuple[ 4 ] ] ) && fns[ tuple[ 4 ] ];
+
+							// deferred.progress(function() { bind to newDefer or newDefer.notify })
+							// deferred.done(function() { bind to newDefer or newDefer.resolve })
+							// deferred.fail(function() { bind to newDefer or newDefer.reject })
+							deferred[ tuple[ 1 ] ]( function() {
+								var returned = fn && fn.apply( this, arguments );
+								if ( returned && jQuery.isFunction( returned.promise ) ) {
+									returned.promise()
+										.progress( newDefer.notify )
+										.done( newDefer.resolve )
+										.fail( newDefer.reject );
+								} else {
+									newDefer[ tuple[ 0 ] + "With" ](
+										this,
+										fn ? [ returned ] : arguments
+									);
+								}
+							} );
+						} );
+						fns = null;
+					} ).promise();
+				},
+				then: function( onFulfilled, onRejected, onProgress ) {
+					var maxDepth = 0;
+					function resolve( depth, deferred, handler, special ) {
+						return function() {
+							var that = this,
+								args = arguments,
+								mightThrow = function() {
+									var returned, then;
+
+									// Support: Promises/A+ section 2.3.3.3.3
+									// https://promisesaplus.com/#point-59
+									// Ignore double-resolution attempts
+									if ( depth < maxDepth ) {
+										return;
+									}
+
+									returned = handler.apply( that, args );
+
+									// Support: Promises/A+ section 2.3.1
+									// https://promisesaplus.com/#point-48
+									if ( returned === deferred.promise() ) {
+										throw new TypeError( "Thenable self-resolution" );
+									}
+
+									// Support: Promises/A+ sections 2.3.3.1, 3.5
+									// https://promisesaplus.com/#point-54
+									// https://promisesaplus.com/#point-75
+									// Retrieve `then` only once
+									then = returned &&
+
+										// Support: Promises/A+ section 2.3.4
+										// https://promisesaplus.com/#point-64
+										// Only check objects and functions for thenability
+										( typeof returned === "object" ||
+											typeof returned === "function" ) &&
+										returned.then;
+
+									// Handle a returned thenable
+									if ( jQuery.isFunction( then ) ) {
+
+										// Special processors (notify) just wait for resolution
+										if ( special ) {
+											then.call(
+												returned,
+												resolve( maxDepth, deferred, Identity, special ),
+												resolve( maxDepth, deferred, Thrower, special )
+											);
+
+										// Normal processors (resolve) also hook into progress
+										} else {
+
+											// ...and disregard older resolution values
+											maxDepth++;
+
+											then.call(
+												returned,
+												resolve( maxDepth, deferred, Identity, special ),
+												resolve( maxDepth, deferred, Thrower, special ),
+												resolve( maxDepth, deferred, Identity,
+													deferred.notifyWith )
+											);
+										}
+
+									// Handle all other returned values
+									} else {
+
+										// Only substitute handlers pass on context
+										// and multiple values (non-spec behavior)
+										if ( handler !== Identity ) {
+											that = undefined;
+											args = [ returned ];
+										}
+
+										// Process the value(s)
+										// Default process is resolve
+										( special || deferred.resolveWith )( that, args );
+									}
+								},
+
+								// Only normal processors (resolve) catch and reject exceptions
+								process = special ?
+									mightThrow :
+									function() {
+										try {
+											mightThrow();
+										} catch ( e ) {
+
+											if ( jQuery.Deferred.exceptionHook ) {
+												jQuery.Deferred.exceptionHook( e,
+													process.stackTrace );
+											}
+
+											// Support: Promises/A+ section 2.3.3.3.4.1
+											// https://promisesaplus.com/#point-61
+											// Ignore post-resolution exceptions
+											if ( depth + 1 >= maxDepth ) {
+
+												// Only substitute handlers pass on context
+												// and multiple values (non-spec behavior)
+												if ( handler !== Thrower ) {
+													that = undefined;
+													args = [ e ];
+												}
+
+												deferred.rejectWith( that, args );
+											}
+										}
+									};
+
+							// Support: Promises/A+ section 2.3.3.3.1
+							// https://promisesaplus.com/#point-57
+							// Re-resolve promises immediately to dodge false rejection from
+							// subsequent errors
+							if ( depth ) {
+								process();
+							} else {
+
+								// Call an optional hook to record the stack, in case of exception
+								// since it's otherwise lost when execution goes async
+								if ( jQuery.Deferred.getStackHook ) {
+									process.stackTrace = jQuery.Deferred.getStackHook();
+								}
+								window.setTimeout( process );
+							}
+						};
+					}
+
+					return jQuery.Deferred( function( newDefer ) {
+
+						// progress_handlers.add( ... )
+						tuples[ 0 ][ 3 ].add(
+							resolve(
+								0,
+								newDefer,
+								jQuery.isFunction( onProgress ) ?
+									onProgress :
+									Identity,
+								newDefer.notifyWith
+							)
+						);
+
+						// fulfilled_handlers.add( ... )
+						tuples[ 1 ][ 3 ].add(
+							resolve(
+								0,
+								newDefer,
+								jQuery.isFunction( onFulfilled ) ?
+									onFulfilled :
+									Identity
+							)
+						);
+
+						// rejected_handlers.add( ... )
+						tuples[ 2 ][ 3 ].add(
+							resolve(
+								0,
+								newDefer,
+								jQuery.isFunction( onRejected ) ?
+									onRejected :
+									Thrower
+							)
+						);
+					} ).promise();
+				},
+
+				// Get a promise for this deferred
+				// If obj is provided, the promise aspect is added to the object
+				promise: function( obj ) {
+					return obj != null ? jQuery.extend( obj, promise ) : promise;
+				}
+			},
+			deferred = {};
+
+		// Add list-specific methods
+		jQuery.each( tuples, function( i, tuple ) {
+			var list = tuple[ 2 ],
+				stateString = tuple[ 5 ];
+
+			// promise.progress = list.add
+			// promise.done = list.add
+			// promise.fail = list.add
+			promise[ tuple[ 1 ] ] = list.add;
+
+			// Handle state
+			if ( stateString ) {
+				list.add(
+					function() {
+
+						// state = "resolved" (i.e., fulfilled)
+						// state = "rejected"
+						state = stateString;
+					},
+
+					// rejected_callbacks.disable
+					// fulfilled_callbacks.disable
+					tuples[ 3 - i ][ 2 ].disable,
+
+					// progress_callbacks.lock
+					tuples[ 0 ][ 2 ].lock
+				);
+			}
+
+			// progress_handlers.fire
+			// fulfilled_handlers.fire
+			// rejected_handlers.fire
+			list.add( tuple[ 3 ].fire );
+
+			// deferred.notify = function() { deferred.notifyWith(...) }
+			// deferred.resolve = function() { deferred.resolveWith(...) }
+			// deferred.reject = function() { deferred.rejectWith(...) }
+			deferred[ tuple[ 0 ] ] = function() {
+				deferred[ tuple[ 0 ] + "With" ]( this === deferred ? undefined : this, arguments );
+				return this;
+			};
+
+			// deferred.notifyWith = list.fireWith
+			// deferred.resolveWith = list.fireWith
+			// deferred.rejectWith = list.fireWith
+			deferred[ tuple[ 0 ] + "With" ] = list.fireWith;
+		} );
+
+		// Make the deferred a promise
+		promise.promise( deferred );
+
+		// Call given func if any
+		if ( func ) {
+			func.call( deferred, deferred );
+		}
+
+		// All done!
+		return deferred;
+	},
+
+	// Deferred helper
+	when: function( singleValue ) {
+		var
+
+			// count of uncompleted subordinates
+			remaining = arguments.length,
+
+			// count of unprocessed arguments
+			i = remaining,
+
+			// subordinate fulfillment data
+			resolveContexts = Array( i ),
+			resolveValues = slice.call( arguments ),
+
+			// the master Deferred
+			master = jQuery.Deferred(),
+
+			// subordinate callback factory
+			updateFunc = function( i ) {
+				return function( value ) {
+					resolveContexts[ i ] = this;
+					resolveValues[ i ] = arguments.length > 1 ? slice.call( arguments ) : value;
+					if ( !( --remaining ) ) {
+						master.resolveWith( resolveContexts, resolveValues );
+					}
+				};
+			};
+
+		// Single- and empty arguments are adopted like Promise.resolve
+		if ( remaining <= 1 ) {
+			adoptValue( singleValue, master.done( updateFunc( i ) ).resolve, master.reject,
+				!remaining );
+
+			// Use .then() to unwrap secondary thenables (cf. gh-3000)
+			if ( master.state() === "pending" ||
+				jQuery.isFunction( resolveValues[ i ] && resolveValues[ i ].then ) ) {
+
+				return master.then();
+			}
+		}
+
+		// Multiple arguments are aggregated like Promise.all array elements
+		while ( i-- ) {
+			adoptValue( resolveValues[ i ], updateFunc( i ), master.reject );
+		}
+
+		return master.promise();
+	}
+} );
+
+
+// These usually indicate a programmer mistake during development,
+// warn about them ASAP rather than swallowing them by default.
+var rerrorNames = /^(Eval|Internal|Range|Reference|Syntax|Type|URI)Error$/;
+
+jQuery.Deferred.exceptionHook = function( error, stack ) {
+
+	// Support: IE 8 - 9 only
+	// Console exists when dev tools are open, which can happen at any time
+	if ( window.console && window.console.warn && error && rerrorNames.test( error.name ) ) {
+		window.console.warn( "jQuery.Deferred exception: " + error.message, error.stack, stack );
+	}
+};
+
+
+
+
+jQuery.readyException = function( error ) {
+	window.setTimeout( function() {
+		throw error;
+	} );
+};
+
+
+
+
+// The deferred used on DOM ready
+var readyList = jQuery.Deferred();
+
+jQuery.fn.ready = function( fn ) {
+
+	readyList
+		.then( fn )
+
+		// Wrap jQuery.readyException in a function so that the lookup
+		// happens at the time of error handling instead of callback
+		// registration.
+		.catch( function( error ) {
+			jQuery.readyException( error );
+		} );
+
+	return this;
+};
+
+jQuery.extend( {
+
+	// Is the DOM ready to be used? Set to true once it occurs.
+	isReady: false,
+
+	// A counter to track how many items to wait for before
+	// the ready event fires. See #6781
+	readyWait: 1,
+
+	// Handle when the DOM is ready
+	ready: function( wait ) {
+
+		// Abort if there are pending holds or we're already ready
+		if ( wait === true ? --jQuery.readyWait : jQuery.isReady ) {
+			return;
+		}
+
+		// Remember that the DOM is ready
+		jQuery.isReady = true;
+
+		// If a normal DOM Ready event fired, decrement, and wait if need be
+		if ( wait !== true && --jQuery.readyWait > 0 ) {
+			return;
+		}
+
+		// If there are functions bound, to execute
+		readyList.resolveWith( document, [ jQuery ] );
+	}
+} );
+
+jQuery.ready.then = readyList.then;
+
+// The ready event handler and self cleanup method
+function completed() {
+	document.removeEventListener( "DOMContentLoaded", completed );
+	window.removeEventListener( "load", completed );
+	jQuery.ready();
+}
+
+// Catch cases where $(document).ready() is called
+// after the browser event has already occurred.
+// Support: IE <=9 - 10 only
+// Older IE sometimes signals "interactive" too soon
+if ( document.readyState === "complete" ||
+	( document.readyState !== "loading" && !document.documentElement.doScroll ) ) {
+
+	// Handle it asynchronously to allow scripts the opportunity to delay ready
+	window.setTimeout( jQuery.ready );
+
+} else {
+
+	// Use the handy event callback
+	document.addEventListener( "DOMContentLoaded", completed );
+
+	// A fallback to window.onload, that will always work
+	window.addEventListener( "load", completed );
+}
+
+
+
+
+// Multifunctional method to get and set values of a collection
+// The value/s can optionally be executed if it's a function
+var access = function( elems, fn, key, value, chainable, emptyGet, raw ) {
+	var i = 0,
+		len = elems.length,
+		bulk = key == null;
+
+	// Sets many values
+	if ( jQuery.type( key ) === "object" ) {
+		chainable = true;
+		for ( i in key ) {
+			access( elems, fn, i, key[ i ], true, emptyGet, raw );
+		}
+
+	// Sets one value
+	} else if ( value !== undefined ) {
+		chainable = true;
+
+		if ( !jQuery.isFunction( value ) ) {
+			raw = true;
+		}
+
+		if ( bulk ) {
+
+			// Bulk operations run against the entire set
+			if ( raw ) {
+				fn.call( elems, value );
+				fn = null;
+
+			// ...except when executing function values
+			} else {
+				bulk = fn;
+				fn = function( elem, key, value ) {
+					return bulk.call( jQuery( elem ), value );
+				};
+			}
+		}
+
+		if ( fn ) {
+			for ( ; i < len; i++ ) {
+				fn(
+					elems[ i ], key, raw ?
+					value :
+					value.call( elems[ i ], i, fn( elems[ i ], key ) )
+				);
+			}
+		}
+	}
+
+	if ( chainable ) {
+		return elems;
+	}
+
+	// Gets
+	if ( bulk ) {
+		return fn.call( elems );
+	}
+
+	return len ? fn( elems[ 0 ], key ) : emptyGet;
+};
+var acceptData = function( owner ) {
+
+	// Accepts only:
+	//  - Node
+	//    - Node.ELEMENT_NODE
+	//    - Node.DOCUMENT_NODE
+	//  - Object
+	//    - Any
+	return owner.nodeType === 1 || owner.nodeType === 9 || !( +owner.nodeType );
+};
+
+
+
+
+function Data() {
+	this.expando = jQuery.expando + Data.uid++;
+}
+
+Data.uid = 1;
+
+Data.prototype = {
+
+	cache: function( owner ) {
+
+		// Check if the owner object already has a cache
+		var value = owner[ this.expando ];
+
+		// If not, create one
+		if ( !value ) {
+			value = {};
+
+			// We can accept data for non-element nodes in modern browsers,
+			// but we should not, see #8335.
+			// Always return an empty object.
+			if ( acceptData( owner ) ) {
+
+				// If it is a node unlikely to be stringify-ed or looped over
+				// use plain assignment
+				if ( owner.nodeType ) {
+					owner[ this.expando ] = value;
+
+				// Otherwise secure it in a non-enumerable property
+				// configurable must be true to allow the property to be
+				// deleted when data is removed
+				} else {
+					Object.defineProperty( owner, this.expando, {
+						value: value,
+						configurable: true
+					} );
+				}
+			}
+		}
+
+		return value;
+	},
+	set: function( owner, data, value ) {
+		var prop,
+			cache = this.cache( owner );
+
+		// Handle: [ owner, key, value ] args
+		// Always use camelCase key (gh-2257)
+		if ( typeof data === "string" ) {
+			cache[ jQuery.camelCase( data ) ] = value;
+
+		// Handle: [ owner, { properties } ] args
+		} else {
+
+			// Copy the properties one-by-one to the cache object
+			for ( prop in data ) {
+				cache[ jQuery.camelCase( prop ) ] = data[ prop ];
+			}
+		}
+		return cache;
+	},
+	get: function( owner, key ) {
+		return key === undefined ?
+			this.cache( owner ) :
+
+			// Always use camelCase key (gh-2257)
+			owner[ this.expando ] && owner[ this.expando ][ jQuery.camelCase( key ) ];
+	},
+	access: function( owner, key, value ) {
+
+		// In cases where either:
+		//
+		//   1. No key was specified
+		//   2. A string key was specified, but no value provided
+		//
+		// Take the "read" path and allow the get method to determine
+		// which value to return, respectively either:
+		//
+		//   1. The entire cache object
+		//   2. The data stored at the key
+		//
+		if ( key === undefined ||
+				( ( key && typeof key === "string" ) && value === undefined ) ) {
+
+			return this.get( owner, key );
+		}
+
+		// When the key is not a string, or both a key and value
+		// are specified, set or extend (existing objects) with either:
+		//
+		//   1. An object of properties
+		//   2. A key and value
+		//
+		this.set( owner, key, value );
+
+		// Since the "set" path can have two possible entry points
+		// return the expected data based on which path was taken[*]
+		return value !== undefined ? value : key;
+	},
+	remove: function( owner, key ) {
+		var i,
+			cache = owner[ this.expando ];
+
+		if ( cache === undefined ) {
+			return;
+		}
+
+		if ( key !== undefined ) {
+
+			// Support array or space separated string of keys
+			if ( Array.isArray( key ) ) {
+
+				// If key is an array of keys...
+				// We always set camelCase keys, so remove that.
+				key = key.map( jQuery.camelCase );
+			} else {
+				key = jQuery.camelCase( key );
+
+				// If a key with the spaces exists, use it.
+				// Otherwise, create an array by matching non-whitespace
+				key = key in cache ?
+					[ key ] :
+					( key.match( rnothtmlwhite ) || [] );
+			}
+
+			i = key.length;
+
+			while ( i-- ) {
+				delete cache[ key[ i ] ];
+			}
+		}
+
+		// Remove the expando if there's no more data
+		if ( key === undefined || jQuery.isEmptyObject( cache ) ) {
+
+			// Support: Chrome <=35 - 45
+			// Webkit & Blink performance suffers when deleting properties
+			// from DOM nodes, so set to undefined instead
+			// https://bugs.chromium.org/p/chromium/issues/detail?id=378607 (bug restricted)
+			if ( owner.nodeType ) {
+				owner[ this.expando ] = undefined;
+			} else {
+				delete owner[ this.expando ];
+			}
+		}
+	},
+	hasData: function( owner ) {
+		var cache = owner[ this.expando ];
+		return cache !== undefined && !jQuery.isEmptyObject( cache );
+	}
+};
+var dataPriv = new Data();
+
+var dataUser = new Data();
+
+
+
+//	Implementation Summary
+//
+//	1. Enforce API surface and semantic compatibility with 1.9.x branch
+//	2. Improve the module's maintainability by reducing the storage
+//		paths to a single mechanism.
+//	3. Use the same single mechanism to support "private" and "user" data.
+//	4. _Never_ expose "private" data to user code (TODO: Drop _data, _removeData)
+//	5. Avoid exposing implementation details on user objects (eg. expando properties)
+//	6. Provide a clear path for implementation upgrade to WeakMap in 2014
+
+var rbrace = /^(?:\{[\w\W]*\}|\[[\w\W]*\])$/,
+	rmultiDash = /[A-Z]/g;
+
+function getData( data ) {
+	if ( data === "true" ) {
+		return true;
+	}
+
+	if ( data === "false" ) {
+		return false;
+	}
+
+	if ( data === "null" ) {
+		return null;
+	}
+
+	// Only convert to a number if it doesn't change the string
+	if ( data === +data + "" ) {
+		return +data;
+	}
+
+	if ( rbrace.test( data ) ) {
+		return JSON.parse( data );
+	}
+
+	return data;
+}
+
+function dataAttr( elem, key, data ) {
+	var name;
+
+	// If nothing was found internally, try to fetch any
+	// data from the HTML5 data-* attribute
+	if ( data === undefined && elem.nodeType === 1 ) {
+		name = "data-" + key.replace( rmultiDash, "-$&" ).toLowerCase();
+		data = elem.getAttribute( name );
+
+		if ( typeof data === "string" ) {
+			try {
+				data = getData( data );
+			} catch ( e ) {}
+
+			// Make sure we set the data so it isn't changed later
+			dataUser.set( elem, key, data );
+		} else {
+			data = undefined;
+		}
+	}
+	return data;
+}
+
+jQuery.extend( {
+	hasData: function( elem ) {
+		return dataUser.hasData( elem ) || dataPriv.hasData( elem );
+	},
+
+	data: function( elem, name, data ) {
+		return dataUser.access( elem, name, data );
+	},
+
+	removeData: function( elem, name ) {
+		dataUser.remove( elem, name );
+	},
+
+	// TODO: Now that all calls to _data and _removeData have been replaced
+	// with direct calls to dataPriv methods, these can be deprecated.
+	_data: function( elem, name, data ) {
+		return dataPriv.access( elem, name, data );
+	},
+
+	_removeData: function( elem, name ) {
+		dataPriv.remove( elem, name );
+	}
+} );
+
+jQuery.fn.extend( {
+	data: function( key, value ) {
+		var i, name, data,
+			elem = this[ 0 ],
+			attrs = elem && elem.attributes;
+
+		// Gets all values
+		if ( key === undefined ) {
+			if ( this.length ) {
+				data = dataUser.get( elem );
+
+				if ( elem.nodeType === 1 && !dataPriv.get( elem, "hasDataAttrs" ) ) {
+					i = attrs.length;
+					while ( i-- ) {
+
+						// Support: IE 11 only
+						// The attrs elements can be null (#14894)
+						if ( attrs[ i ] ) {
+							name = attrs[ i ].name;
+							if ( name.indexOf( "data-" ) === 0 ) {
+								name = jQuery.camelCase( name.slice( 5 ) );
+								dataAttr( elem, name, data[ name ] );
+							}
+						}
+					}
+					dataPriv.set( elem, "hasDataAttrs", true );
+				}
+			}
+
+			return data;
+		}
+
+		// Sets multiple values
+		if ( typeof key === "object" ) {
+			return this.each( function() {
+				dataUser.set( this, key );
+			} );
+		}
+
+		return access( this, function( value ) {
+			var data;
+
+			// The calling jQuery object (element matches) is not empty
+			// (and therefore has an element appears at this[ 0 ]) and the
+			// `value` parameter was not undefined. An empty jQuery object
+			// will result in `undefined` for elem = this[ 0 ] which will
+			// throw an exception if an attempt to read a data cache is made.
+			if ( elem && value === undefined ) {
+
+				// Attempt to get data from the cache
+				// The key will always be camelCased in Data
+				data = dataUser.get( elem, key );
+				if ( data !== undefined ) {
+					return data;
+				}
+
+				// Attempt to "discover" the data in
+				// HTML5 custom data-* attrs
+				data = dataAttr( elem, key );
+				if ( data !== undefined ) {
+					return data;
+				}
+
+				// We tried really hard, but the data doesn't exist.
+				return;
+			}
+
+			// Set the data...
+			this.each( function() {
+
+				// We always store the camelCased key
+				dataUser.set( this, key, value );
+			} );
+		}, null, value, arguments.length > 1, null, true );
+	},
+
+	removeData: function( key ) {
+		return this.each( function() {
+			dataUser.remove( this, key );
+		} );
+	}
+} );
+
+
+jQuery.extend( {
+	queue: function( elem, type, data ) {
+		var queue;
+
+		if ( elem ) {
+			type = ( type || "fx" ) + "queue";
+			queue = dataPriv.get( elem, type );
+
+			// Speed up dequeue by getting out quickly if this is just a lookup
+			if ( data ) {
+				if ( !queue || Array.isArray( data ) ) {
+					queue = dataPriv.access( elem, type, jQuery.makeArray( data ) );
+				} else {
+					queue.push( data );
+				}
+			}
+			return queue || [];
+		}
+	},
+
+	dequeue: function( elem, type ) {
+		type = type || "fx";
+
+		var queue = jQuery.queue( elem, type ),
+			startLength = queue.length,
+			fn = queue.shift(),
+			hooks = jQuery._queueHooks( elem, type ),
+			next = function() {
+				jQuery.dequeue( elem, type );
+			};
+
+		// If the fx queue is dequeued, always remove the progress sentinel
+		if ( fn === "inprogress" ) {
+			fn = queue.shift();
+			startLength--;
+		}
+
+		if ( fn ) {
+
+			// Add a progress sentinel to prevent the fx queue from being
+			// automatically dequeued
+			if ( type === "fx" ) {
+				queue.unshift( "inprogress" );
+			}
+
+			// Clear up the last queue stop function
+			delete hooks.stop;
+			fn.call( elem, next, hooks );
+		}
+
+		if ( !startLength && hooks ) {
+			hooks.empty.fire();
+		}
+	},
+
+	// Not public - generate a queueHooks object, or return the current one
+	_queueHooks: function( elem, type ) {
+		var key = type + "queueHooks";
+		return dataPriv.get( elem, key ) || dataPriv.access( elem, key, {
+			empty: jQuery.Callbacks( "once memory" ).add( function() {
+				dataPriv.remove( elem, [ type + "queue", key ] );
+			} )
+		} );
+	}
+} );
+
+jQuery.fn.extend( {
+	queue: function( type, data ) {
+		var setter = 2;
+
+		if ( typeof type !== "string" ) {
+			data = type;
+			type = "fx";
+			setter--;
+		}
+
+		if ( arguments.length < setter ) {
+			return jQuery.queue( this[ 0 ], type );
+		}
+
+		return data === undefined ?
+			this :
+			this.each( function() {
+				var queue = jQuery.queue( this, type, data );
+
+				// Ensure a hooks for this queue
+				jQuery._queueHooks( this, type );
+
+				if ( type === "fx" && queue[ 0 ] !== "inprogress" ) {
+					jQuery.dequeue( this, type );
+				}
+			} );
+	},
+	dequeue: function( type ) {
+		return this.each( function() {
+			jQuery.dequeue( this, type );
+		} );
+	},
+	clearQueue: function( type ) {
+		return this.queue( type || "fx", [] );
+	},
+
+	// Get a promise resolved when queues of a certain type
+	// are emptied (fx is the type by default)
+	promise: function( type, obj ) {
+		var tmp,
+			count = 1,
+			defer = jQuery.Deferred(),
+			elements = this,
+			i = this.length,
+			resolve = function() {
+				if ( !( --count ) ) {
+					defer.resolveWith( elements, [ elements ] );
+				}
+			};
+
+		if ( typeof type !== "string" ) {
+			obj = type;
+			type = undefined;
+		}
+		type = type || "fx";
+
+		while ( i-- ) {
+			tmp = dataPriv.get( elements[ i ], type + "queueHooks" );
+			if ( tmp && tmp.empty ) {
+				count++;
+				tmp.empty.add( resolve );
+			}
+		}
+		resolve();
+		return defer.promise( obj );
+	}
+} );
+var pnum = ( /[+-]?(?:\d*\.|)\d+(?:[eE][+-]?\d+|)/ ).source;
+
+var rcssNum = new RegExp( "^(?:([+-])=|)(" + pnum + ")([a-z%]*)$", "i" );
+
+
+var cssExpand = [ "Top", "Right", "Bottom", "Left" ];
+
+var isHiddenWithinTree = function( elem, el ) {
+
+		// isHiddenWithinTree might be called from jQuery#filter function;
+		// in that case, element will be second argument
+		elem = el || elem;
+
+		// Inline style trumps all
+		return elem.style.display === "none" ||
+			elem.style.display === "" &&
+
+			// Otherwise, check computed style
+			// Support: Firefox <=43 - 45
+			// Disconnected elements can have computed display: none, so first confirm that elem is
+			// in the document.
+			jQuery.contains( elem.ownerDocument, elem ) &&
+
+			jQuery.css( elem, "display" ) === "none";
+	};
+
+var swap = function( elem, options, callback, args ) {
+	var ret, name,
+		old = {};
+
+	// Remember the old values, and insert the new ones
+	for ( name in options ) {
+		old[ name ] = elem.style[ name ];
+		elem.style[ name ] = options[ name ];
+	}
+
+	ret = callback.apply( elem, args || [] );
+
+	// Revert the old values
+	for ( name in options ) {
+		elem.style[ name ] = old[ name ];
+	}
+
+	return ret;
+};
+
+
+
+
+function adjustCSS( elem, prop, valueParts, tween ) {
+	var adjusted,
+		scale = 1,
+		maxIterations = 20,
+		currentValue = tween ?
+			function() {
+				return tween.cur();
+			} :
+			function() {
+				return jQuery.css( elem, prop, "" );
+			},
+		initial = currentValue(),
+		unit = valueParts && valueParts[ 3 ] || ( jQuery.cssNumber[ prop ] ? "" : "px" ),
+
+		// Starting value computation is required for potential unit mismatches
+		initialInUnit = ( jQuery.cssNumber[ prop ] || unit !== "px" && +initial ) &&
+			rcssNum.exec( jQuery.css( elem, prop ) );
+
+	if ( initialInUnit && initialInUnit[ 3 ] !== unit ) {
+
+		// Trust units reported by jQuery.css
+		unit = unit || initialInUnit[ 3 ];
+
+		// Make sure we update the tween properties later on
+		valueParts = valueParts || [];
+
+		// Iteratively approximate from a nonzero starting point
+		initialInUnit = +initial || 1;
+
+		do {
+
+			// If previous iteration zeroed out, double until we get *something*.
+			// Use string for doubling so we don't accidentally see scale as unchanged below
+			scale = scale || ".5";
+
+			// Adjust and apply
+			initialInUnit = initialInUnit / scale;
+			jQuery.style( elem, prop, initialInUnit + unit );
+
+		// Update scale, tolerating zero or NaN from tween.cur()
+		// Break the loop if scale is unchanged or perfect, or if we've just had enough.
+		} while (
+			scale !== ( scale = currentValue() / initial ) && scale !== 1 && --maxIterations
+		);
+	}
+
+	if ( valueParts ) {
+		initialInUnit = +initialInUnit || +initial || 0;
+
+		// Apply relative offset (+=/-=) if specified
+		adjusted = valueParts[ 1 ] ?
+			initialInUnit + ( valueParts[ 1 ] + 1 ) * valueParts[ 2 ] :
+			+valueParts[ 2 ];
+		if ( tween ) {
+			tween.unit = unit;
+			tween.start = initialInUnit;
+			tween.end = adjusted;
+		}
+	}
+	return adjusted;
+}
+
+
+var defaultDisplayMap = {};
+
+function getDefaultDisplay( elem ) {
+	var temp,
+		doc = elem.ownerDocument,
+		nodeName = elem.nodeName,
+		display = defaultDisplayMap[ nodeName ];
+
+	if ( display ) {
+		return display;
+	}
+
+	temp = doc.body.appendChild( doc.createElement( nodeName ) );
+	display = jQuery.css( temp, "display" );
+
+	temp.parentNode.removeChild( temp );
+
+	if ( display === "none" ) {
+		display = "block";
+	}
+	defaultDisplayMap[ nodeName ] = display;
+
+	return display;
+}
+
+function showHide( elements, show ) {
+	var display, elem,
+		values = [],
+		index = 0,
+		length = elements.length;
+
+	// Determine new display value for elements that need to change
+	for ( ; index < length; index++ ) {
+		elem = elements[ index ];
+		if ( !elem.style ) {
+			continue;
+		}
+
+		display = elem.style.display;
+		if ( show ) {
+
+			// Since we force visibility upon cascade-hidden elements, an immediate (and slow)
+			// check is required in this first loop unless we have a nonempty display value (either
+			// inline or about-to-be-restored)
+			if ( display === "none" ) {
+				values[ index ] = dataPriv.get( elem, "display" ) || null;
+				if ( !values[ index ] ) {
+					elem.style.display = "";
+				}
+			}
+			if ( elem.style.display === "" && isHiddenWithinTree( elem ) ) {
+				values[ index ] = getDefaultDisplay( elem );
+			}
+		} else {
+			if ( display !== "none" ) {
+				values[ index ] = "none";
+
+				// Remember what we're overwriting
+				dataPriv.set( elem, "display", display );
+			}
+		}
+	}
+
+	// Set the display of the elements in a second loop to avoid constant reflow
+	for ( index = 0; index < length; index++ ) {
+		if ( values[ index ] != null ) {
+			elements[ index ].style.display = values[ index ];
+		}
+	}
+
+	return elements;
+}
+
+jQuery.fn.extend( {
+	show: function() {
+		return showHide( this, true );
+	},
+	hide: function() {
+		return showHide( this );
+	},
+	toggle: function( state ) {
+		if ( typeof state === "boolean" ) {
+			return state ? this.show() : this.hide();
+		}
+
+		return this.each( function() {
+			if ( isHiddenWithinTree( this ) ) {
+				jQuery( this ).show();
+			} else {
+				jQuery( this ).hide();
+			}
+		} );
+	}
+} );
+var rcheckableType = ( /^(?:checkbox|radio)$/i );
+
+var rtagName = ( /<([a-z][^\/\0>\x20\t\r\n\f]+)/i );
+
+var rscriptType = ( /^$|\/(?:java|ecma)script/i );
+
+
+
+// We have to close these tags to support XHTML (#13200)
+var wrapMap = {
+
+	// Support: IE <=9 only
+	option: [ 1, "<select multiple='multiple'>", "</select>" ],
+
+	// XHTML parsers do not magically insert elements in the
+	// same way that tag soup parsers do. So we cannot shorten
+	// this by omitting <tbody> or other required elements.
+	thead: [ 1, "<table>", "</table>" ],
+	col: [ 2, "<table><colgroup>", "</colgroup></table>" ],
+	tr: [ 2, "<table><tbody>", "</tbody></table>" ],
+	td: [ 3, "<table><tbody><tr>", "</tr></tbody></table>" ],
+
+	_default: [ 0, "", "" ]
+};
+
+// Support: IE <=9 only
+wrapMap.optgroup = wrapMap.option;
+
+wrapMap.tbody = wrapMap.tfoot = wrapMap.colgroup = wrapMap.caption = wrapMap.thead;
+wrapMap.th = wrapMap.td;
+
+
+function getAll( context, tag ) {
+
+	// Support: IE <=9 - 11 only
+	// Use typeof to avoid zero-argument method invocation on host objects (#15151)
+	var ret;
+
+	if ( typeof context.getElementsByTagName !== "undefined" ) {
+		ret = context.getElementsByTagName( tag || "*" );
+
+	} else if ( typeof context.querySelectorAll !== "undefined" ) {
+		ret = context.querySelectorAll( tag || "*" );
+
+	} else {
+		ret = [];
+	}
+
+	if ( tag === undefined || tag && nodeName( context, tag ) ) {
+		return jQuery.merge( [ context ], ret );
+	}
+
+	return ret;
+}
+
+
+// Mark scripts as having already been evaluated
+function setGlobalEval( elems, refElements ) {
+	var i = 0,
+		l = elems.length;
+
+	for ( ; i < l; i++ ) {
+		dataPriv.set(
+			elems[ i ],
+			"globalEval",
+			!refElements || dataPriv.get( refElements[ i ], "globalEval" )
+		);
+	}
+}
+
+
+var rhtml = /<|&#?\w+;/;
+
+function buildFragment( elems, context, scripts, selection, ignored ) {
+	var elem, tmp, tag, wrap, contains, j,
+		fragment = context.createDocumentFragment(),
+		nodes = [],
+		i = 0,
+		l = elems.length;
+
+	for ( ; i < l; i++ ) {
+		elem = elems[ i ];
+
+		if ( elem || elem === 0 ) {
+
+			// Add nodes directly
+			if ( jQuery.type( elem ) === "object" ) {
+
+				// Support: Android <=4.0 only, PhantomJS 1 only
+				// push.apply(_, arraylike) throws on ancient WebKit
+				jQuery.merge( nodes, elem.nodeType ? [ elem ] : elem );
+
+			// Convert non-html into a text node
+			} else if ( !rhtml.test( elem ) ) {
+				nodes.push( context.createTextNode( elem ) );
+
+			// Convert html into DOM nodes
+			} else {
+				tmp = tmp || fragment.appendChild( context.createElement( "div" ) );
+
+				// Deserialize a standard representation
+				tag = ( rtagName.exec( elem ) || [ "", "" ] )[ 1 ].toLowerCase();
+				wrap = wrapMap[ tag ] || wrapMap._default;
+				tmp.innerHTML = wrap[ 1 ] + jQuery.htmlPrefilter( elem ) + wrap[ 2 ];
+
+				// Descend through wrappers to the right content
+				j = wrap[ 0 ];
+				while ( j-- ) {
+					tmp = tmp.lastChild;
+				}
+
+				// Support: Android <=4.0 only, PhantomJS 1 only
+				// push.apply(_, arraylike) throws on ancient WebKit
+				jQuery.merge( nodes, tmp.childNodes );
+
+				// Remember the top-level container
+				tmp = fragment.firstChild;
+
+				// Ensure the created nodes are orphaned (#12392)
+				tmp.textContent = "";
+			}
+		}
+	}
+
+	// Remove wrapper from fragment
+	fragment.textContent = "";
+
+	i = 0;
+	while ( ( elem = nodes[ i++ ] ) ) {
+
+		// Skip elements already in the context collection (trac-4087)
+		if ( selection && jQuery.inArray( elem, selection ) > -1 ) {
+			if ( ignored ) {
+				ignored.push( elem );
+			}
+			continue;
+		}
+
+		contains = jQuery.contains( elem.ownerDocument, elem );
+
+		// Append to fragment
+		tmp = getAll( fragment.appendChild( elem ), "script" );
+
+		// Preserve script evaluation history
+		if ( contains ) {
+			setGlobalEval( tmp );
+		}
+
+		// Capture executables
+		if ( scripts ) {
+			j = 0;
+			while ( ( elem = tmp[ j++ ] ) ) {
+				if ( rscriptType.test( elem.type || "" ) ) {
+					scripts.push( elem );
+				}
+			}
+		}
+	}
+
+	return fragment;
+}
+
+
+( function() {
+	var fragment = document.createDocumentFragment(),
+		div = fragment.appendChild( document.createElement( "div" ) ),
+		input = document.createElement( "input" );
+
+	// Support: Android 4.0 - 4.3 only
+	// Check state lost if the name is set (#11217)
+	// Support: Windows Web Apps (WWA)
+	// `name` and `type` must use .setAttribute for WWA (#14901)
+	input.setAttribute( "type", "radio" );
+	input.setAttribute( "checked", "checked" );
+	input.setAttribute( "name", "t" );
+
+	div.appendChild( input );
+
+	// Support: Android <=4.1 only
+	// Older WebKit doesn't clone checked state correctly in fragments
+	support.checkClone = div.cloneNode( true ).cloneNode( true ).lastChild.checked;
+
+	// Support: IE <=11 only
+	// Make sure textarea (and checkbox) defaultValue is properly cloned
+	div.innerHTML = "<textarea>x</textarea>";
+	support.noCloneChecked = !!div.cloneNode( true ).lastChild.defaultValue;
+} )();
+var documentElement = document.documentElement;
+
+
+
+var
+	rkeyEvent = /^key/,
+	rmouseEvent = /^(?:mouse|pointer|contextmenu|drag|drop)|click/,
+	rtypenamespace = /^([^.]*)(?:\.(.+)|)/;
+
+function returnTrue() {
+	return true;
+}
+
+function returnFalse() {
+	return false;
+}
+
+// Support: IE <=9 only
+// See #13393 for more info
+function safeActiveElement() {
+	try {
+		return document.activeElement;
+	} catch ( err ) { }
+}
+
+function on( elem, types, selector, data, fn, one ) {
+	var origFn, type;
+
+	// Types can be a map of types/handlers
+	if ( typeof types === "object" ) {
+
+		// ( types-Object, selector, data )
+		if ( typeof selector !== "string" ) {
+
+			// ( types-Object, data )
+			data = data || selector;
+			selector = undefined;
+		}
+		for ( type in types ) {
+			on( elem, type, selector, data, types[ type ], one );
+		}
+		return elem;
+	}
+
+	if ( data == null && fn == null ) {
+
+		// ( types, fn )
+		fn = selector;
+		data = selector = undefined;
+	} else if ( fn == null ) {
+		if ( typeof selector === "string" ) {
+
+			// ( types, selector, fn )
+			fn = data;
+			data = undefined;
+		} else {
+
+			// ( types, data, fn )
+			fn = data;
+			data = selector;
+			selector = undefined;
+		}
+	}
+	if ( fn === false ) {
+		fn = returnFalse;
+	} else if ( !fn ) {
+		return elem;
+	}
+
+	if ( one === 1 ) {
+		origFn = fn;
+		fn = function( event ) {
+
+			// Can use an empty set, since event contains the info
+			jQuery().off( event );
+			return origFn.apply( this, arguments );
+		};
+
+		// Use same guid so caller can remove using origFn
+		fn.guid = origFn.guid || ( origFn.guid = jQuery.guid++ );
+	}
+	return elem.each( function() {
+		jQuery.event.add( this, types, fn, data, selector );
+	} );
+}
+
+/*
+ * Helper functions for managing events -- not part of the public interface.
+ * Props to Dean Edwards' addEvent library for many of the ideas.
+ */
+jQuery.event = {
+
+	global: {},
+
+	add: function( elem, types, handler, data, selector ) {
+
+		var handleObjIn, eventHandle, tmp,
+			events, t, handleObj,
+			special, handlers, type, namespaces, origType,
+			elemData = dataPriv.get( elem );
+
+		// Don't attach events to noData or text/comment nodes (but allow plain objects)
+		if ( !elemData ) {
+			return;
+		}
+
+		// Caller can pass in an object of custom data in lieu of the handler
+		if ( handler.handler ) {
+			handleObjIn = handler;
+			handler = handleObjIn.handler;
+			selector = handleObjIn.selector;
+		}
+
+		// Ensure that invalid selectors throw exceptions at attach time
+		// Evaluate against documentElement in case elem is a non-element node (e.g., document)
+		if ( selector ) {
+			jQuery.find.matchesSelector( documentElement, selector );
+		}
+
+		// Make sure that the handler has a unique ID, used to find/remove it later
+		if ( !handler.guid ) {
+			handler.guid = jQuery.guid++;
+		}
+
+		// Init the element's event structure and main handler, if this is the first
+		if ( !( events = elemData.events ) ) {
+			events = elemData.events = {};
+		}
+		if ( !( eventHandle = elemData.handle ) ) {
+			eventHandle = elemData.handle = function( e ) {
+
+				// Discard the second event of a jQuery.event.trigger() and
+				// when an event is called after a page has unloaded
+				return typeof jQuery !== "undefined" && jQuery.event.triggered !== e.type ?
+					jQuery.event.dispatch.apply( elem, arguments ) : undefined;
+			};
+		}
+
+		// Handle multiple events separated by a space
+		types = ( types || "" ).match( rnothtmlwhite ) || [ "" ];
+		t = types.length;
+		while ( t-- ) {
+			tmp = rtypenamespace.exec( types[ t ] ) || [];
+			type = origType = tmp[ 1 ];
+			namespaces = ( tmp[ 2 ] || "" ).split( "." ).sort();
+
+			// There *must* be a type, no attaching namespace-only handlers
+			if ( !type ) {
+				continue;
+			}
+
+			// If event changes its type, use the special event handlers for the changed type
+			special = jQuery.event.special[ type ] || {};
+
+			// If selector defined, determine special event api type, otherwise given type
+			type = ( selector ? special.delegateType : special.bindType ) || type;
+
+			// Update special based on newly reset type
+			special = jQuery.event.special[ type ] || {};
+
+			// handleObj is passed to all event handlers
+			handleObj = jQuery.extend( {
+				type: type,
+				origType: origType,
+				data: data,
+				handler: handler,
+				guid: handler.guid,
+				selector: selector,
+				needsContext: selector && jQuery.expr.match.needsContext.test( selector ),
+				namespace: namespaces.join( "." )
+			}, handleObjIn );
+
+			// Init the event handler queue if we're the first
+			if ( !( handlers = events[ type ] ) ) {
+				handlers = events[ type ] = [];
+				handlers.delegateCount = 0;
+
+				// Only use addEventListener if the special events handler returns false
+				if ( !special.setup ||
+					special.setup.call( elem, data, namespaces, eventHandle ) === false ) {
+
+					if ( elem.addEventListener ) {
+						elem.addEventListener( type, eventHandle );
+					}
+				}
+			}
+
+			if ( special.add ) {
+				special.add.call( elem, handleObj );
+
+				if ( !handleObj.handler.guid ) {
+					handleObj.handler.guid = handler.guid;
+				}
+			}
+
+			// Add to the element's handler list, delegates in front
+			if ( selector ) {
+				handlers.splice( handlers.delegateCount++, 0, handleObj );
+			} else {
+				handlers.push( handleObj );
+			}
+
+			// Keep track of which events have ever been used, for event optimization
+			jQuery.event.global[ type ] = true;
+		}
+
+	},
+
+	// Detach an event or set of events from an element
+	remove: function( elem, types, handler, selector, mappedTypes ) {
+
+		var j, origCount, tmp,
+			events, t, handleObj,
+			special, handlers, type, namespaces, origType,
+			elemData = dataPriv.hasData( elem ) && dataPriv.get( elem );
+
+		if ( !elemData || !( events = elemData.events ) ) {
+			return;
+		}
+
+		// Once for each type.namespace in types; type may be omitted
+		types = ( types || "" ).match( rnothtmlwhite ) || [ "" ];
+		t = types.length;
+		while ( t-- ) {
+			tmp = rtypenamespace.exec( types[ t ] ) || [];
+			type = origType = tmp[ 1 ];
+			namespaces = ( tmp[ 2 ] || "" ).split( "." ).sort();
+
+			// Unbind all events (on this namespace, if provided) for the element
+			if ( !type ) {
+				for ( type in events ) {
+					jQuery.event.remove( elem, type + types[ t ], handler, selector, true );
+				}
+				continue;
+			}
+
+			special = jQuery.event.special[ type ] || {};
+			type = ( selector ? special.delegateType : special.bindType ) || type;
+			handlers = events[ type ] || [];
+			tmp = tmp[ 2 ] &&
+				new RegExp( "(^|\\.)" + namespaces.join( "\\.(?:.*\\.|)" ) + "(\\.|$)" );
+
+			// Remove matching events
+			origCount = j = handlers.length;
+			while ( j-- ) {
+				handleObj = handlers[ j ];
+
+				if ( ( mappedTypes || origType === handleObj.origType ) &&
+					( !handler || handler.guid === handleObj.guid ) &&
+					( !tmp || tmp.test( handleObj.namespace ) ) &&
+					( !selector || selector === handleObj.selector ||
+						selector === "**" && handleObj.selector ) ) {
+					handlers.splice( j, 1 );
+
+					if ( handleObj.selector ) {
+						handlers.delegateCount--;
+					}
+					if ( special.remove ) {
+						special.remove.call( elem, handleObj );
+					}
+				}
+			}
+
+			// Remove generic event handler if we removed something and no more handlers exist
+			// (avoids potential for endless recursion during removal of special event handlers)
+			if ( origCount && !handlers.length ) {
+				if ( !special.teardown ||
+					special.teardown.call( elem, namespaces, elemData.handle ) === false ) {
+
+					jQuery.removeEvent( elem, type, elemData.handle );
+				}
+
+				delete events[ type ];
+			}
+		}
+
+		// Remove data and the expando if it's no longer used
+		if ( jQuery.isEmptyObject( events ) ) {
+			dataPriv.remove( elem, "handle events" );
+		}
+	},
+
+	dispatch: function( nativeEvent ) {
+
+		// Make a writable jQuery.Event from the native event object
+		var event = jQuery.event.fix( nativeEvent );
+
+		var i, j, ret, matched, handleObj, handlerQueue,
+			args = new Array( arguments.length ),
+			handlers = ( dataPriv.get( this, "events" ) || {} )[ event.type ] || [],
+			special = jQuery.event.special[ event.type ] || {};
+
+		// Use the fix-ed jQuery.Event rather than the (read-only) native event
+		args[ 0 ] = event;
+
+		for ( i = 1; i < arguments.length; i++ ) {
+			args[ i ] = arguments[ i ];
+		}
+
+		event.delegateTarget = this;
+
+		// Call the preDispatch hook for the mapped type, and let it bail if desired
+		if ( special.preDispatch && special.preDispatch.call( this, event ) === false ) {
+			return;
+		}
+
+		// Determine handlers
+		handlerQueue = jQuery.event.handlers.call( this, event, handlers );
+
+		// Run delegates first; they may want to stop propagation beneath us
+		i = 0;
+		while ( ( matched = handlerQueue[ i++ ] ) && !event.isPropagationStopped() ) {
+			event.currentTarget = matched.elem;
+
+			j = 0;
+			while ( ( handleObj = matched.handlers[ j++ ] ) &&
+				!event.isImmediatePropagationStopped() ) {
+
+				// Triggered event must either 1) have no namespace, or 2) have namespace(s)
+				// a subset or equal to those in the bound event (both can have no namespace).
+				if ( !event.rnamespace || event.rnamespace.test( handleObj.namespace ) ) {
+
+					event.handleObj = handleObj;
+					event.data = handleObj.data;
+
+					ret = ( ( jQuery.event.special[ handleObj.origType ] || {} ).handle ||
+						handleObj.handler ).apply( matched.elem, args );
+
+					if ( ret !== undefined ) {
+						if ( ( event.result = ret ) === false ) {
+							event.preventDefault();
+							event.stopPropagation();
+						}
+					}
+				}
+			}
+		}
+
+		// Call the postDispatch hook for the mapped type
+		if ( special.postDispatch ) {
+			special.postDispatch.call( this, event );
+		}
+
+		return event.result;
+	},
+
+	handlers: function( event, handlers ) {
+		var i, handleObj, sel, matchedHandlers, matchedSelectors,
+			handlerQueue = [],
+			delegateCount = handlers.delegateCount,
+			cur = event.target;
+
+		// Find delegate handlers
+		if ( delegateCount &&
+
+			// Support: IE <=9
+			// Black-hole SVG <use> instance trees (trac-13180)
+			cur.nodeType &&
+
+			// Support: Firefox <=42
+			// Suppress spec-violating clicks indicating a non-primary pointer button (trac-3861)
+			// https://www.w3.org/TR/DOM-Level-3-Events/#event-type-click
+			// Support: IE 11 only
+			// ...but not arrow key "clicks" of radio inputs, which can have `button` -1 (gh-2343)
+			!( event.type === "click" && event.button >= 1 ) ) {
+
+			for ( ; cur !== this; cur = cur.parentNode || this ) {
+
+				// Don't check non-elements (#13208)
+				// Don't process clicks on disabled elements (#6911, #8165, #11382, #11764)
+				if ( cur.nodeType === 1 && !( event.type === "click" && cur.disabled === true ) ) {
+					matchedHandlers = [];
+					matchedSelectors = {};
+					for ( i = 0; i < delegateCount; i++ ) {
+						handleObj = handlers[ i ];
+
+						// Don't conflict with Object.prototype properties (#13203)
+						sel = handleObj.selector + " ";
+
+						if ( matchedSelectors[ sel ] === undefined ) {
+							matchedSelectors[ sel ] = handleObj.needsContext ?
+								jQuery( sel, this ).index( cur ) > -1 :
+								jQuery.find( sel, this, null, [ cur ] ).length;
+						}
+						if ( matchedSelectors[ sel ] ) {
+							matchedHandlers.push( handleObj );
+						}
+					}
+					if ( matchedHandlers.length ) {
+						handlerQueue.push( { elem: cur, handlers: matchedHandlers } );
+					}
+				}
+			}
+		}
+
+		// Add the remaining (directly-bound) handlers
+		cur = this;
+		if ( delegateCount < handlers.length ) {
+			handlerQueue.push( { elem: cur, handlers: handlers.slice( delegateCount ) } );
+		}
+
+		return handlerQueue;
+	},
+
+	addProp: function( name, hook ) {
+		Object.defineProperty( jQuery.Event.prototype, name, {
+			enumerable: true,
+			configurable: true,
+
+			get: jQuery.isFunction( hook ) ?
+				function() {
+					if ( this.originalEvent ) {
+							return hook( this.originalEvent );
+					}
+				} :
+				function() {
+					if ( this.originalEvent ) {
+							return this.originalEvent[ name ];
+					}
+				},
+
+			set: function( value ) {
+				Object.defineProperty( this, name, {
+					enumerable: true,
+					configurable: true,
+					writable: true,
+					value: value
+				} );
+			}
+		} );
+	},
+
+	fix: function( originalEvent ) {
+		return originalEvent[ jQuery.expando ] ?
+			originalEvent :
+			new jQuery.Event( originalEvent );
+	},
+
+	special: {
+		load: {
+
+			// Prevent triggered image.load events from bubbling to window.load
+			noBubble: true
+		},
+		focus: {
+
+			// Fire native event if possible so blur/focus sequence is correct
+			trigger: function() {
+				if ( this !== safeActiveElement() && this.focus ) {
+					this.focus();
+					return false;
+				}
+			},
+			delegateType: "focusin"
+		},
+		blur: {
+			trigger: function() {
+				if ( this === safeActiveElement() && this.blur ) {
+					this.blur();
+					return false;
+				}
+			},
+			delegateType: "focusout"
+		},
+		click: {
+
+			// For checkbox, fire native event so checked state will be right
+			trigger: function() {
+				if ( this.type === "checkbox" && this.click && nodeName( this, "input" ) ) {
+					this.click();
+					return false;
+				}
+			},
+
+			// For cross-browser consistency, don't fire native .click() on links
+			_default: function( event ) {
+				return nodeName( event.target, "a" );
+			}
+		},
+
+		beforeunload: {
+			postDispatch: function( event ) {
+
+				// Support: Firefox 20+
+				// Firefox doesn't alert if the returnValue field is not set.
+				if ( event.result !== undefined && event.originalEvent ) {
+					event.originalEvent.returnValue = event.result;
+				}
+			}
+		}
+	}
+};
+
+jQuery.removeEvent = function( elem, type, handle ) {
+
+	// This "if" is needed for plain objects
+	if ( elem.removeEventListener ) {
+		elem.removeEventListener( type, handle );
+	}
+};
+
+jQuery.Event = function( src, props ) {
+
+	// Allow instantiation without the 'new' keyword
+	if ( !( this instanceof jQuery.Event ) ) {
+		return new jQuery.Event( src, props );
+	}
+
+	// Event object
+	if ( src && src.type ) {
+		this.originalEvent = src;
+		this.type = src.type;
+
+		// Events bubbling up the document may have been marked as prevented
+		// by a handler lower down the tree; reflect the correct value.
+		this.isDefaultPrevented = src.defaultPrevented ||
+				src.defaultPrevented === undefined &&
+
+				// Support: Android <=2.3 only
+				src.returnValue === false ?
+			returnTrue :
+			returnFalse;
+
+		// Create target properties
+		// Support: Safari <=6 - 7 only
+		// Target should not be a text node (#504, #13143)
+		this.target = ( src.target && src.target.nodeType === 3 ) ?
+			src.target.parentNode :
+			src.target;
+
+		this.currentTarget = src.currentTarget;
+		this.relatedTarget = src.relatedTarget;
+
+	// Event type
+	} else {
+		this.type = src;
+	}
+
+	// Put explicitly provided properties onto the event object
+	if ( props ) {
+		jQuery.extend( this, props );
+	}
+
+	// Create a timestamp if incoming event doesn't have one
+	this.timeStamp = src && src.timeStamp || jQuery.now();
+
+	// Mark it as fixed
+	this[ jQuery.expando ] = true;
+};
+
+// jQuery.Event is based on DOM3 Events as specified by the ECMAScript Language Binding
+// https://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html
+jQuery.Event.prototype = {
+	constructor: jQuery.Event,
+	isDefaultPrevented: returnFalse,
+	isPropagationStopped: returnFalse,
+	isImmediatePropagationStopped: returnFalse,
+	isSimulated: false,
+
+	preventDefault: function() {
+		var e = this.originalEvent;
+
+		this.isDefaultPrevented = returnTrue;
+
+		if ( e && !this.isSimulated ) {
+			e.preventDefault();
+		}
+	},
+	stopPropagation: function() {
+		var e = this.originalEvent;
+
+		this.isPropagationStopped = returnTrue;
+
+		if ( e && !this.isSimulated ) {
+			e.stopPropagation();
+		}
+	},
+	stopImmediatePropagation: function() {
+		var e = this.originalEvent;
+
+		this.isImmediatePropagationStopped = returnTrue;
+
+		if ( e && !this.isSimulated ) {
+			e.stopImmediatePropagation();
+		}
+
+		this.stopPropagation();
+	}
+};
+
+// Includes all common event props including KeyEvent and MouseEvent specific props
+jQuery.each( {
+	altKey: true,
+	bubbles: true,
+	cancelable: true,
+	changedTouches: true,
+	ctrlKey: true,
+	detail: true,
+	eventPhase: true,
+	metaKey: true,
+	pageX: true,
+	pageY: true,
+	shiftKey: true,
+	view: true,
+	"char": true,
+	charCode: true,
+	key: true,
+	keyCode: true,
+	button: true,
+	buttons: true,
+	clientX: true,
+	clientY: true,
+	offsetX: true,
+	offsetY: true,
+	pointerId: true,
+	pointerType: true,
+	screenX: true,
+	screenY: true,
+	targetTouches: true,
+	toElement: true,
+	touches: true,
+
+	which: function( event ) {
+		var button = event.button;
+
+		// Add which for key events
+		if ( event.which == null && rkeyEvent.test( event.type ) ) {
+			return event.charCode != null ? event.charCode : event.keyCode;
+		}
+
+		// Add which for click: 1 === left; 2 === middle; 3 === right
+		if ( !event.which && button !== undefined && rmouseEvent.test( event.type ) ) {
+			if ( button & 1 ) {
+				return 1;
+			}
+
+			if ( button & 2 ) {
+				return 3;
+			}
+
+			if ( button & 4 ) {
+				return 2;
+			}
+
+			return 0;
+		}
+
+		return event.which;
+	}
+}, jQuery.event.addProp );
+
+// Create mouseenter/leave events using mouseover/out and event-time checks
+// so that event delegation works in jQuery.
+// Do the same for pointerenter/pointerleave and pointerover/pointerout
+//
+// Support: Safari 7 only
+// Safari sends mouseenter too often; see:
+// https://bugs.chromium.org/p/chromium/issues/detail?id=470258
+// for the description of the bug (it existed in older Chrome versions as well).
+jQuery.each( {
+	mouseenter: "mouseover",
+	mouseleave: "mouseout",
+	pointerenter: "pointerover",
+	pointerleave: "pointerout"
+}, function( orig, fix ) {
+	jQuery.event.special[ orig ] = {
+		delegateType: fix,
+		bindType: fix,
+
+		handle: function( event ) {
+			var ret,
+				target = this,
+				related = event.relatedTarget,
+				handleObj = event.handleObj;
+
+			// For mouseenter/leave call the handler if related is outside the target.
+			// NB: No relatedTarget if the mouse left/entered the browser window
+			if ( !related || ( related !== target && !jQuery.contains( target, related ) ) ) {
+				event.type = handleObj.origType;
+				ret = handleObj.handler.apply( this, arguments );
+				event.type = fix;
+			}
+			return ret;
+		}
+	};
+} );
+
+jQuery.fn.extend( {
+
+	on: function( types, selector, data, fn ) {
+		return on( this, types, selector, data, fn );
+	},
+	one: function( types, selector, data, fn ) {
+		return on( this, types, selector, data, fn, 1 );
+	},
+	off: function( types, selector, fn ) {
+		var handleObj, type;
+		if ( types && types.preventDefault && types.handleObj ) {
+
+			// ( event )  dispatched jQuery.Event
+			handleObj = types.handleObj;
+			jQuery( types.delegateTarget ).off(
+				handleObj.namespace ?
+					handleObj.origType + "." + handleObj.namespace :
+					handleObj.origType,
+				handleObj.selector,
+				handleObj.handler
+			);
+			return this;
+		}
+		if ( typeof types === "object" ) {
+
+			// ( types-object [, selector] )
+			for ( type in types ) {
+				this.off( type, selector, types[ type ] );
+			}
+			return this;
+		}
+		if ( selector === false || typeof selector === "function" ) {
+
+			// ( types [, fn] )
+			fn = selector;
+			selector = undefined;
+		}
+		if ( fn === false ) {
+			fn = returnFalse;
+		}
+		return this.each( function() {
+			jQuery.event.remove( this, types, fn, selector );
+		} );
+	}
+} );
+
+
+var
+
+	/* eslint-disable max-len */
+
+	// See https://github.com/eslint/eslint/issues/3229
+	rxhtmlTag = /<(?!area|br|col|embed|hr|img|input|link|meta|param)(([a-z][^\/\0>\x20\t\r\n\f]*)[^>]*)\/>/gi,
+
+	/* eslint-enable */
+
+	// Support: IE <=10 - 11, Edge 12 - 13
+	// In IE/Edge using regex groups here causes severe slowdowns.
+	// See https://connect.microsoft.com/IE/feedback/details/1736512/
+	rnoInnerhtml = /<script|<style|<link/i,
+
+	// checked="checked" or checked
+	rchecked = /checked\s*(?:[^=]|=\s*.checked.)/i,
+	rscriptTypeMasked = /^true\/(.*)/,
+	rcleanScript = /^\s*<!(?:\[CDATA\[|--)|(?:\]\]|--)>\s*$/g;
+
+// Prefer a tbody over its parent table for containing new rows
+function manipulationTarget( elem, content ) {
+	if ( nodeName( elem, "table" ) &&
+		nodeName( content.nodeType !== 11 ? content : content.firstChild, "tr" ) ) {
+
+		return jQuery( ">tbody", elem )[ 0 ] || elem;
+	}
+
+	return elem;
+}
+
+// Replace/restore the type attribute of script elements for safe DOM manipulation
+function disableScript( elem ) {
+	elem.type = ( elem.getAttribute( "type" ) !== null ) + "/" + elem.type;
+	return elem;
+}
+function restoreScript( elem ) {
+	var match = rscriptTypeMasked.exec( elem.type );
+
+	if ( match ) {
+		elem.type = match[ 1 ];
+	} else {
+		elem.removeAttribute( "type" );
+	}
+
+	return elem;
+}
+
+function cloneCopyEvent( src, dest ) {
+	var i, l, type, pdataOld, pdataCur, udataOld, udataCur, events;
+
+	if ( dest.nodeType !== 1 ) {
+		return;
+	}
+
+	// 1. Copy private data: events, handlers, etc.
+	if ( dataPriv.hasData( src ) ) {
+		pdataOld = dataPriv.access( src );
+		pdataCur = dataPriv.set( dest, pdataOld );
+		events = pdataOld.events;
+
+		if ( events ) {
+			delete pdataCur.handle;
+			pdataCur.events = {};
+
+			for ( type in events ) {
+				for ( i = 0, l = events[ type ].length; i < l; i++ ) {
+					jQuery.event.add( dest, type, events[ type ][ i ] );
+				}
+			}
+		}
+	}
+
+	// 2. Copy user data
+	if ( dataUser.hasData( src ) ) {
+		udataOld = dataUser.access( src );
+		udataCur = jQuery.extend( {}, udataOld );
+
+		dataUser.set( dest, udataCur );
+	}
+}
+
+// Fix IE bugs, see support tests
+function fixInput( src, dest ) {
+	var nodeName = dest.nodeName.toLowerCase();
+
+	// Fails to persist the checked state of a cloned checkbox or radio button.
+	if ( nodeName === "input" && rcheckableType.test( src.type ) ) {
+		dest.checked = src.checked;
+
+	// Fails to return the selected option to the default selected state when cloning options
+	} else if ( nodeName === "input" || nodeName === "textarea" ) {
+		dest.defaultValue = src.defaultValue;
+	}
+}
+
+function domManip( collection, args, callback, ignored ) {
+
+	// Flatten any nested arrays
+	args = concat.apply( [], args );
+
+	var fragment, first, scripts, hasScripts, node, doc,
+		i = 0,
+		l = collection.length,
+		iNoClone = l - 1,
+		value = args[ 0 ],
+		isFunction = jQuery.isFunction( value );
+
+	// We can't cloneNode fragments that contain checked, in WebKit
+	if ( isFunction ||
+			( l > 1 && typeof value === "string" &&
+				!support.checkClone && rchecked.test( value ) ) ) {
+		return collection.each( function( index ) {
+			var self = collection.eq( index );
+			if ( isFunction ) {
+				args[ 0 ] = value.call( this, index, self.html() );
+			}
+			domManip( self, args, callback, ignored );
+		} );
+	}
+
+	if ( l ) {
+		fragment = buildFragment( args, collection[ 0 ].ownerDocument, false, collection, ignored );
+		first = fragment.firstChild;
+
+		if ( fragment.childNodes.length === 1 ) {
+			fragment = first;
+		}
+
+		// Require either new content or an interest in ignored elements to invoke the callback
+		if ( first || ignored ) {
+			scripts = jQuery.map( getAll( fragment, "script" ), disableScript );
+			hasScripts = scripts.length;
+
+			// Use the original fragment for the last item
+			// instead of the first because it can end up
+			// being emptied incorrectly in certain situations (#8070).
+			for ( ; i < l; i++ ) {
+				node = fragment;
+
+				if ( i !== iNoClone ) {
+					node = jQuery.clone( node, true, true );
+
+					// Keep references to cloned scripts for later restoration
+					if ( hasScripts ) {
+
+						// Support: Android <=4.0 only, PhantomJS 1 only
+						// push.apply(_, arraylike) throws on ancient WebKit
+						jQuery.merge( scripts, getAll( node, "script" ) );
+					}
+				}
+
+				callback.call( collection[ i ], node, i );
+			}
+
+			if ( hasScripts ) {
+				doc = scripts[ scripts.length - 1 ].ownerDocument;
+
+				// Reenable scripts
+				jQuery.map( scripts, restoreScript );
+
+				// Evaluate executable scripts on first document insertion
+				for ( i = 0; i < hasScripts; i++ ) {
+					node = scripts[ i ];
+					if ( rscriptType.test( node.type || "" ) &&
+						!dataPriv.access( node, "globalEval" ) &&
+						jQuery.contains( doc, node ) ) {
+
+						if ( node.src ) {
+
+							// Optional AJAX dependency, but won't run scripts if not present
+							if ( jQuery._evalUrl ) {
+								jQuery._evalUrl( node.src );
+							}
+						} else {
+							DOMEval( node.textContent.replace( rcleanScript, "" ), doc );
+						}
+					}
+				}
+			}
+		}
+	}
+
+	return collection;
+}
+
+function remove( elem, selector, keepData ) {
+	var node,
+		nodes = selector ? jQuery.filter( selector, elem ) : elem,
+		i = 0;
+
+	for ( ; ( node = nodes[ i ] ) != null; i++ ) {
+		if ( !keepData && node.nodeType === 1 ) {
+			jQuery.cleanData( getAll( node ) );
+		}
+
+		if ( node.parentNode ) {
+			if ( keepData && jQuery.contains( node.ownerDocument, node ) ) {
+				setGlobalEval( getAll( node, "script" ) );
+			}
+			node.parentNode.removeChild( node );
+		}
+	}
+
+	return elem;
+}
+
+jQuery.extend( {
+	htmlPrefilter: function( html ) {
+		return html.replace( rxhtmlTag, "<$1></$2>" );
+	},
+
+	clone: function( elem, dataAndEvents, deepDataAndEvents ) {
+		var i, l, srcElements, destElements,
+			clone = elem.cloneNode( true ),
+			inPage = jQuery.contains( elem.ownerDocument, elem );
+
+		// Fix IE cloning issues
+		if ( !support.noCloneChecked && ( elem.nodeType === 1 || elem.nodeType === 11 ) &&
+				!jQuery.isXMLDoc( elem ) ) {
+
+			// We eschew Sizzle here for performance reasons: https://jsperf.com/getall-vs-sizzle/2
+			destElements = getAll( clone );
+			srcElements = getAll( elem );
+
+			for ( i = 0, l = srcElements.length; i < l; i++ ) {
+				fixInput( srcElements[ i ], destElements[ i ] );
+			}
+		}
+
+		// Copy the events from the original to the clone
+		if ( dataAndEvents ) {
+			if ( deepDataAndEvents ) {
+				srcElements = srcElements || getAll( elem );
+				destElements = destElements || getAll( clone );
+
+				for ( i = 0, l = srcElements.length; i < l; i++ ) {
+					cloneCopyEvent( srcElements[ i ], destElements[ i ] );
+				}
+			} else {
+				cloneCopyEvent( elem, clone );
+			}
+		}
+
+		// Preserve script evaluation history
+		destElements = getAll( clone, "script" );
+		if ( destElements.length > 0 ) {
+			setGlobalEval( destElements, !inPage && getAll( elem, "script" ) );
+		}
+
+		// Return the cloned set
+		return clone;
+	},
+
+	cleanData: function( elems ) {
+		var data, elem, type,
+			special = jQuery.event.special,
+			i = 0;
+
+		for ( ; ( elem = elems[ i ] ) !== undefined; i++ ) {
+			if ( acceptData( elem ) ) {
+				if ( ( data = elem[ dataPriv.expando ] ) ) {
+					if ( data.events ) {
+						for ( type in data.events ) {
+							if ( special[ type ] ) {
+								jQuery.event.remove( elem, type );
+
+							// This is a shortcut to avoid jQuery.event.remove's overhead
+							} else {
+								jQuery.removeEvent( elem, type, data.handle );
+							}
+						}
+					}
+
+					// Support: Chrome <=35 - 45+
+					// Assign undefined instead of using delete, see Data#remove
+					elem[ dataPriv.expando ] = undefined;
+				}
+				if ( elem[ dataUser.expando ] ) {
+
+					// Support: Chrome <=35 - 45+
+					// Assign undefined instead of using delete, see Data#remove
+					elem[ dataUser.expando ] = undefined;
+				}
+			}
+		}
+	}
+} );
+
+jQuery.fn.extend( {
+	detach: function( selector ) {
+		return remove( this, selector, true );
+	},
+
+	remove: function( selector ) {
+		return remove( this, selector );
+	},
+
+	text: function( value ) {
+		return access( this, function( value ) {
+			return value === undefined ?
+				jQuery.text( this ) :
+				this.empty().each( function() {
+					if ( this.nodeType === 1 || this.nodeType === 11 || this.nodeType === 9 ) {
+						this.textContent = value;
+					}
+				} );
+		}, null, value, arguments.length );
+	},
+
+	append: function() {
+		return domManip( this, arguments, function( elem ) {
+			if ( this.nodeType === 1 || this.nodeType === 11 || this.nodeType === 9 ) {
+				var target = manipulationTarget( this, elem );
+				target.appendChild( elem );
+			}
+		} );
+	},
+
+	prepend: function() {
+		return domManip( this, arguments, function( elem ) {
+			if ( this.nodeType === 1 || this.nodeType === 11 || this.nodeType === 9 ) {
+				var target = manipulationTarget( this, elem );
+				target.insertBefore( elem, target.firstChild );
+			}
+		} );
+	},
+
+	before: function() {
+		return domManip( this, arguments, function( elem ) {
+			if ( this.parentNode ) {
+				this.parentNode.insertBefore( elem, this );
+			}
+		} );
+	},
+
+	after: function() {
+		return domManip( this, arguments, function( elem ) {
+			if ( this.parentNode ) {
+				this.parentNode.insertBefore( elem, this.nextSibling );
+			}
+		} );
+	},
+
+	empty: function() {
+		var elem,
+			i = 0;
+
+		for ( ; ( elem = this[ i ] ) != null; i++ ) {
+			if ( elem.nodeType === 1 ) {
+
+				// Prevent memory leaks
+				jQuery.cleanData( getAll( elem, false ) );
+
+				// Remove any remaining nodes
+				elem.textContent = "";
+			}
+		}
+
+		return this;
+	},
+
+	clone: function( dataAndEvents, deepDataAndEvents ) {
+		dataAndEvents = dataAndEvents == null ? false : dataAndEvents;
+		deepDataAndEvents = deepDataAndEvents == null ? dataAndEvents : deepDataAndEvents;
+
+		return this.map( function() {
+			return jQuery.clone( this, dataAndEvents, deepDataAndEvents );
+		} );
+	},
+
+	html: function( value ) {
+		return access( this, function( value ) {
+			var elem = this[ 0 ] || {},
+				i = 0,
+				l = this.length;
+
+			if ( value === undefined && elem.nodeType === 1 ) {
+				return elem.innerHTML;
+			}
+
+			// See if we can take a shortcut and just use innerHTML
+			if ( typeof value === "string" && !rnoInnerhtml.test( value ) &&
+				!wrapMap[ ( rtagName.exec( value ) || [ "", "" ] )[ 1 ].toLowerCase() ] ) {
+
+				value = jQuery.htmlPrefilter( value );
+
+				try {
+					for ( ; i < l; i++ ) {
+						elem = this[ i ] || {};
+
+						// Remove element nodes and prevent memory leaks
+						if ( elem.nodeType === 1 ) {
+							jQuery.cleanData( getAll( elem, false ) );
+							elem.innerHTML = value;
+						}
+					}
+
+					elem = 0;
+
+				// If using innerHTML throws an exception, use the fallback method
+				} catch ( e ) {}
+			}
+
+			if ( elem ) {
+				this.empty().append( value );
+			}
+		}, null, value, arguments.length );
+	},
+
+	replaceWith: function() {
+		var ignored = [];
+
+		// Make the changes, replacing each non-ignored context element with the new content
+		return domManip( this, arguments, function( elem ) {
+			var parent = this.parentNode;
+
+			if ( jQuery.inArray( this, ignored ) < 0 ) {
+				jQuery.cleanData( getAll( this ) );
+				if ( parent ) {
+					parent.replaceChild( elem, this );
+				}
+			}
+
+		// Force callback invocation
+		}, ignored );
+	}
+} );
+
+jQuery.each( {
+	appendTo: "append",
+	prependTo: "prepend",
+	insertBefore: "before",
+	insertAfter: "after",
+	replaceAll: "replaceWith"
+}, function( name, original ) {
+	jQuery.fn[ name ] = function( selector ) {
+		var elems,
+			ret = [],
+			insert = jQuery( selector ),
+			last = insert.length - 1,
+			i = 0;
+
+		for ( ; i <= last; i++ ) {
+			elems = i === last ? this : this.clone( true );
+			jQuery( insert[ i ] )[ original ]( elems );
+
+			// Support: Android <=4.0 only, PhantomJS 1 only
+			// .get() because push.apply(_, arraylike) throws on ancient WebKit
+			push.apply( ret, elems.get() );
+		}
+
+		return this.pushStack( ret );
+	};
+} );
+var rmargin = ( /^margin/ );
+
+var rnumnonpx = new RegExp( "^(" + pnum + ")(?!px)[a-z%]+$", "i" );
+
+var getStyles = function( elem ) {
+
+		// Support: IE <=11 only, Firefox <=30 (#15098, #14150)
+		// IE throws on elements created in popups
+		// FF meanwhile throws on frame elements through "defaultView.getComputedStyle"
+		var view = elem.ownerDocument.defaultView;
+
+		if ( !view || !view.opener ) {
+			view = window;
+		}
+
+		return view.getComputedStyle( elem );
+	};
+
+
+
+( function() {
+
+	// Executing both pixelPosition & boxSizingReliable tests require only one layout
+	// so they're executed at the same time to save the second computation.
+	function computeStyleTests() {
+
+		// This is a singleton, we need to execute it only once
+		if ( !div ) {
+			return;
+		}
+
+		div.style.cssText =
+			"box-sizing:border-box;" +
+			"position:relative;display:block;" +
+			"margin:auto;border:1px;padding:1px;" +
+			"top:1%;width:50%";
+		div.innerHTML = "";
+		documentElement.appendChild( container );
+
+		var divStyle = window.getComputedStyle( div );
+		pixelPositionVal = divStyle.top !== "1%";
+
+		// Support: Android 4.0 - 4.3 only, Firefox <=3 - 44
+		reliableMarginLeftVal = divStyle.marginLeft === "2px";
+		boxSizingReliableVal = divStyle.width === "4px";
+
+		// Support: Android 4.0 - 4.3 only
+		// Some styles come back with percentage values, even though they shouldn't
+		div.style.marginRight = "50%";
+		pixelMarginRightVal = divStyle.marginRight === "4px";
+
+		documentElement.removeChild( container );
+
+		// Nullify the div so it wouldn't be stored in the memory and
+		// it will also be a sign that checks already performed
+		div = null;
+	}
+
+	var pixelPositionVal, boxSizingReliableVal, pixelMarginRightVal, reliableMarginLeftVal,
+		container = document.createElement( "div" ),
+		div = document.createElement( "div" );
+
+	// Finish early in limited (non-browser) environments
+	if ( !div.style ) {
+		return;
+	}
+
+	// Support: IE <=9 - 11 only
+	// Style of cloned element affects source element cloned (#8908)
+	div.style.backgroundClip = "content-box";
+	div.cloneNode( true ).style.backgroundClip = "";
+	support.clearCloneStyle = div.style.backgroundClip === "content-box";
+
+	container.style.cssText = "border:0;width:8px;height:0;top:0;left:-9999px;" +
+		"padding:0;margin-top:1px;position:absolute";
+	container.appendChild( div );
+
+	jQuery.extend( support, {
+		pixelPosition: function() {
+			computeStyleTests();
+			return pixelPositionVal;
+		},
+		boxSizingReliable: function() {
+			computeStyleTests();
+			return boxSizingReliableVal;
+		},
+		pixelMarginRight: function() {
+			computeStyleTests();
+			return pixelMarginRightVal;
+		},
+		reliableMarginLeft: function() {
+			computeStyleTests();
+			return reliableMarginLeftVal;
+		}
+	} );
+} )();
+
+
+function curCSS( elem, name, computed ) {
+	var width, minWidth, maxWidth, ret,
+
+		// Support: Firefox 51+
+		// Retrieving style before computed somehow
+		// fixes an issue with getting wrong values
+		// on detached elements
+		style = elem.style;
+
+	computed = computed || getStyles( elem );
+
+	// getPropertyValue is needed for:
+	//   .css('filter') (IE 9 only, #12537)
+	//   .css('--customProperty) (#3144)
+	if ( computed ) {
+		ret = computed.getPropertyValue( name ) || computed[ name ];
+
+		if ( ret === "" && !jQuery.contains( elem.ownerDocument, elem ) ) {
+			ret = jQuery.style( elem, name );
+		}
+
+		// A tribute to the "awesome hack by Dean Edwards"
+		// Android Browser returns percentage for some values,
+		// but width seems to be reliably pixels.
+		// This is against the CSSOM draft spec:
+		// https://drafts.csswg.org/cssom/#resolved-values
+		if ( !support.pixelMarginRight() && rnumnonpx.test( ret ) && rmargin.test( name ) ) {
+
+			// Remember the original values
+			width = style.width;
+			minWidth = style.minWidth;
+			maxWidth = style.maxWidth;
+
+			// Put in the new values to get a computed value out
+			style.minWidth = style.maxWidth = style.width = ret;
+			ret = computed.width;
+
+			// Revert the changed values
+			style.width = width;
+			style.minWidth = minWidth;
+			style.maxWidth = maxWidth;
+		}
+	}
+
+	return ret !== undefined ?
+
+		// Support: IE <=9 - 11 only
+		// IE returns zIndex value as an integer.
+		ret + "" :
+		ret;
+}
+
+
+function addGetHookIf( conditionFn, hookFn ) {
+
+	// Define the hook, we'll check on the first run if it's really needed.
+	return {
+		get: function() {
+			if ( conditionFn() ) {
+
+				// Hook not needed (or it's not possible to use it due
+				// to missing dependency), remove it.
+				delete this.get;
+				return;
+			}
+
+			// Hook needed; redefine it so that the support test is not executed again.
+			return ( this.get = hookFn ).apply( this, arguments );
+		}
+	};
+}
+
+
+var
+
+	// Swappable if display is none or starts with table
+	// except "table", "table-cell", or "table-caption"
+	// See here for display values: https://developer.mozilla.org/en-US/docs/CSS/display
+	rdisplayswap = /^(none|table(?!-c[ea]).+)/,
+	rcustomProp = /^--/,
+	cssShow = { position: "absolute", visibility: "hidden", display: "block" },
+	cssNormalTransform = {
+		letterSpacing: "0",
+		fontWeight: "400"
+	},
+
+	cssPrefixes = [ "Webkit", "Moz", "ms" ],
+	emptyStyle = document.createElement( "div" ).style;
+
+// Return a css property mapped to a potentially vendor prefixed property
+function vendorPropName( name ) {
+
+	// Shortcut for names that are not vendor prefixed
+	if ( name in emptyStyle ) {
+		return name;
+	}
+
+	// Check for vendor prefixed names
+	var capName = name[ 0 ].toUpperCase() + name.slice( 1 ),
+		i = cssPrefixes.length;
+
+	while ( i-- ) {
+		name = cssPrefixes[ i ] + capName;
+		if ( name in emptyStyle ) {
+			return name;
+		}
+	}
+}
+
+// Return a property mapped along what jQuery.cssProps suggests or to
+// a vendor prefixed property.
+function finalPropName( name ) {
+	var ret = jQuery.cssProps[ name ];
+	if ( !ret ) {
+		ret = jQuery.cssProps[ name ] = vendorPropName( name ) || name;
+	}
+	return ret;
+}
+
+function setPositiveNumber( elem, value, subtract ) {
+
+	// Any relative (+/-) values have already been
+	// normalized at this point
+	var matches = rcssNum.exec( value );
+	return matches ?
+
+		// Guard against undefined "subtract", e.g., when used as in cssHooks
+		Math.max( 0, matches[ 2 ] - ( subtract || 0 ) ) + ( matches[ 3 ] || "px" ) :
+		value;
+}
+
+function augmentWidthOrHeight( elem, name, extra, isBorderBox, styles ) {
+	var i,
+		val = 0;
+
+	// If we already have the right measurement, avoid augmentation
+	if ( extra === ( isBorderBox ? "border" : "content" ) ) {
+		i = 4;
+
+	// Otherwise initialize for horizontal or vertical properties
+	} else {
+		i = name === "width" ? 1 : 0;
+	}
+
+	for ( ; i < 4; i += 2 ) {
+
+		// Both box models exclude margin, so add it if we want it
+		if ( extra === "margin" ) {
+			val += jQuery.css( elem, extra + cssExpand[ i ], true, styles );
+		}
+
+		if ( isBorderBox ) {
+
+			// border-box includes padding, so remove it if we want content
+			if ( extra === "content" ) {
+				val -= jQuery.css( elem, "padding" + cssExpand[ i ], true, styles );
+			}
+
+			// At this point, extra isn't border nor margin, so remove border
+			if ( extra !== "margin" ) {
+				val -= jQuery.css( elem, "border" + cssExpand[ i ] + "Width", true, styles );
+			}
+		} else {
+
+			// At this point, extra isn't content, so add padding
+			val += jQuery.css( elem, "padding" + cssExpand[ i ], true, styles );
+
+			// At this point, extra isn't content nor padding, so add border
+			if ( extra !== "padding" ) {
+				val += jQuery.css( elem, "border" + cssExpand[ i ] + "Width", true, styles );
+			}
+		}
+	}
+
+	return val;
+}
+
+function getWidthOrHeight( elem, name, extra ) {
+
+	// Start with computed style
+	var valueIsBorderBox,
+		styles = getStyles( elem ),
+		val = curCSS( elem, name, styles ),
+		isBorderBox = jQuery.css( elem, "boxSizing", false, styles ) === "border-box";
+
+	// Computed unit is not pixels. Stop here and return.
+	if ( rnumnonpx.test( val ) ) {
+		return val;
+	}
+
+	// Check for style in case a browser which returns unreliable values
+	// for getComputedStyle silently falls back to the reliable elem.style
+	valueIsBorderBox = isBorderBox &&
+		( support.boxSizingReliable() || val === elem.style[ name ] );
+
+	// Fall back to offsetWidth/Height when value is "auto"
+	// This happens for inline elements with no explicit setting (gh-3571)
+	if ( val === "auto" ) {
+		val = elem[ "offset" + name[ 0 ].toUpperCase() + name.slice( 1 ) ];
+	}
+
+	// Normalize "", auto, and prepare for extra
+	val = parseFloat( val ) || 0;
+
+	// Use the active box-sizing model to add/subtract irrelevant styles
+	return ( val +
+		augmentWidthOrHeight(
+			elem,
+			name,
+			extra || ( isBorderBox ? "border" : "content" ),
+			valueIsBorderBox,
+			styles
+		)
+	) + "px";
+}
+
+jQuery.extend( {
+
+	// Add in style property hooks for overriding the default
+	// behavior of getting and setting a style property
+	cssHooks: {
+		opacity: {
+			get: function( elem, computed ) {
+				if ( computed ) {
+
+					// We should always get a number back from opacity
+					var ret = curCSS( elem, "opacity" );
+					return ret === "" ? "1" : ret;
+				}
+			}
+		}
+	},
+
+	// Don't automatically add "px" to these possibly-unitless properties
+	cssNumber: {
+		"animationIterationCount": true,
+		"columnCount": true,
+		"fillOpacity": true,
+		"flexGrow": true,
+		"flexShrink": true,
+		"fontWeight": true,
+		"lineHeight": true,
+		"opacity": true,
+		"order": true,
+		"orphans": true,
+		"widows": true,
+		"zIndex": true,
+		"zoom": true
+	},
+
+	// Add in properties whose names you wish to fix before
+	// setting or getting the value
+	cssProps: {
+		"float": "cssFloat"
+	},
+
+	// Get and set the style property on a DOM Node
+	style: function( elem, name, value, extra ) {
+
+		// Don't set styles on text and comment nodes
+		if ( !elem || elem.nodeType === 3 || elem.nodeType === 8 || !elem.style ) {
+			return;
+		}
+
+		// Make sure that we're working with the right name
+		var ret, type, hooks,
+			origName = jQuery.camelCase( name ),
+			isCustomProp = rcustomProp.test( name ),
+			style = elem.style;
+
+		// Make sure that we're working with the right name. We don't
+		// want to query the value if it is a CSS custom property
+		// since they are user-defined.
+		if ( !isCustomProp ) {
+			name = finalPropName( origName );
+		}
+
+		// Gets hook for the prefixed version, then unprefixed version
+		hooks = jQuery.cssHooks[ name ] || jQuery.cssHooks[ origName ];
+
+		// Check if we're setting a value
+		if ( value !== undefined ) {
+			type = typeof value;
+
+			// Convert "+=" or "-=" to relative numbers (#7345)
+			if ( type === "string" && ( ret = rcssNum.exec( value ) ) && ret[ 1 ] ) {
+				value = adjustCSS( elem, name, ret );
+
+				// Fixes bug #9237
+				type = "number";
+			}
+
+			// Make sure that null and NaN values aren't set (#7116)
+			if ( value == null || value !== value ) {
+				return;
+			}
+
+			// If a number was passed in, add the unit (except for certain CSS properties)
+			if ( type === "number" ) {
+				value += ret && ret[ 3 ] || ( jQuery.cssNumber[ origName ] ? "" : "px" );
+			}
+
+			// background-* props affect original clone's values
+			if ( !support.clearCloneStyle && value === "" && name.indexOf( "background" ) === 0 ) {
+				style[ name ] = "inherit";
+			}
+
+			// If a hook was provided, use that value, otherwise just set the specified value
+			if ( !hooks || !( "set" in hooks ) ||
+				( value = hooks.set( elem, value, extra ) ) !== undefined ) {
+
+				if ( isCustomProp ) {
+					style.setProperty( name, value );
+				} else {
+					style[ name ] = value;
+				}
+			}
+
+		} else {
+
+			// If a hook was provided get the non-computed value from there
+			if ( hooks && "get" in hooks &&
+				( ret = hooks.get( elem, false, extra ) ) !== undefined ) {
+
+				return ret;
+			}
+
+			// Otherwise just get the value from the style object
+			return style[ name ];
+		}
+	},
+
+	css: function( elem, name, extra, styles ) {
+		var val, num, hooks,
+			origName = jQuery.camelCase( name ),
+			isCustomProp = rcustomProp.test( name );
+
+		// Make sure that we're working with the right name. We don't
+		// want to modify the value if it is a CSS custom property
+		// since they are user-defined.
+		if ( !isCustomProp ) {
+			name = finalPropName( origName );
+		}
+
+		// Try prefixed name followed by the unprefixed name
+		hooks = jQuery.cssHooks[ name ] || jQuery.cssHooks[ origName ];
+
+		// If a hook was provided get the computed value from there
+		if ( hooks && "get" in hooks ) {
+			val = hooks.get( elem, true, extra );
+		}
+
+		// Otherwise, if a way to get the computed value exists, use that
+		if ( val === undefined ) {
+			val = curCSS( elem, name, styles );
+		}
+
+		// Convert "normal" to computed value
+		if ( val === "normal" && name in cssNormalTransform ) {
+			val = cssNormalTransform[ name ];
+		}
+
+		// Make numeric if forced or a qualifier was provided and val looks numeric
+		if ( extra === "" || extra ) {
+			num = parseFloat( val );
+			return extra === true || isFinite( num ) ? num || 0 : val;
+		}
+
+		return val;
+	}
+} );
+
+jQuery.each( [ "height", "width" ], function( i, name ) {
+	jQuery.cssHooks[ name ] = {
+		get: function( elem, computed, extra ) {
+			if ( computed ) {
+
+				// Certain elements can have dimension info if we invisibly show them
+				// but it must have a current display style that would benefit
+				return rdisplayswap.test( jQuery.css( elem, "display" ) ) &&
+
+					// Support: Safari 8+
+					// Table columns in Safari have non-zero offsetWidth & zero
+					// getBoundingClientRect().width unless display is changed.
+					// Support: IE <=11 only
+					// Running getBoundingClientRect on a disconnected node
+					// in IE throws an error.
+					( !elem.getClientRects().length || !elem.getBoundingClientRect().width ) ?
+						swap( elem, cssShow, function() {
+							return getWidthOrHeight( elem, name, extra );
+						} ) :
+						getWidthOrHeight( elem, name, extra );
+			}
+		},
+
+		set: function( elem, value, extra ) {
+			var matches,
+				styles = extra && getStyles( elem ),
+				subtract = extra && augmentWidthOrHeight(
+					elem,
+					name,
+					extra,
+					jQuery.css( elem, "boxSizing", false, styles ) === "border-box",
+					styles
+				);
+
+			// Convert to pixels if value adjustment is needed
+			if ( subtract && ( matches = rcssNum.exec( value ) ) &&
+				( matches[ 3 ] || "px" ) !== "px" ) {
+
+				elem.style[ name ] = value;
+				value = jQuery.css( elem, name );
+			}
+
+			return setPositiveNumber( elem, value, subtract );
+		}
+	};
+} );
+
+jQuery.cssHooks.marginLeft = addGetHookIf( support.reliableMarginLeft,
+	function( elem, computed ) {
+		if ( computed ) {
+			return ( parseFloat( curCSS( elem, "marginLeft" ) ) ||
+				elem.getBoundingClientRect().left -
+					swap( elem, { marginLeft: 0 }, function() {
+						return elem.getBoundingClientRect().left;
+					} )
+				) + "px";
+		}
+	}
+);
+
+// These hooks are used by animate to expand properties
+jQuery.each( {
+	margin: "",
+	padding: "",
+	border: "Width"
+}, function( prefix, suffix ) {
+	jQuery.cssHooks[ prefix + suffix ] = {
+		expand: function( value ) {
+			var i = 0,
+				expanded = {},
+
+				// Assumes a single number if not a string
+				parts = typeof value === "string" ? value.split( " " ) : [ value ];
+
+			for ( ; i < 4; i++ ) {
+				expanded[ prefix + cssExpand[ i ] + suffix ] =
+					parts[ i ] || parts[ i - 2 ] || parts[ 0 ];
+			}
+
+			return expanded;
+		}
+	};
+
+	if ( !rmargin.test( prefix ) ) {
+		jQuery.cssHooks[ prefix + suffix ].set = setPositiveNumber;
+	}
+} );
+
+jQuery.fn.extend( {
+	css: function( name, value ) {
+		return access( this, function( elem, name, value ) {
+			var styles, len,
+				map = {},
+				i = 0;
+
+			if ( Array.isArray( name ) ) {
+				styles = getStyles( elem );
+				len = name.length;
+
+				for ( ; i < len; i++ ) {
+					map[ name[ i ] ] = jQuery.css( elem, name[ i ], false, styles );
+				}
+
+				return map;
+			}
+
+			return value !== undefined ?
+				jQuery.style( elem, name, value ) :
+				jQuery.css( elem, name );
+		}, name, value, arguments.length > 1 );
+	}
+} );
+
+
+function Tween( elem, options, prop, end, easing ) {
+	return new Tween.prototype.init( elem, options, prop, end, easing );
+}
+jQuery.Tween = Tween;
+
+Tween.prototype = {
+	constructor: Tween,
+	init: function( elem, options, prop, end, easing, unit ) {
+		this.elem = elem;
+		this.prop = prop;
+		this.easing = easing || jQuery.easing._default;
+		this.options = options;
+		this.start = this.now = this.cur();
+		this.end = end;
+		this.unit = unit || ( jQuery.cssNumber[ prop ] ? "" : "px" );
+	},
+	cur: function() {
+		var hooks = Tween.propHooks[ this.prop ];
+
+		return hooks && hooks.get ?
+			hooks.get( this ) :
+			Tween.propHooks._default.get( this );
+	},
+	run: function( percent ) {
+		var eased,
+			hooks = Tween.propHooks[ this.prop ];
+
+		if ( this.options.duration ) {
+			this.pos = eased = jQuery.easing[ this.easing ](
+				percent, this.options.duration * percent, 0, 1, this.options.duration
+			);
+		} else {
+			this.pos = eased = percent;
+		}
+		this.now = ( this.end - this.start ) * eased + this.start;
+
+		if ( this.options.step ) {
+			this.options.step.call( this.elem, this.now, this );
+		}
+
+		if ( hooks && hooks.set ) {
+			hooks.set( this );
+		} else {
+			Tween.propHooks._default.set( this );
+		}
+		return this;
+	}
+};
+
+Tween.prototype.init.prototype = Tween.prototype;
+
+Tween.propHooks = {
+	_default: {
+		get: function( tween ) {
+			var result;
+
+			// Use a property on the element directly when it is not a DOM element,
+			// or when there is no matching style property that exists.
+			if ( tween.elem.nodeType !== 1 ||
+				tween.elem[ tween.prop ] != null && tween.elem.style[ tween.prop ] == null ) {
+				return tween.elem[ tween.prop ];
+			}
+
+			// Passing an empty string as a 3rd parameter to .css will automatically
+			// attempt a parseFloat and fallback to a string if the parse fails.
+			// Simple values such as "10px" are parsed to Float;
+			// complex values such as "rotate(1rad)" are returned as-is.
+			result = jQuery.css( tween.elem, tween.prop, "" );
+
+			// Empty strings, null, undefined and "auto" are converted to 0.
+			return !result || result === "auto" ? 0 : result;
+		},
+		set: function( tween ) {
+
+			// Use step hook for back compat.
+			// Use cssHook if its there.
+			// Use .style if available and use plain properties where available.
+			if ( jQuery.fx.step[ tween.prop ] ) {
+				jQuery.fx.step[ tween.prop ]( tween );
+			} else if ( tween.elem.nodeType === 1 &&
+				( tween.elem.style[ jQuery.cssProps[ tween.prop ] ] != null ||
+					jQuery.cssHooks[ tween.prop ] ) ) {
+				jQuery.style( tween.elem, tween.prop, tween.now + tween.unit );
+			} else {
+				tween.elem[ tween.prop ] = tween.now;
+			}
+		}
+	}
+};
+
+// Support: IE <=9 only
+// Panic based approach to setting things on disconnected nodes
+Tween.propHooks.scrollTop = Tween.propHooks.scrollLeft = {
+	set: function( tween ) {
+		if ( tween.elem.nodeType && tween.elem.parentNode ) {
+			tween.elem[ tween.prop ] = tween.now;
+		}
+	}
+};
+
+jQuery.easing = {
+	linear: function( p ) {
+		return p;
+	},
+	swing: function( p ) {
+		return 0.5 - Math.cos( p * Math.PI ) / 2;
+	},
+	_default: "swing"
+};
+
+jQuery.fx = Tween.prototype.init;
+
+// Back compat <1.8 extension point
+jQuery.fx.step = {};
+
+
+
+
+var
+	fxNow, inProgress,
+	rfxtypes = /^(?:toggle|show|hide)$/,
+	rrun = /queueHooks$/;
+
+function schedule() {
+	if ( inProgress ) {
+		if ( document.hidden === false && window.requestAnimationFrame ) {
+			window.requestAnimationFrame( schedule );
+		} else {
+			window.setTimeout( schedule, jQuery.fx.interval );
+		}
+
+		jQuery.fx.tick();
+	}
+}
+
+// Animations created synchronously will run synchronously
+function createFxNow() {
+	window.setTimeout( function() {
+		fxNow = undefined;
+	} );
+	return ( fxNow = jQuery.now() );
+}
+
+// Generate parameters to create a standard animation
+function genFx( type, includeWidth ) {
+	var which,
+		i = 0,
+		attrs = { height: type };
+
+	// If we include width, step value is 1 to do all cssExpand values,
+	// otherwise step value is 2 to skip over Left and Right
+	includeWidth = includeWidth ? 1 : 0;
+	for ( ; i < 4; i += 2 - includeWidth ) {
+		which = cssExpand[ i ];
+		attrs[ "margin" + which ] = attrs[ "padding" + which ] = type;
+	}
+
+	if ( includeWidth ) {
+		attrs.opacity = attrs.width = type;
+	}
+
+	return attrs;
+}
+
+function createTween( value, prop, animation ) {
+	var tween,
+		collection = ( Animation.tweeners[ prop ] || [] ).concat( Animation.tweeners[ "*" ] ),
+		index = 0,
+		length = collection.length;
+	for ( ; index < length; index++ ) {
+		if ( ( tween = collection[ index ].call( animation, prop, value ) ) ) {
+
+			// We're done with this property
+			return tween;
+		}
+	}
+}
+
+function defaultPrefilter( elem, props, opts ) {
+	var prop, value, toggle, hooks, oldfire, propTween, restoreDisplay, display,
+		isBox = "width" in props || "height" in props,
+		anim = this,
+		orig = {},
+		style = elem.style,
+		hidden = elem.nodeType && isHiddenWithinTree( elem ),
+		dataShow = dataPriv.get( elem, "fxshow" );
+
+	// Queue-skipping animations hijack the fx hooks
+	if ( !opts.queue ) {
+		hooks = jQuery._queueHooks( elem, "fx" );
+		if ( hooks.unqueued == null ) {
+			hooks.unqueued = 0;
+			oldfire = hooks.empty.fire;
+			hooks.empty.fire = function() {
+				if ( !hooks.unqueued ) {
+					oldfire();
+				}
+			};
+		}
+		hooks.unqueued++;
+
+		anim.always( function() {
+
+			// Ensure the complete handler is called before this completes
+			anim.always( function() {
+				hooks.unqueued--;
+				if ( !jQuery.queue( elem, "fx" ).length ) {
+					hooks.empty.fire();
+				}
+			} );
+		} );
+	}
+
+	// Detect show/hide animations
+	for ( prop in props ) {
+		value = props[ prop ];
+		if ( rfxtypes.test( value ) ) {
+			delete props[ prop ];
+			toggle = toggle || value === "toggle";
+			if ( value === ( hidden ? "hide" : "show" ) ) {
+
+				// Pretend to be hidden if this is a "show" and
+				// there is still data from a stopped show/hide
+				if ( value === "show" && dataShow && dataShow[ prop ] !== undefined ) {
+					hidden = true;
+
+				// Ignore all other no-op show/hide data
+				} else {
+					continue;
+				}
+			}
+			orig[ prop ] = dataShow && dataShow[ prop ] || jQuery.style( elem, prop );
+		}
+	}
+
+	// Bail out if this is a no-op like .hide().hide()
+	propTween = !jQuery.isEmptyObject( props );
+	if ( !propTween && jQuery.isEmptyObject( orig ) ) {
+		return;
+	}
+
+	// Restrict "overflow" and "display" styles during box animations
+	if ( isBox && elem.nodeType === 1 ) {
+
+		// Support: IE <=9 - 11, Edge 12 - 13
+		// Record all 3 overflow attributes because IE does not infer the shorthand
+		// from identically-valued overflowX and overflowY
+		opts.overflow = [ style.overflow, style.overflowX, style.overflowY ];
+
+		// Identify a display type, preferring old show/hide data over the CSS cascade
+		restoreDisplay = dataShow && dataShow.display;
+		if ( restoreDisplay == null ) {
+			restoreDisplay = dataPriv.get( elem, "display" );
+		}
+		display = jQuery.css( elem, "display" );
+		if ( display === "none" ) {
+			if ( restoreDisplay ) {
+				display = restoreDisplay;
+			} else {
+
+				// Get nonempty value(s) by temporarily forcing visibility
+				showHide( [ elem ], true );
+				restoreDisplay = elem.style.display || restoreDisplay;
+				display = jQuery.css( elem, "display" );
+				showHide( [ elem ] );
+			}
+		}
+
+		// Animate inline elements as inline-block
+		if ( display === "inline" || display === "inline-block" && restoreDisplay != null ) {
+			if ( jQuery.css( elem, "float" ) === "none" ) {
+
+				// Restore the original display value at the end of pure show/hide animations
+				if ( !propTween ) {
+					anim.done( function() {
+						style.display = restoreDisplay;
+					} );
+					if ( restoreDisplay == null ) {
+						display = style.display;
+						restoreDisplay = display === "none" ? "" : display;
+					}
+				}
+				style.display = "inline-block";
+			}
+		}
+	}
+
+	if ( opts.overflow ) {
+		style.overflow = "hidden";
+		anim.always( function() {
+			style.overflow = opts.overflow[ 0 ];
+			style.overflowX = opts.overflow[ 1 ];
+			style.overflowY = opts.overflow[ 2 ];
+		} );
+	}
+
+	// Implement show/hide animations
+	propTween = false;
+	for ( prop in orig ) {
+
+		// General show/hide setup for this element animation
+		if ( !propTween ) {
+			if ( dataShow ) {
+				if ( "hidden" in dataShow ) {
+					hidden = dataShow.hidden;
+				}
+			} else {
+				dataShow = dataPriv.access( elem, "fxshow", { display: restoreDisplay } );
+			}
+
+			// Store hidden/visible for toggle so `.stop().toggle()` "reverses"
+			if ( toggle ) {
+				dataShow.hidden = !hidden;
+			}
+
+			// Show elements before animating them
+			if ( hidden ) {
+				showHide( [ elem ], true );
+			}
+
+			/* eslint-disable no-loop-func */
+
+			anim.done( function() {
+
+			/* eslint-enable no-loop-func */
+
+				// The final step of a "hide" animation is actually hiding the element
+				if ( !hidden ) {
+					showHide( [ elem ] );
+				}
+				dataPriv.remove( elem, "fxshow" );
+				for ( prop in orig ) {
+					jQuery.style( elem, prop, orig[ prop ] );
+				}
+			} );
+		}
+
+		// Per-property setup
+		propTween = createTween( hidden ? dataShow[ prop ] : 0, prop, anim );
+		if ( !( prop in dataShow ) ) {
+			dataShow[ prop ] = propTween.start;
+			if ( hidden ) {
+				propTween.end = propTween.start;
+				propTween.start = 0;
+			}
+		}
+	}
+}
+
+function propFilter( props, specialEasing ) {
+	var index, name, easing, value, hooks;
+
+	// camelCase, specialEasing and expand cssHook pass
+	for ( index in props ) {
+		name = jQuery.camelCase( index );
+		easing = specialEasing[ name ];
+		value = props[ index ];
+		if ( Array.isArray( value ) ) {
+			easing = value[ 1 ];
+			value = props[ index ] = value[ 0 ];
+		}
+
+		if ( index !== name ) {
+			props[ name ] = value;
+			delete props[ index ];
+		}
+
+		hooks = jQuery.cssHooks[ name ];
+		if ( hooks && "expand" in hooks ) {
+			value = hooks.expand( value );
+			delete props[ name ];
+
+			// Not quite $.extend, this won't overwrite existing keys.
+			// Reusing 'index' because we have the correct "name"
+			for ( index in value ) {
+				if ( !( index in props ) ) {
+					props[ index ] = value[ index ];
+					specialEasing[ index ] = easing;
+				}
+			}
+		} else {
+			specialEasing[ name ] = easing;
+		}
+	}
+}
+
+function Animation( elem, properties, options ) {
+	var result,
+		stopped,
+		index = 0,
+		length = Animation.prefilters.length,
+		deferred = jQuery.Deferred().always( function() {
+
+			// Don't match elem in the :animated selector
+			delete tick.elem;
+		} ),
+		tick = function() {
+			if ( stopped ) {
+				return false;
+			}
+			var currentTime = fxNow || createFxNow(),
+				remaining = Math.max( 0, animation.startTime + animation.duration - currentTime ),
+
+				// Support: Android 2.3 only
+				// Archaic crash bug won't allow us to use `1 - ( 0.5 || 0 )` (#12497)
+				temp = remaining / animation.duration || 0,
+				percent = 1 - temp,
+				index = 0,
+				length = animation.tweens.length;
+
+			for ( ; index < length; index++ ) {
+				animation.tweens[ index ].run( percent );
+			}
+
+			deferred.notifyWith( elem, [ animation, percent, remaining ] );
+
+			// If there's more to do, yield
+			if ( percent < 1 && length ) {
+				return remaining;
+			}
+
+			// If this was an empty animation, synthesize a final progress notification
+			if ( !length ) {
+				deferred.notifyWith( elem, [ animation, 1, 0 ] );
+			}
+
+			// Resolve the animation and report its conclusion
+			deferred.resolveWith( elem, [ animation ] );
+			return false;
+		},
+		animation = deferred.promise( {
+			elem: elem,
+			props: jQuery.extend( {}, properties ),
+			opts: jQuery.extend( true, {
+				specialEasing: {},
+				easing: jQuery.easing._default
+			}, options ),
+			originalProperties: properties,
+			originalOptions: options,
+			startTime: fxNow || createFxNow(),
+			duration: options.duration,
+			tweens: [],
+			createTween: function( prop, end ) {
+				var tween = jQuery.Tween( elem, animation.opts, prop, end,
+						animation.opts.specialEasing[ prop ] || animation.opts.easing );
+				animation.tweens.push( tween );
+				return tween;
+			},
+			stop: function( gotoEnd ) {
+				var index = 0,
+
+					// If we are going to the end, we want to run all the tweens
+					// otherwise we skip this part
+					length = gotoEnd ? animation.tweens.length : 0;
+				if ( stopped ) {
+					return this;
+				}
+				stopped = true;
+				for ( ; index < length; index++ ) {
+					animation.tweens[ index ].run( 1 );
+				}
+
+				// Resolve when we played the last frame; otherwise, reject
+				if ( gotoEnd ) {
+					deferred.notifyWith( elem, [ animation, 1, 0 ] );
+					deferred.resolveWith( elem, [ animation, gotoEnd ] );
+				} else {
+					deferred.rejectWith( elem, [ animation, gotoEnd ] );
+				}
+				return this;
+			}
+		} ),
+		props = animation.props;
+
+	propFilter( props, animation.opts.specialEasing );
+
+	for ( ; index < length; index++ ) {
+		result = Animation.prefilters[ index ].call( animation, elem, props, animation.opts );
+		if ( result ) {
+			if ( jQuery.isFunction( result.stop ) ) {
+				jQuery._queueHooks( animation.elem, animation.opts.queue ).stop =
+					jQuery.proxy( result.stop, result );
+			}
+			return result;
+		}
+	}
+
+	jQuery.map( props, createTween, animation );
+
+	if ( jQuery.isFunction( animation.opts.start ) ) {
+		animation.opts.start.call( elem, animation );
+	}
+
+	// Attach callbacks from options
+	animation
+		.progress( animation.opts.progress )
+		.done( animation.opts.done, animation.opts.complete )
+		.fail( animation.opts.fail )
+		.always( animation.opts.always );
+
+	jQuery.fx.timer(
+		jQuery.extend( tick, {
+			elem: elem,
+			anim: animation,
+			queue: animation.opts.queue
+		} )
+	);
+
+	return animation;
+}
+
+jQuery.Animation = jQuery.extend( Animation, {
+
+	tweeners: {
+		"*": [ function( prop, value ) {
+			var tween = this.createTween( prop, value );
+			adjustCSS( tween.elem, prop, rcssNum.exec( value ), tween );
+			return tween;
+		} ]
+	},
+
+	tweener: function( props, callback ) {
+		if ( jQuery.isFunction( props ) ) {
+			callback = props;
+			props = [ "*" ];
+		} else {
+			props = props.match( rnothtmlwhite );
+		}
+
+		var prop,
+			index = 0,
+			length = props.length;
+
+		for ( ; index < length; index++ ) {
+			prop = props[ index ];
+			Animation.tweeners[ prop ] = Animation.tweeners[ prop ] || [];
+			Animation.tweeners[ prop ].unshift( callback );
+		}
+	},
+
+	prefilters: [ defaultPrefilter ],
+
+	prefilter: function( callback, prepend ) {
+		if ( prepend ) {
+			Animation.prefilters.unshift( callback );
+		} else {
+			Animation.prefilters.push( callback );
+		}
+	}
+} );
+
+jQuery.speed = function( speed, easing, fn ) {
+	var opt = speed && typeof speed === "object" ? jQuery.extend( {}, speed ) : {
+		complete: fn || !fn && easing ||
+			jQuery.isFunction( speed ) && speed,
+		duration: speed,
+		easing: fn && easing || easing && !jQuery.isFunction( easing ) && easing
+	};
+
+	// Go to the end state if fx are off
+	if ( jQuery.fx.off ) {
+		opt.duration = 0;
+
+	} else {
+		if ( typeof opt.duration !== "number" ) {
+			if ( opt.duration in jQuery.fx.speeds ) {
+				opt.duration = jQuery.fx.speeds[ opt.duration ];
+
+			} else {
+				opt.duration = jQuery.fx.speeds._default;
+			}
+		}
+	}
+
+	// Normalize opt.queue - true/undefined/null -> "fx"
+	if ( opt.queue == null || opt.queue === true ) {
+		opt.queue = "fx";
+	}
+
+	// Queueing
+	opt.old = opt.complete;
+
+	opt.complete = function() {
+		if ( jQuery.isFunction( opt.old ) ) {
+			opt.old.call( this );
+		}
+
+		if ( opt.queue ) {
+			jQuery.dequeue( this, opt.queue );
+		}
+	};
+
+	return opt;
+};
+
+jQuery.fn.extend( {
+	fadeTo: function( speed, to, easing, callback ) {
+
+		// Show any hidden elements after setting opacity to 0
+		return this.filter( isHiddenWithinTree ).css( "opacity", 0 ).show()
+
+			// Animate to the value specified
+			.end().animate( { opacity: to }, speed, easing, callback );
+	},
+	animate: function( prop, speed, easing, callback ) {
+		var empty = jQuery.isEmptyObject( prop ),
+			optall = jQuery.speed( speed, easing, callback ),
+			doAnimation = function() {
+
+				// Operate on a copy of prop so per-property easing won't be lost
+				var anim = Animation( this, jQuery.extend( {}, prop ), optall );
+
+				// Empty animations, or finishing resolves immediately
+				if ( empty || dataPriv.get( this, "finish" ) ) {
+					anim.stop( true );
+				}
+			};
+			doAnimation.finish = doAnimation;
+
+		return empty || optall.queue === false ?
+			this.each( doAnimation ) :
+			this.queue( optall.queue, doAnimation );
+	},
+	stop: function( type, clearQueue, gotoEnd ) {
+		var stopQueue = function( hooks ) {
+			var stop = hooks.stop;
+			delete hooks.stop;
+			stop( gotoEnd );
+		};
+
+		if ( typeof type !== "string" ) {
+			gotoEnd = clearQueue;
+			clearQueue = type;
+			type = undefined;
+		}
+		if ( clearQueue && type !== false ) {
+			this.queue( type || "fx", [] );
+		}
+
+		return this.each( function() {
+			var dequeue = true,
+				index = type != null && type + "queueHooks",
+				timers = jQuery.timers,
+				data = dataPriv.get( this );
+
+			if ( index ) {
+				if ( data[ index ] && data[ index ].stop ) {
+					stopQueue( data[ index ] );
+				}
+			} else {
+				for ( index in data ) {
+					if ( data[ index ] && data[ index ].stop && rrun.test( index ) ) {
+						stopQueue( data[ index ] );
+					}
+				}
+			}
+
+			for ( index = timers.length; index--; ) {
+				if ( timers[ index ].elem === this &&
+					( type == null || timers[ index ].queue === type ) ) {
+
+					timers[ index ].anim.stop( gotoEnd );
+					dequeue = false;
+					timers.splice( index, 1 );
+				}
+			}
+
+			// Start the next in the queue if the last step wasn't forced.
+			// Timers currently will call their complete callbacks, which
+			// will dequeue but only if they were gotoEnd.
+			if ( dequeue || !gotoEnd ) {
+				jQuery.dequeue( this, type );
+			}
+		} );
+	},
+	finish: function( type ) {
+		if ( type !== false ) {
+			type = type || "fx";
+		}
+		return this.each( function() {
+			var index,
+				data = dataPriv.get( this ),
+				queue = data[ type + "queue" ],
+				hooks = data[ type + "queueHooks" ],
+				timers = jQuery.timers,
+				length = queue ? queue.length : 0;
+
+			// Enable finishing flag on private data
+			data.finish = true;
+
+			// Empty the queue first
+			jQuery.queue( this, type, [] );
+
+			if ( hooks && hooks.stop ) {
+				hooks.stop.call( this, true );
+			}
+
+			// Look for any active animations, and finish them
+			for ( index = timers.length; index--; ) {
+				if ( timers[ index ].elem === this && timers[ index ].queue === type ) {
+					timers[ index ].anim.stop( true );
+					timers.splice( index, 1 );
+				}
+			}
+
+			// Look for any animations in the old queue and finish them
+			for ( index = 0; index < length; index++ ) {
+				if ( queue[ index ] && queue[ index ].finish ) {
+					queue[ index ].finish.call( this );
+				}
+			}
+
+			// Turn off finishing flag
+			delete data.finish;
+		} );
+	}
+} );
+
+jQuery.each( [ "toggle", "show", "hide" ], function( i, name ) {
+	var cssFn = jQuery.fn[ name ];
+	jQuery.fn[ name ] = function( speed, easing, callback ) {
+		return speed == null || typeof speed === "boolean" ?
+			cssFn.apply( this, arguments ) :
+			this.animate( genFx( name, true ), speed, easing, callback );
+	};
+} );
+
+// Generate shortcuts for custom animations
+jQuery.each( {
+	slideDown: genFx( "show" ),
+	slideUp: genFx( "hide" ),
+	slideToggle: genFx( "toggle" ),
+	fadeIn: { opacity: "show" },
+	fadeOut: { opacity: "hide" },
+	fadeToggle: { opacity: "toggle" }
+}, function( name, props ) {
+	jQuery.fn[ name ] = function( speed, easing, callback ) {
+		return this.animate( props, speed, easing, callback );
+	};
+} );
+
+jQuery.timers = [];
+jQuery.fx.tick = function() {
+	var timer,
+		i = 0,
+		timers = jQuery.timers;
+
+	fxNow = jQuery.now();
+
+	for ( ; i < timers.length; i++ ) {
+		timer = timers[ i ];
+
+		// Run the timer and safely remove it when done (allowing for external removal)
+		if ( !timer() && timers[ i ] === timer ) {
+			timers.splice( i--, 1 );
+		}
+	}
+
+	if ( !timers.length ) {
+		jQuery.fx.stop();
+	}
+	fxNow = undefined;
+};
+
+jQuery.fx.timer = function( timer ) {
+	jQuery.timers.push( timer );
+	jQuery.fx.start();
+};
+
+jQuery.fx.interval = 13;
+jQuery.fx.start = function() {
+	if ( inProgress ) {
+		return;
+	}
+
+	inProgress = true;
+	schedule();
+};
+
+jQuery.fx.stop = function() {
+	inProgress = null;
+};
+
+jQuery.fx.speeds = {
+	slow: 600,
+	fast: 200,
+
+	// Default speed
+	_default: 400
+};
+
+
+// Based off of the plugin by Clint Helfers, with permission.
+// https://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/
+jQuery.fn.delay = function( time, type ) {
+	time = jQuery.fx ? jQuery.fx.speeds[ time ] || time : time;
+	type = type || "fx";
+
+	return this.queue( type, function( next, hooks ) {
+		var timeout = window.setTimeout( next, time );
+		hooks.stop = function() {
+			window.clearTimeout( timeout );
+		};
+	} );
+};
+
+
+( function() {
+	var input = document.createElement( "input" ),
+		select = document.createElement( "select" ),
+		opt = select.appendChild( document.createElement( "option" ) );
+
+	input.type = "checkbox";
+
+	// Support: Android <=4.3 only
+	// Default value for a checkbox should be "on"
+	support.checkOn = input.value !== "";
+
+	// Support: IE <=11 only
+	// Must access selectedIndex to make default options select
+	support.optSelected = opt.selected;
+
+	// Support: IE <=11 only
+	// An input loses its value after becoming a radio
+	input = document.createElement( "input" );
+	input.value = "t";
+	input.type = "radio";
+	support.radioValue = input.value === "t";
+} )();
+
+
+var boolHook,
+	attrHandle = jQuery.expr.attrHandle;
+
+jQuery.fn.extend( {
+	attr: function( name, value ) {
+		return access( this, jQuery.attr, name, value, arguments.length > 1 );
+	},
+
+	removeAttr: function( name ) {
+		return this.each( function() {
+			jQuery.removeAttr( this, name );
+		} );
+	}
+} );
+
+jQuery.extend( {
+	attr: function( elem, name, value ) {
+		var ret, hooks,
+			nType = elem.nodeType;
+
+		// Don't get/set attributes on text, comment and attribute nodes
+		if ( nType === 3 || nType === 8 || nType === 2 ) {
+			return;
+		}
+
+		// Fallback to prop when attributes are not supported
+		if ( typeof elem.getAttribute === "undefined" ) {
+			return jQuery.prop( elem, name, value );
+		}
+
+		// Attribute hooks are determined by the lowercase version
+		// Grab necessary hook if one is defined
+		if ( nType !== 1 || !jQuery.isXMLDoc( elem ) ) {
+			hooks = jQuery.attrHooks[ name.toLowerCase() ] ||
+				( jQuery.expr.match.bool.test( name ) ? boolHook : undefined );
+		}
+
+		if ( value !== undefined ) {
+			if ( value === null ) {
+				jQuery.removeAttr( elem, name );
+				return;
+			}
+
+			if ( hooks && "set" in hooks &&
+				( ret = hooks.set( elem, value, name ) ) !== undefined ) {
+				return ret;
+			}
+
+			elem.setAttribute( name, value + "" );
+			return value;
+		}
+
+		if ( hooks && "get" in hooks && ( ret = hooks.get( elem, name ) ) !== null ) {
+			return ret;
+		}
+
+		ret = jQuery.find.attr( elem, name );
+
+		// Non-existent attributes return null, we normalize to undefined
+		return ret == null ? undefined : ret;
+	},
+
+	attrHooks: {
+		type: {
+			set: function( elem, value ) {
+				if ( !support.radioValue && value === "radio" &&
+					nodeName( elem, "input" ) ) {
+					var val = elem.value;
+					elem.setAttribute( "type", value );
+					if ( val ) {
+						elem.value = val;
+					}
+					return value;
+				}
+			}
+		}
+	},
+
+	removeAttr: function( elem, value ) {
+		var name,
+			i = 0,
+
+			// Attribute names can contain non-HTML whitespace characters
+			// https://html.spec.whatwg.org/multipage/syntax.html#attributes-2
+			attrNames = value && value.match( rnothtmlwhite );
+
+		if ( attrNames && elem.nodeType === 1 ) {
+			while ( ( name = attrNames[ i++ ] ) ) {
+				elem.removeAttribute( name );
+			}
+		}
+	}
+} );
+
+// Hooks for boolean attributes
+boolHook = {
+	set: function( elem, value, name ) {
+		if ( value === false ) {
+
+			// Remove boolean attributes when set to false
+			jQuery.removeAttr( elem, name );
+		} else {
+			elem.setAttribute( name, name );
+		}
+		return name;
+	}
+};
+
+jQuery.each( jQuery.expr.match.bool.source.match( /\w+/g ), function( i, name ) {
+	var getter = attrHandle[ name ] || jQuery.find.attr;
+
+	attrHandle[ name ] = function( elem, name, isXML ) {
+		var ret, handle,
+			lowercaseName = name.toLowerCase();
+
+		if ( !isXML ) {
+
+			// Avoid an infinite loop by temporarily removing this function from the getter
+			handle = attrHandle[ lowercaseName ];
+			attrHandle[ lowercaseName ] = ret;
+			ret = getter( elem, name, isXML ) != null ?
+				lowercaseName :
+				null;
+			attrHandle[ lowercaseName ] = handle;
+		}
+		return ret;
+	};
+} );
+
+
+
+
+var rfocusable = /^(?:input|select|textarea|button)$/i,
+	rclickable = /^(?:a|area)$/i;
+
+jQuery.fn.extend( {
+	prop: function( name, value ) {
+		return access( this, jQuery.prop, name, value, arguments.length > 1 );
+	},
+
+	removeProp: function( name ) {
+		return this.each( function() {
+			delete this[ jQuery.propFix[ name ] || name ];
+		} );
+	}
+} );
+
+jQuery.extend( {
+	prop: function( elem, name, value ) {
+		var ret, hooks,
+			nType = elem.nodeType;
+
+		// Don't get/set properties on text, comment and attribute nodes
+		if ( nType === 3 || nType === 8 || nType === 2 ) {
+			return;
+		}
+
+		if ( nType !== 1 || !jQuery.isXMLDoc( elem ) ) {
+
+			// Fix name and attach hooks
+			name = jQuery.propFix[ name ] || name;
+			hooks = jQuery.propHooks[ name ];
+		}
+
+		if ( value !== undefined ) {
+			if ( hooks && "set" in hooks &&
+				( ret = hooks.set( elem, value, name ) ) !== undefined ) {
+				return ret;
+			}
+
+			return ( elem[ name ] = value );
+		}
+
+		if ( hooks && "get" in hooks && ( ret = hooks.get( elem, name ) ) !== null ) {
+			return ret;
+		}
+
+		return elem[ name ];
+	},
+
+	propHooks: {
+		tabIndex: {
+			get: function( elem ) {
+
+				// Support: IE <=9 - 11 only
+				// elem.tabIndex doesn't always return the
+				// correct value when it hasn't been explicitly set
+				// https://web.archive.org/web/20141116233347/http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/
+				// Use proper attribute retrieval(#12072)
+				var tabindex = jQuery.find.attr( elem, "tabindex" );
+
+				if ( tabindex ) {
+					return parseInt( tabindex, 10 );
+				}
+
+				if (
+					rfocusable.test( elem.nodeName ) ||
+					rclickable.test( elem.nodeName ) &&
+					elem.href
+				) {
+					return 0;
+				}
+
+				return -1;
+			}
+		}
+	},
+
+	propFix: {
+		"for": "htmlFor",
+		"class": "className"
+	}
+} );
+
+// Support: IE <=11 only
+// Accessing the selectedIndex property
+// forces the browser to respect setting selected
+// on the option
+// The getter ensures a default option is selected
+// when in an optgroup
+// eslint rule "no-unused-expressions" is disabled for this code
+// since it considers such accessions noop
+if ( !support.optSelected ) {
+	jQuery.propHooks.selected = {
+		get: function( elem ) {
+
+			/* eslint no-unused-expressions: "off" */
+
+			var parent = elem.parentNode;
+			if ( parent && parent.parentNode ) {
+				parent.parentNode.selectedIndex;
+			}
+			return null;
+		},
+		set: function( elem ) {
+
+			/* eslint no-unused-expressions: "off" */
+
+			var parent = elem.parentNode;
+			if ( parent ) {
+				parent.selectedIndex;
+
+				if ( parent.parentNode ) {
+					parent.parentNode.selectedIndex;
+				}
+			}
+		}
+	};
+}
+
+jQuery.each( [
+	"tabIndex",
+	"readOnly",
+	"maxLength",
+	"cellSpacing",
+	"cellPadding",
+	"rowSpan",
+	"colSpan",
+	"useMap",
+	"frameBorder",
+	"contentEditable"
+], function() {
+	jQuery.propFix[ this.toLowerCase() ] = this;
+} );
+
+
+
+
+	// Strip and collapse whitespace according to HTML spec
+	// https://html.spec.whatwg.org/multipage/infrastructure.html#strip-and-collapse-whitespace
+	function stripAndCollapse( value ) {
+		var tokens = value.match( rnothtmlwhite ) || [];
+		return tokens.join( " " );
+	}
+
+
+function getClass( elem ) {
+	return elem.getAttribute && elem.getAttribute( "class" ) || "";
+}
+
+jQuery.fn.extend( {
+	addClass: function( value ) {
+		var classes, elem, cur, curValue, clazz, j, finalValue,
+			i = 0;
+
+		if ( jQuery.isFunction( value ) ) {
+			return this.each( function( j ) {
+				jQuery( this ).addClass( value.call( this, j, getClass( this ) ) );
+			} );
+		}
+
+		if ( typeof value === "string" && value ) {
+			classes = value.match( rnothtmlwhite ) || [];
+
+			while ( ( elem = this[ i++ ] ) ) {
+				curValue = getClass( elem );
+				cur = elem.nodeType === 1 && ( " " + stripAndCollapse( curValue ) + " " );
+
+				if ( cur ) {
+					j = 0;
+					while ( ( clazz = classes[ j++ ] ) ) {
+						if ( cur.indexOf( " " + clazz + " " ) < 0 ) {
+							cur += clazz + " ";
+						}
+					}
+
+					// Only assign if different to avoid unneeded rendering.
+					finalValue = stripAndCollapse( cur );
+					if ( curValue !== finalValue ) {
+						elem.setAttribute( "class", finalValue );
+					}
+				}
+			}
+		}
+
+		return this;
+	},
+
+	removeClass: function( value ) {
+		var classes, elem, cur, curValue, clazz, j, finalValue,
+			i = 0;
+
+		if ( jQuery.isFunction( value ) ) {
+			return this.each( function( j ) {
+				jQuery( this ).removeClass( value.call( this, j, getClass( this ) ) );
+			} );
+		}
+
+		if ( !arguments.length ) {
+			return this.attr( "class", "" );
+		}
+
+		if ( typeof value === "string" && value ) {
+			classes = value.match( rnothtmlwhite ) || [];
+
+			while ( ( elem = this[ i++ ] ) ) {
+				curValue = getClass( elem );
+
+				// This expression is here for better compressibility (see addClass)
+				cur = elem.nodeType === 1 && ( " " + stripAndCollapse( curValue ) + " " );
+
+				if ( cur ) {
+					j = 0;
+					while ( ( clazz = classes[ j++ ] ) ) {
+
+						// Remove *all* instances
+						while ( cur.indexOf( " " + clazz + " " ) > -1 ) {
+							cur = cur.replace( " " + clazz + " ", " " );
+						}
+					}
+
+					// Only assign if different to avoid unneeded rendering.
+					finalValue = stripAndCollapse( cur );
+					if ( curValue !== finalValue ) {
+						elem.setAttribute( "class", finalValue );
+					}
+				}
+			}
+		}
+
+		return this;
+	},
+
+	toggleClass: function( value, stateVal ) {
+		var type = typeof value;
+
+		if ( typeof stateVal === "boolean" && type === "string" ) {
+			return stateVal ? this.addClass( value ) : this.removeClass( value );
+		}
+
+		if ( jQuery.isFunction( value ) ) {
+			return this.each( function( i ) {
+				jQuery( this ).toggleClass(
+					value.call( this, i, getClass( this ), stateVal ),
+					stateVal
+				);
+			} );
+		}
+
+		return this.each( function() {
+			var className, i, self, classNames;
+
+			if ( type === "string" ) {
+
+				// Toggle individual class names
+				i = 0;
+				self = jQuery( this );
+				classNames = value.match( rnothtmlwhite ) || [];
+
+				while ( ( className = classNames[ i++ ] ) ) {
+
+					// Check each className given, space separated list
+					if ( self.hasClass( className ) ) {
+						self.removeClass( className );
+					} else {
+						self.addClass( className );
+					}
+				}
+
+			// Toggle whole class name
+			} else if ( value === undefined || type === "boolean" ) {
+				className = getClass( this );
+				if ( className ) {
+
+					// Store className if set
+					dataPriv.set( this, "__className__", className );
+				}
+
+				// If the element has a class name or if we're passed `false`,
+				// then remove the whole classname (if there was one, the above saved it).
+				// Otherwise bring back whatever was previously saved (if anything),
+				// falling back to the empty string if nothing was stored.
+				if ( this.setAttribute ) {
+					this.setAttribute( "class",
+						className || value === false ?
+						"" :
+						dataPriv.get( this, "__className__" ) || ""
+					);
+				}
+			}
+		} );
+	},
+
+	hasClass: function( selector ) {
+		var className, elem,
+			i = 0;
+
+		className = " " + selector + " ";
+		while ( ( elem = this[ i++ ] ) ) {
+			if ( elem.nodeType === 1 &&
+				( " " + stripAndCollapse( getClass( elem ) ) + " " ).indexOf( className ) > -1 ) {
+					return true;
+			}
+		}
+
+		return false;
+	}
+} );
+
+
+
+
+var rreturn = /\r/g;
+
+jQuery.fn.extend( {
+	val: function( value ) {
+		var hooks, ret, isFunction,
+			elem = this[ 0 ];
+
+		if ( !arguments.length ) {
+			if ( elem ) {
+				hooks = jQuery.valHooks[ elem.type ] ||
+					jQuery.valHooks[ elem.nodeName.toLowerCase() ];
+
+				if ( hooks &&
+					"get" in hooks &&
+					( ret = hooks.get( elem, "value" ) ) !== undefined
+				) {
+					return ret;
+				}
+
+				ret = elem.value;
+
+				// Handle most common string cases
+				if ( typeof ret === "string" ) {
+					return ret.replace( rreturn, "" );
+				}
+
+				// Handle cases where value is null/undef or number
+				return ret == null ? "" : ret;
+			}
+
+			return;
+		}
+
+		isFunction = jQuery.isFunction( value );
+
+		return this.each( function( i ) {
+			var val;
+
+			if ( this.nodeType !== 1 ) {
+				return;
+			}
+
+			if ( isFunction ) {
+				val = value.call( this, i, jQuery( this ).val() );
+			} else {
+				val = value;
+			}
+
+			// Treat null/undefined as ""; convert numbers to string
+			if ( val == null ) {
+				val = "";
+
+			} else if ( typeof val === "number" ) {
+				val += "";
+
+			} else if ( Array.isArray( val ) ) {
+				val = jQuery.map( val, function( value ) {
+					return value == null ? "" : value + "";
+				} );
+			}
+
+			hooks = jQuery.valHooks[ this.type ] || jQuery.valHooks[ this.nodeName.toLowerCase() ];
+
+			// If set returns undefined, fall back to normal setting
+			if ( !hooks || !( "set" in hooks ) || hooks.set( this, val, "value" ) === undefined ) {
+				this.value = val;
+			}
+		} );
+	}
+} );
+
+jQuery.extend( {
+	valHooks: {
+		option: {
+			get: function( elem ) {
+
+				var val = jQuery.find.attr( elem, "value" );
+				return val != null ?
+					val :
+
+					// Support: IE <=10 - 11 only
+					// option.text throws exceptions (#14686, #14858)
+					// Strip and collapse whitespace
+					// https://html.spec.whatwg.org/#strip-and-collapse-whitespace
+					stripAndCollapse( jQuery.text( elem ) );
+			}
+		},
+		select: {
+			get: function( elem ) {
+				var value, option, i,
+					options = elem.options,
+					index = elem.selectedIndex,
+					one = elem.type === "select-one",
+					values = one ? null : [],
+					max = one ? index + 1 : options.length;
+
+				if ( index < 0 ) {
+					i = max;
+
+				} else {
+					i = one ? index : 0;
+				}
+
+				// Loop through all the selected options
+				for ( ; i < max; i++ ) {
+					option = options[ i ];
+
+					// Support: IE <=9 only
+					// IE8-9 doesn't update selected after form reset (#2551)
+					if ( ( option.selected || i === index ) &&
+
+							// Don't return options that are disabled or in a disabled optgroup
+							!option.disabled &&
+							( !option.parentNode.disabled ||
+								!nodeName( option.parentNode, "optgroup" ) ) ) {
+
+						// Get the specific value for the option
+						value = jQuery( option ).val();
+
+						// We don't need an array for one selects
+						if ( one ) {
+							return value;
+						}
+
+						// Multi-Selects return an array
+						values.push( value );
+					}
+				}
+
+				return values;
+			},
+
+			set: function( elem, value ) {
+				var optionSet, option,
+					options = elem.options,
+					values = jQuery.makeArray( value ),
+					i = options.length;
+
+				while ( i-- ) {
+					option = options[ i ];
+
+					/* eslint-disable no-cond-assign */
+
+					if ( option.selected =
+						jQuery.inArray( jQuery.valHooks.option.get( option ), values ) > -1
+					) {
+						optionSet = true;
+					}
+
+					/* eslint-enable no-cond-assign */
+				}
+
+				// Force browsers to behave consistently when non-matching value is set
+				if ( !optionSet ) {
+					elem.selectedIndex = -1;
+				}
+				return values;
+			}
+		}
+	}
+} );
+
+// Radios and checkboxes getter/setter
+jQuery.each( [ "radio", "checkbox" ], function() {
+	jQuery.valHooks[ this ] = {
+		set: function( elem, value ) {
+			if ( Array.isArray( value ) ) {
+				return ( elem.checked = jQuery.inArray( jQuery( elem ).val(), value ) > -1 );
+			}
+		}
+	};
+	if ( !support.checkOn ) {
+		jQuery.valHooks[ this ].get = function( elem ) {
+			return elem.getAttribute( "value" ) === null ? "on" : elem.value;
+		};
+	}
+} );
+
+
+
+
+// Return jQuery for attributes-only inclusion
+
+
+var rfocusMorph = /^(?:focusinfocus|focusoutblur)$/;
+
+jQuery.extend( jQuery.event, {
+
+	trigger: function( event, data, elem, onlyHandlers ) {
+
+		var i, cur, tmp, bubbleType, ontype, handle, special,
+			eventPath = [ elem || document ],
+			type = hasOwn.call( event, "type" ) ? event.type : event,
+			namespaces = hasOwn.call( event, "namespace" ) ? event.namespace.split( "." ) : [];
+
+		cur = tmp = elem = elem || document;
+
+		// Don't do events on text and comment nodes
+		if ( elem.nodeType === 3 || elem.nodeType === 8 ) {
+			return;
+		}
+
+		// focus/blur morphs to focusin/out; ensure we're not firing them right now
+		if ( rfocusMorph.test( type + jQuery.event.triggered ) ) {
+			return;
+		}
+
+		if ( type.indexOf( "." ) > -1 ) {
+
+			// Namespaced trigger; create a regexp to match event type in handle()
+			namespaces = type.split( "." );
+			type = namespaces.shift();
+			namespaces.sort();
+		}
+		ontype = type.indexOf( ":" ) < 0 && "on" + type;
+
+		// Caller can pass in a jQuery.Event object, Object, or just an event type string
+		event = event[ jQuery.expando ] ?
+			event :
+			new jQuery.Event( type, typeof event === "object" && event );
+
+		// Trigger bitmask: & 1 for native handlers; & 2 for jQuery (always true)
+		event.isTrigger = onlyHandlers ? 2 : 3;
+		event.namespace = namespaces.join( "." );
+		event.rnamespace = event.namespace ?
+			new RegExp( "(^|\\.)" + namespaces.join( "\\.(?:.*\\.|)" ) + "(\\.|$)" ) :
+			null;
+
+		// Clean up the event in case it is being reused
+		event.result = undefined;
+		if ( !event.target ) {
+			event.target = elem;
+		}
+
+		// Clone any incoming data and prepend the event, creating the handler arg list
+		data = data == null ?
+			[ event ] :
+			jQuery.makeArray( data, [ event ] );
+
+		// Allow special events to draw outside the lines
+		special = jQuery.event.special[ type ] || {};
+		if ( !onlyHandlers && special.trigger && special.trigger.apply( elem, data ) === false ) {
+			return;
+		}
+
+		// Determine event propagation path in advance, per W3C events spec (#9951)
+		// Bubble up to document, then to window; watch for a global ownerDocument var (#9724)
+		if ( !onlyHandlers && !special.noBubble && !jQuery.isWindow( elem ) ) {
+
+			bubbleType = special.delegateType || type;
+			if ( !rfocusMorph.test( bubbleType + type ) ) {
+				cur = cur.parentNode;
+			}
+			for ( ; cur; cur = cur.parentNode ) {
+				eventPath.push( cur );
+				tmp = cur;
+			}
+
+			// Only add window if we got to document (e.g., not plain obj or detached DOM)
+			if ( tmp === ( elem.ownerDocument || document ) ) {
+				eventPath.push( tmp.defaultView || tmp.parentWindow || window );
+			}
+		}
+
+		// Fire handlers on the event path
+		i = 0;
+		while ( ( cur = eventPath[ i++ ] ) && !event.isPropagationStopped() ) {
+
+			event.type = i > 1 ?
+				bubbleType :
+				special.bindType || type;
+
+			// jQuery handler
+			handle = ( dataPriv.get( cur, "events" ) || {} )[ event.type ] &&
+				dataPriv.get( cur, "handle" );
+			if ( handle ) {
+				handle.apply( cur, data );
+			}
+
+			// Native handler
+			handle = ontype && cur[ ontype ];
+			if ( handle && handle.apply && acceptData( cur ) ) {
+				event.result = handle.apply( cur, data );
+				if ( event.result === false ) {
+					event.preventDefault();
+				}
+			}
+		}
+		event.type = type;
+
+		// If nobody prevented the default action, do it now
+		if ( !onlyHandlers && !event.isDefaultPrevented() ) {
+
+			if ( ( !special._default ||
+				special._default.apply( eventPath.pop(), data ) === false ) &&
+				acceptData( elem ) ) {
+
+				// Call a native DOM method on the target with the same name as the event.
+				// Don't do default actions on window, that's where global variables be (#6170)
+				if ( ontype && jQuery.isFunction( elem[ type ] ) && !jQuery.isWindow( elem ) ) {
+
+					// Don't re-trigger an onFOO event when we call its FOO() method
+					tmp = elem[ ontype ];
+
+					if ( tmp ) {
+						elem[ ontype ] = null;
+					}
+
+					// Prevent re-triggering of the same event, since we already bubbled it above
+					jQuery.event.triggered = type;
+					elem[ type ]();
+					jQuery.event.triggered = undefined;
+
+					if ( tmp ) {
+						elem[ ontype ] = tmp;
+					}
+				}
+			}
+		}
+
+		return event.result;
+	},
+
+	// Piggyback on a donor event to simulate a different one
+	// Used only for `focus(in | out)` events
+	simulate: function( type, elem, event ) {
+		var e = jQuery.extend(
+			new jQuery.Event(),
+			event,
+			{
+				type: type,
+				isSimulated: true
+			}
+		);
+
+		jQuery.event.trigger( e, null, elem );
+	}
+
+} );
+
+jQuery.fn.extend( {
+
+	trigger: function( type, data ) {
+		return this.each( function() {
+			jQuery.event.trigger( type, data, this );
+		} );
+	},
+	triggerHandler: function( type, data ) {
+		var elem = this[ 0 ];
+		if ( elem ) {
+			return jQuery.event.trigger( type, data, elem, true );
+		}
+	}
+} );
+
+
+jQuery.each( ( "blur focus focusin focusout resize scroll click dblclick " +
+	"mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave " +
+	"change select submit keydown keypress keyup contextmenu" ).split( " " ),
+	function( i, name ) {
+
+	// Handle event binding
+	jQuery.fn[ name ] = function( data, fn ) {
+		return arguments.length > 0 ?
+			this.on( name, null, data, fn ) :
+			this.trigger( name );
+	};
+} );
+
+jQuery.fn.extend( {
+	hover: function( fnOver, fnOut ) {
+		return this.mouseenter( fnOver ).mouseleave( fnOut || fnOver );
+	}
+} );
+
+
+
+
+support.focusin = "onfocusin" in window;
+
+
+// Support: Firefox <=44
+// Firefox doesn't have focus(in | out) events
+// Related ticket - https://bugzilla.mozilla.org/show_bug.cgi?id=687787
+//
+// Support: Chrome <=48 - 49, Safari <=9.0 - 9.1
+// focus(in | out) events fire after focus & blur events,
+// which is spec violation - http://www.w3.org/TR/DOM-Level-3-Events/#events-focusevent-event-order
+// Related ticket - https://bugs.chromium.org/p/chromium/issues/detail?id=449857
+if ( !support.focusin ) {
+	jQuery.each( { focus: "focusin", blur: "focusout" }, function( orig, fix ) {
+
+		// Attach a single capturing handler on the document while someone wants focusin/focusout
+		var handler = function( event ) {
+			jQuery.event.simulate( fix, event.target, jQuery.event.fix( event ) );
+		};
+
+		jQuery.event.special[ fix ] = {
+			setup: function() {
+				var doc = this.ownerDocument || this,
+					attaches = dataPriv.access( doc, fix );
+
+				if ( !attaches ) {
+					doc.addEventListener( orig, handler, true );
+				}
+				dataPriv.access( doc, fix, ( attaches || 0 ) + 1 );
+			},
+			teardown: function() {
+				var doc = this.ownerDocument || this,
+					attaches = dataPriv.access( doc, fix ) - 1;
+
+				if ( !attaches ) {
+					doc.removeEventListener( orig, handler, true );
+					dataPriv.remove( doc, fix );
+
+				} else {
+					dataPriv.access( doc, fix, attaches );
+				}
+			}
+		};
+	} );
+}
+var location = window.location;
+
+var nonce = jQuery.now();
+
+var rquery = ( /\?/ );
+
+
+
+// Cross-browser xml parsing
+jQuery.parseXML = function( data ) {
+	var xml;
+	if ( !data || typeof data !== "string" ) {
+		return null;
+	}
+
+	// Support: IE 9 - 11 only
+	// IE throws on parseFromString with invalid input.
+	try {
+		xml = ( new window.DOMParser() ).parseFromString( data, "text/xml" );
+	} catch ( e ) {
+		xml = undefined;
+	}
+
+	if ( !xml || xml.getElementsByTagName( "parsererror" ).length ) {
+		jQuery.error( "Invalid XML: " + data );
+	}
+	return xml;
+};
+
+
+var
+	rbracket = /\[\]$/,
+	rCRLF = /\r?\n/g,
+	rsubmitterTypes = /^(?:submit|button|image|reset|file)$/i,
+	rsubmittable = /^(?:input|select|textarea|keygen)/i;
+
+function buildParams( prefix, obj, traditional, add ) {
+	var name;
+
+	if ( Array.isArray( obj ) ) {
+
+		// Serialize array item.
+		jQuery.each( obj, function( i, v ) {
+			if ( traditional || rbracket.test( prefix ) ) {
+
+				// Treat each array item as a scalar.
+				add( prefix, v );
+
+			} else {
+
+				// Item is non-scalar (array or object), encode its numeric index.
+				buildParams(
+					prefix + "[" + ( typeof v === "object" && v != null ? i : "" ) + "]",
+					v,
+					traditional,
+					add
+				);
+			}
+		} );
+
+	} else if ( !traditional && jQuery.type( obj ) === "object" ) {
+
+		// Serialize object item.
+		for ( name in obj ) {
+			buildParams( prefix + "[" + name + "]", obj[ name ], traditional, add );
+		}
+
+	} else {
+
+		// Serialize scalar item.
+		add( prefix, obj );
+	}
+}
+
+// Serialize an array of form elements or a set of
+// key/values into a query string
+jQuery.param = function( a, traditional ) {
+	var prefix,
+		s = [],
+		add = function( key, valueOrFunction ) {
+
+			// If value is a function, invoke it and use its return value
+			var value = jQuery.isFunction( valueOrFunction ) ?
+				valueOrFunction() :
+				valueOrFunction;
+
+			s[ s.length ] = encodeURIComponent( key ) + "=" +
+				encodeURIComponent( value == null ? "" : value );
+		};
+
+	// If an array was passed in, assume that it is an array of form elements.
+	if ( Array.isArray( a ) || ( a.jquery && !jQuery.isPlainObject( a ) ) ) {
+
+		// Serialize the form elements
+		jQuery.each( a, function() {
+			add( this.name, this.value );
+		} );
+
+	} else {
+
+		// If traditional, encode the "old" way (the way 1.3.2 or older
+		// did it), otherwise encode params recursively.
+		for ( prefix in a ) {
+			buildParams( prefix, a[ prefix ], traditional, add );
+		}
+	}
+
+	// Return the resulting serialization
+	return s.join( "&" );
+};
+
+jQuery.fn.extend( {
+	serialize: function() {
+		return jQuery.param( this.serializeArray() );
+	},
+	serializeArray: function() {
+		return this.map( function() {
+
+			// Can add propHook for "elements" to filter or add form elements
+			var elements = jQuery.prop( this, "elements" );
+			return elements ? jQuery.makeArray( elements ) : this;
+		} )
+		.filter( function() {
+			var type = this.type;
+
+			// Use .is( ":disabled" ) so that fieldset[disabled] works
+			return this.name && !jQuery( this ).is( ":disabled" ) &&
+				rsubmittable.test( this.nodeName ) && !rsubmitterTypes.test( type ) &&
+				( this.checked || !rcheckableType.test( type ) );
+		} )
+		.map( function( i, elem ) {
+			var val = jQuery( this ).val();
+
+			if ( val == null ) {
+				return null;
+			}
+
+			if ( Array.isArray( val ) ) {
+				return jQuery.map( val, function( val ) {
+					return { name: elem.name, value: val.replace( rCRLF, "\r\n" ) };
+				} );
+			}
+
+			return { name: elem.name, value: val.replace( rCRLF, "\r\n" ) };
+		} ).get();
+	}
+} );
+
+
+var
+	r20 = /%20/g,
+	rhash = /#.*$/,
+	rantiCache = /([?&])_=[^&]*/,
+	rheaders = /^(.*?):[ \t]*([^\r\n]*)$/mg,
+
+	// #7653, #8125, #8152: local protocol detection
+	rlocalProtocol = /^(?:about|app|app-storage|.+-extension|file|res|widget):$/,
+	rnoContent = /^(?:GET|HEAD)$/,
+	rprotocol = /^\/\//,
+
+	/* Prefilters
+	 * 1) They are useful to introduce custom dataTypes (see ajax/jsonp.js for an example)
+	 * 2) These are called:
+	 *    - BEFORE asking for a transport
+	 *    - AFTER param serialization (s.data is a string if s.processData is true)
+	 * 3) key is the dataType
+	 * 4) the catchall symbol "*" can be used
+	 * 5) execution will start with transport dataType and THEN continue down to "*" if needed
+	 */
+	prefilters = {},
+
+	/* Transports bindings
+	 * 1) key is the dataType
+	 * 2) the catchall symbol "*" can be used
+	 * 3) selection will start with transport dataType and THEN go to "*" if needed
+	 */
+	transports = {},
+
+	// Avoid comment-prolog char sequence (#10098); must appease lint and evade compression
+	allTypes = "*/".concat( "*" ),
+
+	// Anchor tag for parsing the document origin
+	originAnchor = document.createElement( "a" );
+	originAnchor.href = location.href;
+
+// Base "constructor" for jQuery.ajaxPrefilter and jQuery.ajaxTransport
+function addToPrefiltersOrTransports( structure ) {
+
+	// dataTypeExpression is optional and defaults to "*"
+	return function( dataTypeExpression, func ) {
+
+		if ( typeof dataTypeExpression !== "string" ) {
+			func = dataTypeExpression;
+			dataTypeExpression = "*";
+		}
+
+		var dataType,
+			i = 0,
+			dataTypes = dataTypeExpression.toLowerCase().match( rnothtmlwhite ) || [];
+
+		if ( jQuery.isFunction( func ) ) {
+
+			// For each dataType in the dataTypeExpression
+			while ( ( dataType = dataTypes[ i++ ] ) ) {
+
+				// Prepend if requested
+				if ( dataType[ 0 ] === "+" ) {
+					dataType = dataType.slice( 1 ) || "*";
+					( structure[ dataType ] = structure[ dataType ] || [] ).unshift( func );
+
+				// Otherwise append
+				} else {
+					( structure[ dataType ] = structure[ dataType ] || [] ).push( func );
+				}
+			}
+		}
+	};
+}
+
+// Base inspection function for prefilters and transports
+function inspectPrefiltersOrTransports( structure, options, originalOptions, jqXHR ) {
+
+	var inspected = {},
+		seekingTransport = ( structure === transports );
+
+	function inspect( dataType ) {
+		var selected;
+		inspected[ dataType ] = true;
+		jQuery.each( structure[ dataType ] || [], function( _, prefilterOrFactory ) {
+			var dataTypeOrTransport = prefilterOrFactory( options, originalOptions, jqXHR );
+			if ( typeof dataTypeOrTransport === "string" &&
+				!seekingTransport && !inspected[ dataTypeOrTransport ] ) {
+
+				options.dataTypes.unshift( dataTypeOrTransport );
+				inspect( dataTypeOrTransport );
+				return false;
+			} else if ( seekingTransport ) {
+				return !( selected = dataTypeOrTransport );
+			}
+		} );
+		return selected;
+	}
+
+	return inspect( options.dataTypes[ 0 ] ) || !inspected[ "*" ] && inspect( "*" );
+}
+
+// A special extend for ajax options
+// that takes "flat" options (not to be deep extended)
+// Fixes #9887
+function ajaxExtend( target, src ) {
+	var key, deep,
+		flatOptions = jQuery.ajaxSettings.flatOptions || {};
+
+	for ( key in src ) {
+		if ( src[ key ] !== undefined ) {
+			( flatOptions[ key ] ? target : ( deep || ( deep = {} ) ) )[ key ] = src[ key ];
+		}
+	}
+	if ( deep ) {
+		jQuery.extend( true, target, deep );
+	}
+
+	return target;
+}
+
+/* Handles responses to an ajax request:
+ * - finds the right dataType (mediates between content-type and expected dataType)
+ * - returns the corresponding response
+ */
+function ajaxHandleResponses( s, jqXHR, responses ) {
+
+	var ct, type, finalDataType, firstDataType,
+		contents = s.contents,
+		dataTypes = s.dataTypes;
+
+	// Remove auto dataType and get content-type in the process
+	while ( dataTypes[ 0 ] === "*" ) {
+		dataTypes.shift();
+		if ( ct === undefined ) {
+			ct = s.mimeType || jqXHR.getResponseHeader( "Content-Type" );
+		}
+	}
+
+	// Check if we're dealing with a known content-type
+	if ( ct ) {
+		for ( type in contents ) {
+			if ( contents[ type ] && contents[ type ].test( ct ) ) {
+				dataTypes.unshift( type );
+				break;
+			}
+		}
+	}
+
+	// Check to see if we have a response for the expected dataType
+	if ( dataTypes[ 0 ] in responses ) {
+		finalDataType = dataTypes[ 0 ];
+	} else {
+
+		// Try convertible dataTypes
+		for ( type in responses ) {
+			if ( !dataTypes[ 0 ] || s.converters[ type + " " + dataTypes[ 0 ] ] ) {
+				finalDataType = type;
+				break;
+			}
+			if ( !firstDataType ) {
+				firstDataType = type;
+			}
+		}
+
+		// Or just use first one
+		finalDataType = finalDataType || firstDataType;
+	}
+
+	// If we found a dataType
+	// We add the dataType to the list if needed
+	// and return the corresponding response
+	if ( finalDataType ) {
+		if ( finalDataType !== dataTypes[ 0 ] ) {
+			dataTypes.unshift( finalDataType );
+		}
+		return responses[ finalDataType ];
+	}
+}
+
+/* Chain conversions given the request and the original response
+ * Also sets the responseXXX fields on the jqXHR instance
+ */
+function ajaxConvert( s, response, jqXHR, isSuccess ) {
+	var conv2, current, conv, tmp, prev,
+		converters = {},
+
+		// Work with a copy of dataTypes in case we need to modify it for conversion
+		dataTypes = s.dataTypes.slice();
+
+	// Create converters map with lowercased keys
+	if ( dataTypes[ 1 ] ) {
+		for ( conv in s.converters ) {
+			converters[ conv.toLowerCase() ] = s.converters[ conv ];
+		}
+	}
+
+	current = dataTypes.shift();
+
+	// Convert to each sequential dataType
+	while ( current ) {
+
+		if ( s.responseFields[ current ] ) {
+			jqXHR[ s.responseFields[ current ] ] = response;
+		}
+
+		// Apply the dataFilter if provided
+		if ( !prev && isSuccess && s.dataFilter ) {
+			response = s.dataFilter( response, s.dataType );
+		}
+
+		prev = current;
+		current = dataTypes.shift();
+
+		if ( current ) {
+
+			// There's only work to do if current dataType is non-auto
+			if ( current === "*" ) {
+
+				current = prev;
+
+			// Convert response if prev dataType is non-auto and differs from current
+			} else if ( prev !== "*" && prev !== current ) {
+
+				// Seek a direct converter
+				conv = converters[ prev + " " + current ] || converters[ "* " + current ];
+
+				// If none found, seek a pair
+				if ( !conv ) {
+					for ( conv2 in converters ) {
+
+						// If conv2 outputs current
+						tmp = conv2.split( " " );
+						if ( tmp[ 1 ] === current ) {
+
+							// If prev can be converted to accepted input
+							conv = converters[ prev + " " + tmp[ 0 ] ] ||
+								converters[ "* " + tmp[ 0 ] ];
+							if ( conv ) {
+
+								// Condense equivalence converters
+								if ( conv === true ) {
+									conv = converters[ conv2 ];
+
+								// Otherwise, insert the intermediate dataType
+								} else if ( converters[ conv2 ] !== true ) {
+									current = tmp[ 0 ];
+									dataTypes.unshift( tmp[ 1 ] );
+								}
+								break;
+							}
+						}
+					}
+				}
+
+				// Apply converter (if not an equivalence)
+				if ( conv !== true ) {
+
+					// Unless errors are allowed to bubble, catch and return them
+					if ( conv && s.throws ) {
+						response = conv( response );
+					} else {
+						try {
+							response = conv( response );
+						} catch ( e ) {
+							return {
+								state: "parsererror",
+								error: conv ? e : "No conversion from " + prev + " to " + current
+							};
+						}
+					}
+				}
+			}
+		}
+	}
+
+	return { state: "success", data: response };
+}
+
+jQuery.extend( {
+
+	// Counter for holding the number of active queries
+	active: 0,
+
+	// Last-Modified header cache for next request
+	lastModified: {},
+	etag: {},
+
+	ajaxSettings: {
+		url: location.href,
+		type: "GET",
+		isLocal: rlocalProtocol.test( location.protocol ),
+		global: true,
+		processData: true,
+		async: true,
+		contentType: "application/x-www-form-urlencoded; charset=UTF-8",
+
+		/*
+		timeout: 0,
+		data: null,
+		dataType: null,
+		username: null,
+		password: null,
+		cache: null,
+		throws: false,
+		traditional: false,
+		headers: {},
+		*/
+
+		accepts: {
+			"*": allTypes,
+			text: "text/plain",
+			html: "text/html",
+			xml: "application/xml, text/xml",
+			json: "application/json, text/javascript"
+		},
+
+		contents: {
+			xml: /\bxml\b/,
+			html: /\bhtml/,
+			json: /\bjson\b/
+		},
+
+		responseFields: {
+			xml: "responseXML",
+			text: "responseText",
+			json: "responseJSON"
+		},
+
+		// Data converters
+		// Keys separate source (or catchall "*") and destination types with a single space
+		converters: {
+
+			// Convert anything to text
+			"* text": String,
+
+			// Text to html (true = no transformation)
+			"text html": true,
+
+			// Evaluate text as a json expression
+			"text json": JSON.parse,
+
+			// Parse text as xml
+			"text xml": jQuery.parseXML
+		},
+
+		// For options that shouldn't be deep extended:
+		// you can add your own custom options here if
+		// and when you create one that shouldn't be
+		// deep extended (see ajaxExtend)
+		flatOptions: {
+			url: true,
+			context: true
+		}
+	},
+
+	// Creates a full fledged settings object into target
+	// with both ajaxSettings and settings fields.
+	// If target is omitted, writes into ajaxSettings.
+	ajaxSetup: function( target, settings ) {
+		return settings ?
+
+			// Building a settings object
+			ajaxExtend( ajaxExtend( target, jQuery.ajaxSettings ), settings ) :
+
+			// Extending ajaxSettings
+			ajaxExtend( jQuery.ajaxSettings, target );
+	},
+
+	ajaxPrefilter: addToPrefiltersOrTransports( prefilters ),
+	ajaxTransport: addToPrefiltersOrTransports( transports ),
+
+	// Main method
+	ajax: function( url, options ) {
+
+		// If url is an object, simulate pre-1.5 signature
+		if ( typeof url === "object" ) {
+			options = url;
+			url = undefined;
+		}
+
+		// Force options to be an object
+		options = options || {};
+
+		var transport,
+
+			// URL without anti-cache param
+			cacheURL,
+
+			// Response headers
+			responseHeadersString,
+			responseHeaders,
+
+			// timeout handle
+			timeoutTimer,
+
+			// Url cleanup var
+			urlAnchor,
+
+			// Request state (becomes false upon send and true upon completion)
+			completed,
+
+			// To know if global events are to be dispatched
+			fireGlobals,
+
+			// Loop variable
+			i,
+
+			// uncached part of the url
+			uncached,
+
+			// Create the final options object
+			s = jQuery.ajaxSetup( {}, options ),
+
+			// Callbacks context
+			callbackContext = s.context || s,
+
+			// Context for global events is callbackContext if it is a DOM node or jQuery collection
+			globalEventContext = s.context &&
+				( callbackContext.nodeType || callbackContext.jquery ) ?
+					jQuery( callbackContext ) :
+					jQuery.event,
+
+			// Deferreds
+			deferred = jQuery.Deferred(),
+			completeDeferred = jQuery.Callbacks( "once memory" ),
+
+			// Status-dependent callbacks
+			statusCode = s.statusCode || {},
+
+			// Headers (they are sent all at once)
+			requestHeaders = {},
+			requestHeadersNames = {},
+
+			// Default abort message
+			strAbort = "canceled",
+
+			// Fake xhr
+			jqXHR = {
+				readyState: 0,
+
+				// Builds headers hashtable if needed
+				getResponseHeader: function( key ) {
+					var match;
+					if ( completed ) {
+						if ( !responseHeaders ) {
+							responseHeaders = {};
+							while ( ( match = rheaders.exec( responseHeadersString ) ) ) {
+								responseHeaders[ match[ 1 ].toLowerCase() ] = match[ 2 ];
+							}
+						}
+						match = responseHeaders[ key.toLowerCase() ];
+					}
+					return match == null ? null : match;
+				},
+
+				// Raw string
+				getAllResponseHeaders: function() {
+					return completed ? responseHeadersString : null;
+				},
+
+				// Caches the header
+				setRequestHeader: function( name, value ) {
+					if ( completed == null ) {
+						name = requestHeadersNames[ name.toLowerCase() ] =
+							requestHeadersNames[ name.toLowerCase() ] || name;
+						requestHeaders[ name ] = value;
+					}
+					return this;
+				},
+
+				// Overrides response content-type header
+				overrideMimeType: function( type ) {
+					if ( completed == null ) {
+						s.mimeType = type;
+					}
+					return this;
+				},
+
+				// Status-dependent callbacks
+				statusCode: function( map ) {
+					var code;
+					if ( map ) {
+						if ( completed ) {
+
+							// Execute the appropriate callbacks
+							jqXHR.always( map[ jqXHR.status ] );
+						} else {
+
+							// Lazy-add the new callbacks in a way that preserves old ones
+							for ( code in map ) {
+								statusCode[ code ] = [ statusCode[ code ], map[ code ] ];
+							}
+						}
+					}
+					return this;
+				},
+
+				// Cancel the request
+				abort: function( statusText ) {
+					var finalText = statusText || strAbort;
+					if ( transport ) {
+						transport.abort( finalText );
+					}
+					done( 0, finalText );
+					return this;
+				}
+			};
+
+		// Attach deferreds
+		deferred.promise( jqXHR );
+
+		// Add protocol if not provided (prefilters might expect it)
+		// Handle falsy url in the settings object (#10093: consistency with old signature)
+		// We also use the url parameter if available
+		s.url = ( ( url || s.url || location.href ) + "" )
+			.replace( rprotocol, location.protocol + "//" );
+
+		// Alias method option to type as per ticket #12004
+		s.type = options.method || options.type || s.method || s.type;
+
+		// Extract dataTypes list
+		s.dataTypes = ( s.dataType || "*" ).toLowerCase().match( rnothtmlwhite ) || [ "" ];
+
+		// A cross-domain request is in order when the origin doesn't match the current origin.
+		if ( s.crossDomain == null ) {
+			urlAnchor = document.createElement( "a" );
+
+			// Support: IE <=8 - 11, Edge 12 - 13
+			// IE throws exception on accessing the href property if url is malformed,
+			// e.g. http://example.com:80x/
+			try {
+				urlAnchor.href = s.url;
+
+				// Support: IE <=8 - 11 only
+				// Anchor's host property isn't correctly set when s.url is relative
+				urlAnchor.href = urlAnchor.href;
+				s.crossDomain = originAnchor.protocol + "//" + originAnchor.host !==
+					urlAnchor.protocol + "//" + urlAnchor.host;
+			} catch ( e ) {
+
+				// If there is an error parsing the URL, assume it is crossDomain,
+				// it can be rejected by the transport if it is invalid
+				s.crossDomain = true;
+			}
+		}
+
+		// Convert data if not already a string
+		if ( s.data && s.processData && typeof s.data !== "string" ) {
+			s.data = jQuery.param( s.data, s.traditional );
+		}
+
+		// Apply prefilters
+		inspectPrefiltersOrTransports( prefilters, s, options, jqXHR );
+
+		// If request was aborted inside a prefilter, stop there
+		if ( completed ) {
+			return jqXHR;
+		}
+
+		// We can fire global events as of now if asked to
+		// Don't fire events if jQuery.event is undefined in an AMD-usage scenario (#15118)
+		fireGlobals = jQuery.event && s.global;
+
+		// Watch for a new set of requests
+		if ( fireGlobals && jQuery.active++ === 0 ) {
+			jQuery.event.trigger( "ajaxStart" );
+		}
+
+		// Uppercase the type
+		s.type = s.type.toUpperCase();
+
+		// Determine if request has content
+		s.hasContent = !rnoContent.test( s.type );
+
+		// Save the URL in case we're toying with the If-Modified-Since
+		// and/or If-None-Match header later on
+		// Remove hash to simplify url manipulation
+		cacheURL = s.url.replace( rhash, "" );
+
+		// More options handling for requests with no content
+		if ( !s.hasContent ) {
+
+			// Remember the hash so we can put it back
+			uncached = s.url.slice( cacheURL.length );
+
+			// If data is available, append data to url
+			if ( s.data ) {
+				cacheURL += ( rquery.test( cacheURL ) ? "&" : "?" ) + s.data;
+
+				// #9682: remove data so that it's not used in an eventual retry
+				delete s.data;
+			}
+
+			// Add or update anti-cache param if needed
+			if ( s.cache === false ) {
+				cacheURL = cacheURL.replace( rantiCache, "$1" );
+				uncached = ( rquery.test( cacheURL ) ? "&" : "?" ) + "_=" + ( nonce++ ) + uncached;
+			}
+
+			// Put hash and anti-cache on the URL that will be requested (gh-1732)
+			s.url = cacheURL + uncached;
+
+		// Change '%20' to '+' if this is encoded form body content (gh-2658)
+		} else if ( s.data && s.processData &&
+			( s.contentType || "" ).indexOf( "application/x-www-form-urlencoded" ) === 0 ) {
+			s.data = s.data.replace( r20, "+" );
+		}
+
+		// Set the If-Modified-Since and/or If-None-Match header, if in ifModified mode.
+		if ( s.ifModified ) {
+			if ( jQuery.lastModified[ cacheURL ] ) {
+				jqXHR.setRequestHeader( "If-Modified-Since", jQuery.lastModified[ cacheURL ] );
+			}
+			if ( jQuery.etag[ cacheURL ] ) {
+				jqXHR.setRequestHeader( "If-None-Match", jQuery.etag[ cacheURL ] );
+			}
+		}
+
+		// Set the correct header, if data is being sent
+		if ( s.data && s.hasContent && s.contentType !== false || options.contentType ) {
+			jqXHR.setRequestHeader( "Content-Type", s.contentType );
+		}
+
+		// Set the Accepts header for the server, depending on the dataType
+		jqXHR.setRequestHeader(
+			"Accept",
+			s.dataTypes[ 0 ] && s.accepts[ s.dataTypes[ 0 ] ] ?
+				s.accepts[ s.dataTypes[ 0 ] ] +
+					( s.dataTypes[ 0 ] !== "*" ? ", " + allTypes + "; q=0.01" : "" ) :
+				s.accepts[ "*" ]
+		);
+
+		// Check for headers option
+		for ( i in s.headers ) {
+			jqXHR.setRequestHeader( i, s.headers[ i ] );
+		}
+
+		// Allow custom headers/mimetypes and early abort
+		if ( s.beforeSend &&
+			( s.beforeSend.call( callbackContext, jqXHR, s ) === false || completed ) ) {
+
+			// Abort if not done already and return
+			return jqXHR.abort();
+		}
+
+		// Aborting is no longer a cancellation
+		strAbort = "abort";
+
+		// Install callbacks on deferreds
+		completeDeferred.add( s.complete );
+		jqXHR.done( s.success );
+		jqXHR.fail( s.error );
+
+		// Get transport
+		transport = inspectPrefiltersOrTransports( transports, s, options, jqXHR );
+
+		// If no transport, we auto-abort
+		if ( !transport ) {
+			done( -1, "No Transport" );
+		} else {
+			jqXHR.readyState = 1;
+
+			// Send global event
+			if ( fireGlobals ) {
+				globalEventContext.trigger( "ajaxSend", [ jqXHR, s ] );
+			}
+
+			// If request was aborted inside ajaxSend, stop there
+			if ( completed ) {
+				return jqXHR;
+			}
+
+			// Timeout
+			if ( s.async && s.timeout > 0 ) {
+				timeoutTimer = window.setTimeout( function() {
+					jqXHR.abort( "timeout" );
+				}, s.timeout );
+			}
+
+			try {
+				completed = false;
+				transport.send( requestHeaders, done );
+			} catch ( e ) {
+
+				// Rethrow post-completion exceptions
+				if ( completed ) {
+					throw e;
+				}
+
+				// Propagate others as results
+				done( -1, e );
+			}
+		}
+
+		// Callback for when everything is done
+		function done( status, nativeStatusText, responses, headers ) {
+			var isSuccess, success, error, response, modified,
+				statusText = nativeStatusText;
+
+			// Ignore repeat invocations
+			if ( completed ) {
+				return;
+			}
+
+			completed = true;
+
+			// Clear timeout if it exists
+			if ( timeoutTimer ) {
+				window.clearTimeout( timeoutTimer );
+			}
+
+			// Dereference transport for early garbage collection
+			// (no matter how long the jqXHR object will be used)
+			transport = undefined;
+
+			// Cache response headers
+			responseHeadersString = headers || "";
+
+			// Set readyState
+			jqXHR.readyState = status > 0 ? 4 : 0;
+
+			// Determine if successful
+			isSuccess = status >= 200 && status < 300 || status === 304;
+
+			// Get response data
+			if ( responses ) {
+				response = ajaxHandleResponses( s, jqXHR, responses );
+			}
+
+			// Convert no matter what (that way responseXXX fields are always set)
+			response = ajaxConvert( s, response, jqXHR, isSuccess );
+
+			// If successful, handle type chaining
+			if ( isSuccess ) {
+
+				// Set the If-Modified-Since and/or If-None-Match header, if in ifModified mode.
+				if ( s.ifModified ) {
+					modified = jqXHR.getResponseHeader( "Last-Modified" );
+					if ( modified ) {
+						jQuery.lastModified[ cacheURL ] = modified;
+					}
+					modified = jqXHR.getResponseHeader( "etag" );
+					if ( modified ) {
+						jQuery.etag[ cacheURL ] = modified;
+					}
+				}
+
+				// if no content
+				if ( status === 204 || s.type === "HEAD" ) {
+					statusText = "nocontent";
+
+				// if not modified
+				} else if ( status === 304 ) {
+					statusText = "notmodified";
+
+				// If we have data, let's convert it
+				} else {
+					statusText = response.state;
+					success = response.data;
+					error = response.error;
+					isSuccess = !error;
+				}
+			} else {
+
+				// Extract error from statusText and normalize for non-aborts
+				error = statusText;
+				if ( status || !statusText ) {
+					statusText = "error";
+					if ( status < 0 ) {
+						status = 0;
+					}
+				}
+			}
+
+			// Set data for the fake xhr object
+			jqXHR.status = status;
+			jqXHR.statusText = ( nativeStatusText || statusText ) + "";
+
+			// Success/Error
+			if ( isSuccess ) {
+				deferred.resolveWith( callbackContext, [ success, statusText, jqXHR ] );
+			} else {
+				deferred.rejectWith( callbackContext, [ jqXHR, statusText, error ] );
+			}
+
+			// Status-dependent callbacks
+			jqXHR.statusCode( statusCode );
+			statusCode = undefined;
+
+			if ( fireGlobals ) {
+				globalEventContext.trigger( isSuccess ? "ajaxSuccess" : "ajaxError",
+					[ jqXHR, s, isSuccess ? success : error ] );
+			}
+
+			// Complete
+			completeDeferred.fireWith( callbackContext, [ jqXHR, statusText ] );
+
+			if ( fireGlobals ) {
+				globalEventContext.trigger( "ajaxComplete", [ jqXHR, s ] );
+
+				// Handle the global AJAX counter
+				if ( !( --jQuery.active ) ) {
+					jQuery.event.trigger( "ajaxStop" );
+				}
+			}
+		}
+
+		return jqXHR;
+	},
+
+	getJSON: function( url, data, callback ) {
+		return jQuery.get( url, data, callback, "json" );
+	},
+
+	getScript: function( url, callback ) {
+		return jQuery.get( url, undefined, callback, "script" );
+	}
+} );
+
+jQuery.each( [ "get", "post" ], function( i, method ) {
+	jQuery[ method ] = function( url, data, callback, type ) {
+
+		// Shift arguments if data argument was omitted
+		if ( jQuery.isFunction( data ) ) {
+			type = type || callback;
+			callback = data;
+			data = undefined;
+		}
+
+		// The url can be an options object (which then must have .url)
+		return jQuery.ajax( jQuery.extend( {
+			url: url,
+			type: method,
+			dataType: type,
+			data: data,
+			success: callback
+		}, jQuery.isPlainObject( url ) && url ) );
+	};
+} );
+
+
+jQuery._evalUrl = function( url ) {
+	return jQuery.ajax( {
+		url: url,
+
+		// Make this explicit, since user can override this through ajaxSetup (#11264)
+		type: "GET",
+		dataType: "script",
+		cache: true,
+		async: false,
+		global: false,
+		"throws": true
+	} );
+};
+
+
+jQuery.fn.extend( {
+	wrapAll: function( html ) {
+		var wrap;
+
+		if ( this[ 0 ] ) {
+			if ( jQuery.isFunction( html ) ) {
+				html = html.call( this[ 0 ] );
+			}
+
+			// The elements to wrap the target around
+			wrap = jQuery( html, this[ 0 ].ownerDocument ).eq( 0 ).clone( true );
+
+			if ( this[ 0 ].parentNode ) {
+				wrap.insertBefore( this[ 0 ] );
+			}
+
+			wrap.map( function() {
+				var elem = this;
+
+				while ( elem.firstElementChild ) {
+					elem = elem.firstElementChild;
+				}
+
+				return elem;
+			} ).append( this );
+		}
+
+		return this;
+	},
+
+	wrapInner: function( html ) {
+		if ( jQuery.isFunction( html ) ) {
+			return this.each( function( i ) {
+				jQuery( this ).wrapInner( html.call( this, i ) );
+			} );
+		}
+
+		return this.each( function() {
+			var self = jQuery( this ),
+				contents = self.contents();
+
+			if ( contents.length ) {
+				contents.wrapAll( html );
+
+			} else {
+				self.append( html );
+			}
+		} );
+	},
+
+	wrap: function( html ) {
+		var isFunction = jQuery.isFunction( html );
+
+		return this.each( function( i ) {
+			jQuery( this ).wrapAll( isFunction ? html.call( this, i ) : html );
+		} );
+	},
+
+	unwrap: function( selector ) {
+		this.parent( selector ).not( "body" ).each( function() {
+			jQuery( this ).replaceWith( this.childNodes );
+		} );
+		return this;
+	}
+} );
+
+
+jQuery.expr.pseudos.hidden = function( elem ) {
+	return !jQuery.expr.pseudos.visible( elem );
+};
+jQuery.expr.pseudos.visible = function( elem ) {
+	return !!( elem.offsetWidth || elem.offsetHeight || elem.getClientRects().length );
+};
+
+
+
+
+jQuery.ajaxSettings.xhr = function() {
+	try {
+		return new window.XMLHttpRequest();
+	} catch ( e ) {}
+};
+
+var xhrSuccessStatus = {
+
+		// File protocol always yields status code 0, assume 200
+		0: 200,
+
+		// Support: IE <=9 only
+		// #1450: sometimes IE returns 1223 when it should be 204
+		1223: 204
+	},
+	xhrSupported = jQuery.ajaxSettings.xhr();
+
+support.cors = !!xhrSupported && ( "withCredentials" in xhrSupported );
+support.ajax = xhrSupported = !!xhrSupported;
+
+jQuery.ajaxTransport( function( options ) {
+	var callback, errorCallback;
+
+	// Cross domain only allowed if supported through XMLHttpRequest
+	if ( support.cors || xhrSupported && !options.crossDomain ) {
+		return {
+			send: function( headers, complete ) {
+				var i,
+					xhr = options.xhr();
+
+				xhr.open(
+					options.type,
+					options.url,
+					options.async,
+					options.username,
+					options.password
+				);
+
+				// Apply custom fields if provided
+				if ( options.xhrFields ) {
+					for ( i in options.xhrFields ) {
+						xhr[ i ] = options.xhrFields[ i ];
+					}
+				}
+
+				// Override mime type if needed
+				if ( options.mimeType && xhr.overrideMimeType ) {
+					xhr.overrideMimeType( options.mimeType );
+				}
+
+				// X-Requested-With header
+				// For cross-domain requests, seeing as conditions for a preflight are
+				// akin to a jigsaw puzzle, we simply never set it to be sure.
+				// (it can always be set on a per-request basis or even using ajaxSetup)
+				// For same-domain requests, won't change header if already provided.
+				if ( !options.crossDomain && !headers[ "X-Requested-With" ] ) {
+					headers[ "X-Requested-With" ] = "XMLHttpRequest";
+				}
+
+				// Set headers
+				for ( i in headers ) {
+					xhr.setRequestHeader( i, headers[ i ] );
+				}
+
+				// Callback
+				callback = function( type ) {
+					return function() {
+						if ( callback ) {
+							callback = errorCallback = xhr.onload =
+								xhr.onerror = xhr.onabort = xhr.onreadystatechange = null;
+
+							if ( type === "abort" ) {
+								xhr.abort();
+							} else if ( type === "error" ) {
+
+								// Support: IE <=9 only
+								// On a manual native abort, IE9 throws
+								// errors on any property access that is not readyState
+								if ( typeof xhr.status !== "number" ) {
+									complete( 0, "error" );
+								} else {
+									complete(
+
+										// File: protocol always yields status 0; see #8605, #14207
+										xhr.status,
+										xhr.statusText
+									);
+								}
+							} else {
+								complete(
+									xhrSuccessStatus[ xhr.status ] || xhr.status,
+									xhr.statusText,
+
+									// Support: IE <=9 only
+									// IE9 has no XHR2 but throws on binary (trac-11426)
+									// For XHR2 non-text, let the caller handle it (gh-2498)
+									( xhr.responseType || "text" ) !== "text"  ||
+									typeof xhr.responseText !== "string" ?
+										{ binary: xhr.response } :
+										{ text: xhr.responseText },
+									xhr.getAllResponseHeaders()
+								);
+							}
+						}
+					};
+				};
+
+				// Listen to events
+				xhr.onload = callback();
+				errorCallback = xhr.onerror = callback( "error" );
+
+				// Support: IE 9 only
+				// Use onreadystatechange to replace onabort
+				// to handle uncaught aborts
+				if ( xhr.onabort !== undefined ) {
+					xhr.onabort = errorCallback;
+				} else {
+					xhr.onreadystatechange = function() {
+
+						// Check readyState before timeout as it changes
+						if ( xhr.readyState === 4 ) {
+
+							// Allow onerror to be called first,
+							// but that will not handle a native abort
+							// Also, save errorCallback to a variable
+							// as xhr.onerror cannot be accessed
+							window.setTimeout( function() {
+								if ( callback ) {
+									errorCallback();
+								}
+							} );
+						}
+					};
+				}
+
+				// Create the abort callback
+				callback = callback( "abort" );
+
+				try {
+
+					// Do send the request (this may raise an exception)
+					xhr.send( options.hasContent && options.data || null );
+				} catch ( e ) {
+
+					// #14683: Only rethrow if this hasn't been notified as an error yet
+					if ( callback ) {
+						throw e;
+					}
+				}
+			},
+
+			abort: function() {
+				if ( callback ) {
+					callback();
+				}
+			}
+		};
+	}
+} );
+
+
+
+
+// Prevent auto-execution of scripts when no explicit dataType was provided (See gh-2432)
+jQuery.ajaxPrefilter( function( s ) {
+	if ( s.crossDomain ) {
+		s.contents.script = false;
+	}
+} );
+
+// Install script dataType
+jQuery.ajaxSetup( {
+	accepts: {
+		script: "text/javascript, application/javascript, " +
+			"application/ecmascript, application/x-ecmascript"
+	},
+	contents: {
+		script: /\b(?:java|ecma)script\b/
+	},
+	converters: {
+		"text script": function( text ) {
+			jQuery.globalEval( text );
+			return text;
+		}
+	}
+} );
+
+// Handle cache's special case and crossDomain
+jQuery.ajaxPrefilter( "script", function( s ) {
+	if ( s.cache === undefined ) {
+		s.cache = false;
+	}
+	if ( s.crossDomain ) {
+		s.type = "GET";
+	}
+} );
+
+// Bind script tag hack transport
+jQuery.ajaxTransport( "script", function( s ) {
+
+	// This transport only deals with cross domain requests
+	if ( s.crossDomain ) {
+		var script, callback;
+		return {
+			send: function( _, complete ) {
+				script = jQuery( "<script>" ).prop( {
+					charset: s.scriptCharset,
+					src: s.url
+				} ).on(
+					"load error",
+					callback = function( evt ) {
+						script.remove();
+						callback = null;
+						if ( evt ) {
+							complete( evt.type === "error" ? 404 : 200, evt.type );
+						}
+					}
+				);
+
+				// Use native DOM manipulation to avoid our domManip AJAX trickery
+				document.head.appendChild( script[ 0 ] );
+			},
+			abort: function() {
+				if ( callback ) {
+					callback();
+				}
+			}
+		};
+	}
+} );
+
+
+
+
+var oldCallbacks = [],
+	rjsonp = /(=)\?(?=&|$)|\?\?/;
+
+// Default jsonp settings
+jQuery.ajaxSetup( {
+	jsonp: "callback",
+	jsonpCallback: function() {
+		var callback = oldCallbacks.pop() || ( jQuery.expando + "_" + ( nonce++ ) );
+		this[ callback ] = true;
+		return callback;
+	}
+} );
+
+// Detect, normalize options and install callbacks for jsonp requests
+jQuery.ajaxPrefilter( "json jsonp", function( s, originalSettings, jqXHR ) {
+
+	var callbackName, overwritten, responseContainer,
+		jsonProp = s.jsonp !== false && ( rjsonp.test( s.url ) ?
+			"url" :
+			typeof s.data === "string" &&
+				( s.contentType || "" )
+					.indexOf( "application/x-www-form-urlencoded" ) === 0 &&
+				rjsonp.test( s.data ) && "data"
+		);
+
+	// Handle iff the expected data type is "jsonp" or we have a parameter to set
+	if ( jsonProp || s.dataTypes[ 0 ] === "jsonp" ) {
+
+		// Get callback name, remembering preexisting value associated with it
+		callbackName = s.jsonpCallback = jQuery.isFunction( s.jsonpCallback ) ?
+			s.jsonpCallback() :
+			s.jsonpCallback;
+
+		// Insert callback into url or form data
+		if ( jsonProp ) {
+			s[ jsonProp ] = s[ jsonProp ].replace( rjsonp, "$1" + callbackName );
+		} else if ( s.jsonp !== false ) {
+			s.url += ( rquery.test( s.url ) ? "&" : "?" ) + s.jsonp + "=" + callbackName;
+		}
+
+		// Use data converter to retrieve json after script execution
+		s.converters[ "script json" ] = function() {
+			if ( !responseContainer ) {
+				jQuery.error( callbackName + " was not called" );
+			}
+			return responseContainer[ 0 ];
+		};
+
+		// Force json dataType
+		s.dataTypes[ 0 ] = "json";
+
+		// Install callback
+		overwritten = window[ callbackName ];
+		window[ callbackName ] = function() {
+			responseContainer = arguments;
+		};
+
+		// Clean-up function (fires after converters)
+		jqXHR.always( function() {
+
+			// If previous value didn't exist - remove it
+			if ( overwritten === undefined ) {
+				jQuery( window ).removeProp( callbackName );
+
+			// Otherwise restore preexisting value
+			} else {
+				window[ callbackName ] = overwritten;
+			}
+
+			// Save back as free
+			if ( s[ callbackName ] ) {
+
+				// Make sure that re-using the options doesn't screw things around
+				s.jsonpCallback = originalSettings.jsonpCallback;
+
+				// Save the callback name for future use
+				oldCallbacks.push( callbackName );
+			}
+
+			// Call if it was a function and we have a response
+			if ( responseContainer && jQuery.isFunction( overwritten ) ) {
+				overwritten( responseContainer[ 0 ] );
+			}
+
+			responseContainer = overwritten = undefined;
+		} );
+
+		// Delegate to script
+		return "script";
+	}
+} );
+
+
+
+
+// Support: Safari 8 only
+// In Safari 8 documents created via document.implementation.createHTMLDocument
+// collapse sibling forms: the second one becomes a child of the first one.
+// Because of that, this security measure has to be disabled in Safari 8.
+// https://bugs.webkit.org/show_bug.cgi?id=137337
+support.createHTMLDocument = ( function() {
+	var body = document.implementation.createHTMLDocument( "" ).body;
+	body.innerHTML = "<form></form><form></form>";
+	return body.childNodes.length === 2;
+} )();
+
+
+// Argument "data" should be string of html
+// context (optional): If specified, the fragment will be created in this context,
+// defaults to document
+// keepScripts (optional): If true, will include scripts passed in the html string
+jQuery.parseHTML = function( data, context, keepScripts ) {
+	if ( typeof data !== "string" ) {
+		return [];
+	}
+	if ( typeof context === "boolean" ) {
+		keepScripts = context;
+		context = false;
+	}
+
+	var base, parsed, scripts;
+
+	if ( !context ) {
+
+		// Stop scripts or inline event handlers from being executed immediately
+		// by using document.implementation
+		if ( support.createHTMLDocument ) {
+			context = document.implementation.createHTMLDocument( "" );
+
+			// Set the base href for the created document
+			// so any parsed elements with URLs
+			// are based on the document's URL (gh-2965)
+			base = context.createElement( "base" );
+			base.href = document.location.href;
+			context.head.appendChild( base );
+		} else {
+			context = document;
+		}
+	}
+
+	parsed = rsingleTag.exec( data );
+	scripts = !keepScripts && [];
+
+	// Single tag
+	if ( parsed ) {
+		return [ context.createElement( parsed[ 1 ] ) ];
+	}
+
+	parsed = buildFragment( [ data ], context, scripts );
+
+	if ( scripts && scripts.length ) {
+		jQuery( scripts ).remove();
+	}
+
+	return jQuery.merge( [], parsed.childNodes );
+};
+
+
+/**
+ * Load a url into a page
+ */
+jQuery.fn.load = function( url, params, callback ) {
+	var selector, type, response,
+		self = this,
+		off = url.indexOf( " " );
+
+	if ( off > -1 ) {
+		selector = stripAndCollapse( url.slice( off ) );
+		url = url.slice( 0, off );
+	}
+
+	// If it's a function
+	if ( jQuery.isFunction( params ) ) {
+
+		// We assume that it's the callback
+		callback = params;
+		params = undefined;
+
+	// Otherwise, build a param string
+	} else if ( params && typeof params === "object" ) {
+		type = "POST";
+	}
+
+	// If we have elements to modify, make the request
+	if ( self.length > 0 ) {
+		jQuery.ajax( {
+			url: url,
+
+			// If "type" variable is undefined, then "GET" method will be used.
+			// Make value of this field explicit since
+			// user can override it through ajaxSetup method
+			type: type || "GET",
+			dataType: "html",
+			data: params
+		} ).done( function( responseText ) {
+
+			// Save response for use in complete callback
+			response = arguments;
+
+			self.html( selector ?
+
+				// If a selector was specified, locate the right elements in a dummy div
+				// Exclude scripts to avoid IE 'Permission Denied' errors
+				jQuery( "<div>" ).append( jQuery.parseHTML( responseText ) ).find( selector ) :
+
+				// Otherwise use the full result
+				responseText );
+
+		// If the request succeeds, this function gets "data", "status", "jqXHR"
+		// but they are ignored because response was set above.
+		// If it fails, this function gets "jqXHR", "status", "error"
+		} ).always( callback && function( jqXHR, status ) {
+			self.each( function() {
+				callback.apply( this, response || [ jqXHR.responseText, status, jqXHR ] );
+			} );
+		} );
+	}
+
+	return this;
+};
+
+
+
+
+// Attach a bunch of functions for handling common AJAX events
+jQuery.each( [
+	"ajaxStart",
+	"ajaxStop",
+	"ajaxComplete",
+	"ajaxError",
+	"ajaxSuccess",
+	"ajaxSend"
+], function( i, type ) {
+	jQuery.fn[ type ] = function( fn ) {
+		return this.on( type, fn );
+	};
+} );
+
+
+
+
+jQuery.expr.pseudos.animated = function( elem ) {
+	return jQuery.grep( jQuery.timers, function( fn ) {
+		return elem === fn.elem;
+	} ).length;
+};
+
+
+
+
+jQuery.offset = {
+	setOffset: function( elem, options, i ) {
+		var curPosition, curLeft, curCSSTop, curTop, curOffset, curCSSLeft, calculatePosition,
+			position = jQuery.css( elem, "position" ),
+			curElem = jQuery( elem ),
+			props = {};
+
+		// Set position first, in-case top/left are set even on static elem
+		if ( position === "static" ) {
+			elem.style.position = "relative";
+		}
+
+		curOffset = curElem.offset();
+		curCSSTop = jQuery.css( elem, "top" );
+		curCSSLeft = jQuery.css( elem, "left" );
+		calculatePosition = ( position === "absolute" || position === "fixed" ) &&
+			( curCSSTop + curCSSLeft ).indexOf( "auto" ) > -1;
+
+		// Need to be able to calculate position if either
+		// top or left is auto and position is either absolute or fixed
+		if ( calculatePosition ) {
+			curPosition = curElem.position();
+			curTop = curPosition.top;
+			curLeft = curPosition.left;
+
+		} else {
+			curTop = parseFloat( curCSSTop ) || 0;
+			curLeft = parseFloat( curCSSLeft ) || 0;
+		}
+
+		if ( jQuery.isFunction( options ) ) {
+
+			// Use jQuery.extend here to allow modification of coordinates argument (gh-1848)
+			options = options.call( elem, i, jQuery.extend( {}, curOffset ) );
+		}
+
+		if ( options.top != null ) {
+			props.top = ( options.top - curOffset.top ) + curTop;
+		}
+		if ( options.left != null ) {
+			props.left = ( options.left - curOffset.left ) + curLeft;
+		}
+
+		if ( "using" in options ) {
+			options.using.call( elem, props );
+
+		} else {
+			curElem.css( props );
+		}
+	}
+};
+
+jQuery.fn.extend( {
+	offset: function( options ) {
+
+		// Preserve chaining for setter
+		if ( arguments.length ) {
+			return options === undefined ?
+				this :
+				this.each( function( i ) {
+					jQuery.offset.setOffset( this, options, i );
+				} );
+		}
+
+		var doc, docElem, rect, win,
+			elem = this[ 0 ];
+
+		if ( !elem ) {
+			return;
+		}
+
+		// Return zeros for disconnected and hidden (display: none) elements (gh-2310)
+		// Support: IE <=11 only
+		// Running getBoundingClientRect on a
+		// disconnected node in IE throws an error
+		if ( !elem.getClientRects().length ) {
+			return { top: 0, left: 0 };
+		}
+
+		rect = elem.getBoundingClientRect();
+
+		doc = elem.ownerDocument;
+		docElem = doc.documentElement;
+		win = doc.defaultView;
+
+		return {
+			top: rect.top + win.pageYOffset - docElem.clientTop,
+			left: rect.left + win.pageXOffset - docElem.clientLeft
+		};
+	},
+
+	position: function() {
+		if ( !this[ 0 ] ) {
+			return;
+		}
+
+		var offsetParent, offset,
+			elem = this[ 0 ],
+			parentOffset = { top: 0, left: 0 };
+
+		// Fixed elements are offset from window (parentOffset = {top:0, left: 0},
+		// because it is its only offset parent
+		if ( jQuery.css( elem, "position" ) === "fixed" ) {
+
+			// Assume getBoundingClientRect is there when computed position is fixed
+			offset = elem.getBoundingClientRect();
+
+		} else {
+
+			// Get *real* offsetParent
+			offsetParent = this.offsetParent();
+
+			// Get correct offsets
+			offset = this.offset();
+			if ( !nodeName( offsetParent[ 0 ], "html" ) ) {
+				parentOffset = offsetParent.offset();
+			}
+
+			// Add offsetParent borders
+			parentOffset = {
+				top: parentOffset.top + jQuery.css( offsetParent[ 0 ], "borderTopWidth", true ),
+				left: parentOffset.left + jQuery.css( offsetParent[ 0 ], "borderLeftWidth", true )
+			};
+		}
+
+		// Subtract parent offsets and element margins
+		return {
+			top: offset.top - parentOffset.top - jQuery.css( elem, "marginTop", true ),
+			left: offset.left - parentOffset.left - jQuery.css( elem, "marginLeft", true )
+		};
+	},
+
+	// This method will return documentElement in the following cases:
+	// 1) For the element inside the iframe without offsetParent, this method will return
+	//    documentElement of the parent window
+	// 2) For the hidden or detached element
+	// 3) For body or html element, i.e. in case of the html node - it will return itself
+	//
+	// but those exceptions were never presented as a real life use-cases
+	// and might be considered as more preferable results.
+	//
+	// This logic, however, is not guaranteed and can change at any point in the future
+	offsetParent: function() {
+		return this.map( function() {
+			var offsetParent = this.offsetParent;
+
+			while ( offsetParent && jQuery.css( offsetParent, "position" ) === "static" ) {
+				offsetParent = offsetParent.offsetParent;
+			}
+
+			return offsetParent || documentElement;
+		} );
+	}
+} );
+
+// Create scrollLeft and scrollTop methods
+jQuery.each( { scrollLeft: "pageXOffset", scrollTop: "pageYOffset" }, function( method, prop ) {
+	var top = "pageYOffset" === prop;
+
+	jQuery.fn[ method ] = function( val ) {
+		return access( this, function( elem, method, val ) {
+
+			// Coalesce documents and windows
+			var win;
+			if ( jQuery.isWindow( elem ) ) {
+				win = elem;
+			} else if ( elem.nodeType === 9 ) {
+				win = elem.defaultView;
+			}
+
+			if ( val === undefined ) {
+				return win ? win[ prop ] : elem[ method ];
+			}
+
+			if ( win ) {
+				win.scrollTo(
+					!top ? val : win.pageXOffset,
+					top ? val : win.pageYOffset
+				);
+
+			} else {
+				elem[ method ] = val;
+			}
+		}, method, val, arguments.length );
+	};
+} );
+
+// Support: Safari <=7 - 9.1, Chrome <=37 - 49
+// Add the top/left cssHooks using jQuery.fn.position
+// Webkit bug: https://bugs.webkit.org/show_bug.cgi?id=29084
+// Blink bug: https://bugs.chromium.org/p/chromium/issues/detail?id=589347
+// getComputedStyle returns percent when specified for top/left/bottom/right;
+// rather than make the css module depend on the offset module, just check for it here
+jQuery.each( [ "top", "left" ], function( i, prop ) {
+	jQuery.cssHooks[ prop ] = addGetHookIf( support.pixelPosition,
+		function( elem, computed ) {
+			if ( computed ) {
+				computed = curCSS( elem, prop );
+
+				// If curCSS returns percentage, fallback to offset
+				return rnumnonpx.test( computed ) ?
+					jQuery( elem ).position()[ prop ] + "px" :
+					computed;
+			}
+		}
+	);
+} );
+
+
+// Create innerHeight, innerWidth, height, width, outerHeight and outerWidth methods
+jQuery.each( { Height: "height", Width: "width" }, function( name, type ) {
+	jQuery.each( { padding: "inner" + name, content: type, "": "outer" + name },
+		function( defaultExtra, funcName ) {
+
+		// Margin is only for outerHeight, outerWidth
+		jQuery.fn[ funcName ] = function( margin, value ) {
+			var chainable = arguments.length && ( defaultExtra || typeof margin !== "boolean" ),
+				extra = defaultExtra || ( margin === true || value === true ? "margin" : "border" );
+
+			return access( this, function( elem, type, value ) {
+				var doc;
+
+				if ( jQuery.isWindow( elem ) ) {
+
+					// $( window ).outerWidth/Height return w/h including scrollbars (gh-1729)
+					return funcName.indexOf( "outer" ) === 0 ?
+						elem[ "inner" + name ] :
+						elem.document.documentElement[ "client" + name ];
+				}
+
+				// Get document width or height
+				if ( elem.nodeType === 9 ) {
+					doc = elem.documentElement;
+
+					// Either scroll[Width/Height] or offset[Width/Height] or client[Width/Height],
+					// whichever is greatest
+					return Math.max(
+						elem.body[ "scroll" + name ], doc[ "scroll" + name ],
+						elem.body[ "offset" + name ], doc[ "offset" + name ],
+						doc[ "client" + name ]
+					);
+				}
+
+				return value === undefined ?
+
+					// Get width or height on the element, requesting but not forcing parseFloat
+					jQuery.css( elem, type, extra ) :
+
+					// Set width or height on the element
+					jQuery.style( elem, type, value, extra );
+			}, type, chainable ? margin : undefined, chainable );
+		};
+	} );
+} );
+
+
+jQuery.fn.extend( {
+
+	bind: function( types, data, fn ) {
+		return this.on( types, null, data, fn );
+	},
+	unbind: function( types, fn ) {
+		return this.off( types, null, fn );
+	},
+
+	delegate: function( selector, types, data, fn ) {
+		return this.on( types, selector, data, fn );
+	},
+	undelegate: function( selector, types, fn ) {
+
+		// ( namespace ) or ( selector, types [, fn] )
+		return arguments.length === 1 ?
+			this.off( selector, "**" ) :
+			this.off( types, selector || "**", fn );
+	}
+} );
+
+jQuery.holdReady = function( hold ) {
+	if ( hold ) {
+		jQuery.readyWait++;
+	} else {
+		jQuery.ready( true );
+	}
+};
+jQuery.isArray = Array.isArray;
+jQuery.parseJSON = JSON.parse;
+jQuery.nodeName = nodeName;
+
+
+
+
+// Register as a named AMD module, since jQuery can be concatenated with other
+// files that may use define, but not via a proper concatenation script that
+// understands anonymous AMD modules. A named AMD is safest and most robust
+// way to register. Lowercase jquery is used because AMD module names are
+// derived from file names, and jQuery is normally delivered in a lowercase
+// file name. Do this after creating the global so that if an AMD module wants
+// to call noConflict to hide this version of jQuery, it will work.
+
+// Note that for maximum portability, libraries that are not jQuery should
+// declare themselves as anonymous modules, and avoid setting a global if an
+// AMD loader is present. jQuery is a special case. For more information, see
+// https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon
+
+if ( typeof define === "function" && define.amd ) {
+	define( "jquery", [], function() {
+		return jQuery;
+	} );
+}
+
+
+
+
+var
+
+	// Map over jQuery in case of overwrite
+	_jQuery = window.jQuery,
+
+	// Map over the $ in case of overwrite
+	_$ = window.$;
+
+jQuery.noConflict = function( deep ) {
+	if ( window.$ === jQuery ) {
+		window.$ = _$;
+	}
+
+	if ( deep && window.jQuery === jQuery ) {
+		window.jQuery = _jQuery;
+	}
+
+	return jQuery;
+};
+
+// Expose jQuery and $ identifiers, even in AMD
+// (#7102#comment:10, https://github.com/jquery/jquery/pull/557)
+// and CommonJS for browser emulators (#13566)
+if ( !noGlobal ) {
+	window.jQuery = window.$ = jQuery;
+}
+
+
+
+
+return jQuery;
+} );
diff --git a/docs/html/_static/language_data.js b/docs/html/_static/language_data.js
deleted file mode 100644
index 5266fb1..0000000
--- a/docs/html/_static/language_data.js
+++ /dev/null
@@ -1,297 +0,0 @@
-/*
- * language_data.js
- * ~~~~~~~~~~~~~~~~
- *
- * This script contains the language-specific data used by searchtools.js,
- * namely the list of stopwords, stemmer, scorer and splitter.
- *
- * :copyright: Copyright 2007-2019 by the Sphinx team, see AUTHORS.
- * :license: BSD, see LICENSE for details.
- *
- */
-
-var stopwords = ["a","and","are","as","at","be","but","by","for","if","in","into","is","it","near","no","not","of","on","or","such","that","the","their","then","there","these","they","this","to","was","will","with"];
-
-
-/* Non-minified version JS is _stemmer.js if file is provided */ 
-/**
- * Porter Stemmer
- */
-var Stemmer = function() {
-
-  var step2list = {
-    ational: 'ate',
-    tional: 'tion',
-    enci: 'ence',
-    anci: 'ance',
-    izer: 'ize',
-    bli: 'ble',
-    alli: 'al',
-    entli: 'ent',
-    eli: 'e',
-    ousli: 'ous',
-    ization: 'ize',
-    ation: 'ate',
-    ator: 'ate',
-    alism: 'al',
-    iveness: 'ive',
-    fulness: 'ful',
-    ousness: 'ous',
-    aliti: 'al',
-    iviti: 'ive',
-    biliti: 'ble',
-    logi: 'log'
-  };
-
-  var step3list = {
-    icate: 'ic',
-    ative: '',
-    alize: 'al',
-    iciti: 'ic',
-    ical: 'ic',
-    ful: '',
-    ness: ''
-  };
-
-  var c = "[^aeiou]";          // consonant
-  var v = "[aeiouy]";          // vowel
-  var C = c + "[^aeiouy]*";    // consonant sequence
-  var V = v + "[aeiou]*";      // vowel sequence
-
-  var mgr0 = "^(" + C + ")?" + V + C;                      // [C]VC... is m>0
-  var meq1 = "^(" + C + ")?" + V + C + "(" + V + ")?$";    // [C]VC[V] is m=1
-  var mgr1 = "^(" + C + ")?" + V + C + V + C;              // [C]VCVC... is m>1
-  var s_v   = "^(" + C + ")?" + v;                         // vowel in stem
-
-  this.stemWord = function (w) {
-    var stem;
-    var suffix;
-    var firstch;
-    var origword = w;
-
-    if (w.length < 3)
-      return w;
-
-    var re;
-    var re2;
-    var re3;
-    var re4;
-
-    firstch = w.substr(0,1);
-    if (firstch == "y")
-      w = firstch.toUpperCase() + w.substr(1);
-
-    // Step 1a
-    re = /^(.+?)(ss|i)es$/;
-    re2 = /^(.+?)([^s])s$/;
-
-    if (re.test(w))
-      w = w.replace(re,"$1$2");
-    else if (re2.test(w))
-      w = w.replace(re2,"$1$2");
-
-    // Step 1b
-    re = /^(.+?)eed$/;
-    re2 = /^(.+?)(ed|ing)$/;
-    if (re.test(w)) {
-      var fp = re.exec(w);
-      re = new RegExp(mgr0);
-      if (re.test(fp[1])) {
-        re = /.$/;
-        w = w.replace(re,"");
-      }
-    }
-    else if (re2.test(w)) {
-      var fp = re2.exec(w);
-      stem = fp[1];
-      re2 = new RegExp(s_v);
-      if (re2.test(stem)) {
-        w = stem;
-        re2 = /(at|bl|iz)$/;
-        re3 = new RegExp("([^aeiouylsz])\\1$");
-        re4 = new RegExp("^" + C + v + "[^aeiouwxy]$");
-        if (re2.test(w))
-          w = w + "e";
-        else if (re3.test(w)) {
-          re = /.$/;
-          w = w.replace(re,"");
-        }
-        else if (re4.test(w))
-          w = w + "e";
-      }
-    }
-
-    // Step 1c
-    re = /^(.+?)y$/;
-    if (re.test(w)) {
-      var fp = re.exec(w);
-      stem = fp[1];
-      re = new RegExp(s_v);
-      if (re.test(stem))
-        w = stem + "i";
-    }
-
-    // Step 2
-    re = /^(.+?)(ational|tional|enci|anci|izer|bli|alli|entli|eli|ousli|ization|ation|ator|alism|iveness|fulness|ousness|aliti|iviti|biliti|logi)$/;
-    if (re.test(w)) {
-      var fp = re.exec(w);
-      stem = fp[1];
-      suffix = fp[2];
-      re = new RegExp(mgr0);
-      if (re.test(stem))
-        w = stem + step2list[suffix];
-    }
-
-    // Step 3
-    re = /^(.+?)(icate|ative|alize|iciti|ical|ful|ness)$/;
-    if (re.test(w)) {
-      var fp = re.exec(w);
-      stem = fp[1];
-      suffix = fp[2];
-      re = new RegExp(mgr0);
-      if (re.test(stem))
-        w = stem + step3list[suffix];
-    }
-
-    // Step 4
-    re = /^(.+?)(al|ance|ence|er|ic|able|ible|ant|ement|ment|ent|ou|ism|ate|iti|ous|ive|ize)$/;
-    re2 = /^(.+?)(s|t)(ion)$/;
-    if (re.test(w)) {
-      var fp = re.exec(w);
-      stem = fp[1];
-      re = new RegExp(mgr1);
-      if (re.test(stem))
-        w = stem;
-    }
-    else if (re2.test(w)) {
-      var fp = re2.exec(w);
-      stem = fp[1] + fp[2];
-      re2 = new RegExp(mgr1);
-      if (re2.test(stem))
-        w = stem;
-    }
-
-    // Step 5
-    re = /^(.+?)e$/;
-    if (re.test(w)) {
-      var fp = re.exec(w);
-      stem = fp[1];
-      re = new RegExp(mgr1);
-      re2 = new RegExp(meq1);
-      re3 = new RegExp("^" + C + v + "[^aeiouwxy]$");
-      if (re.test(stem) || (re2.test(stem) && !(re3.test(stem))))
-        w = stem;
-    }
-    re = /ll$/;
-    re2 = new RegExp(mgr1);
-    if (re.test(w) && re2.test(w)) {
-      re = /.$/;
-      w = w.replace(re,"");
-    }
-
-    // and turn initial Y back to y
-    if (firstch == "y")
-      w = firstch.toLowerCase() + w.substr(1);
-    return w;
-  }
-}
-
-
-
-
-
-var splitChars = (function() {
-    var result = {};
-    var singles = [96, 180, 187, 191, 215, 247, 749, 885, 903, 907, 909, 930, 1014, 1648,
-         1748, 1809, 2416, 2473, 2481, 2526, 2601, 2609, 2612, 2615, 2653, 2702,
-         2706, 2729, 2737, 2740, 2857, 2865, 2868, 2910, 2928, 2948, 2961, 2971,
-         2973, 3085, 3089, 3113, 3124, 3213, 3217, 3241, 3252, 3295, 3341, 3345,
-         3369, 3506, 3516, 3633, 3715, 3721, 3736, 3744, 3748, 3750, 3756, 3761,
-         3781, 3912, 4239, 4347, 4681, 4695, 4697, 4745, 4785, 4799, 4801, 4823,
-         4881, 5760, 5901, 5997, 6313, 7405, 8024, 8026, 8028, 8030, 8117, 8125,
-         8133, 8181, 8468, 8485, 8487, 8489, 8494, 8527, 11311, 11359, 11687, 11695,
-         11703, 11711, 11719, 11727, 11735, 12448, 12539, 43010, 43014, 43019, 43587,
-         43696, 43713, 64286, 64297, 64311, 64317, 64319, 64322, 64325, 65141];
-    var i, j, start, end;
-    for (i = 0; i < singles.length; i++) {
-        result[singles[i]] = true;
-    }
-    var ranges = [[0, 47], [58, 64], [91, 94], [123, 169], [171, 177], [182, 184], [706, 709],
-         [722, 735], [741, 747], [751, 879], [888, 889], [894, 901], [1154, 1161],
-         [1318, 1328], [1367, 1368], [1370, 1376], [1416, 1487], [1515, 1519], [1523, 1568],
-         [1611, 1631], [1642, 1645], [1750, 1764], [1767, 1773], [1789, 1790], [1792, 1807],
-         [1840, 1868], [1958, 1968], [1970, 1983], [2027, 2035], [2038, 2041], [2043, 2047],
-         [2070, 2073], [2075, 2083], [2085, 2087], [2089, 2307], [2362, 2364], [2366, 2383],
-         [2385, 2391], [2402, 2405], [2419, 2424], [2432, 2436], [2445, 2446], [2449, 2450],
-         [2483, 2485], [2490, 2492], [2494, 2509], [2511, 2523], [2530, 2533], [2546, 2547],
-         [2554, 2564], [2571, 2574], [2577, 2578], [2618, 2648], [2655, 2661], [2672, 2673],
-         [2677, 2692], [2746, 2748], [2750, 2767], [2769, 2783], [2786, 2789], [2800, 2820],
-         [2829, 2830], [2833, 2834], [2874, 2876], [2878, 2907], [2914, 2917], [2930, 2946],
-         [2955, 2957], [2966, 2968], [2976, 2978], [2981, 2983], [2987, 2989], [3002, 3023],
-         [3025, 3045], [3059, 3076], [3130, 3132], [3134, 3159], [3162, 3167], [3170, 3173],
-         [3184, 3191], [3199, 3204], [3258, 3260], [3262, 3293], [3298, 3301], [3312, 3332],
-         [3386, 3388], [3390, 3423], [3426, 3429], [3446, 3449], [3456, 3460], [3479, 3481],
-         [3518, 3519], [3527, 3584], [3636, 3647], [3655, 3663], [3674, 3712], [3717, 3718],
-         [3723, 3724], [3726, 3731], [3752, 3753], [3764, 3772], [3774, 3775], [3783, 3791],
-         [3802, 3803], [3806, 3839], [3841, 3871], [3892, 3903], [3949, 3975], [3980, 4095],
-         [4139, 4158], [4170, 4175], [4182, 4185], [4190, 4192], [4194, 4196], [4199, 4205],
-         [4209, 4212], [4226, 4237], [4250, 4255], [4294, 4303], [4349, 4351], [4686, 4687],
-         [4702, 4703], [4750, 4751], [4790, 4791], [4806, 4807], [4886, 4887], [4955, 4968],
-         [4989, 4991], [5008, 5023], [5109, 5120], [5741, 5742], [5787, 5791], [5867, 5869],
-         [5873, 5887], [5906, 5919], [5938, 5951], [5970, 5983], [6001, 6015], [6068, 6102],
-         [6104, 6107], [6109, 6111], [6122, 6127], [6138, 6159], [6170, 6175], [6264, 6271],
-         [6315, 6319], [6390, 6399], [6429, 6469], [6510, 6511], [6517, 6527], [6572, 6592],
-         [6600, 6607], [6619, 6655], [6679, 6687], [6741, 6783], [6794, 6799], [6810, 6822],
-         [6824, 6916], [6964, 6980], [6988, 6991], [7002, 7042], [7073, 7085], [7098, 7167],
-         [7204, 7231], [7242, 7244], [7294, 7400], [7410, 7423], [7616, 7679], [7958, 7959],
-         [7966, 7967], [8006, 8007], [8014, 8015], [8062, 8063], [8127, 8129], [8141, 8143],
-         [8148, 8149], [8156, 8159], [8173, 8177], [8189, 8303], [8306, 8307], [8314, 8318],
-         [8330, 8335], [8341, 8449], [8451, 8454], [8456, 8457], [8470, 8472], [8478, 8483],
-         [8506, 8507], [8512, 8516], [8522, 8525], [8586, 9311], [9372, 9449], [9472, 10101],
-         [10132, 11263], [11493, 11498], [11503, 11516], [11518, 11519], [11558, 11567],
-         [11622, 11630], [11632, 11647], [11671, 11679], [11743, 11822], [11824, 12292],
-         [12296, 12320], [12330, 12336], [12342, 12343], [12349, 12352], [12439, 12444],
-         [12544, 12548], [12590, 12592], [12687, 12689], [12694, 12703], [12728, 12783],
-         [12800, 12831], [12842, 12880], [12896, 12927], [12938, 12976], [12992, 13311],
-         [19894, 19967], [40908, 40959], [42125, 42191], [42238, 42239], [42509, 42511],
-         [42540, 42559], [42592, 42593], [42607, 42622], [42648, 42655], [42736, 42774],
-         [42784, 42785], [42889, 42890], [42893, 43002], [43043, 43055], [43062, 43071],
-         [43124, 43137], [43188, 43215], [43226, 43249], [43256, 43258], [43260, 43263],
-         [43302, 43311], [43335, 43359], [43389, 43395], [43443, 43470], [43482, 43519],
-         [43561, 43583], [43596, 43599], [43610, 43615], [43639, 43641], [43643, 43647],
-         [43698, 43700], [43703, 43704], [43710, 43711], [43715, 43738], [43742, 43967],
-         [44003, 44015], [44026, 44031], [55204, 55215], [55239, 55242], [55292, 55295],
-         [57344, 63743], [64046, 64047], [64110, 64111], [64218, 64255], [64263, 64274],
-         [64280, 64284], [64434, 64466], [64830, 64847], [64912, 64913], [64968, 65007],
-         [65020, 65135], [65277, 65295], [65306, 65312], [65339, 65344], [65371, 65381],
-         [65471, 65473], [65480, 65481], [65488, 65489], [65496, 65497]];
-    for (i = 0; i < ranges.length; i++) {
-        start = ranges[i][0];
-        end = ranges[i][1];
-        for (j = start; j <= end; j++) {
-            result[j] = true;
-        }
-    }
-    return result;
-})();
-
-function splitQuery(query) {
-    var result = [];
-    var start = -1;
-    for (var i = 0; i < query.length; i++) {
-        if (splitChars[query.charCodeAt(i)]) {
-            if (start !== -1) {
-                result.push(query.slice(start, i));
-                start = -1;
-            }
-        } else if (start === -1) {
-            start = i;
-        }
-    }
-    if (start !== -1) {
-        result.push(query.slice(start));
-    }
-    return result;
-}
-
-
diff --git a/docs/html/_static/searchtools.js b/docs/html/_static/searchtools.js
index 5ff3180..41b8336 100644
--- a/docs/html/_static/searchtools.js
+++ b/docs/html/_static/searchtools.js
@@ -1,52 +1,331 @@
 /*
- * searchtools.js
+ * searchtools.js_t
  * ~~~~~~~~~~~~~~~~
  *
  * Sphinx JavaScript utilities for the full-text search.
  *
- * :copyright: Copyright 2007-2019 by the Sphinx team, see AUTHORS.
+ * :copyright: Copyright 2007-2018 by the Sphinx team, see AUTHORS.
  * :license: BSD, see LICENSE for details.
  *
  */
 
-if (!Scorer) {
-  /**
-   * Simple result scoring code.
-   */
-  var Scorer = {
-    // Implement the following function to further tweak the score for each result
-    // The function takes a result array [filename, title, anchor, descr, score]
-    // and returns the new score.
-    /*
-    score: function(result) {
-      return result[4];
-    },
-    */
 
-    // query matches the full name of an object
-    objNameMatch: 11,
-    // or matches in the last dotted part of the object name
-    objPartialMatch: 6,
-    // Additive scores depending on the priority of the object
-    objPrio: {0:  15,   // used to be importantResults
-              1:  5,   // used to be objectResults
-              2: -5},  // used to be unimportantResults
-    //  Used when the priority is not in the mapping.
-    objPrioDefault: 0,
+/* Non-minified version JS is _stemmer.js if file is provided */ 
+/**
+ * Porter Stemmer
+ */
+var Stemmer = function() {
 
-    // query found in title
-    title: 15,
-    // query found in terms
-    term: 5
+  var step2list = {
+    ational: 'ate',
+    tional: 'tion',
+    enci: 'ence',
+    anci: 'ance',
+    izer: 'ize',
+    bli: 'ble',
+    alli: 'al',
+    entli: 'ent',
+    eli: 'e',
+    ousli: 'ous',
+    ization: 'ize',
+    ation: 'ate',
+    ator: 'ate',
+    alism: 'al',
+    iveness: 'ive',
+    fulness: 'ful',
+    ousness: 'ous',
+    aliti: 'al',
+    iviti: 'ive',
+    biliti: 'ble',
+    logi: 'log'
   };
-}
 
-if (!splitQuery) {
-  function splitQuery(query) {
-    return query.split(/\s+/);
+  var step3list = {
+    icate: 'ic',
+    ative: '',
+    alize: 'al',
+    iciti: 'ic',
+    ical: 'ic',
+    ful: '',
+    ness: ''
+  };
+
+  var c = "[^aeiou]";          // consonant
+  var v = "[aeiouy]";          // vowel
+  var C = c + "[^aeiouy]*";    // consonant sequence
+  var V = v + "[aeiou]*";      // vowel sequence
+
+  var mgr0 = "^(" + C + ")?" + V + C;                      // [C]VC... is m>0
+  var meq1 = "^(" + C + ")?" + V + C + "(" + V + ")?$";    // [C]VC[V] is m=1
+  var mgr1 = "^(" + C + ")?" + V + C + V + C;              // [C]VCVC... is m>1
+  var s_v   = "^(" + C + ")?" + v;                         // vowel in stem
+
+  this.stemWord = function (w) {
+    var stem;
+    var suffix;
+    var firstch;
+    var origword = w;
+
+    if (w.length < 3)
+      return w;
+
+    var re;
+    var re2;
+    var re3;
+    var re4;
+
+    firstch = w.substr(0,1);
+    if (firstch == "y")
+      w = firstch.toUpperCase() + w.substr(1);
+
+    // Step 1a
+    re = /^(.+?)(ss|i)es$/;
+    re2 = /^(.+?)([^s])s$/;
+
+    if (re.test(w))
+      w = w.replace(re,"$1$2");
+    else if (re2.test(w))
+      w = w.replace(re2,"$1$2");
+
+    // Step 1b
+    re = /^(.+?)eed$/;
+    re2 = /^(.+?)(ed|ing)$/;
+    if (re.test(w)) {
+      var fp = re.exec(w);
+      re = new RegExp(mgr0);
+      if (re.test(fp[1])) {
+        re = /.$/;
+        w = w.replace(re,"");
+      }
+    }
+    else if (re2.test(w)) {
+      var fp = re2.exec(w);
+      stem = fp[1];
+      re2 = new RegExp(s_v);
+      if (re2.test(stem)) {
+        w = stem;
+        re2 = /(at|bl|iz)$/;
+        re3 = new RegExp("([^aeiouylsz])\\1$");
+        re4 = new RegExp("^" + C + v + "[^aeiouwxy]$");
+        if (re2.test(w))
+          w = w + "e";
+        else if (re3.test(w)) {
+          re = /.$/;
+          w = w.replace(re,"");
+        }
+        else if (re4.test(w))
+          w = w + "e";
+      }
+    }
+
+    // Step 1c
+    re = /^(.+?)y$/;
+    if (re.test(w)) {
+      var fp = re.exec(w);
+      stem = fp[1];
+      re = new RegExp(s_v);
+      if (re.test(stem))
+        w = stem + "i";
+    }
+
+    // Step 2
+    re = /^(.+?)(ational|tional|enci|anci|izer|bli|alli|entli|eli|ousli|ization|ation|ator|alism|iveness|fulness|ousness|aliti|iviti|biliti|logi)$/;
+    if (re.test(w)) {
+      var fp = re.exec(w);
+      stem = fp[1];
+      suffix = fp[2];
+      re = new RegExp(mgr0);
+      if (re.test(stem))
+        w = stem + step2list[suffix];
+    }
+
+    // Step 3
+    re = /^(.+?)(icate|ative|alize|iciti|ical|ful|ness)$/;
+    if (re.test(w)) {
+      var fp = re.exec(w);
+      stem = fp[1];
+      suffix = fp[2];
+      re = new RegExp(mgr0);
+      if (re.test(stem))
+        w = stem + step3list[suffix];
+    }
+
+    // Step 4
+    re = /^(.+?)(al|ance|ence|er|ic|able|ible|ant|ement|ment|ent|ou|ism|ate|iti|ous|ive|ize)$/;
+    re2 = /^(.+?)(s|t)(ion)$/;
+    if (re.test(w)) {
+      var fp = re.exec(w);
+      stem = fp[1];
+      re = new RegExp(mgr1);
+      if (re.test(stem))
+        w = stem;
+    }
+    else if (re2.test(w)) {
+      var fp = re2.exec(w);
+      stem = fp[1] + fp[2];
+      re2 = new RegExp(mgr1);
+      if (re2.test(stem))
+        w = stem;
+    }
+
+    // Step 5
+    re = /^(.+?)e$/;
+    if (re.test(w)) {
+      var fp = re.exec(w);
+      stem = fp[1];
+      re = new RegExp(mgr1);
+      re2 = new RegExp(meq1);
+      re3 = new RegExp("^" + C + v + "[^aeiouwxy]$");
+      if (re.test(stem) || (re2.test(stem) && !(re3.test(stem))))
+        w = stem;
+    }
+    re = /ll$/;
+    re2 = new RegExp(mgr1);
+    if (re.test(w) && re2.test(w)) {
+      re = /.$/;
+      w = w.replace(re,"");
+    }
+
+    // and turn initial Y back to y
+    if (firstch == "y")
+      w = firstch.toLowerCase() + w.substr(1);
+    return w;
   }
 }
 
+
+
+/**
+ * Simple result scoring code.
+ */
+var Scorer = {
+  // Implement the following function to further tweak the score for each result
+  // The function takes a result array [filename, title, anchor, descr, score]
+  // and returns the new score.
+  /*
+  score: function(result) {
+    return result[4];
+  },
+  */
+
+  // query matches the full name of an object
+  objNameMatch: 11,
+  // or matches in the last dotted part of the object name
+  objPartialMatch: 6,
+  // Additive scores depending on the priority of the object
+  objPrio: {0:  15,   // used to be importantResults
+            1:  5,   // used to be objectResults
+            2: -5},  // used to be unimportantResults
+  //  Used when the priority is not in the mapping.
+  objPrioDefault: 0,
+
+  // query found in title
+  title: 15,
+  // query found in terms
+  term: 5
+};
+
+
+
+
+
+var splitChars = (function() {
+    var result = {};
+    var singles = [96, 180, 187, 191, 215, 247, 749, 885, 903, 907, 909, 930, 1014, 1648,
+         1748, 1809, 2416, 2473, 2481, 2526, 2601, 2609, 2612, 2615, 2653, 2702,
+         2706, 2729, 2737, 2740, 2857, 2865, 2868, 2910, 2928, 2948, 2961, 2971,
+         2973, 3085, 3089, 3113, 3124, 3213, 3217, 3241, 3252, 3295, 3341, 3345,
+         3369, 3506, 3516, 3633, 3715, 3721, 3736, 3744, 3748, 3750, 3756, 3761,
+         3781, 3912, 4239, 4347, 4681, 4695, 4697, 4745, 4785, 4799, 4801, 4823,
+         4881, 5760, 5901, 5997, 6313, 7405, 8024, 8026, 8028, 8030, 8117, 8125,
+         8133, 8181, 8468, 8485, 8487, 8489, 8494, 8527, 11311, 11359, 11687, 11695,
+         11703, 11711, 11719, 11727, 11735, 12448, 12539, 43010, 43014, 43019, 43587,
+         43696, 43713, 64286, 64297, 64311, 64317, 64319, 64322, 64325, 65141];
+    var i, j, start, end;
+    for (i = 0; i < singles.length; i++) {
+        result[singles[i]] = true;
+    }
+    var ranges = [[0, 47], [58, 64], [91, 94], [123, 169], [171, 177], [182, 184], [706, 709],
+         [722, 735], [741, 747], [751, 879], [888, 889], [894, 901], [1154, 1161],
+         [1318, 1328], [1367, 1368], [1370, 1376], [1416, 1487], [1515, 1519], [1523, 1568],
+         [1611, 1631], [1642, 1645], [1750, 1764], [1767, 1773], [1789, 1790], [1792, 1807],
+         [1840, 1868], [1958, 1968], [1970, 1983], [2027, 2035], [2038, 2041], [2043, 2047],
+         [2070, 2073], [2075, 2083], [2085, 2087], [2089, 2307], [2362, 2364], [2366, 2383],
+         [2385, 2391], [2402, 2405], [2419, 2424], [2432, 2436], [2445, 2446], [2449, 2450],
+         [2483, 2485], [2490, 2492], [2494, 2509], [2511, 2523], [2530, 2533], [2546, 2547],
+         [2554, 2564], [2571, 2574], [2577, 2578], [2618, 2648], [2655, 2661], [2672, 2673],
+         [2677, 2692], [2746, 2748], [2750, 2767], [2769, 2783], [2786, 2789], [2800, 2820],
+         [2829, 2830], [2833, 2834], [2874, 2876], [2878, 2907], [2914, 2917], [2930, 2946],
+         [2955, 2957], [2966, 2968], [2976, 2978], [2981, 2983], [2987, 2989], [3002, 3023],
+         [3025, 3045], [3059, 3076], [3130, 3132], [3134, 3159], [3162, 3167], [3170, 3173],
+         [3184, 3191], [3199, 3204], [3258, 3260], [3262, 3293], [3298, 3301], [3312, 3332],
+         [3386, 3388], [3390, 3423], [3426, 3429], [3446, 3449], [3456, 3460], [3479, 3481],
+         [3518, 3519], [3527, 3584], [3636, 3647], [3655, 3663], [3674, 3712], [3717, 3718],
+         [3723, 3724], [3726, 3731], [3752, 3753], [3764, 3772], [3774, 3775], [3783, 3791],
+         [3802, 3803], [3806, 3839], [3841, 3871], [3892, 3903], [3949, 3975], [3980, 4095],
+         [4139, 4158], [4170, 4175], [4182, 4185], [4190, 4192], [4194, 4196], [4199, 4205],
+         [4209, 4212], [4226, 4237], [4250, 4255], [4294, 4303], [4349, 4351], [4686, 4687],
+         [4702, 4703], [4750, 4751], [4790, 4791], [4806, 4807], [4886, 4887], [4955, 4968],
+         [4989, 4991], [5008, 5023], [5109, 5120], [5741, 5742], [5787, 5791], [5867, 5869],
+         [5873, 5887], [5906, 5919], [5938, 5951], [5970, 5983], [6001, 6015], [6068, 6102],
+         [6104, 6107], [6109, 6111], [6122, 6127], [6138, 6159], [6170, 6175], [6264, 6271],
+         [6315, 6319], [6390, 6399], [6429, 6469], [6510, 6511], [6517, 6527], [6572, 6592],
+         [6600, 6607], [6619, 6655], [6679, 6687], [6741, 6783], [6794, 6799], [6810, 6822],
+         [6824, 6916], [6964, 6980], [6988, 6991], [7002, 7042], [7073, 7085], [7098, 7167],
+         [7204, 7231], [7242, 7244], [7294, 7400], [7410, 7423], [7616, 7679], [7958, 7959],
+         [7966, 7967], [8006, 8007], [8014, 8015], [8062, 8063], [8127, 8129], [8141, 8143],
+         [8148, 8149], [8156, 8159], [8173, 8177], [8189, 8303], [8306, 8307], [8314, 8318],
+         [8330, 8335], [8341, 8449], [8451, 8454], [8456, 8457], [8470, 8472], [8478, 8483],
+         [8506, 8507], [8512, 8516], [8522, 8525], [8586, 9311], [9372, 9449], [9472, 10101],
+         [10132, 11263], [11493, 11498], [11503, 11516], [11518, 11519], [11558, 11567],
+         [11622, 11630], [11632, 11647], [11671, 11679], [11743, 11822], [11824, 12292],
+         [12296, 12320], [12330, 12336], [12342, 12343], [12349, 12352], [12439, 12444],
+         [12544, 12548], [12590, 12592], [12687, 12689], [12694, 12703], [12728, 12783],
+         [12800, 12831], [12842, 12880], [12896, 12927], [12938, 12976], [12992, 13311],
+         [19894, 19967], [40908, 40959], [42125, 42191], [42238, 42239], [42509, 42511],
+         [42540, 42559], [42592, 42593], [42607, 42622], [42648, 42655], [42736, 42774],
+         [42784, 42785], [42889, 42890], [42893, 43002], [43043, 43055], [43062, 43071],
+         [43124, 43137], [43188, 43215], [43226, 43249], [43256, 43258], [43260, 43263],
+         [43302, 43311], [43335, 43359], [43389, 43395], [43443, 43470], [43482, 43519],
+         [43561, 43583], [43596, 43599], [43610, 43615], [43639, 43641], [43643, 43647],
+         [43698, 43700], [43703, 43704], [43710, 43711], [43715, 43738], [43742, 43967],
+         [44003, 44015], [44026, 44031], [55204, 55215], [55239, 55242], [55292, 55295],
+         [57344, 63743], [64046, 64047], [64110, 64111], [64218, 64255], [64263, 64274],
+         [64280, 64284], [64434, 64466], [64830, 64847], [64912, 64913], [64968, 65007],
+         [65020, 65135], [65277, 65295], [65306, 65312], [65339, 65344], [65371, 65381],
+         [65471, 65473], [65480, 65481], [65488, 65489], [65496, 65497]];
+    for (i = 0; i < ranges.length; i++) {
+        start = ranges[i][0];
+        end = ranges[i][1];
+        for (j = start; j <= end; j++) {
+            result[j] = true;
+        }
+    }
+    return result;
+})();
+
+function splitQuery(query) {
+    var result = [];
+    var start = -1;
+    for (var i = 0; i < query.length; i++) {
+        if (splitChars[query.charCodeAt(i)]) {
+            if (start !== -1) {
+                result.push(query.slice(start, i));
+                start = -1;
+            }
+        } else if (start === -1) {
+            start = i;
+        }
+    }
+    if (start !== -1) {
+        result.push(query.slice(start));
+    }
+    return result;
+}
+
+
+
+
 /**
  * Search Module
  */
@@ -138,6 +417,7 @@
    */
   query : function(query) {
     var i;
+    var stopwords = ["a","and","are","as","at","be","but","by","for","if","in","into","is","it","near","no","not","of","on","or","such","that","the","their","then","there","these","they","this","to","was","will","with"];
 
     // stem the searchterms and add them to the correct list
     var stemmer = new Stemmer();
@@ -478,4 +758,4 @@
 
 $(document).ready(function() {
   Search.init();
-});
+});
\ No newline at end of file
diff --git a/docs/html/_static/underscore-1.3.1.js b/docs/html/_static/underscore-1.3.1.js
deleted file mode 100644
index 208d4cd..0000000
--- a/docs/html/_static/underscore-1.3.1.js
+++ /dev/null
@@ -1,999 +0,0 @@
-//     Underscore.js 1.3.1
-//     (c) 2009-2012 Jeremy Ashkenas, DocumentCloud Inc.
-//     Underscore is freely distributable under the MIT license.
-//     Portions of Underscore are inspired or borrowed from Prototype,
-//     Oliver Steele's Functional, and John Resig's Micro-Templating.
-//     For all details and documentation:
-//     http://documentcloud.github.com/underscore
-
-(function() {
-
-  // Baseline setup
-  // --------------
-
-  // Establish the root object, `window` in the browser, or `global` on the server.
-  var root = this;
-
-  // Save the previous value of the `_` variable.
-  var previousUnderscore = root._;
-
-  // Establish the object that gets returned to break out of a loop iteration.
-  var breaker = {};
-
-  // Save bytes in the minified (but not gzipped) version:
-  var ArrayProto = Array.prototype, ObjProto = Object.prototype, FuncProto = Function.prototype;
-
-  // Create quick reference variables for speed access to core prototypes.
-  var slice            = ArrayProto.slice,
-      unshift          = ArrayProto.unshift,
-      toString         = ObjProto.toString,
-      hasOwnProperty   = ObjProto.hasOwnProperty;
-
-  // All **ECMAScript 5** native function implementations that we hope to use
-  // are declared here.
-  var
-    nativeForEach      = ArrayProto.forEach,
-    nativeMap          = ArrayProto.map,
-    nativeReduce       = ArrayProto.reduce,
-    nativeReduceRight  = ArrayProto.reduceRight,
-    nativeFilter       = ArrayProto.filter,
-    nativeEvery        = ArrayProto.every,
-    nativeSome         = ArrayProto.some,
-    nativeIndexOf      = ArrayProto.indexOf,
-    nativeLastIndexOf  = ArrayProto.lastIndexOf,
-    nativeIsArray      = Array.isArray,
-    nativeKeys         = Object.keys,
-    nativeBind         = FuncProto.bind;
-
-  // Create a safe reference to the Underscore object for use below.
-  var _ = function(obj) { return new wrapper(obj); };
-
-  // Export the Underscore object for **Node.js**, with
-  // backwards-compatibility for the old `require()` API. If we're in
-  // the browser, add `_` as a global object via a string identifier,
-  // for Closure Compiler "advanced" mode.
-  if (typeof exports !== 'undefined') {
-    if (typeof module !== 'undefined' && module.exports) {
-      exports = module.exports = _;
-    }
-    exports._ = _;
-  } else {
-    root['_'] = _;
-  }
-
-  // Current version.
-  _.VERSION = '1.3.1';
-
-  // Collection Functions
-  // --------------------
-
-  // The cornerstone, an `each` implementation, aka `forEach`.
-  // Handles objects with the built-in `forEach`, arrays, and raw objects.
-  // Delegates to **ECMAScript 5**'s native `forEach` if available.
-  var each = _.each = _.forEach = function(obj, iterator, context) {
-    if (obj == null) return;
-    if (nativeForEach && obj.forEach === nativeForEach) {
-      obj.forEach(iterator, context);
-    } else if (obj.length === +obj.length) {
-      for (var i = 0, l = obj.length; i < l; i++) {
-        if (i in obj && iterator.call(context, obj[i], i, obj) === breaker) return;
-      }
-    } else {
-      for (var key in obj) {
-        if (_.has(obj, key)) {
-          if (iterator.call(context, obj[key], key, obj) === breaker) return;
-        }
-      }
-    }
-  };
-
-  // Return the results of applying the iterator to each element.
-  // Delegates to **ECMAScript 5**'s native `map` if available.
-  _.map = _.collect = function(obj, iterator, context) {
-    var results = [];
-    if (obj == null) return results;
-    if (nativeMap && obj.map === nativeMap) return obj.map(iterator, context);
-    each(obj, function(value, index, list) {
-      results[results.length] = iterator.call(context, value, index, list);
-    });
-    if (obj.length === +obj.length) results.length = obj.length;
-    return results;
-  };
-
-  // **Reduce** builds up a single result from a list of values, aka `inject`,
-  // or `foldl`. Delegates to **ECMAScript 5**'s native `reduce` if available.
-  _.reduce = _.foldl = _.inject = function(obj, iterator, memo, context) {
-    var initial = arguments.length > 2;
-    if (obj == null) obj = [];
-    if (nativeReduce && obj.reduce === nativeReduce) {
-      if (context) iterator = _.bind(iterator, context);
-      return initial ? obj.reduce(iterator, memo) : obj.reduce(iterator);
-    }
-    each(obj, function(value, index, list) {
-      if (!initial) {
-        memo = value;
-        initial = true;
-      } else {
-        memo = iterator.call(context, memo, value, index, list);
-      }
-    });
-    if (!initial) throw new TypeError('Reduce of empty array with no initial value');
-    return memo;
-  };
-
-  // The right-associative version of reduce, also known as `foldr`.
-  // Delegates to **ECMAScript 5**'s native `reduceRight` if available.
-  _.reduceRight = _.foldr = function(obj, iterator, memo, context) {
-    var initial = arguments.length > 2;
-    if (obj == null) obj = [];
-    if (nativeReduceRight && obj.reduceRight === nativeReduceRight) {
-      if (context) iterator = _.bind(iterator, context);
-      return initial ? obj.reduceRight(iterator, memo) : obj.reduceRight(iterator);
-    }
-    var reversed = _.toArray(obj).reverse();
-    if (context && !initial) iterator = _.bind(iterator, context);
-    return initial ? _.reduce(reversed, iterator, memo, context) : _.reduce(reversed, iterator);
-  };
-
-  // Return the first value which passes a truth test. Aliased as `detect`.
-  _.find = _.detect = function(obj, iterator, context) {
-    var result;
-    any(obj, function(value, index, list) {
-      if (iterator.call(context, value, index, list)) {
-        result = value;
-        return true;
-      }
-    });
-    return result;
-  };
-
-  // Return all the elements that pass a truth test.
-  // Delegates to **ECMAScript 5**'s native `filter` if available.
-  // Aliased as `select`.
-  _.filter = _.select = function(obj, iterator, context) {
-    var results = [];
-    if (obj == null) return results;
-    if (nativeFilter && obj.filter === nativeFilter) return obj.filter(iterator, context);
-    each(obj, function(value, index, list) {
-      if (iterator.call(context, value, index, list)) results[results.length] = value;
-    });
-    return results;
-  };
-
-  // Return all the elements for which a truth test fails.
-  _.reject = function(obj, iterator, context) {
-    var results = [];
-    if (obj == null) return results;
-    each(obj, function(value, index, list) {
-      if (!iterator.call(context, value, index, list)) results[results.length] = value;
-    });
-    return results;
-  };
-
-  // Determine whether all of the elements match a truth test.
-  // Delegates to **ECMAScript 5**'s native `every` if available.
-  // Aliased as `all`.
-  _.every = _.all = function(obj, iterator, context) {
-    var result = true;
-    if (obj == null) return result;
-    if (nativeEvery && obj.every === nativeEvery) return obj.every(iterator, context);
-    each(obj, function(value, index, list) {
-      if (!(result = result && iterator.call(context, value, index, list))) return breaker;
-    });
-    return result;
-  };
-
-  // Determine if at least one element in the object matches a truth test.
-  // Delegates to **ECMAScript 5**'s native `some` if available.
-  // Aliased as `any`.
-  var any = _.some = _.any = function(obj, iterator, context) {
-    iterator || (iterator = _.identity);
-    var result = false;
-    if (obj == null) return result;
-    if (nativeSome && obj.some === nativeSome) return obj.some(iterator, context);
-    each(obj, function(value, index, list) {
-      if (result || (result = iterator.call(context, value, index, list))) return breaker;
-    });
-    return !!result;
-  };
-
-  // Determine if a given value is included in the array or object using `===`.
-  // Aliased as `contains`.
-  _.include = _.contains = function(obj, target) {
-    var found = false;
-    if (obj == null) return found;
-    if (nativeIndexOf && obj.indexOf === nativeIndexOf) return obj.indexOf(target) != -1;
-    found = any(obj, function(value) {
-      return value === target;
-    });
-    return found;
-  };
-
-  // Invoke a method (with arguments) on every item in a collection.
-  _.invoke = function(obj, method) {
-    var args = slice.call(arguments, 2);
-    return _.map(obj, function(value) {
-      return (_.isFunction(method) ? method || value : value[method]).apply(value, args);
-    });
-  };
-
-  // Convenience version of a common use case of `map`: fetching a property.
-  _.pluck = function(obj, key) {
-    return _.map(obj, function(value){ return value[key]; });
-  };
-
-  // Return the maximum element or (element-based computation).
-  _.max = function(obj, iterator, context) {
-    if (!iterator && _.isArray(obj)) return Math.max.apply(Math, obj);
-    if (!iterator && _.isEmpty(obj)) return -Infinity;
-    var result = {computed : -Infinity};
-    each(obj, function(value, index, list) {
-      var computed = iterator ? iterator.call(context, value, index, list) : value;
-      computed >= result.computed && (result = {value : value, computed : computed});
-    });
-    return result.value;
-  };
-
-  // Return the minimum element (or element-based computation).
-  _.min = function(obj, iterator, context) {
-    if (!iterator && _.isArray(obj)) return Math.min.apply(Math, obj);
-    if (!iterator && _.isEmpty(obj)) return Infinity;
-    var result = {computed : Infinity};
-    each(obj, function(value, index, list) {
-      var computed = iterator ? iterator.call(context, value, index, list) : value;
-      computed < result.computed && (result = {value : value, computed : computed});
-    });
-    return result.value;
-  };
-
-  // Shuffle an array.
-  _.shuffle = function(obj) {
-    var shuffled = [], rand;
-    each(obj, function(value, index, list) {
-      if (index == 0) {
-        shuffled[0] = value;
-      } else {
-        rand = Math.floor(Math.random() * (index + 1));
-        shuffled[index] = shuffled[rand];
-        shuffled[rand] = value;
-      }
-    });
-    return shuffled;
-  };
-
-  // Sort the object's values by a criterion produced by an iterator.
-  _.sortBy = function(obj, iterator, context) {
-    return _.pluck(_.map(obj, function(value, index, list) {
-      return {
-        value : value,
-        criteria : iterator.call(context, value, index, list)
-      };
-    }).sort(function(left, right) {
-      var a = left.criteria, b = right.criteria;
-      return a < b ? -1 : a > b ? 1 : 0;
-    }), 'value');
-  };
-
-  // Groups the object's values by a criterion. Pass either a string attribute
-  // to group by, or a function that returns the criterion.
-  _.groupBy = function(obj, val) {
-    var result = {};
-    var iterator = _.isFunction(val) ? val : function(obj) { return obj[val]; };
-    each(obj, function(value, index) {
-      var key = iterator(value, index);
-      (result[key] || (result[key] = [])).push(value);
-    });
-    return result;
-  };
-
-  // Use a comparator function to figure out at what index an object should
-  // be inserted so as to maintain order. Uses binary search.
-  _.sortedIndex = function(array, obj, iterator) {
-    iterator || (iterator = _.identity);
-    var low = 0, high = array.length;
-    while (low < high) {
-      var mid = (low + high) >> 1;
-      iterator(array[mid]) < iterator(obj) ? low = mid + 1 : high = mid;
-    }
-    return low;
-  };
-
-  // Safely convert anything iterable into a real, live array.
-  _.toArray = function(iterable) {
-    if (!iterable)                return [];
-    if (iterable.toArray)         return iterable.toArray();
-    if (_.isArray(iterable))      return slice.call(iterable);
-    if (_.isArguments(iterable))  return slice.call(iterable);
-    return _.values(iterable);
-  };
-
-  // Return the number of elements in an object.
-  _.size = function(obj) {
-    return _.toArray(obj).length;
-  };
-
-  // Array Functions
-  // ---------------
-
-  // Get the first element of an array. Passing **n** will return the first N
-  // values in the array. Aliased as `head`. The **guard** check allows it to work
-  // with `_.map`.
-  _.first = _.head = function(array, n, guard) {
-    return (n != null) && !guard ? slice.call(array, 0, n) : array[0];
-  };
-
-  // Returns everything but the last entry of the array. Especcialy useful on
-  // the arguments object. Passing **n** will return all the values in
-  // the array, excluding the last N. The **guard** check allows it to work with
-  // `_.map`.
-  _.initial = function(array, n, guard) {
-    return slice.call(array, 0, array.length - ((n == null) || guard ? 1 : n));
-  };
-
-  // Get the last element of an array. Passing **n** will return the last N
-  // values in the array. The **guard** check allows it to work with `_.map`.
-  _.last = function(array, n, guard) {
-    if ((n != null) && !guard) {
-      return slice.call(array, Math.max(array.length - n, 0));
-    } else {
-      return array[array.length - 1];
-    }
-  };
-
-  // Returns everything but the first entry of the array. Aliased as `tail`.
-  // Especially useful on the arguments object. Passing an **index** will return
-  // the rest of the values in the array from that index onward. The **guard**
-  // check allows it to work with `_.map`.
-  _.rest = _.tail = function(array, index, guard) {
-    return slice.call(array, (index == null) || guard ? 1 : index);
-  };
-
-  // Trim out all falsy values from an array.
-  _.compact = function(array) {
-    return _.filter(array, function(value){ return !!value; });
-  };
-
-  // Return a completely flattened version of an array.
-  _.flatten = function(array, shallow) {
-    return _.reduce(array, function(memo, value) {
-      if (_.isArray(value)) return memo.concat(shallow ? value : _.flatten(value));
-      memo[memo.length] = value;
-      return memo;
-    }, []);
-  };
-
-  // Return a version of the array that does not contain the specified value(s).
-  _.without = function(array) {
-    return _.difference(array, slice.call(arguments, 1));
-  };
-
-  // Produce a duplicate-free version of the array. If the array has already
-  // been sorted, you have the option of using a faster algorithm.
-  // Aliased as `unique`.
-  _.uniq = _.unique = function(array, isSorted, iterator) {
-    var initial = iterator ? _.map(array, iterator) : array;
-    var result = [];
-    _.reduce(initial, function(memo, el, i) {
-      if (0 == i || (isSorted === true ? _.last(memo) != el : !_.include(memo, el))) {
-        memo[memo.length] = el;
-        result[result.length] = array[i];
-      }
-      return memo;
-    }, []);
-    return result;
-  };
-
-  // Produce an array that contains the union: each distinct element from all of
-  // the passed-in arrays.
-  _.union = function() {
-    return _.uniq(_.flatten(arguments, true));
-  };
-
-  // Produce an array that contains every item shared between all the
-  // passed-in arrays. (Aliased as "intersect" for back-compat.)
-  _.intersection = _.intersect = function(array) {
-    var rest = slice.call(arguments, 1);
-    return _.filter(_.uniq(array), function(item) {
-      return _.every(rest, function(other) {
-        return _.indexOf(other, item) >= 0;
-      });
-    });
-  };
-
-  // Take the difference between one array and a number of other arrays.
-  // Only the elements present in just the first array will remain.
-  _.difference = function(array) {
-    var rest = _.flatten(slice.call(arguments, 1));
-    return _.filter(array, function(value){ return !_.include(rest, value); });
-  };
-
-  // Zip together multiple lists into a single array -- elements that share
-  // an index go together.
-  _.zip = function() {
-    var args = slice.call(arguments);
-    var length = _.max(_.pluck(args, 'length'));
-    var results = new Array(length);
-    for (var i = 0; i < length; i++) results[i] = _.pluck(args, "" + i);
-    return results;
-  };
-
-  // If the browser doesn't supply us with indexOf (I'm looking at you, **MSIE**),
-  // we need this function. Return the position of the first occurrence of an
-  // item in an array, or -1 if the item is not included in the array.
-  // Delegates to **ECMAScript 5**'s native `indexOf` if available.
-  // If the array is large and already in sort order, pass `true`
-  // for **isSorted** to use binary search.
-  _.indexOf = function(array, item, isSorted) {
-    if (array == null) return -1;
-    var i, l;
-    if (isSorted) {
-      i = _.sortedIndex(array, item);
-      return array[i] === item ? i : -1;
-    }
-    if (nativeIndexOf && array.indexOf === nativeIndexOf) return array.indexOf(item);
-    for (i = 0, l = array.length; i < l; i++) if (i in array && array[i] === item) return i;
-    return -1;
-  };
-
-  // Delegates to **ECMAScript 5**'s native `lastIndexOf` if available.
-  _.lastIndexOf = function(array, item) {
-    if (array == null) return -1;
-    if (nativeLastIndexOf && array.lastIndexOf === nativeLastIndexOf) return array.lastIndexOf(item);
-    var i = array.length;
-    while (i--) if (i in array && array[i] === item) return i;
-    return -1;
-  };
-
-  // Generate an integer Array containing an arithmetic progression. A port of
-  // the native Python `range()` function. See
-  // [the Python documentation](http://docs.python.org/library/functions.html#range).
-  _.range = function(start, stop, step) {
-    if (arguments.length <= 1) {
-      stop = start || 0;
-      start = 0;
-    }
-    step = arguments[2] || 1;
-
-    var len = Math.max(Math.ceil((stop - start) / step), 0);
-    var idx = 0;
-    var range = new Array(len);
-
-    while(idx < len) {
-      range[idx++] = start;
-      start += step;
-    }
-
-    return range;
-  };
-
-  // Function (ahem) Functions
-  // ------------------
-
-  // Reusable constructor function for prototype setting.
-  var ctor = function(){};
-
-  // Create a function bound to a given object (assigning `this`, and arguments,
-  // optionally). Binding with arguments is also known as `curry`.
-  // Delegates to **ECMAScript 5**'s native `Function.bind` if available.
-  // We check for `func.bind` first, to fail fast when `func` is undefined.
-  _.bind = function bind(func, context) {
-    var bound, args;
-    if (func.bind === nativeBind && nativeBind) return nativeBind.apply(func, slice.call(arguments, 1));
-    if (!_.isFunction(func)) throw new TypeError;
-    args = slice.call(arguments, 2);
-    return bound = function() {
-      if (!(this instanceof bound)) return func.apply(context, args.concat(slice.call(arguments)));
-      ctor.prototype = func.prototype;
-      var self = new ctor;
-      var result = func.apply(self, args.concat(slice.call(arguments)));
-      if (Object(result) === result) return result;
-      return self;
-    };
-  };
-
-  // Bind all of an object's methods to that object. Useful for ensuring that
-  // all callbacks defined on an object belong to it.
-  _.bindAll = function(obj) {
-    var funcs = slice.call(arguments, 1);
-    if (funcs.length == 0) funcs = _.functions(obj);
-    each(funcs, function(f) { obj[f] = _.bind(obj[f], obj); });
-    return obj;
-  };
-
-  // Memoize an expensive function by storing its results.
-  _.memoize = function(func, hasher) {
-    var memo = {};
-    hasher || (hasher = _.identity);
-    return function() {
-      var key = hasher.apply(this, arguments);
-      return _.has(memo, key) ? memo[key] : (memo[key] = func.apply(this, arguments));
-    };
-  };
-
-  // Delays a function for the given number of milliseconds, and then calls
-  // it with the arguments supplied.
-  _.delay = function(func, wait) {
-    var args = slice.call(arguments, 2);
-    return setTimeout(function(){ return func.apply(func, args); }, wait);
-  };
-
-  // Defers a function, scheduling it to run after the current call stack has
-  // cleared.
-  _.defer = function(func) {
-    return _.delay.apply(_, [func, 1].concat(slice.call(arguments, 1)));
-  };
-
-  // Returns a function, that, when invoked, will only be triggered at most once
-  // during a given window of time.
-  _.throttle = function(func, wait) {
-    var context, args, timeout, throttling, more;
-    var whenDone = _.debounce(function(){ more = throttling = false; }, wait);
-    return function() {
-      context = this; args = arguments;
-      var later = function() {
-        timeout = null;
-        if (more) func.apply(context, args);
-        whenDone();
-      };
-      if (!timeout) timeout = setTimeout(later, wait);
-      if (throttling) {
-        more = true;
-      } else {
-        func.apply(context, args);
-      }
-      whenDone();
-      throttling = true;
-    };
-  };
-
-  // Returns a function, that, as long as it continues to be invoked, will not
-  // be triggered. The function will be called after it stops being called for
-  // N milliseconds.
-  _.debounce = function(func, wait) {
-    var timeout;
-    return function() {
-      var context = this, args = arguments;
-      var later = function() {
-        timeout = null;
-        func.apply(context, args);
-      };
-      clearTimeout(timeout);
-      timeout = setTimeout(later, wait);
-    };
-  };
-
-  // Returns a function that will be executed at most one time, no matter how
-  // often you call it. Useful for lazy initialization.
-  _.once = function(func) {
-    var ran = false, memo;
-    return function() {
-      if (ran) return memo;
-      ran = true;
-      return memo = func.apply(this, arguments);
-    };
-  };
-
-  // Returns the first function passed as an argument to the second,
-  // allowing you to adjust arguments, run code before and after, and
-  // conditionally execute the original function.
-  _.wrap = function(func, wrapper) {
-    return function() {
-      var args = [func].concat(slice.call(arguments, 0));
-      return wrapper.apply(this, args);
-    };
-  };
-
-  // Returns a function that is the composition of a list of functions, each
-  // consuming the return value of the function that follows.
-  _.compose = function() {
-    var funcs = arguments;
-    return function() {
-      var args = arguments;
-      for (var i = funcs.length - 1; i >= 0; i--) {
-        args = [funcs[i].apply(this, args)];
-      }
-      return args[0];
-    };
-  };
-
-  // Returns a function that will only be executed after being called N times.
-  _.after = function(times, func) {
-    if (times <= 0) return func();
-    return function() {
-      if (--times < 1) { return func.apply(this, arguments); }
-    };
-  };
-
-  // Object Functions
-  // ----------------
-
-  // Retrieve the names of an object's properties.
-  // Delegates to **ECMAScript 5**'s native `Object.keys`
-  _.keys = nativeKeys || function(obj) {
-    if (obj !== Object(obj)) throw new TypeError('Invalid object');
-    var keys = [];
-    for (var key in obj) if (_.has(obj, key)) keys[keys.length] = key;
-    return keys;
-  };
-
-  // Retrieve the values of an object's properties.
-  _.values = function(obj) {
-    return _.map(obj, _.identity);
-  };
-
-  // Return a sorted list of the function names available on the object.
-  // Aliased as `methods`
-  _.functions = _.methods = function(obj) {
-    var names = [];
-    for (var key in obj) {
-      if (_.isFunction(obj[key])) names.push(key);
-    }
-    return names.sort();
-  };
-
-  // Extend a given object with all the properties in passed-in object(s).
-  _.extend = function(obj) {
-    each(slice.call(arguments, 1), function(source) {
-      for (var prop in source) {
-        obj[prop] = source[prop];
-      }
-    });
-    return obj;
-  };
-
-  // Fill in a given object with default properties.
-  _.defaults = function(obj) {
-    each(slice.call(arguments, 1), function(source) {
-      for (var prop in source) {
-        if (obj[prop] == null) obj[prop] = source[prop];
-      }
-    });
-    return obj;
-  };
-
-  // Create a (shallow-cloned) duplicate of an object.
-  _.clone = function(obj) {
-    if (!_.isObject(obj)) return obj;
-    return _.isArray(obj) ? obj.slice() : _.extend({}, obj);
-  };
-
-  // Invokes interceptor with the obj, and then returns obj.
-  // The primary purpose of this method is to "tap into" a method chain, in
-  // order to perform operations on intermediate results within the chain.
-  _.tap = function(obj, interceptor) {
-    interceptor(obj);
-    return obj;
-  };
-
-  // Internal recursive comparison function.
-  function eq(a, b, stack) {
-    // Identical objects are equal. `0 === -0`, but they aren't identical.
-    // See the Harmony `egal` proposal: http://wiki.ecmascript.org/doku.php?id=harmony:egal.
-    if (a === b) return a !== 0 || 1 / a == 1 / b;
-    // A strict comparison is necessary because `null == undefined`.
-    if (a == null || b == null) return a === b;
-    // Unwrap any wrapped objects.
-    if (a._chain) a = a._wrapped;
-    if (b._chain) b = b._wrapped;
-    // Invoke a custom `isEqual` method if one is provided.
-    if (a.isEqual && _.isFunction(a.isEqual)) return a.isEqual(b);
-    if (b.isEqual && _.isFunction(b.isEqual)) return b.isEqual(a);
-    // Compare `[[Class]]` names.
-    var className = toString.call(a);
-    if (className != toString.call(b)) return false;
-    switch (className) {
-      // Strings, numbers, dates, and booleans are compared by value.
-      case '[object String]':
-        // Primitives and their corresponding object wrappers are equivalent; thus, `"5"` is
-        // equivalent to `new String("5")`.
-        return a == String(b);
-      case '[object Number]':
-        // `NaN`s are equivalent, but non-reflexive. An `egal` comparison is performed for
-        // other numeric values.
-        return a != +a ? b != +b : (a == 0 ? 1 / a == 1 / b : a == +b);
-      case '[object Date]':
-      case '[object Boolean]':
-        // Coerce dates and booleans to numeric primitive values. Dates are compared by their
-        // millisecond representations. Note that invalid dates with millisecond representations
-        // of `NaN` are not equivalent.
-        return +a == +b;
-      // RegExps are compared by their source patterns and flags.
-      case '[object RegExp]':
-        return a.source == b.source &&
-               a.global == b.global &&
-               a.multiline == b.multiline &&
-               a.ignoreCase == b.ignoreCase;
-    }
-    if (typeof a != 'object' || typeof b != 'object') return false;
-    // Assume equality for cyclic structures. The algorithm for detecting cyclic
-    // structures is adapted from ES 5.1 section 15.12.3, abstract operation `JO`.
-    var length = stack.length;
-    while (length--) {
-      // Linear search. Performance is inversely proportional to the number of
-      // unique nested structures.
-      if (stack[length] == a) return true;
-    }
-    // Add the first object to the stack of traversed objects.
-    stack.push(a);
-    var size = 0, result = true;
-    // Recursively compare objects and arrays.
-    if (className == '[object Array]') {
-      // Compare array lengths to determine if a deep comparison is necessary.
-      size = a.length;
-      result = size == b.length;
-      if (result) {
-        // Deep compare the contents, ignoring non-numeric properties.
-        while (size--) {
-          // Ensure commutative equality for sparse arrays.
-          if (!(result = size in a == size in b && eq(a[size], b[size], stack))) break;
-        }
-      }
-    } else {
-      // Objects with different constructors are not equivalent.
-      if ('constructor' in a != 'constructor' in b || a.constructor != b.constructor) return false;
-      // Deep compare objects.
-      for (var key in a) {
-        if (_.has(a, key)) {
-          // Count the expected number of properties.
-          size++;
-          // Deep compare each member.
-          if (!(result = _.has(b, key) && eq(a[key], b[key], stack))) break;
-        }
-      }
-      // Ensure that both objects contain the same number of properties.
-      if (result) {
-        for (key in b) {
-          if (_.has(b, key) && !(size--)) break;
-        }
-        result = !size;
-      }
-    }
-    // Remove the first object from the stack of traversed objects.
-    stack.pop();
-    return result;
-  }
-
-  // Perform a deep comparison to check if two objects are equal.
-  _.isEqual = function(a, b) {
-    return eq(a, b, []);
-  };
-
-  // Is a given array, string, or object empty?
-  // An "empty" object has no enumerable own-properties.
-  _.isEmpty = function(obj) {
-    if (_.isArray(obj) || _.isString(obj)) return obj.length === 0;
-    for (var key in obj) if (_.has(obj, key)) return false;
-    return true;
-  };
-
-  // Is a given value a DOM element?
-  _.isElement = function(obj) {
-    return !!(obj && obj.nodeType == 1);
-  };
-
-  // Is a given value an array?
-  // Delegates to ECMA5's native Array.isArray
-  _.isArray = nativeIsArray || function(obj) {
-    return toString.call(obj) == '[object Array]';
-  };
-
-  // Is a given variable an object?
-  _.isObject = function(obj) {
-    return obj === Object(obj);
-  };
-
-  // Is a given variable an arguments object?
-  _.isArguments = function(obj) {
-    return toString.call(obj) == '[object Arguments]';
-  };
-  if (!_.isArguments(arguments)) {
-    _.isArguments = function(obj) {
-      return !!(obj && _.has(obj, 'callee'));
-    };
-  }
-
-  // Is a given value a function?
-  _.isFunction = function(obj) {
-    return toString.call(obj) == '[object Function]';
-  };
-
-  // Is a given value a string?
-  _.isString = function(obj) {
-    return toString.call(obj) == '[object String]';
-  };
-
-  // Is a given value a number?
-  _.isNumber = function(obj) {
-    return toString.call(obj) == '[object Number]';
-  };
-
-  // Is the given value `NaN`?
-  _.isNaN = function(obj) {
-    // `NaN` is the only value for which `===` is not reflexive.
-    return obj !== obj;
-  };
-
-  // Is a given value a boolean?
-  _.isBoolean = function(obj) {
-    return obj === true || obj === false || toString.call(obj) == '[object Boolean]';
-  };
-
-  // Is a given value a date?
-  _.isDate = function(obj) {
-    return toString.call(obj) == '[object Date]';
-  };
-
-  // Is the given value a regular expression?
-  _.isRegExp = function(obj) {
-    return toString.call(obj) == '[object RegExp]';
-  };
-
-  // Is a given value equal to null?
-  _.isNull = function(obj) {
-    return obj === null;
-  };
-
-  // Is a given variable undefined?
-  _.isUndefined = function(obj) {
-    return obj === void 0;
-  };
-
-  // Has own property?
-  _.has = function(obj, key) {
-    return hasOwnProperty.call(obj, key);
-  };
-
-  // Utility Functions
-  // -----------------
-
-  // Run Underscore.js in *noConflict* mode, returning the `_` variable to its
-  // previous owner. Returns a reference to the Underscore object.
-  _.noConflict = function() {
-    root._ = previousUnderscore;
-    return this;
-  };
-
-  // Keep the identity function around for default iterators.
-  _.identity = function(value) {
-    return value;
-  };
-
-  // Run a function **n** times.
-  _.times = function (n, iterator, context) {
-    for (var i = 0; i < n; i++) iterator.call(context, i);
-  };
-
-  // Escape a string for HTML interpolation.
-  _.escape = function(string) {
-    return (''+string).replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;').replace(/'/g, '&#x27;').replace(/\//g,'&#x2F;');
-  };
-
-  // Add your own custom functions to the Underscore object, ensuring that
-  // they're correctly added to the OOP wrapper as well.
-  _.mixin = function(obj) {
-    each(_.functions(obj), function(name){
-      addToWrapper(name, _[name] = obj[name]);
-    });
-  };
-
-  // Generate a unique integer id (unique within the entire client session).
-  // Useful for temporary DOM ids.
-  var idCounter = 0;
-  _.uniqueId = function(prefix) {
-    var id = idCounter++;
-    return prefix ? prefix + id : id;
-  };
-
-  // By default, Underscore uses ERB-style template delimiters, change the
-  // following template settings to use alternative delimiters.
-  _.templateSettings = {
-    evaluate    : /<%([\s\S]+?)%>/g,
-    interpolate : /<%=([\s\S]+?)%>/g,
-    escape      : /<%-([\s\S]+?)%>/g
-  };
-
-  // When customizing `templateSettings`, if you don't want to define an
-  // interpolation, evaluation or escaping regex, we need one that is
-  // guaranteed not to match.
-  var noMatch = /.^/;
-
-  // Within an interpolation, evaluation, or escaping, remove HTML escaping
-  // that had been previously added.
-  var unescape = function(code) {
-    return code.replace(/\\\\/g, '\\').replace(/\\'/g, "'");
-  };
-
-  // JavaScript micro-templating, similar to John Resig's implementation.
-  // Underscore templating handles arbitrary delimiters, preserves whitespace,
-  // and correctly escapes quotes within interpolated code.
-  _.template = function(str, data) {
-    var c  = _.templateSettings;
-    var tmpl = 'var __p=[],print=function(){__p.push.apply(__p,arguments);};' +
-      'with(obj||{}){__p.push(\'' +
-      str.replace(/\\/g, '\\\\')
-         .replace(/'/g, "\\'")
-         .replace(c.escape || noMatch, function(match, code) {
-           return "',_.escape(" + unescape(code) + "),'";
-         })
-         .replace(c.interpolate || noMatch, function(match, code) {
-           return "'," + unescape(code) + ",'";
-         })
-         .replace(c.evaluate || noMatch, function(match, code) {
-           return "');" + unescape(code).replace(/[\r\n\t]/g, ' ') + ";__p.push('";
-         })
-         .replace(/\r/g, '\\r')
-         .replace(/\n/g, '\\n')
-         .replace(/\t/g, '\\t')
-         + "');}return __p.join('');";
-    var func = new Function('obj', '_', tmpl);
-    if (data) return func(data, _);
-    return function(data) {
-      return func.call(this, data, _);
-    };
-  };
-
-  // Add a "chain" function, which will delegate to the wrapper.
-  _.chain = function(obj) {
-    return _(obj).chain();
-  };
-
-  // The OOP Wrapper
-  // ---------------
-
-  // If Underscore is called as a function, it returns a wrapped object that
-  // can be used OO-style. This wrapper holds altered versions of all the
-  // underscore functions. Wrapped objects may be chained.
-  var wrapper = function(obj) { this._wrapped = obj; };
-
-  // Expose `wrapper.prototype` as `_.prototype`
-  _.prototype = wrapper.prototype;
-
-  // Helper function to continue chaining intermediate results.
-  var result = function(obj, chain) {
-    return chain ? _(obj).chain() : obj;
-  };
-
-  // A method to easily add functions to the OOP wrapper.
-  var addToWrapper = function(name, func) {
-    wrapper.prototype[name] = function() {
-      var args = slice.call(arguments);
-      unshift.call(args, this._wrapped);
-      return result(func.apply(_, args), this._chain);
-    };
-  };
-
-  // Add all of the Underscore functions to the wrapper object.
-  _.mixin(_);
-
-  // Add all mutator Array functions to the wrapper.
-  each(['pop', 'push', 'reverse', 'shift', 'sort', 'splice', 'unshift'], function(name) {
-    var method = ArrayProto[name];
-    wrapper.prototype[name] = function() {
-      var wrapped = this._wrapped;
-      method.apply(wrapped, arguments);
-      var length = wrapped.length;
-      if ((name == 'shift' || name == 'splice') && length === 0) delete wrapped[0];
-      return result(wrapped, this._chain);
-    };
-  });
-
-  // Add all accessor Array functions to the wrapper.
-  each(['concat', 'join', 'slice'], function(name) {
-    var method = ArrayProto[name];
-    wrapper.prototype[name] = function() {
-      return result(method.apply(this._wrapped, arguments), this._chain);
-    };
-  });
-
-  // Start chaining a wrapped Underscore object.
-  wrapper.prototype.chain = function() {
-    this._chain = true;
-    return this;
-  };
-
-  // Extracts the result from a wrapped and chained object.
-  wrapper.prototype.value = function() {
-    return this._wrapped;
-  };
-
-}).call(this);
diff --git a/docs/html/_static/underscore.js b/docs/html/_static/underscore.js
index 5b55f32..b29332f 100644
--- a/docs/html/_static/underscore.js
+++ b/docs/html/_static/underscore.js
@@ -1,31 +1,1548 @@
-// Underscore.js 1.3.1
-// (c) 2009-2012 Jeremy Ashkenas, DocumentCloud Inc.
-// Underscore is freely distributable under the MIT license.
-// Portions of Underscore are inspired or borrowed from Prototype,
-// Oliver Steele's Functional, and John Resig's Micro-Templating.
-// For all details and documentation:
-// http://documentcloud.github.com/underscore
-(function(){function q(a,c,d){if(a===c)return a!==0||1/a==1/c;if(a==null||c==null)return a===c;if(a._chain)a=a._wrapped;if(c._chain)c=c._wrapped;if(a.isEqual&&b.isFunction(a.isEqual))return a.isEqual(c);if(c.isEqual&&b.isFunction(c.isEqual))return c.isEqual(a);var e=l.call(a);if(e!=l.call(c))return false;switch(e){case "[object String]":return a==String(c);case "[object Number]":return a!=+a?c!=+c:a==0?1/a==1/c:a==+c;case "[object Date]":case "[object Boolean]":return+a==+c;case "[object RegExp]":return a.source==
-c.source&&a.global==c.global&&a.multiline==c.multiline&&a.ignoreCase==c.ignoreCase}if(typeof a!="object"||typeof c!="object")return false;for(var f=d.length;f--;)if(d[f]==a)return true;d.push(a);var f=0,g=true;if(e=="[object Array]"){if(f=a.length,g=f==c.length)for(;f--;)if(!(g=f in a==f in c&&q(a[f],c[f],d)))break}else{if("constructor"in a!="constructor"in c||a.constructor!=c.constructor)return false;for(var h in a)if(b.has(a,h)&&(f++,!(g=b.has(c,h)&&q(a[h],c[h],d))))break;if(g){for(h in c)if(b.has(c,
-h)&&!f--)break;g=!f}}d.pop();return g}var r=this,G=r._,n={},k=Array.prototype,o=Object.prototype,i=k.slice,H=k.unshift,l=o.toString,I=o.hasOwnProperty,w=k.forEach,x=k.map,y=k.reduce,z=k.reduceRight,A=k.filter,B=k.every,C=k.some,p=k.indexOf,D=k.lastIndexOf,o=Array.isArray,J=Object.keys,s=Function.prototype.bind,b=function(a){return new m(a)};if(typeof exports!=="undefined"){if(typeof module!=="undefined"&&module.exports)exports=module.exports=b;exports._=b}else r._=b;b.VERSION="1.3.1";var j=b.each=
-b.forEach=function(a,c,d){if(a!=null)if(w&&a.forEach===w)a.forEach(c,d);else if(a.length===+a.length)for(var e=0,f=a.length;e<f;e++){if(e in a&&c.call(d,a[e],e,a)===n)break}else for(e in a)if(b.has(a,e)&&c.call(d,a[e],e,a)===n)break};b.map=b.collect=function(a,c,b){var e=[];if(a==null)return e;if(x&&a.map===x)return a.map(c,b);j(a,function(a,g,h){e[e.length]=c.call(b,a,g,h)});if(a.length===+a.length)e.length=a.length;return e};b.reduce=b.foldl=b.inject=function(a,c,d,e){var f=arguments.length>2;a==
-null&&(a=[]);if(y&&a.reduce===y)return e&&(c=b.bind(c,e)),f?a.reduce(c,d):a.reduce(c);j(a,function(a,b,i){f?d=c.call(e,d,a,b,i):(d=a,f=true)});if(!f)throw new TypeError("Reduce of empty array with no initial value");return d};b.reduceRight=b.foldr=function(a,c,d,e){var f=arguments.length>2;a==null&&(a=[]);if(z&&a.reduceRight===z)return e&&(c=b.bind(c,e)),f?a.reduceRight(c,d):a.reduceRight(c);var g=b.toArray(a).reverse();e&&!f&&(c=b.bind(c,e));return f?b.reduce(g,c,d,e):b.reduce(g,c)};b.find=b.detect=
-function(a,c,b){var e;E(a,function(a,g,h){if(c.call(b,a,g,h))return e=a,true});return e};b.filter=b.select=function(a,c,b){var e=[];if(a==null)return e;if(A&&a.filter===A)return a.filter(c,b);j(a,function(a,g,h){c.call(b,a,g,h)&&(e[e.length]=a)});return e};b.reject=function(a,c,b){var e=[];if(a==null)return e;j(a,function(a,g,h){c.call(b,a,g,h)||(e[e.length]=a)});return e};b.every=b.all=function(a,c,b){var e=true;if(a==null)return e;if(B&&a.every===B)return a.every(c,b);j(a,function(a,g,h){if(!(e=
-e&&c.call(b,a,g,h)))return n});return e};var E=b.some=b.any=function(a,c,d){c||(c=b.identity);var e=false;if(a==null)return e;if(C&&a.some===C)return a.some(c,d);j(a,function(a,b,h){if(e||(e=c.call(d,a,b,h)))return n});return!!e};b.include=b.contains=function(a,c){var b=false;if(a==null)return b;return p&&a.indexOf===p?a.indexOf(c)!=-1:b=E(a,function(a){return a===c})};b.invoke=function(a,c){var d=i.call(arguments,2);return b.map(a,function(a){return(b.isFunction(c)?c||a:a[c]).apply(a,d)})};b.pluck=
-function(a,c){return b.map(a,function(a){return a[c]})};b.max=function(a,c,d){if(!c&&b.isArray(a))return Math.max.apply(Math,a);if(!c&&b.isEmpty(a))return-Infinity;var e={computed:-Infinity};j(a,function(a,b,h){b=c?c.call(d,a,b,h):a;b>=e.computed&&(e={value:a,computed:b})});return e.value};b.min=function(a,c,d){if(!c&&b.isArray(a))return Math.min.apply(Math,a);if(!c&&b.isEmpty(a))return Infinity;var e={computed:Infinity};j(a,function(a,b,h){b=c?c.call(d,a,b,h):a;b<e.computed&&(e={value:a,computed:b})});
-return e.value};b.shuffle=function(a){var b=[],d;j(a,function(a,f){f==0?b[0]=a:(d=Math.floor(Math.random()*(f+1)),b[f]=b[d],b[d]=a)});return b};b.sortBy=function(a,c,d){return b.pluck(b.map(a,function(a,b,g){return{value:a,criteria:c.call(d,a,b,g)}}).sort(function(a,b){var c=a.criteria,d=b.criteria;return c<d?-1:c>d?1:0}),"value")};b.groupBy=function(a,c){var d={},e=b.isFunction(c)?c:function(a){return a[c]};j(a,function(a,b){var c=e(a,b);(d[c]||(d[c]=[])).push(a)});return d};b.sortedIndex=function(a,
-c,d){d||(d=b.identity);for(var e=0,f=a.length;e<f;){var g=e+f>>1;d(a[g])<d(c)?e=g+1:f=g}return e};b.toArray=function(a){return!a?[]:a.toArray?a.toArray():b.isArray(a)?i.call(a):b.isArguments(a)?i.call(a):b.values(a)};b.size=function(a){return b.toArray(a).length};b.first=b.head=function(a,b,d){return b!=null&&!d?i.call(a,0,b):a[0]};b.initial=function(a,b,d){return i.call(a,0,a.length-(b==null||d?1:b))};b.last=function(a,b,d){return b!=null&&!d?i.call(a,Math.max(a.length-b,0)):a[a.length-1]};b.rest=
-b.tail=function(a,b,d){return i.call(a,b==null||d?1:b)};b.compact=function(a){return b.filter(a,function(a){return!!a})};b.flatten=function(a,c){return b.reduce(a,function(a,e){if(b.isArray(e))return a.concat(c?e:b.flatten(e));a[a.length]=e;return a},[])};b.without=function(a){return b.difference(a,i.call(arguments,1))};b.uniq=b.unique=function(a,c,d){var d=d?b.map(a,d):a,e=[];b.reduce(d,function(d,g,h){if(0==h||(c===true?b.last(d)!=g:!b.include(d,g)))d[d.length]=g,e[e.length]=a[h];return d},[]);
-return e};b.union=function(){return b.uniq(b.flatten(arguments,true))};b.intersection=b.intersect=function(a){var c=i.call(arguments,1);return b.filter(b.uniq(a),function(a){return b.every(c,function(c){return b.indexOf(c,a)>=0})})};b.difference=function(a){var c=b.flatten(i.call(arguments,1));return b.filter(a,function(a){return!b.include(c,a)})};b.zip=function(){for(var a=i.call(arguments),c=b.max(b.pluck(a,"length")),d=Array(c),e=0;e<c;e++)d[e]=b.pluck(a,""+e);return d};b.indexOf=function(a,c,
-d){if(a==null)return-1;var e;if(d)return d=b.sortedIndex(a,c),a[d]===c?d:-1;if(p&&a.indexOf===p)return a.indexOf(c);for(d=0,e=a.length;d<e;d++)if(d in a&&a[d]===c)return d;return-1};b.lastIndexOf=function(a,b){if(a==null)return-1;if(D&&a.lastIndexOf===D)return a.lastIndexOf(b);for(var d=a.length;d--;)if(d in a&&a[d]===b)return d;return-1};b.range=function(a,b,d){arguments.length<=1&&(b=a||0,a=0);for(var d=arguments[2]||1,e=Math.max(Math.ceil((b-a)/d),0),f=0,g=Array(e);f<e;)g[f++]=a,a+=d;return g};
-var F=function(){};b.bind=function(a,c){var d,e;if(a.bind===s&&s)return s.apply(a,i.call(arguments,1));if(!b.isFunction(a))throw new TypeError;e=i.call(arguments,2);return d=function(){if(!(this instanceof d))return a.apply(c,e.concat(i.call(arguments)));F.prototype=a.prototype;var b=new F,g=a.apply(b,e.concat(i.call(arguments)));return Object(g)===g?g:b}};b.bindAll=function(a){var c=i.call(arguments,1);c.length==0&&(c=b.functions(a));j(c,function(c){a[c]=b.bind(a[c],a)});return a};b.memoize=function(a,
-c){var d={};c||(c=b.identity);return function(){var e=c.apply(this,arguments);return b.has(d,e)?d[e]:d[e]=a.apply(this,arguments)}};b.delay=function(a,b){var d=i.call(arguments,2);return setTimeout(function(){return a.apply(a,d)},b)};b.defer=function(a){return b.delay.apply(b,[a,1].concat(i.call(arguments,1)))};b.throttle=function(a,c){var d,e,f,g,h,i=b.debounce(function(){h=g=false},c);return function(){d=this;e=arguments;var b;f||(f=setTimeout(function(){f=null;h&&a.apply(d,e);i()},c));g?h=true:
-a.apply(d,e);i();g=true}};b.debounce=function(a,b){var d;return function(){var e=this,f=arguments;clearTimeout(d);d=setTimeout(function(){d=null;a.apply(e,f)},b)}};b.once=function(a){var b=false,d;return function(){if(b)return d;b=true;return d=a.apply(this,arguments)}};b.wrap=function(a,b){return function(){var d=[a].concat(i.call(arguments,0));return b.apply(this,d)}};b.compose=function(){var a=arguments;return function(){for(var b=arguments,d=a.length-1;d>=0;d--)b=[a[d].apply(this,b)];return b[0]}};
-b.after=function(a,b){return a<=0?b():function(){if(--a<1)return b.apply(this,arguments)}};b.keys=J||function(a){if(a!==Object(a))throw new TypeError("Invalid object");var c=[],d;for(d in a)b.has(a,d)&&(c[c.length]=d);return c};b.values=function(a){return b.map(a,b.identity)};b.functions=b.methods=function(a){var c=[],d;for(d in a)b.isFunction(a[d])&&c.push(d);return c.sort()};b.extend=function(a){j(i.call(arguments,1),function(b){for(var d in b)a[d]=b[d]});return a};b.defaults=function(a){j(i.call(arguments,
-1),function(b){for(var d in b)a[d]==null&&(a[d]=b[d])});return a};b.clone=function(a){return!b.isObject(a)?a:b.isArray(a)?a.slice():b.extend({},a)};b.tap=function(a,b){b(a);return a};b.isEqual=function(a,b){return q(a,b,[])};b.isEmpty=function(a){if(b.isArray(a)||b.isString(a))return a.length===0;for(var c in a)if(b.has(a,c))return false;return true};b.isElement=function(a){return!!(a&&a.nodeType==1)};b.isArray=o||function(a){return l.call(a)=="[object Array]"};b.isObject=function(a){return a===Object(a)};
-b.isArguments=function(a){return l.call(a)=="[object Arguments]"};if(!b.isArguments(arguments))b.isArguments=function(a){return!(!a||!b.has(a,"callee"))};b.isFunction=function(a){return l.call(a)=="[object Function]"};b.isString=function(a){return l.call(a)=="[object String]"};b.isNumber=function(a){return l.call(a)=="[object Number]"};b.isNaN=function(a){return a!==a};b.isBoolean=function(a){return a===true||a===false||l.call(a)=="[object Boolean]"};b.isDate=function(a){return l.call(a)=="[object Date]"};
-b.isRegExp=function(a){return l.call(a)=="[object RegExp]"};b.isNull=function(a){return a===null};b.isUndefined=function(a){return a===void 0};b.has=function(a,b){return I.call(a,b)};b.noConflict=function(){r._=G;return this};b.identity=function(a){return a};b.times=function(a,b,d){for(var e=0;e<a;e++)b.call(d,e)};b.escape=function(a){return(""+a).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;").replace(/'/g,"&#x27;").replace(/\//g,"&#x2F;")};b.mixin=function(a){j(b.functions(a),
-function(c){K(c,b[c]=a[c])})};var L=0;b.uniqueId=function(a){var b=L++;return a?a+b:b};b.templateSettings={evaluate:/<%([\s\S]+?)%>/g,interpolate:/<%=([\s\S]+?)%>/g,escape:/<%-([\s\S]+?)%>/g};var t=/.^/,u=function(a){return a.replace(/\\\\/g,"\\").replace(/\\'/g,"'")};b.template=function(a,c){var d=b.templateSettings,d="var __p=[],print=function(){__p.push.apply(__p,arguments);};with(obj||{}){__p.push('"+a.replace(/\\/g,"\\\\").replace(/'/g,"\\'").replace(d.escape||t,function(a,b){return"',_.escape("+
-u(b)+"),'"}).replace(d.interpolate||t,function(a,b){return"',"+u(b)+",'"}).replace(d.evaluate||t,function(a,b){return"');"+u(b).replace(/[\r\n\t]/g," ")+";__p.push('"}).replace(/\r/g,"\\r").replace(/\n/g,"\\n").replace(/\t/g,"\\t")+"');}return __p.join('');",e=new Function("obj","_",d);return c?e(c,b):function(a){return e.call(this,a,b)}};b.chain=function(a){return b(a).chain()};var m=function(a){this._wrapped=a};b.prototype=m.prototype;var v=function(a,c){return c?b(a).chain():a},K=function(a,c){m.prototype[a]=
-function(){var a=i.call(arguments);H.call(a,this._wrapped);return v(c.apply(b,a),this._chain)}};b.mixin(b);j("pop,push,reverse,shift,sort,splice,unshift".split(","),function(a){var b=k[a];m.prototype[a]=function(){var d=this._wrapped;b.apply(d,arguments);var e=d.length;(a=="shift"||a=="splice")&&e===0&&delete d[0];return v(d,this._chain)}});j(["concat","join","slice"],function(a){var b=k[a];m.prototype[a]=function(){return v(b.apply(this._wrapped,arguments),this._chain)}});m.prototype.chain=function(){this._chain=
-true;return this};m.prototype.value=function(){return this._wrapped}}).call(this);
+//     Underscore.js 1.8.3
+//     http://underscorejs.org
+//     (c) 2009-2015 Jeremy Ashkenas, DocumentCloud and Investigative Reporters & Editors
+//     Underscore may be freely distributed under the MIT license.
+
+(function() {
+
+  // Baseline setup
+  // --------------
+
+  // Establish the root object, `window` in the browser, or `exports` on the server.
+  var root = this;
+
+  // Save the previous value of the `_` variable.
+  var previousUnderscore = root._;
+
+  // Save bytes in the minified (but not gzipped) version:
+  var ArrayProto = Array.prototype, ObjProto = Object.prototype, FuncProto = Function.prototype;
+
+  // Create quick reference variables for speed access to core prototypes.
+  var
+    push             = ArrayProto.push,
+    slice            = ArrayProto.slice,
+    toString         = ObjProto.toString,
+    hasOwnProperty   = ObjProto.hasOwnProperty;
+
+  // All **ECMAScript 5** native function implementations that we hope to use
+  // are declared here.
+  var
+    nativeIsArray      = Array.isArray,
+    nativeKeys         = Object.keys,
+    nativeBind         = FuncProto.bind,
+    nativeCreate       = Object.create;
+
+  // Naked function reference for surrogate-prototype-swapping.
+  var Ctor = function(){};
+
+  // Create a safe reference to the Underscore object for use below.
+  var _ = function(obj) {
+    if (obj instanceof _) return obj;
+    if (!(this instanceof _)) return new _(obj);
+    this._wrapped = obj;
+  };
+
+  // Export the Underscore object for **Node.js**, with
+  // backwards-compatibility for the old `require()` API. If we're in
+  // the browser, add `_` as a global object.
+  if (typeof exports !== 'undefined') {
+    if (typeof module !== 'undefined' && module.exports) {
+      exports = module.exports = _;
+    }
+    exports._ = _;
+  } else {
+    root._ = _;
+  }
+
+  // Current version.
+  _.VERSION = '1.8.3';
+
+  // Internal function that returns an efficient (for current engines) version
+  // of the passed-in callback, to be repeatedly applied in other Underscore
+  // functions.
+  var optimizeCb = function(func, context, argCount) {
+    if (context === void 0) return func;
+    switch (argCount == null ? 3 : argCount) {
+      case 1: return function(value) {
+        return func.call(context, value);
+      };
+      case 2: return function(value, other) {
+        return func.call(context, value, other);
+      };
+      case 3: return function(value, index, collection) {
+        return func.call(context, value, index, collection);
+      };
+      case 4: return function(accumulator, value, index, collection) {
+        return func.call(context, accumulator, value, index, collection);
+      };
+    }
+    return function() {
+      return func.apply(context, arguments);
+    };
+  };
+
+  // A mostly-internal function to generate callbacks that can be applied
+  // to each element in a collection, returning the desired result — either
+  // identity, an arbitrary callback, a property matcher, or a property accessor.
+  var cb = function(value, context, argCount) {
+    if (value == null) return _.identity;
+    if (_.isFunction(value)) return optimizeCb(value, context, argCount);
+    if (_.isObject(value)) return _.matcher(value);
+    return _.property(value);
+  };
+  _.iteratee = function(value, context) {
+    return cb(value, context, Infinity);
+  };
+
+  // An internal function for creating assigner functions.
+  var createAssigner = function(keysFunc, undefinedOnly) {
+    return function(obj) {
+      var length = arguments.length;
+      if (length < 2 || obj == null) return obj;
+      for (var index = 1; index < length; index++) {
+        var source = arguments[index],
+            keys = keysFunc(source),
+            l = keys.length;
+        for (var i = 0; i < l; i++) {
+          var key = keys[i];
+          if (!undefinedOnly || obj[key] === void 0) obj[key] = source[key];
+        }
+      }
+      return obj;
+    };
+  };
+
+  // An internal function for creating a new object that inherits from another.
+  var baseCreate = function(prototype) {
+    if (!_.isObject(prototype)) return {};
+    if (nativeCreate) return nativeCreate(prototype);
+    Ctor.prototype = prototype;
+    var result = new Ctor;
+    Ctor.prototype = null;
+    return result;
+  };
+
+  var property = function(key) {
+    return function(obj) {
+      return obj == null ? void 0 : obj[key];
+    };
+  };
+
+  // Helper for collection methods to determine whether a collection
+  // should be iterated as an array or as an object
+  // Related: http://people.mozilla.org/~jorendorff/es6-draft.html#sec-tolength
+  // Avoids a very nasty iOS 8 JIT bug on ARM-64. #2094
+  var MAX_ARRAY_INDEX = Math.pow(2, 53) - 1;
+  var getLength = property('length');
+  var isArrayLike = function(collection) {
+    var length = getLength(collection);
+    return typeof length == 'number' && length >= 0 && length <= MAX_ARRAY_INDEX;
+  };
+
+  // Collection Functions
+  // --------------------
+
+  // The cornerstone, an `each` implementation, aka `forEach`.
+  // Handles raw objects in addition to array-likes. Treats all
+  // sparse array-likes as if they were dense.
+  _.each = _.forEach = function(obj, iteratee, context) {
+    iteratee = optimizeCb(iteratee, context);
+    var i, length;
+    if (isArrayLike(obj)) {
+      for (i = 0, length = obj.length; i < length; i++) {
+        iteratee(obj[i], i, obj);
+      }
+    } else {
+      var keys = _.keys(obj);
+      for (i = 0, length = keys.length; i < length; i++) {
+        iteratee(obj[keys[i]], keys[i], obj);
+      }
+    }
+    return obj;
+  };
+
+  // Return the results of applying the iteratee to each element.
+  _.map = _.collect = function(obj, iteratee, context) {
+    iteratee = cb(iteratee, context);
+    var keys = !isArrayLike(obj) && _.keys(obj),
+        length = (keys || obj).length,
+        results = Array(length);
+    for (var index = 0; index < length; index++) {
+      var currentKey = keys ? keys[index] : index;
+      results[index] = iteratee(obj[currentKey], currentKey, obj);
+    }
+    return results;
+  };
+
+  // Create a reducing function iterating left or right.
+  function createReduce(dir) {
+    // Optimized iterator function as using arguments.length
+    // in the main function will deoptimize the, see #1991.
+    function iterator(obj, iteratee, memo, keys, index, length) {
+      for (; index >= 0 && index < length; index += dir) {
+        var currentKey = keys ? keys[index] : index;
+        memo = iteratee(memo, obj[currentKey], currentKey, obj);
+      }
+      return memo;
+    }
+
+    return function(obj, iteratee, memo, context) {
+      iteratee = optimizeCb(iteratee, context, 4);
+      var keys = !isArrayLike(obj) && _.keys(obj),
+          length = (keys || obj).length,
+          index = dir > 0 ? 0 : length - 1;
+      // Determine the initial value if none is provided.
+      if (arguments.length < 3) {
+        memo = obj[keys ? keys[index] : index];
+        index += dir;
+      }
+      return iterator(obj, iteratee, memo, keys, index, length);
+    };
+  }
+
+  // **Reduce** builds up a single result from a list of values, aka `inject`,
+  // or `foldl`.
+  _.reduce = _.foldl = _.inject = createReduce(1);
+
+  // The right-associative version of reduce, also known as `foldr`.
+  _.reduceRight = _.foldr = createReduce(-1);
+
+  // Return the first value which passes a truth test. Aliased as `detect`.
+  _.find = _.detect = function(obj, predicate, context) {
+    var key;
+    if (isArrayLike(obj)) {
+      key = _.findIndex(obj, predicate, context);
+    } else {
+      key = _.findKey(obj, predicate, context);
+    }
+    if (key !== void 0 && key !== -1) return obj[key];
+  };
+
+  // Return all the elements that pass a truth test.
+  // Aliased as `select`.
+  _.filter = _.select = function(obj, predicate, context) {
+    var results = [];
+    predicate = cb(predicate, context);
+    _.each(obj, function(value, index, list) {
+      if (predicate(value, index, list)) results.push(value);
+    });
+    return results;
+  };
+
+  // Return all the elements for which a truth test fails.
+  _.reject = function(obj, predicate, context) {
+    return _.filter(obj, _.negate(cb(predicate)), context);
+  };
+
+  // Determine whether all of the elements match a truth test.
+  // Aliased as `all`.
+  _.every = _.all = function(obj, predicate, context) {
+    predicate = cb(predicate, context);
+    var keys = !isArrayLike(obj) && _.keys(obj),
+        length = (keys || obj).length;
+    for (var index = 0; index < length; index++) {
+      var currentKey = keys ? keys[index] : index;
+      if (!predicate(obj[currentKey], currentKey, obj)) return false;
+    }
+    return true;
+  };
+
+  // Determine if at least one element in the object matches a truth test.
+  // Aliased as `any`.
+  _.some = _.any = function(obj, predicate, context) {
+    predicate = cb(predicate, context);
+    var keys = !isArrayLike(obj) && _.keys(obj),
+        length = (keys || obj).length;
+    for (var index = 0; index < length; index++) {
+      var currentKey = keys ? keys[index] : index;
+      if (predicate(obj[currentKey], currentKey, obj)) return true;
+    }
+    return false;
+  };
+
+  // Determine if the array or object contains a given item (using `===`).
+  // Aliased as `includes` and `include`.
+  _.contains = _.includes = _.include = function(obj, item, fromIndex, guard) {
+    if (!isArrayLike(obj)) obj = _.values(obj);
+    if (typeof fromIndex != 'number' || guard) fromIndex = 0;
+    return _.indexOf(obj, item, fromIndex) >= 0;
+  };
+
+  // Invoke a method (with arguments) on every item in a collection.
+  _.invoke = function(obj, method) {
+    var args = slice.call(arguments, 2);
+    var isFunc = _.isFunction(method);
+    return _.map(obj, function(value) {
+      var func = isFunc ? method : value[method];
+      return func == null ? func : func.apply(value, args);
+    });
+  };
+
+  // Convenience version of a common use case of `map`: fetching a property.
+  _.pluck = function(obj, key) {
+    return _.map(obj, _.property(key));
+  };
+
+  // Convenience version of a common use case of `filter`: selecting only objects
+  // containing specific `key:value` pairs.
+  _.where = function(obj, attrs) {
+    return _.filter(obj, _.matcher(attrs));
+  };
+
+  // Convenience version of a common use case of `find`: getting the first object
+  // containing specific `key:value` pairs.
+  _.findWhere = function(obj, attrs) {
+    return _.find(obj, _.matcher(attrs));
+  };
+
+  // Return the maximum element (or element-based computation).
+  _.max = function(obj, iteratee, context) {
+    var result = -Infinity, lastComputed = -Infinity,
+        value, computed;
+    if (iteratee == null && obj != null) {
+      obj = isArrayLike(obj) ? obj : _.values(obj);
+      for (var i = 0, length = obj.length; i < length; i++) {
+        value = obj[i];
+        if (value > result) {
+          result = value;
+        }
+      }
+    } else {
+      iteratee = cb(iteratee, context);
+      _.each(obj, function(value, index, list) {
+        computed = iteratee(value, index, list);
+        if (computed > lastComputed || computed === -Infinity && result === -Infinity) {
+          result = value;
+          lastComputed = computed;
+        }
+      });
+    }
+    return result;
+  };
+
+  // Return the minimum element (or element-based computation).
+  _.min = function(obj, iteratee, context) {
+    var result = Infinity, lastComputed = Infinity,
+        value, computed;
+    if (iteratee == null && obj != null) {
+      obj = isArrayLike(obj) ? obj : _.values(obj);
+      for (var i = 0, length = obj.length; i < length; i++) {
+        value = obj[i];
+        if (value < result) {
+          result = value;
+        }
+      }
+    } else {
+      iteratee = cb(iteratee, context);
+      _.each(obj, function(value, index, list) {
+        computed = iteratee(value, index, list);
+        if (computed < lastComputed || computed === Infinity && result === Infinity) {
+          result = value;
+          lastComputed = computed;
+        }
+      });
+    }
+    return result;
+  };
+
+  // Shuffle a collection, using the modern version of the
+  // [Fisher-Yates shuffle](http://en.wikipedia.org/wiki/Fisher–Yates_shuffle).
+  _.shuffle = function(obj) {
+    var set = isArrayLike(obj) ? obj : _.values(obj);
+    var length = set.length;
+    var shuffled = Array(length);
+    for (var index = 0, rand; index < length; index++) {
+      rand = _.random(0, index);
+      if (rand !== index) shuffled[index] = shuffled[rand];
+      shuffled[rand] = set[index];
+    }
+    return shuffled;
+  };
+
+  // Sample **n** random values from a collection.
+  // If **n** is not specified, returns a single random element.
+  // The internal `guard` argument allows it to work with `map`.
+  _.sample = function(obj, n, guard) {
+    if (n == null || guard) {
+      if (!isArrayLike(obj)) obj = _.values(obj);
+      return obj[_.random(obj.length - 1)];
+    }
+    return _.shuffle(obj).slice(0, Math.max(0, n));
+  };
+
+  // Sort the object's values by a criterion produced by an iteratee.
+  _.sortBy = function(obj, iteratee, context) {
+    iteratee = cb(iteratee, context);
+    return _.pluck(_.map(obj, function(value, index, list) {
+      return {
+        value: value,
+        index: index,
+        criteria: iteratee(value, index, list)
+      };
+    }).sort(function(left, right) {
+      var a = left.criteria;
+      var b = right.criteria;
+      if (a !== b) {
+        if (a > b || a === void 0) return 1;
+        if (a < b || b === void 0) return -1;
+      }
+      return left.index - right.index;
+    }), 'value');
+  };
+
+  // An internal function used for aggregate "group by" operations.
+  var group = function(behavior) {
+    return function(obj, iteratee, context) {
+      var result = {};
+      iteratee = cb(iteratee, context);
+      _.each(obj, function(value, index) {
+        var key = iteratee(value, index, obj);
+        behavior(result, value, key);
+      });
+      return result;
+    };
+  };
+
+  // Groups the object's values by a criterion. Pass either a string attribute
+  // to group by, or a function that returns the criterion.
+  _.groupBy = group(function(result, value, key) {
+    if (_.has(result, key)) result[key].push(value); else result[key] = [value];
+  });
+
+  // Indexes the object's values by a criterion, similar to `groupBy`, but for
+  // when you know that your index values will be unique.
+  _.indexBy = group(function(result, value, key) {
+    result[key] = value;
+  });
+
+  // Counts instances of an object that group by a certain criterion. Pass
+  // either a string attribute to count by, or a function that returns the
+  // criterion.
+  _.countBy = group(function(result, value, key) {
+    if (_.has(result, key)) result[key]++; else result[key] = 1;
+  });
+
+  // Safely create a real, live array from anything iterable.
+  _.toArray = function(obj) {
+    if (!obj) return [];
+    if (_.isArray(obj)) return slice.call(obj);
+    if (isArrayLike(obj)) return _.map(obj, _.identity);
+    return _.values(obj);
+  };
+
+  // Return the number of elements in an object.
+  _.size = function(obj) {
+    if (obj == null) return 0;
+    return isArrayLike(obj) ? obj.length : _.keys(obj).length;
+  };
+
+  // Split a collection into two arrays: one whose elements all satisfy the given
+  // predicate, and one whose elements all do not satisfy the predicate.
+  _.partition = function(obj, predicate, context) {
+    predicate = cb(predicate, context);
+    var pass = [], fail = [];
+    _.each(obj, function(value, key, obj) {
+      (predicate(value, key, obj) ? pass : fail).push(value);
+    });
+    return [pass, fail];
+  };
+
+  // Array Functions
+  // ---------------
+
+  // Get the first element of an array. Passing **n** will return the first N
+  // values in the array. Aliased as `head` and `take`. The **guard** check
+  // allows it to work with `_.map`.
+  _.first = _.head = _.take = function(array, n, guard) {
+    if (array == null) return void 0;
+    if (n == null || guard) return array[0];
+    return _.initial(array, array.length - n);
+  };
+
+  // Returns everything but the last entry of the array. Especially useful on
+  // the arguments object. Passing **n** will return all the values in
+  // the array, excluding the last N.
+  _.initial = function(array, n, guard) {
+    return slice.call(array, 0, Math.max(0, array.length - (n == null || guard ? 1 : n)));
+  };
+
+  // Get the last element of an array. Passing **n** will return the last N
+  // values in the array.
+  _.last = function(array, n, guard) {
+    if (array == null) return void 0;
+    if (n == null || guard) return array[array.length - 1];
+    return _.rest(array, Math.max(0, array.length - n));
+  };
+
+  // Returns everything but the first entry of the array. Aliased as `tail` and `drop`.
+  // Especially useful on the arguments object. Passing an **n** will return
+  // the rest N values in the array.
+  _.rest = _.tail = _.drop = function(array, n, guard) {
+    return slice.call(array, n == null || guard ? 1 : n);
+  };
+
+  // Trim out all falsy values from an array.
+  _.compact = function(array) {
+    return _.filter(array, _.identity);
+  };
+
+  // Internal implementation of a recursive `flatten` function.
+  var flatten = function(input, shallow, strict, startIndex) {
+    var output = [], idx = 0;
+    for (var i = startIndex || 0, length = getLength(input); i < length; i++) {
+      var value = input[i];
+      if (isArrayLike(value) && (_.isArray(value) || _.isArguments(value))) {
+        //flatten current level of array or arguments object
+        if (!shallow) value = flatten(value, shallow, strict);
+        var j = 0, len = value.length;
+        output.length += len;
+        while (j < len) {
+          output[idx++] = value[j++];
+        }
+      } else if (!strict) {
+        output[idx++] = value;
+      }
+    }
+    return output;
+  };
+
+  // Flatten out an array, either recursively (by default), or just one level.
+  _.flatten = function(array, shallow) {
+    return flatten(array, shallow, false);
+  };
+
+  // Return a version of the array that does not contain the specified value(s).
+  _.without = function(array) {
+    return _.difference(array, slice.call(arguments, 1));
+  };
+
+  // Produce a duplicate-free version of the array. If the array has already
+  // been sorted, you have the option of using a faster algorithm.
+  // Aliased as `unique`.
+  _.uniq = _.unique = function(array, isSorted, iteratee, context) {
+    if (!_.isBoolean(isSorted)) {
+      context = iteratee;
+      iteratee = isSorted;
+      isSorted = false;
+    }
+    if (iteratee != null) iteratee = cb(iteratee, context);
+    var result = [];
+    var seen = [];
+    for (var i = 0, length = getLength(array); i < length; i++) {
+      var value = array[i],
+          computed = iteratee ? iteratee(value, i, array) : value;
+      if (isSorted) {
+        if (!i || seen !== computed) result.push(value);
+        seen = computed;
+      } else if (iteratee) {
+        if (!_.contains(seen, computed)) {
+          seen.push(computed);
+          result.push(value);
+        }
+      } else if (!_.contains(result, value)) {
+        result.push(value);
+      }
+    }
+    return result;
+  };
+
+  // Produce an array that contains the union: each distinct element from all of
+  // the passed-in arrays.
+  _.union = function() {
+    return _.uniq(flatten(arguments, true, true));
+  };
+
+  // Produce an array that contains every item shared between all the
+  // passed-in arrays.
+  _.intersection = function(array) {
+    var result = [];
+    var argsLength = arguments.length;
+    for (var i = 0, length = getLength(array); i < length; i++) {
+      var item = array[i];
+      if (_.contains(result, item)) continue;
+      for (var j = 1; j < argsLength; j++) {
+        if (!_.contains(arguments[j], item)) break;
+      }
+      if (j === argsLength) result.push(item);
+    }
+    return result;
+  };
+
+  // Take the difference between one array and a number of other arrays.
+  // Only the elements present in just the first array will remain.
+  _.difference = function(array) {
+    var rest = flatten(arguments, true, true, 1);
+    return _.filter(array, function(value){
+      return !_.contains(rest, value);
+    });
+  };
+
+  // Zip together multiple lists into a single array -- elements that share
+  // an index go together.
+  _.zip = function() {
+    return _.unzip(arguments);
+  };
+
+  // Complement of _.zip. Unzip accepts an array of arrays and groups
+  // each array's elements on shared indices
+  _.unzip = function(array) {
+    var length = array && _.max(array, getLength).length || 0;
+    var result = Array(length);
+
+    for (var index = 0; index < length; index++) {
+      result[index] = _.pluck(array, index);
+    }
+    return result;
+  };
+
+  // Converts lists into objects. Pass either a single array of `[key, value]`
+  // pairs, or two parallel arrays of the same length -- one of keys, and one of
+  // the corresponding values.
+  _.object = function(list, values) {
+    var result = {};
+    for (var i = 0, length = getLength(list); i < length; i++) {
+      if (values) {
+        result[list[i]] = values[i];
+      } else {
+        result[list[i][0]] = list[i][1];
+      }
+    }
+    return result;
+  };
+
+  // Generator function to create the findIndex and findLastIndex functions
+  function createPredicateIndexFinder(dir) {
+    return function(array, predicate, context) {
+      predicate = cb(predicate, context);
+      var length = getLength(array);
+      var index = dir > 0 ? 0 : length - 1;
+      for (; index >= 0 && index < length; index += dir) {
+        if (predicate(array[index], index, array)) return index;
+      }
+      return -1;
+    };
+  }
+
+  // Returns the first index on an array-like that passes a predicate test
+  _.findIndex = createPredicateIndexFinder(1);
+  _.findLastIndex = createPredicateIndexFinder(-1);
+
+  // Use a comparator function to figure out the smallest index at which
+  // an object should be inserted so as to maintain order. Uses binary search.
+  _.sortedIndex = function(array, obj, iteratee, context) {
+    iteratee = cb(iteratee, context, 1);
+    var value = iteratee(obj);
+    var low = 0, high = getLength(array);
+    while (low < high) {
+      var mid = Math.floor((low + high) / 2);
+      if (iteratee(array[mid]) < value) low = mid + 1; else high = mid;
+    }
+    return low;
+  };
+
+  // Generator function to create the indexOf and lastIndexOf functions
+  function createIndexFinder(dir, predicateFind, sortedIndex) {
+    return function(array, item, idx) {
+      var i = 0, length = getLength(array);
+      if (typeof idx == 'number') {
+        if (dir > 0) {
+            i = idx >= 0 ? idx : Math.max(idx + length, i);
+        } else {
+            length = idx >= 0 ? Math.min(idx + 1, length) : idx + length + 1;
+        }
+      } else if (sortedIndex && idx && length) {
+        idx = sortedIndex(array, item);
+        return array[idx] === item ? idx : -1;
+      }
+      if (item !== item) {
+        idx = predicateFind(slice.call(array, i, length), _.isNaN);
+        return idx >= 0 ? idx + i : -1;
+      }
+      for (idx = dir > 0 ? i : length - 1; idx >= 0 && idx < length; idx += dir) {
+        if (array[idx] === item) return idx;
+      }
+      return -1;
+    };
+  }
+
+  // Return the position of the first occurrence of an item in an array,
+  // or -1 if the item is not included in the array.
+  // If the array is large and already in sort order, pass `true`
+  // for **isSorted** to use binary search.
+  _.indexOf = createIndexFinder(1, _.findIndex, _.sortedIndex);
+  _.lastIndexOf = createIndexFinder(-1, _.findLastIndex);
+
+  // Generate an integer Array containing an arithmetic progression. A port of
+  // the native Python `range()` function. See
+  // [the Python documentation](http://docs.python.org/library/functions.html#range).
+  _.range = function(start, stop, step) {
+    if (stop == null) {
+      stop = start || 0;
+      start = 0;
+    }
+    step = step || 1;
+
+    var length = Math.max(Math.ceil((stop - start) / step), 0);
+    var range = Array(length);
+
+    for (var idx = 0; idx < length; idx++, start += step) {
+      range[idx] = start;
+    }
+
+    return range;
+  };
+
+  // Function (ahem) Functions
+  // ------------------
+
+  // Determines whether to execute a function as a constructor
+  // or a normal function with the provided arguments
+  var executeBound = function(sourceFunc, boundFunc, context, callingContext, args) {
+    if (!(callingContext instanceof boundFunc)) return sourceFunc.apply(context, args);
+    var self = baseCreate(sourceFunc.prototype);
+    var result = sourceFunc.apply(self, args);
+    if (_.isObject(result)) return result;
+    return self;
+  };
+
+  // Create a function bound to a given object (assigning `this`, and arguments,
+  // optionally). Delegates to **ECMAScript 5**'s native `Function.bind` if
+  // available.
+  _.bind = function(func, context) {
+    if (nativeBind && func.bind === nativeBind) return nativeBind.apply(func, slice.call(arguments, 1));
+    if (!_.isFunction(func)) throw new TypeError('Bind must be called on a function');
+    var args = slice.call(arguments, 2);
+    var bound = function() {
+      return executeBound(func, bound, context, this, args.concat(slice.call(arguments)));
+    };
+    return bound;
+  };
+
+  // Partially apply a function by creating a version that has had some of its
+  // arguments pre-filled, without changing its dynamic `this` context. _ acts
+  // as a placeholder, allowing any combination of arguments to be pre-filled.
+  _.partial = function(func) {
+    var boundArgs = slice.call(arguments, 1);
+    var bound = function() {
+      var position = 0, length = boundArgs.length;
+      var args = Array(length);
+      for (var i = 0; i < length; i++) {
+        args[i] = boundArgs[i] === _ ? arguments[position++] : boundArgs[i];
+      }
+      while (position < arguments.length) args.push(arguments[position++]);
+      return executeBound(func, bound, this, this, args);
+    };
+    return bound;
+  };
+
+  // Bind a number of an object's methods to that object. Remaining arguments
+  // are the method names to be bound. Useful for ensuring that all callbacks
+  // defined on an object belong to it.
+  _.bindAll = function(obj) {
+    var i, length = arguments.length, key;
+    if (length <= 1) throw new Error('bindAll must be passed function names');
+    for (i = 1; i < length; i++) {
+      key = arguments[i];
+      obj[key] = _.bind(obj[key], obj);
+    }
+    return obj;
+  };
+
+  // Memoize an expensive function by storing its results.
+  _.memoize = function(func, hasher) {
+    var memoize = function(key) {
+      var cache = memoize.cache;
+      var address = '' + (hasher ? hasher.apply(this, arguments) : key);
+      if (!_.has(cache, address)) cache[address] = func.apply(this, arguments);
+      return cache[address];
+    };
+    memoize.cache = {};
+    return memoize;
+  };
+
+  // Delays a function for the given number of milliseconds, and then calls
+  // it with the arguments supplied.
+  _.delay = function(func, wait) {
+    var args = slice.call(arguments, 2);
+    return setTimeout(function(){
+      return func.apply(null, args);
+    }, wait);
+  };
+
+  // Defers a function, scheduling it to run after the current call stack has
+  // cleared.
+  _.defer = _.partial(_.delay, _, 1);
+
+  // Returns a function, that, when invoked, will only be triggered at most once
+  // during a given window of time. Normally, the throttled function will run
+  // as much as it can, without ever going more than once per `wait` duration;
+  // but if you'd like to disable the execution on the leading edge, pass
+  // `{leading: false}`. To disable execution on the trailing edge, ditto.
+  _.throttle = function(func, wait, options) {
+    var context, args, result;
+    var timeout = null;
+    var previous = 0;
+    if (!options) options = {};
+    var later = function() {
+      previous = options.leading === false ? 0 : _.now();
+      timeout = null;
+      result = func.apply(context, args);
+      if (!timeout) context = args = null;
+    };
+    return function() {
+      var now = _.now();
+      if (!previous && options.leading === false) previous = now;
+      var remaining = wait - (now - previous);
+      context = this;
+      args = arguments;
+      if (remaining <= 0 || remaining > wait) {
+        if (timeout) {
+          clearTimeout(timeout);
+          timeout = null;
+        }
+        previous = now;
+        result = func.apply(context, args);
+        if (!timeout) context = args = null;
+      } else if (!timeout && options.trailing !== false) {
+        timeout = setTimeout(later, remaining);
+      }
+      return result;
+    };
+  };
+
+  // Returns a function, that, as long as it continues to be invoked, will not
+  // be triggered. The function will be called after it stops being called for
+  // N milliseconds. If `immediate` is passed, trigger the function on the
+  // leading edge, instead of the trailing.
+  _.debounce = function(func, wait, immediate) {
+    var timeout, args, context, timestamp, result;
+
+    var later = function() {
+      var last = _.now() - timestamp;
+
+      if (last < wait && last >= 0) {
+        timeout = setTimeout(later, wait - last);
+      } else {
+        timeout = null;
+        if (!immediate) {
+          result = func.apply(context, args);
+          if (!timeout) context = args = null;
+        }
+      }
+    };
+
+    return function() {
+      context = this;
+      args = arguments;
+      timestamp = _.now();
+      var callNow = immediate && !timeout;
+      if (!timeout) timeout = setTimeout(later, wait);
+      if (callNow) {
+        result = func.apply(context, args);
+        context = args = null;
+      }
+
+      return result;
+    };
+  };
+
+  // Returns the first function passed as an argument to the second,
+  // allowing you to adjust arguments, run code before and after, and
+  // conditionally execute the original function.
+  _.wrap = function(func, wrapper) {
+    return _.partial(wrapper, func);
+  };
+
+  // Returns a negated version of the passed-in predicate.
+  _.negate = function(predicate) {
+    return function() {
+      return !predicate.apply(this, arguments);
+    };
+  };
+
+  // Returns a function that is the composition of a list of functions, each
+  // consuming the return value of the function that follows.
+  _.compose = function() {
+    var args = arguments;
+    var start = args.length - 1;
+    return function() {
+      var i = start;
+      var result = args[start].apply(this, arguments);
+      while (i--) result = args[i].call(this, result);
+      return result;
+    };
+  };
+
+  // Returns a function that will only be executed on and after the Nth call.
+  _.after = function(times, func) {
+    return function() {
+      if (--times < 1) {
+        return func.apply(this, arguments);
+      }
+    };
+  };
+
+  // Returns a function that will only be executed up to (but not including) the Nth call.
+  _.before = function(times, func) {
+    var memo;
+    return function() {
+      if (--times > 0) {
+        memo = func.apply(this, arguments);
+      }
+      if (times <= 1) func = null;
+      return memo;
+    };
+  };
+
+  // Returns a function that will be executed at most one time, no matter how
+  // often you call it. Useful for lazy initialization.
+  _.once = _.partial(_.before, 2);
+
+  // Object Functions
+  // ----------------
+
+  // Keys in IE < 9 that won't be iterated by `for key in ...` and thus missed.
+  var hasEnumBug = !{toString: null}.propertyIsEnumerable('toString');
+  var nonEnumerableProps = ['valueOf', 'isPrototypeOf', 'toString',
+                      'propertyIsEnumerable', 'hasOwnProperty', 'toLocaleString'];
+
+  function collectNonEnumProps(obj, keys) {
+    var nonEnumIdx = nonEnumerableProps.length;
+    var constructor = obj.constructor;
+    var proto = (_.isFunction(constructor) && constructor.prototype) || ObjProto;
+
+    // Constructor is a special case.
+    var prop = 'constructor';
+    if (_.has(obj, prop) && !_.contains(keys, prop)) keys.push(prop);
+
+    while (nonEnumIdx--) {
+      prop = nonEnumerableProps[nonEnumIdx];
+      if (prop in obj && obj[prop] !== proto[prop] && !_.contains(keys, prop)) {
+        keys.push(prop);
+      }
+    }
+  }
+
+  // Retrieve the names of an object's own properties.
+  // Delegates to **ECMAScript 5**'s native `Object.keys`
+  _.keys = function(obj) {
+    if (!_.isObject(obj)) return [];
+    if (nativeKeys) return nativeKeys(obj);
+    var keys = [];
+    for (var key in obj) if (_.has(obj, key)) keys.push(key);
+    // Ahem, IE < 9.
+    if (hasEnumBug) collectNonEnumProps(obj, keys);
+    return keys;
+  };
+
+  // Retrieve all the property names of an object.
+  _.allKeys = function(obj) {
+    if (!_.isObject(obj)) return [];
+    var keys = [];
+    for (var key in obj) keys.push(key);
+    // Ahem, IE < 9.
+    if (hasEnumBug) collectNonEnumProps(obj, keys);
+    return keys;
+  };
+
+  // Retrieve the values of an object's properties.
+  _.values = function(obj) {
+    var keys = _.keys(obj);
+    var length = keys.length;
+    var values = Array(length);
+    for (var i = 0; i < length; i++) {
+      values[i] = obj[keys[i]];
+    }
+    return values;
+  };
+
+  // Returns the results of applying the iteratee to each element of the object
+  // In contrast to _.map it returns an object
+  _.mapObject = function(obj, iteratee, context) {
+    iteratee = cb(iteratee, context);
+    var keys =  _.keys(obj),
+          length = keys.length,
+          results = {},
+          currentKey;
+      for (var index = 0; index < length; index++) {
+        currentKey = keys[index];
+        results[currentKey] = iteratee(obj[currentKey], currentKey, obj);
+      }
+      return results;
+  };
+
+  // Convert an object into a list of `[key, value]` pairs.
+  _.pairs = function(obj) {
+    var keys = _.keys(obj);
+    var length = keys.length;
+    var pairs = Array(length);
+    for (var i = 0; i < length; i++) {
+      pairs[i] = [keys[i], obj[keys[i]]];
+    }
+    return pairs;
+  };
+
+  // Invert the keys and values of an object. The values must be serializable.
+  _.invert = function(obj) {
+    var result = {};
+    var keys = _.keys(obj);
+    for (var i = 0, length = keys.length; i < length; i++) {
+      result[obj[keys[i]]] = keys[i];
+    }
+    return result;
+  };
+
+  // Return a sorted list of the function names available on the object.
+  // Aliased as `methods`
+  _.functions = _.methods = function(obj) {
+    var names = [];
+    for (var key in obj) {
+      if (_.isFunction(obj[key])) names.push(key);
+    }
+    return names.sort();
+  };
+
+  // Extend a given object with all the properties in passed-in object(s).
+  _.extend = createAssigner(_.allKeys);
+
+  // Assigns a given object with all the own properties in the passed-in object(s)
+  // (https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Object/assign)
+  _.extendOwn = _.assign = createAssigner(_.keys);
+
+  // Returns the first key on an object that passes a predicate test
+  _.findKey = function(obj, predicate, context) {
+    predicate = cb(predicate, context);
+    var keys = _.keys(obj), key;
+    for (var i = 0, length = keys.length; i < length; i++) {
+      key = keys[i];
+      if (predicate(obj[key], key, obj)) return key;
+    }
+  };
+
+  // Return a copy of the object only containing the whitelisted properties.
+  _.pick = function(object, oiteratee, context) {
+    var result = {}, obj = object, iteratee, keys;
+    if (obj == null) return result;
+    if (_.isFunction(oiteratee)) {
+      keys = _.allKeys(obj);
+      iteratee = optimizeCb(oiteratee, context);
+    } else {
+      keys = flatten(arguments, false, false, 1);
+      iteratee = function(value, key, obj) { return key in obj; };
+      obj = Object(obj);
+    }
+    for (var i = 0, length = keys.length; i < length; i++) {
+      var key = keys[i];
+      var value = obj[key];
+      if (iteratee(value, key, obj)) result[key] = value;
+    }
+    return result;
+  };
+
+   // Return a copy of the object without the blacklisted properties.
+  _.omit = function(obj, iteratee, context) {
+    if (_.isFunction(iteratee)) {
+      iteratee = _.negate(iteratee);
+    } else {
+      var keys = _.map(flatten(arguments, false, false, 1), String);
+      iteratee = function(value, key) {
+        return !_.contains(keys, key);
+      };
+    }
+    return _.pick(obj, iteratee, context);
+  };
+
+  // Fill in a given object with default properties.
+  _.defaults = createAssigner(_.allKeys, true);
+
+  // Creates an object that inherits from the given prototype object.
+  // If additional properties are provided then they will be added to the
+  // created object.
+  _.create = function(prototype, props) {
+    var result = baseCreate(prototype);
+    if (props) _.extendOwn(result, props);
+    return result;
+  };
+
+  // Create a (shallow-cloned) duplicate of an object.
+  _.clone = function(obj) {
+    if (!_.isObject(obj)) return obj;
+    return _.isArray(obj) ? obj.slice() : _.extend({}, obj);
+  };
+
+  // Invokes interceptor with the obj, and then returns obj.
+  // The primary purpose of this method is to "tap into" a method chain, in
+  // order to perform operations on intermediate results within the chain.
+  _.tap = function(obj, interceptor) {
+    interceptor(obj);
+    return obj;
+  };
+
+  // Returns whether an object has a given set of `key:value` pairs.
+  _.isMatch = function(object, attrs) {
+    var keys = _.keys(attrs), length = keys.length;
+    if (object == null) return !length;
+    var obj = Object(object);
+    for (var i = 0; i < length; i++) {
+      var key = keys[i];
+      if (attrs[key] !== obj[key] || !(key in obj)) return false;
+    }
+    return true;
+  };
+
+
+  // Internal recursive comparison function for `isEqual`.
+  var eq = function(a, b, aStack, bStack) {
+    // Identical objects are equal. `0 === -0`, but they aren't identical.
+    // See the [Harmony `egal` proposal](http://wiki.ecmascript.org/doku.php?id=harmony:egal).
+    if (a === b) return a !== 0 || 1 / a === 1 / b;
+    // A strict comparison is necessary because `null == undefined`.
+    if (a == null || b == null) return a === b;
+    // Unwrap any wrapped objects.
+    if (a instanceof _) a = a._wrapped;
+    if (b instanceof _) b = b._wrapped;
+    // Compare `[[Class]]` names.
+    var className = toString.call(a);
+    if (className !== toString.call(b)) return false;
+    switch (className) {
+      // Strings, numbers, regular expressions, dates, and booleans are compared by value.
+      case '[object RegExp]':
+      // RegExps are coerced to strings for comparison (Note: '' + /a/i === '/a/i')
+      case '[object String]':
+        // Primitives and their corresponding object wrappers are equivalent; thus, `"5"` is
+        // equivalent to `new String("5")`.
+        return '' + a === '' + b;
+      case '[object Number]':
+        // `NaN`s are equivalent, but non-reflexive.
+        // Object(NaN) is equivalent to NaN
+        if (+a !== +a) return +b !== +b;
+        // An `egal` comparison is performed for other numeric values.
+        return +a === 0 ? 1 / +a === 1 / b : +a === +b;
+      case '[object Date]':
+      case '[object Boolean]':
+        // Coerce dates and booleans to numeric primitive values. Dates are compared by their
+        // millisecond representations. Note that invalid dates with millisecond representations
+        // of `NaN` are not equivalent.
+        return +a === +b;
+    }
+
+    var areArrays = className === '[object Array]';
+    if (!areArrays) {
+      if (typeof a != 'object' || typeof b != 'object') return false;
+
+      // Objects with different constructors are not equivalent, but `Object`s or `Array`s
+      // from different frames are.
+      var aCtor = a.constructor, bCtor = b.constructor;
+      if (aCtor !== bCtor && !(_.isFunction(aCtor) && aCtor instanceof aCtor &&
+                               _.isFunction(bCtor) && bCtor instanceof bCtor)
+                          && ('constructor' in a && 'constructor' in b)) {
+        return false;
+      }
+    }
+    // Assume equality for cyclic structures. The algorithm for detecting cyclic
+    // structures is adapted from ES 5.1 section 15.12.3, abstract operation `JO`.
+
+    // Initializing stack of traversed objects.
+    // It's done here since we only need them for objects and arrays comparison.
+    aStack = aStack || [];
+    bStack = bStack || [];
+    var length = aStack.length;
+    while (length--) {
+      // Linear search. Performance is inversely proportional to the number of
+      // unique nested structures.
+      if (aStack[length] === a) return bStack[length] === b;
+    }
+
+    // Add the first object to the stack of traversed objects.
+    aStack.push(a);
+    bStack.push(b);
+
+    // Recursively compare objects and arrays.
+    if (areArrays) {
+      // Compare array lengths to determine if a deep comparison is necessary.
+      length = a.length;
+      if (length !== b.length) return false;
+      // Deep compare the contents, ignoring non-numeric properties.
+      while (length--) {
+        if (!eq(a[length], b[length], aStack, bStack)) return false;
+      }
+    } else {
+      // Deep compare objects.
+      var keys = _.keys(a), key;
+      length = keys.length;
+      // Ensure that both objects contain the same number of properties before comparing deep equality.
+      if (_.keys(b).length !== length) return false;
+      while (length--) {
+        // Deep compare each member
+        key = keys[length];
+        if (!(_.has(b, key) && eq(a[key], b[key], aStack, bStack))) return false;
+      }
+    }
+    // Remove the first object from the stack of traversed objects.
+    aStack.pop();
+    bStack.pop();
+    return true;
+  };
+
+  // Perform a deep comparison to check if two objects are equal.
+  _.isEqual = function(a, b) {
+    return eq(a, b);
+  };
+
+  // Is a given array, string, or object empty?
+  // An "empty" object has no enumerable own-properties.
+  _.isEmpty = function(obj) {
+    if (obj == null) return true;
+    if (isArrayLike(obj) && (_.isArray(obj) || _.isString(obj) || _.isArguments(obj))) return obj.length === 0;
+    return _.keys(obj).length === 0;
+  };
+
+  // Is a given value a DOM element?
+  _.isElement = function(obj) {
+    return !!(obj && obj.nodeType === 1);
+  };
+
+  // Is a given value an array?
+  // Delegates to ECMA5's native Array.isArray
+  _.isArray = nativeIsArray || function(obj) {
+    return toString.call(obj) === '[object Array]';
+  };
+
+  // Is a given variable an object?
+  _.isObject = function(obj) {
+    var type = typeof obj;
+    return type === 'function' || type === 'object' && !!obj;
+  };
+
+  // Add some isType methods: isArguments, isFunction, isString, isNumber, isDate, isRegExp, isError.
+  _.each(['Arguments', 'Function', 'String', 'Number', 'Date', 'RegExp', 'Error'], function(name) {
+    _['is' + name] = function(obj) {
+      return toString.call(obj) === '[object ' + name + ']';
+    };
+  });
+
+  // Define a fallback version of the method in browsers (ahem, IE < 9), where
+  // there isn't any inspectable "Arguments" type.
+  if (!_.isArguments(arguments)) {
+    _.isArguments = function(obj) {
+      return _.has(obj, 'callee');
+    };
+  }
+
+  // Optimize `isFunction` if appropriate. Work around some typeof bugs in old v8,
+  // IE 11 (#1621), and in Safari 8 (#1929).
+  if (typeof /./ != 'function' && typeof Int8Array != 'object') {
+    _.isFunction = function(obj) {
+      return typeof obj == 'function' || false;
+    };
+  }
+
+  // Is a given object a finite number?
+  _.isFinite = function(obj) {
+    return isFinite(obj) && !isNaN(parseFloat(obj));
+  };
+
+  // Is the given value `NaN`? (NaN is the only number which does not equal itself).
+  _.isNaN = function(obj) {
+    return _.isNumber(obj) && obj !== +obj;
+  };
+
+  // Is a given value a boolean?
+  _.isBoolean = function(obj) {
+    return obj === true || obj === false || toString.call(obj) === '[object Boolean]';
+  };
+
+  // Is a given value equal to null?
+  _.isNull = function(obj) {
+    return obj === null;
+  };
+
+  // Is a given variable undefined?
+  _.isUndefined = function(obj) {
+    return obj === void 0;
+  };
+
+  // Shortcut function for checking if an object has a given property directly
+  // on itself (in other words, not on a prototype).
+  _.has = function(obj, key) {
+    return obj != null && hasOwnProperty.call(obj, key);
+  };
+
+  // Utility Functions
+  // -----------------
+
+  // Run Underscore.js in *noConflict* mode, returning the `_` variable to its
+  // previous owner. Returns a reference to the Underscore object.
+  _.noConflict = function() {
+    root._ = previousUnderscore;
+    return this;
+  };
+
+  // Keep the identity function around for default iteratees.
+  _.identity = function(value) {
+    return value;
+  };
+
+  // Predicate-generating functions. Often useful outside of Underscore.
+  _.constant = function(value) {
+    return function() {
+      return value;
+    };
+  };
+
+  _.noop = function(){};
+
+  _.property = property;
+
+  // Generates a function for a given object that returns a given property.
+  _.propertyOf = function(obj) {
+    return obj == null ? function(){} : function(key) {
+      return obj[key];
+    };
+  };
+
+  // Returns a predicate for checking whether an object has a given set of
+  // `key:value` pairs.
+  _.matcher = _.matches = function(attrs) {
+    attrs = _.extendOwn({}, attrs);
+    return function(obj) {
+      return _.isMatch(obj, attrs);
+    };
+  };
+
+  // Run a function **n** times.
+  _.times = function(n, iteratee, context) {
+    var accum = Array(Math.max(0, n));
+    iteratee = optimizeCb(iteratee, context, 1);
+    for (var i = 0; i < n; i++) accum[i] = iteratee(i);
+    return accum;
+  };
+
+  // Return a random integer between min and max (inclusive).
+  _.random = function(min, max) {
+    if (max == null) {
+      max = min;
+      min = 0;
+    }
+    return min + Math.floor(Math.random() * (max - min + 1));
+  };
+
+  // A (possibly faster) way to get the current timestamp as an integer.
+  _.now = Date.now || function() {
+    return new Date().getTime();
+  };
+
+   // List of HTML entities for escaping.
+  var escapeMap = {
+    '&': '&amp;',
+    '<': '&lt;',
+    '>': '&gt;',
+    '"': '&quot;',
+    "'": '&#x27;',
+    '`': '&#x60;'
+  };
+  var unescapeMap = _.invert(escapeMap);
+
+  // Functions for escaping and unescaping strings to/from HTML interpolation.
+  var createEscaper = function(map) {
+    var escaper = function(match) {
+      return map[match];
+    };
+    // Regexes for identifying a key that needs to be escaped
+    var source = '(?:' + _.keys(map).join('|') + ')';
+    var testRegexp = RegExp(source);
+    var replaceRegexp = RegExp(source, 'g');
+    return function(string) {
+      string = string == null ? '' : '' + string;
+      return testRegexp.test(string) ? string.replace(replaceRegexp, escaper) : string;
+    };
+  };
+  _.escape = createEscaper(escapeMap);
+  _.unescape = createEscaper(unescapeMap);
+
+  // If the value of the named `property` is a function then invoke it with the
+  // `object` as context; otherwise, return it.
+  _.result = function(object, property, fallback) {
+    var value = object == null ? void 0 : object[property];
+    if (value === void 0) {
+      value = fallback;
+    }
+    return _.isFunction(value) ? value.call(object) : value;
+  };
+
+  // Generate a unique integer id (unique within the entire client session).
+  // Useful for temporary DOM ids.
+  var idCounter = 0;
+  _.uniqueId = function(prefix) {
+    var id = ++idCounter + '';
+    return prefix ? prefix + id : id;
+  };
+
+  // By default, Underscore uses ERB-style template delimiters, change the
+  // following template settings to use alternative delimiters.
+  _.templateSettings = {
+    evaluate    : /<%([\s\S]+?)%>/g,
+    interpolate : /<%=([\s\S]+?)%>/g,
+    escape      : /<%-([\s\S]+?)%>/g
+  };
+
+  // When customizing `templateSettings`, if you don't want to define an
+  // interpolation, evaluation or escaping regex, we need one that is
+  // guaranteed not to match.
+  var noMatch = /(.)^/;
+
+  // Certain characters need to be escaped so that they can be put into a
+  // string literal.
+  var escapes = {
+    "'":      "'",
+    '\\':     '\\',
+    '\r':     'r',
+    '\n':     'n',
+    '\u2028': 'u2028',
+    '\u2029': 'u2029'
+  };
+
+  var escaper = /\\|'|\r|\n|\u2028|\u2029/g;
+
+  var escapeChar = function(match) {
+    return '\\' + escapes[match];
+  };
+
+  // JavaScript micro-templating, similar to John Resig's implementation.
+  // Underscore templating handles arbitrary delimiters, preserves whitespace,
+  // and correctly escapes quotes within interpolated code.
+  // NB: `oldSettings` only exists for backwards compatibility.
+  _.template = function(text, settings, oldSettings) {
+    if (!settings && oldSettings) settings = oldSettings;
+    settings = _.defaults({}, settings, _.templateSettings);
+
+    // Combine delimiters into one regular expression via alternation.
+    var matcher = RegExp([
+      (settings.escape || noMatch).source,
+      (settings.interpolate || noMatch).source,
+      (settings.evaluate || noMatch).source
+    ].join('|') + '|$', 'g');
+
+    // Compile the template source, escaping string literals appropriately.
+    var index = 0;
+    var source = "__p+='";
+    text.replace(matcher, function(match, escape, interpolate, evaluate, offset) {
+      source += text.slice(index, offset).replace(escaper, escapeChar);
+      index = offset + match.length;
+
+      if (escape) {
+        source += "'+\n((__t=(" + escape + "))==null?'':_.escape(__t))+\n'";
+      } else if (interpolate) {
+        source += "'+\n((__t=(" + interpolate + "))==null?'':__t)+\n'";
+      } else if (evaluate) {
+        source += "';\n" + evaluate + "\n__p+='";
+      }
+
+      // Adobe VMs need the match returned to produce the correct offest.
+      return match;
+    });
+    source += "';\n";
+
+    // If a variable is not specified, place data values in local scope.
+    if (!settings.variable) source = 'with(obj||{}){\n' + source + '}\n';
+
+    source = "var __t,__p='',__j=Array.prototype.join," +
+      "print=function(){__p+=__j.call(arguments,'');};\n" +
+      source + 'return __p;\n';
+
+    try {
+      var render = new Function(settings.variable || 'obj', '_', source);
+    } catch (e) {
+      e.source = source;
+      throw e;
+    }
+
+    var template = function(data) {
+      return render.call(this, data, _);
+    };
+
+    // Provide the compiled source as a convenience for precompilation.
+    var argument = settings.variable || 'obj';
+    template.source = 'function(' + argument + '){\n' + source + '}';
+
+    return template;
+  };
+
+  // Add a "chain" function. Start chaining a wrapped Underscore object.
+  _.chain = function(obj) {
+    var instance = _(obj);
+    instance._chain = true;
+    return instance;
+  };
+
+  // OOP
+  // ---------------
+  // If Underscore is called as a function, it returns a wrapped object that
+  // can be used OO-style. This wrapper holds altered versions of all the
+  // underscore functions. Wrapped objects may be chained.
+
+  // Helper function to continue chaining intermediate results.
+  var result = function(instance, obj) {
+    return instance._chain ? _(obj).chain() : obj;
+  };
+
+  // Add your own custom functions to the Underscore object.
+  _.mixin = function(obj) {
+    _.each(_.functions(obj), function(name) {
+      var func = _[name] = obj[name];
+      _.prototype[name] = function() {
+        var args = [this._wrapped];
+        push.apply(args, arguments);
+        return result(this, func.apply(_, args));
+      };
+    });
+  };
+
+  // Add all of the Underscore functions to the wrapper object.
+  _.mixin(_);
+
+  // Add all mutator Array functions to the wrapper.
+  _.each(['pop', 'push', 'reverse', 'shift', 'sort', 'splice', 'unshift'], function(name) {
+    var method = ArrayProto[name];
+    _.prototype[name] = function() {
+      var obj = this._wrapped;
+      method.apply(obj, arguments);
+      if ((name === 'shift' || name === 'splice') && obj.length === 0) delete obj[0];
+      return result(this, obj);
+    };
+  });
+
+  // Add all accessor Array functions to the wrapper.
+  _.each(['concat', 'join', 'slice'], function(name) {
+    var method = ArrayProto[name];
+    _.prototype[name] = function() {
+      return result(this, method.apply(this._wrapped, arguments));
+    };
+  });
+
+  // Extracts the result from a wrapped and chained object.
+  _.prototype.value = function() {
+    return this._wrapped;
+  };
+
+  // Provide unwrapping proxy for some methods used in engine operations
+  // such as arithmetic and JSON stringification.
+  _.prototype.valueOf = _.prototype.toJSON = _.prototype.value;
+
+  _.prototype.toString = function() {
+    return '' + this._wrapped;
+  };
+
+  // AMD registration happens at the end for compatibility with AMD loaders
+  // that may not enforce next-turn semantics on modules. Even though general
+  // practice for AMD registration is to be anonymous, underscore registers
+  // as a named module because, like jQuery, it is a base library that is
+  // popular enough to be bundled in a third party lib, but not be part of
+  // an AMD load request. Those cases could generate an error when an
+  // anonymous define() is called outside of a loader request.
+  if (typeof define === 'function' && define.amd) {
+    define('underscore', [], function() {
+      return _;
+    });
+  }
+}.call(this));
diff --git a/docs/html/_static/websupport.js b/docs/html/_static/websupport.js
index 3b4999e..79b18e3 100644
--- a/docs/html/_static/websupport.js
+++ b/docs/html/_static/websupport.js
@@ -4,7 +4,7 @@
  *
  * sphinx.websupport utilities for all documentation.
  *
- * :copyright: Copyright 2007-2019 by the Sphinx team, see AUTHORS.
+ * :copyright: Copyright 2007-2018 by the Sphinx team, see AUTHORS.
  * :license: BSD, see LICENSE for details.
  *
  */
@@ -301,7 +301,7 @@
     li.hide();
 
     // Determine where in the parents children list to insert this comment.
-    for(var i=0; i < siblings.length; i++) {
+    for(i=0; i < siblings.length; i++) {
       if (comp(comment, siblings[i]) <= 0) {
         $('#cd' + siblings[i].id)
           .parent()
diff --git a/docs/html/api/keys/algorithms.html b/docs/html/api/keys/algorithms.html
new file mode 100644
index 0000000..e0c9b41
--- /dev/null
+++ b/docs/html/api/keys/algorithms.html
@@ -0,0 +1,368 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <title>Algorithms &#8212; PSA Crypto API 1.0.0 documentation</title>
+    <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
+    <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
+    <script type="text/javascript">
+      var DOCUMENTATION_OPTIONS = {
+        URL_ROOT:    '../../',
+        VERSION:     '1.0.0',
+        COLLAPSE_INDEX: false,
+        FILE_SUFFIX: '.html',
+        HAS_SOURCE:  true,
+        SOURCELINK_SUFFIX: '.txt'
+      };
+    </script>
+    <script type="text/javascript" src="../../_static/jquery.js"></script>
+    <script type="text/javascript" src="../../_static/underscore.js"></script>
+    <script type="text/javascript" src="../../_static/doctools.js"></script>
+    <link rel="index" title="Index" href="../../genindex.html" />
+    <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="Key management functions" href="management.html" />
+    <link rel="prev" title="Key policies" href="usage.html" />
+   
+  <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
+  
+  <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
+
+  </head>
+  <body>
+  
+
+    <div class="document">
+      <div class="documentwrapper">
+        <div class="bodywrapper">
+          <div class="body" role="main">
+            
+  <div class="section" id="algorithms">
+<span id="id1"></span><h1>Algorithms</h1>
+<div class="section" id="algorithm-categories">
+<h2>Algorithm categories</h2>
+<div class="section" id="PSA_ALG_NONE">
+<span id="c.PSA_ALG_NONE"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_NONE</span></code> (macro)</h3>
+<p>An invalid algorithm identifier value.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_NONE" title="PSA_ALG_NONE">PSA_ALG_NONE</a> ((<a class="reference internal" href="attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0)
+</pre>
+<p>Zero is not the encoding of any algorithm.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_HASH">
+<span id="c.PSA_ALG_IS_HASH"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code> (macro)</h3>
+<p>Whether the specified algorithm is a hash algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH">PSA_ALG_IS_HASH</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a hash algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+<p class="rubric">Description</p>
+<p>See <em><a class="reference internal" href="../ops/hashes.html#hash-algorithms"><span class="std std-ref">Hash algorithms</span></a></em> for a list of defined hash algorithms.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_MAC">
+<span id="c.PSA_ALG_IS_MAC"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_MAC</span></code> (macro)</h3>
+<p>Whether the specified algorithm is a MAC algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC">PSA_ALG_IS_MAC</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a MAC algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+<p class="rubric">Description</p>
+<p>See <em><a class="reference internal" href="../ops/macs.html#mac-algorithms"><span class="std std-ref">MAC algorithms</span></a></em> for a list of defined MAC algorithms.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_CIPHER">
+<span id="c.PSA_ALG_IS_CIPHER"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code> (macro)</h3>
+<p>Whether the specified algorithm is a symmetric cipher algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER">PSA_ALG_IS_CIPHER</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a symmetric cipher algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+<p class="rubric">Description</p>
+<p>See <em><a class="reference internal" href="../ops/ciphers.html#cipher-algorithms"><span class="std std-ref">Cipher algorithms</span></a></em> for a list of defined cipher algorithms.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_AEAD">
+<span id="c.PSA_ALG_IS_AEAD"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code> (macro)</h3>
+<p>Whether the specified algorithm is an authenticated encryption with associated data (AEAD) algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD">PSA_ALG_IS_AEAD</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is an AEAD algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+<p class="rubric">Description</p>
+<p>See <em><a class="reference internal" href="../ops/aead.html#aead-algorithms"><span class="std std-ref">AEAD algorithms</span></a></em> for a list of defined AEAD algorithms.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_SIGN">
+<span id="c.PSA_ALG_IS_SIGN"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN</span></code> (macro)</h3>
+<p>Whether the specified algorithm is a public-key signature algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_IS_SIGN" title="PSA_ALG_IS_SIGN">PSA_ALG_IS_SIGN</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a public-key signature algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+<p class="rubric">Description</p>
+<p>See <em><a class="reference internal" href="../ops/sign.html#sign-algorithms"><span class="std std-ref">Asymmetric signature algorithms</span></a></em> for a list of defined signature algorithms.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_ASYMMETRIC_ENCRYPTION">
+<span id="c.PSA_ALG_IS_ASYMMETRIC_ENCRYPTION"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_ASYMMETRIC_ENCRYPTION</span></code> (macro)</h3>
+<p>Whether the specified algorithm is a public-key encryption algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_IS_ASYMMETRIC_ENCRYPTION" title="PSA_ALG_IS_ASYMMETRIC_ENCRYPTION">PSA_ALG_IS_ASYMMETRIC_ENCRYPTION</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a public-key encryption algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+<p class="rubric">Description</p>
+<p>See <em><a class="reference internal" href="../ops/pke.html#asymmetric-encryption-algorithms"><span class="std std-ref">Asymmetric encryption algorithms</span></a></em> for a list of defined asymmetric encryption algorithms.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_KEY_AGREEMENT">
+<span id="c.PSA_ALG_IS_KEY_AGREEMENT"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_AGREEMENT</span></code> (macro)</h3>
+<p>Whether the specified algorithm is a key agreement algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_IS_KEY_AGREEMENT" title="PSA_ALG_IS_KEY_AGREEMENT">PSA_ALG_IS_KEY_AGREEMENT</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a key agreement algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+<p class="rubric">Description</p>
+<p>See <em><a class="reference internal" href="../ops/ka.html#key-agreement-algorithms"><span class="std std-ref">Key agreement algorithms</span></a></em> for a list of defined key agreement algorithms.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_KEY_DERIVATION">
+<span id="c.PSA_ALG_IS_KEY_DERIVATION"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_DERIVATION</span></code> (macro)</h3>
+<p>Whether the specified algorithm is a key derivation algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_IS_KEY_DERIVATION" title="PSA_ALG_IS_KEY_DERIVATION">PSA_ALG_IS_KEY_DERIVATION</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a key derivation algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+<p class="rubric">Description</p>
+<p>See <em><a class="reference internal" href="../ops/kdf.html#key-derivation-algorithms"><span class="std std-ref">Key derivation algorithms</span></a></em> for a list of defined key derivation algorithms.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_WILDCARD">
+<span id="c.PSA_ALG_IS_WILDCARD"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_WILDCARD</span></code> (macro)</h3>
+<p>Whether the specified algorithm encoding is a wildcard.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_IS_WILDCARD" title="PSA_ALG_IS_WILDCARD">PSA_ALG_IS_WILDCARD</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a wildcard algorithm encoding.</p>
+<p><code class="docutils literal"><span class="pre">0</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a non-wildcard algorithm encoding that is suitable for an operation.</p>
+<p>This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+<p class="rubric">Description</p>
+<p>Wildcard algorithm values can only be used to set the usage algorithm field in a policy, wildcard values cannot be used to perform an operation.</p>
+<p>See <a class="reference internal" href="../ops/sign.html#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code></a> for example of how a wildcard algorithm can be used in a key policy.</p>
+</div>
+<div class="section" id="PSA_ALG_GET_HASH">
+<span id="c.PSA_ALG_GET_HASH"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_GET_HASH</span></code> (macro)</h3>
+<p>Get the hash used by a composite algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_GET_HASH" title="PSA_ALG_GET_HASH">PSA_ALG_GET_HASH</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>The underlying hash algorithm if <code class="docutils literal"><span class="pre">alg</span></code> is a composite algorithm that uses a hash algorithm.</p>
+<p><a class="reference internal" href="#c.PSA_ALG_NONE" title="PSA_ALG_NONE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_NONE</span></code></a> if <code class="docutils literal"><span class="pre">alg</span></code> is not a composite algorithm that uses a hash.</p>
+<p class="rubric">Description</p>
+<p>The following composite algorithms require a hash algorithm:</p>
+<ul class="simple">
+<li><a class="reference internal" href="../ops/sign.html#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA()</span></code></a></li>
+<li><a class="reference internal" href="../ops/kdf.html#c.PSA_ALG_HKDF" title="PSA_ALG_HKDF"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_HKDF()</span></code></a></li>
+<li><a class="reference internal" href="../ops/macs.html#c.PSA_ALG_HMAC" title="PSA_ALG_HMAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_HMAC()</span></code></a></li>
+<li><a class="reference internal" href="../ops/pke.html#c.PSA_ALG_RSA_OAEP" title="PSA_ALG_RSA_OAEP"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_OAEP()</span></code></a></li>
+<li><a class="reference internal" href="../ops/sign.html#c.PSA_ALG_IS_RSA_PKCS1V15_SIGN" title="PSA_ALG_IS_RSA_PKCS1V15_SIGN"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_RSA_PKCS1V15_SIGN()</span></code></a></li>
+<li><a class="reference internal" href="../ops/sign.html#c.PSA_ALG_RSA_PSS" title="PSA_ALG_RSA_PSS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PSS()</span></code></a></li>
+<li><a class="reference internal" href="../ops/kdf.html#c.PSA_ALG_TLS12_PRF" title="PSA_ALG_TLS12_PRF"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_TLS12_PRF()</span></code></a></li>
+<li><a class="reference internal" href="../ops/kdf.html#c.PSA_ALG_TLS12_PSK_TO_MS" title="PSA_ALG_TLS12_PSK_TO_MS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS()</span></code></a></li>
+</ul>
+</div>
+</div>
+<div class="section" id="attribute-accessors">
+<h2>Attribute accessors</h2>
+<div class="section" id="psa_set_key_algorithm">
+<span id="c.psa_set_key_algorithm"></span><h3><code class="docutils literal"><span class="pre">psa_set_key_algorithm</span></code> (function)</h3>
+<p>Declare the permitted algorithm policy for a key.</p>
+<pre class="literal-block">
+void <a class="reference internal" href="#c.psa_set_key_algorithm" title="psa_set_key_algorithm">psa_set_key_algorithm</a>(<a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
+                           <a class="reference internal" href="attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
+<dd>The attribute object to write to.</dd>
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>The permitted algorithm policy to write.</dd>
+</dl>
+<p class="rubric">Returns: <code class="docutils literal"><span class="pre">void</span></code></p>
+<p class="rubric">Description</p>
+<p>The permitted algorithm policy of a key encodes which algorithm or algorithms are permitted to be used with this key. The following algorithm policies are supported:</p>
+<ul class="simple">
+<li><a class="reference internal" href="#c.PSA_ALG_NONE" title="PSA_ALG_NONE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_NONE</span></code></a> does not allow any cryptographic operation with the key. The key can still be used for non-cryptographic actions such as exporting, if permitted by the usage flags.</li>
+<li>An algorithm value permits this particular algorithm.</li>
+<li>An algorithm wildcard built from <a class="reference internal" href="../ops/sign.html#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code></a> allows the specified signature scheme with any hash algorithm.</li>
+</ul>
+<p>This function overwrites any algorithm policy previously set in <code class="docutils literal"><span class="pre">attributes</span></code>.</p>
+<div class="admonition-implementation-note admonition">
+<p class="first admonition-title">Implementation note</p>
+<p>This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:</p>
+<ul class="last simple">
+<li>This function can be declared as <code class="docutils literal"><span class="pre">static</span></code> or <code class="docutils literal"><span class="pre">inline</span></code>, instead of using the default external linkage.</li>
+<li>This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.</li>
+</ul>
+</div>
+</div>
+<div class="section" id="psa_get_key_algorithm">
+<span id="c.psa_get_key_algorithm"></span><h3><code class="docutils literal"><span class="pre">psa_get_key_algorithm</span></code> (function)</h3>
+<p>Retrieve the algorithm policy from key attributes.</p>
+<pre class="literal-block">
+<a class="reference internal" href="attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> <a class="reference internal" href="#c.psa_get_key_algorithm" title="psa_get_key_algorithm">psa_get_key_algorithm</a>(const <a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
+<dd>The key attribute object to query.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="docutils literal"><span class="pre">psa_algorithm_t</span></code></a></p>
+<p>The algorithm stored in the attribute object.</p>
+<p class="rubric">Description</p>
+<div class="admonition-implementation-note admonition">
+<p class="first admonition-title">Implementation note</p>
+<p>This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:</p>
+<ul class="last simple">
+<li>This function can be declared as <code class="docutils literal"><span class="pre">static</span></code> or <code class="docutils literal"><span class="pre">inline</span></code>, instead of using the default external linkage.</li>
+<li>This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.</li>
+</ul>
+</div>
+</div>
+</div>
+</div>
+
+
+          </div>
+        </div>
+      </div>
+      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
+        <div class="sphinxsidebarwrapper">
+  <h3><a href="../../index.html">Table Of Contents</a></h3>
+  <ul>
+<li><a class="reference internal" href="#">Algorithms</a><ul>
+<li><a class="reference internal" href="#algorithm-categories">Algorithm categories</a><ul>
+<li><a class="reference internal" href="#PSA_ALG_NONE"><code class="docutils literal"><span class="pre">PSA_ALG_NONE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_IS_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_MAC</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_IS_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_IS_SIGN"><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_IS_ASYMMETRIC_ENCRYPTION"><code class="docutils literal"><span class="pre">PSA_ALG_IS_ASYMMETRIC_ENCRYPTION</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_IS_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_AGREEMENT</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_IS_KEY_DERIVATION"><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_DERIVATION</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_IS_WILDCARD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_WILDCARD</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_GET_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_GET_HASH</span></code> (macro)</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#attribute-accessors">Attribute accessors</a><ul>
+<li><a class="reference internal" href="#psa_set_key_algorithm"><code class="docutils literal"><span class="pre">psa_set_key_algorithm</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_get_key_algorithm"><code class="docutils literal"><span class="pre">psa_get_key_algorithm</span></code> (function)</a></li>
+</ul>
+</li>
+</ul>
+</li>
+</ul>
+<div class="relations">
+<h3>Related Topics</h3>
+<ul>
+  <li><a href="../../index.html">Documentation overview</a><ul>
+  <li><a href="index.html">Key management reference</a><ul>
+      <li>Previous: <a href="usage.html" title="previous chapter">Key policies</a></li>
+      <li>Next: <a href="management.html" title="next chapter">Key management functions</a></li>
+  </ul></li>
+  </ul></li>
+</ul>
+</div>
+  <div role="note" aria-label="source link">
+    <h3>This Page</h3>
+    <ul class="this-page-menu">
+      <li><a href="../../_sources/api/keys/algorithms.rst.txt"
+            rel="nofollow">Show Source</a></li>
+    </ul>
+   </div>
+<div id="searchbox" style="display: none" role="search">
+  <h3>Quick search</h3>
+    <form class="search" action="../../search.html" method="get">
+      <div><input type="text" name="q" /></div>
+      <div><input type="submit" value="Go" /></div>
+      <input type="hidden" name="check_keywords" value="yes" />
+      <input type="hidden" name="area" value="default" />
+    </form>
+</div>
+<script type="text/javascript">$('#searchbox').show(0);</script>
+        </div>
+      </div>
+      <div class="clearer"></div>
+    </div>
+    <div class="footer">
+      &copy; 2019-2020, Arm Limited or its affiliates. All rights reserved.
+      
+      |
+      Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
+      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
+      
+      |
+      <a href="../../_sources/api/keys/algorithms.rst.txt"
+          rel="nofollow">Page source</a>
+    </div>
+
+    
+
+    
+  </body>
+</html>
\ No newline at end of file
diff --git a/docs/html/api/keys/attributes.html b/docs/html/api/keys/attributes.html
new file mode 100644
index 0000000..cd78ebb
--- /dev/null
+++ b/docs/html/api/keys/attributes.html
@@ -0,0 +1,391 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <title>Key attributes &#8212; PSA Crypto API 1.0.0 documentation</title>
+    <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
+    <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
+    <script type="text/javascript">
+      var DOCUMENTATION_OPTIONS = {
+        URL_ROOT:    '../../',
+        VERSION:     '1.0.0',
+        COLLAPSE_INDEX: false,
+        FILE_SUFFIX: '.html',
+        HAS_SOURCE:  true,
+        SOURCELINK_SUFFIX: '.txt'
+      };
+    </script>
+    <script type="text/javascript" src="../../_static/jquery.js"></script>
+    <script type="text/javascript" src="../../_static/underscore.js"></script>
+    <script type="text/javascript" src="../../_static/doctools.js"></script>
+    <link rel="index" title="Index" href="../../genindex.html" />
+    <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="Key locations" href="locations.html" />
+    <link rel="prev" title="Key management reference" href="index.html" />
+   
+  <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
+  
+  <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
+
+  </head>
+  <body>
+  
+
+    <div class="document">
+      <div class="documentwrapper">
+        <div class="bodywrapper">
+          <div class="body" role="main">
+            
+  <div class="section" id="key-attributes">
+<span id="id1"></span><h1>Key attributes</h1>
+<div class="section" id="attribute-types">
+<h2>Attribute types</h2>
+<div class="section" id="psa_key_lifetime_t">
+<span id="c.psa_key_lifetime_t"></span><h3><code class="docutils literal"><span class="pre">psa_key_lifetime_t</span></code> (type)</h3>
+<p>Encoding of key lifetimes.</p>
+<pre class="literal-block">
+typedef uint32_t <a class="reference internal" href="#c.psa_key_lifetime_t" title="psa_key_lifetime_t">psa_key_lifetime_t</a>;
+</pre>
+<p>The lifetime of a key indicates where it is stored and which application and system actions will create and destroy it.</p>
+<p>Keys with the lifetime <a class="reference internal" href="locations.html#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code></a> are automatically destroyed when the application terminates or on a power reset.</p>
+<p>Keys with a lifetime other than <a class="reference internal" href="locations.html#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code></a> are said to be <em>persistent</em>. Persistent keys are preserved if the application or the system restarts. Persistent keys have a key identifier of type <a class="reference internal" href="#c.psa_key_id_t" title="psa_key_id_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_id_t</span></code></a>.</p>
+<p>See <em><a class="reference internal" href="locations.html#key-locations"><span class="std std-ref">Key locations</span></a></em> for a list of defined key lifetimes.</p>
+</div>
+<div class="section" id="psa_key_id_t">
+<span id="c.psa_key_id_t"></span><h3><code class="docutils literal"><span class="pre">psa_key_id_t</span></code> (type)</h3>
+<p>Key identifier.</p>
+<pre class="literal-block">
+typedef uint32_t <a class="reference internal" href="#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a>;
+</pre>
+<p>A key identifiers can be a permanent name for a persistent key, or a transient reference to volatile key. The range of identifier values is divided as follows:</p>
+<dl class="docutils">
+<dt><a class="reference internal" href="locations.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a></dt>
+<dd>Reserved as an invalid key identifier.</dd>
+<dt><a class="reference internal" href="locations.html#c.PSA_KEY_ID_USER_MIN" title="PSA_KEY_ID_USER_MIN"><code class="docutils literal"><span class="pre">PSA_KEY_ID_USER_MIN</span></code></a><code class="docutils literal"> <span class="pre">-</span> </code><a class="reference internal" href="locations.html#c.PSA_KEY_ID_USER_MAX" title="PSA_KEY_ID_USER_MAX"><code class="docutils literal"><span class="pre">PSA_KEY_ID_USER_MAX</span></code></a></dt>
+<dd>Applications can freely choose persistent key identifiers in this range.</dd>
+<dt><a class="reference internal" href="locations.html#c.PSA_KEY_ID_VENDOR_MIN" title="PSA_KEY_ID_VENDOR_MIN"><code class="docutils literal"><span class="pre">PSA_KEY_ID_VENDOR_MIN</span></code></a><code class="docutils literal"> <span class="pre">-</span> </code><a class="reference internal" href="locations.html#c.PSA_KEY_ID_VENDOR_MAX" title="PSA_KEY_ID_VENDOR_MAX"><code class="docutils literal"><span class="pre">PSA_KEY_ID_VENDOR_MAX</span></code></a></dt>
+<dd>Implementations can define additional persistent key identifiers in this
+range, and allocate key identifiers for volatile keys from this range.</dd>
+</dl>
+<p>Key identifiers outside these ranges are reserved for future use.</p>
+<p>See also <em><a class="reference internal" href="../../overview/functionality.html#key-ids"><span class="std std-ref">Key identifiers</span></a></em>.</p>
+</div>
+<div class="section" id="psa_key_type_t">
+<span id="c.psa_key_type_t"></span><h3><code class="docutils literal"><span class="pre">psa_key_type_t</span></code> (type)</h3>
+<p>Encoding of a key type.</p>
+<pre class="literal-block">
+typedef uint16_t <a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>;
+</pre>
+<p>This is a structured bitfield that identifies the category and type of key. The range of key type values is divided as follows:</p>
+<dl class="docutils">
+<dt><a class="reference internal" href="types.html#c.PSA_KEY_TYPE_NONE" title="PSA_KEY_TYPE_NONE"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_NONE</span></code></a><code class="docutils literal"> <span class="pre">==</span> <span class="pre">0</span></code></dt>
+<dd>Reserved as an invalid key type.</dd>
+<dt><code class="docutils literal"><span class="pre">0</span></code><code class="docutils literal"><span class="pre">x0001</span></code><code class="docutils literal"> <span class="pre">-</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7fff</span></code></dt>
+<dd>Specification-defined key types.
+Key types defined by this standard always have bit 15 clear.
+Unallocated key type values in this range are reserved for future use.</dd>
+<dt><code class="docutils literal"><span class="pre">0</span></code><code class="docutils literal"><span class="pre">x8000</span></code><code class="docutils literal"> <span class="pre">-</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">xffff</span></code></dt>
+<dd>Implementation-defined key types.
+Implementations that define additional key types must use an encoding with bit 15 set.
+The related support macros will be easier to write if these key encodings also respect the bitwise structure used by standard encodings.</dd>
+</dl>
+<p>See <em><a class="reference internal" href="types.html#key-types"><span class="std std-ref">Key types</span></a></em> for a complete list of key types.</p>
+</div>
+<div class="section" id="psa_key_usage_t">
+<span id="c.psa_key_usage_t"></span><h3><code class="docutils literal"><span class="pre">psa_key_usage_t</span></code> (type)</h3>
+<p>Encoding of permitted usage on a key.</p>
+<pre class="literal-block">
+typedef uint32_t <a class="reference internal" href="#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>;
+</pre>
+<p>See <em><a class="reference internal" href="usage.html#key-usage"><span class="std std-ref">Key policies</span></a></em> for a full list of key usage policies.</p>
+</div>
+<div class="section" id="psa_algorithm_t">
+<span id="c.psa_algorithm_t"></span><h3><code class="docutils literal"><span class="pre">psa_algorithm_t</span></code> (type)</h3>
+<p>Encoding of a cryptographic algorithm.</p>
+<pre class="literal-block">
+typedef uint32_t <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>;
+</pre>
+<p>This is a structured bitfield that identifies the category and type of algorithm. The range of algorithm identifier values is divided as follows:</p>
+<dl class="docutils">
+<dt><code class="docutils literal"><span class="pre">0</span></code><code class="docutils literal"><span class="pre">x00000000</span></code></dt>
+<dd>Reserved as an invalid algorithm identifier.</dd>
+<dt><code class="docutils literal"><span class="pre">0</span></code><code class="docutils literal"><span class="pre">x00000001</span></code><code class="docutils literal"> <span class="pre">-</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7fffffff</span></code></dt>
+<dd>Specification-defined algorithm identifiers.
+Algorithm identifiers defined by this standard always have bit 31 clear.
+Unallocated algorithm identifier values in this range are reserved for future use.</dd>
+<dt><code class="docutils literal"><span class="pre">0</span></code><code class="docutils literal"><span class="pre">x80000000</span></code><code class="docutils literal"> <span class="pre">-</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">xffffffff</span></code></dt>
+<dd>Implementation-defined algorithm identifiers.
+Implementations that define additional algorithms must use an encoding with bit 31 set.
+The related support macros will be easier to write if these algorithm identifier encodings also respect the bitwise structure used by standard encodings.</dd>
+</dl>
+<p>For algorithms that can be applied to multiple key types, this identifier does not encode the key type. For example, for symmetric ciphers based on a block cipher, <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> encodes the block cipher mode and the padding mode while the block cipher itself is encoded via <a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>.</p>
+<p>See <em><a class="reference internal" href="algorithms.html#algorithms"><span class="std std-ref">Algorithms</span></a></em> for a full list of algorithm identifiers.</p>
+</div>
+</div>
+<div class="section" id="managing-attributes">
+<h2>Managing attributes</h2>
+<div class="section" id="psa_key_attributes_t">
+<span id="c.psa_key_attributes_t"></span><h3><code class="docutils literal"><span class="pre">psa_key_attributes_t</span></code> (type)</h3>
+<p>The type of an object containing key attributes.</p>
+<pre class="literal-block">
+typedef <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-type"><span class="std std-ref">/* implementation-defined type */</span></a></em> <a class="reference internal" href="#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a>;
+</pre>
+<p>This is the object that represents the metadata of a key object. Metadata that can be stored in attributes includes:</p>
+<ul class="simple">
+<li>The location of the key in storage, indicated by its key identifier and its lifetime.</li>
+<li>The key’s policy, comprising usage flags and a specification of the permitted algorithm(s).</li>
+<li>Information about the key itself: the key type and its size.</li>
+<li>Implementations can define additional attributes.</li>
+</ul>
+<p>The actual key material is not considered an attribute of a key. Key attributes do not contain information that is generally considered highly confidential.</p>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p>Implementations are recommended to define the attribute object as a simple data structure, with fields corresponding to the individual key attributes. In such an implementation, each function <code class="docutils literal"><span class="pre">psa_set_key_xxx()</span></code> sets a field and the corresponding function <code class="docutils literal"><span class="pre">psa_get_key_xxx()</span></code> retrieves the value of the field.</p>
+<p class="last">An implementations can report attribute values that are equivalent to the original one, but have a different encoding. For example, an implementation can use a more compact representation for types where many bit-patterns are invalid or not supported, and store all values that it does not support as a special marker value. In such an implementation, after setting an invalid value, the corresponding get function returns an invalid value which might not be the one that was originally stored.</p>
+</div>
+<p>This is an implementation-defined type. Applications that make assumptions about the content of this object will result in in implementation-specific behavior, and are non-portable.</p>
+<p>An attribute object can contain references to auxiliary resources, for example pointers to allocated memory or indirect references to pre-calculated values. In order to free such resources, the application must call <a class="reference internal" href="#c.psa_reset_key_attributes" title="psa_reset_key_attributes"><code class="xref any c c-func docutils literal"><span class="pre">psa_reset_key_attributes()</span></code></a>. As an exception, calling <a class="reference internal" href="#c.psa_reset_key_attributes" title="psa_reset_key_attributes"><code class="xref any c c-func docutils literal"><span class="pre">psa_reset_key_attributes()</span></code></a> on an attribute object is optional if the object has only been modified by the following functions since it was initialized or last reset with <a class="reference internal" href="#c.psa_reset_key_attributes" title="psa_reset_key_attributes"><code class="xref any c c-func docutils literal"><span class="pre">psa_reset_key_attributes()</span></code></a>:</p>
+<ul class="simple">
+<li><a class="reference internal" href="locations.html#c.psa_set_key_id" title="psa_set_key_id"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_id()</span></code></a></li>
+<li><a class="reference internal" href="locations.html#c.psa_set_key_lifetime" title="psa_set_key_lifetime"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_lifetime()</span></code></a></li>
+<li><a class="reference internal" href="types.html#c.psa_set_key_type" title="psa_set_key_type"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_type()</span></code></a></li>
+<li><a class="reference internal" href="types.html#c.psa_set_key_bits" title="psa_set_key_bits"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_bits()</span></code></a></li>
+<li><a class="reference internal" href="usage.html#c.psa_set_key_usage_flags" title="psa_set_key_usage_flags"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_usage_flags()</span></code></a></li>
+<li><a class="reference internal" href="algorithms.html#c.psa_set_key_algorithm" title="psa_set_key_algorithm"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_algorithm()</span></code></a></li>
+</ul>
+<p>Before calling any function on a key attribute object, the application must initialize it by any of the following means:</p>
+<ul>
+<li><p class="first">Set the object to all-bits-zero, for example:</p>
+<pre class="literal-block">
+<a class="reference internal" href="#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> attributes;
+memset(&amp;attributes, 0, sizeof(attributes));
+</pre>
+</li>
+<li><p class="first">Initialize the object to logical zero values by declaring the object as static or global without an explicit initializer, for example:</p>
+<pre class="literal-block">
+static <a class="reference internal" href="#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> attributes;
+</pre>
+</li>
+<li><p class="first">Initialize the object to the initializer <a class="reference internal" href="#c.PSA_KEY_ATTRIBUTES_INIT" title="PSA_KEY_ATTRIBUTES_INIT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_ATTRIBUTES_INIT</span></code></a>, for example:</p>
+<pre class="literal-block">
+<a class="reference internal" href="#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> attributes = <a class="reference internal" href="#c.PSA_KEY_ATTRIBUTES_INIT" title="PSA_KEY_ATTRIBUTES_INIT">PSA_KEY_ATTRIBUTES_INIT</a>;
+</pre>
+</li>
+<li><p class="first">Assign the result of the function <a class="reference internal" href="#c.psa_key_attributes_init" title="psa_key_attributes_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_attributes_init()</span></code></a> to the object, for example:</p>
+<pre class="literal-block">
+<a class="reference internal" href="#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> attributes;
+attributes = <a class="reference internal" href="#c.psa_key_attributes_init" title="psa_key_attributes_init">psa_key_attributes_init</a>();
+</pre>
+</li>
+</ul>
+<p>A freshly initialized attribute object contains the following values:</p>
+<table border="1" class="docutils">
+<colgroup>
+<col width="15%" />
+<col width="85%" />
+</colgroup>
+<thead valign="bottom">
+<tr class="row-odd"><th class="head">Attribute</th>
+<th class="head">Value</th>
+</tr>
+</thead>
+<tbody valign="top">
+<tr class="row-even"><td>lifetime</td>
+<td><a class="reference internal" href="locations.html#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code></a>.</td>
+</tr>
+<tr class="row-odd"><td>key identifier</td>
+<td><a class="reference internal" href="locations.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a> - which is not a valid key identifier.</td>
+</tr>
+<tr class="row-even"><td>type</td>
+<td><a class="reference internal" href="types.html#c.PSA_KEY_TYPE_NONE" title="PSA_KEY_TYPE_NONE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_NONE</span></code></a> - meaning that the type is unspecified.</td>
+</tr>
+<tr class="row-odd"><td>key size</td>
+<td><code class="docutils literal"><span class="pre">0</span></code> - meaning that the size is unspecified.</td>
+</tr>
+<tr class="row-even"><td>usage flags</td>
+<td><code class="docutils literal"><span class="pre">0</span></code> - which allows no usage except exporting a public key.</td>
+</tr>
+<tr class="row-odd"><td>algorithm</td>
+<td><a class="reference internal" href="algorithms.html#c.PSA_ALG_NONE" title="PSA_ALG_NONE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_NONE</span></code></a> - which does not allow cryptographic usage, but allows exporting.</td>
+</tr>
+</tbody>
+</table>
+<p class="rubric">Usage</p>
+<p>A typical sequence to create a key is as follows:</p>
+<ol class="arabic simple">
+<li>Create and initialize an attribute object.</li>
+<li>If the key is persistent, call <a class="reference internal" href="locations.html#c.psa_set_key_id" title="psa_set_key_id"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_id()</span></code></a>. Also call <a class="reference internal" href="locations.html#c.psa_set_key_lifetime" title="psa_set_key_lifetime"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_lifetime()</span></code></a> to place the key in a non-default location.</li>
+<li>Set the key policy with <a class="reference internal" href="usage.html#c.psa_set_key_usage_flags" title="psa_set_key_usage_flags"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_usage_flags()</span></code></a> and <a class="reference internal" href="algorithms.html#c.psa_set_key_algorithm" title="psa_set_key_algorithm"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_algorithm()</span></code></a>.</li>
+<li>Set the key type with <a class="reference internal" href="types.html#c.psa_set_key_type" title="psa_set_key_type"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_type()</span></code></a>. Skip this step if copying an existing key with <a class="reference internal" href="management.html#c.psa_copy_key" title="psa_copy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_copy_key()</span></code></a>.</li>
+<li>When generating a random key with <a class="reference internal" href="management.html#c.psa_generate_key" title="psa_generate_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_generate_key()</span></code></a> or deriving a key with <a class="reference internal" href="../ops/kdf.html#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_key()</span></code></a>, set the desired key size with <a class="reference internal" href="types.html#c.psa_set_key_bits" title="psa_set_key_bits"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_bits()</span></code></a>.</li>
+<li>Call a key creation function: <a class="reference internal" href="management.html#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_import_key()</span></code></a>, <a class="reference internal" href="management.html#c.psa_generate_key" title="psa_generate_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_generate_key()</span></code></a>, <a class="reference internal" href="../ops/kdf.html#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_key()</span></code></a> or <a class="reference internal" href="management.html#c.psa_copy_key" title="psa_copy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_copy_key()</span></code></a>. This function reads the attribute object, creates a key with these attributes, and outputs an identifier for the newly created key.</li>
+<li>Optionally call <a class="reference internal" href="#c.psa_reset_key_attributes" title="psa_reset_key_attributes"><code class="xref any c c-func docutils literal"><span class="pre">psa_reset_key_attributes()</span></code></a>, now that the attribute object is no longer needed. Currently this call is not required as the attributes defined in this specification do not require additional resources beyond the object itself.</li>
+</ol>
+<p>A typical sequence to query a key’s attributes is as follows:</p>
+<ol class="arabic simple">
+<li>Call <a class="reference internal" href="#c.psa_get_key_attributes" title="psa_get_key_attributes"><code class="xref any c c-func docutils literal"><span class="pre">psa_get_key_attributes()</span></code></a>.</li>
+<li>Call <code class="docutils literal"><span class="pre">psa_get_key_xxx()</span></code> functions to retrieve the required attribute(s).</li>
+<li>Call <a class="reference internal" href="#c.psa_reset_key_attributes" title="psa_reset_key_attributes"><code class="xref any c c-func docutils literal"><span class="pre">psa_reset_key_attributes()</span></code></a> to free any resources that can be used by the attribute object.</li>
+</ol>
+<p>Once a key has been created, it is impossible to change its attributes.</p>
+</div>
+<div class="section" id="PSA_KEY_ATTRIBUTES_INIT">
+<span id="c.PSA_KEY_ATTRIBUTES_INIT"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_ATTRIBUTES_INIT</span></code> (macro)</h3>
+<p>This macro returns a suitable initializer for a key attribute object of type <a class="reference internal" href="#c.psa_key_attributes_t" title="psa_key_attributes_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_attributes_t</span></code></a>.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_ATTRIBUTES_INIT" title="PSA_KEY_ATTRIBUTES_INIT">PSA_KEY_ATTRIBUTES_INIT</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+</div>
+<div class="section" id="psa_key_attributes_init">
+<span id="c.psa_key_attributes_init"></span><h3><code class="docutils literal"><span class="pre">psa_key_attributes_init</span></code> (function)</h3>
+<p>Return an initial value for a key attribute object.</p>
+<pre class="literal-block">
+<a class="reference internal" href="#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> <a class="reference internal" href="#c.psa_key_attributes_init" title="psa_key_attributes_init">psa_key_attributes_init</a>(void);
+</pre>
+<p class="rubric">Returns: <a class="reference internal" href="#c.psa_key_attributes_t" title="psa_key_attributes_t"><code class="docutils literal"><span class="pre">psa_key_attributes_t</span></code></a></p>
+</div>
+<div class="section" id="psa_get_key_attributes">
+<span id="c.psa_get_key_attributes"></span><h3><code class="docutils literal"><span class="pre">psa_get_key_attributes</span></code> (function)</h3>
+<p>Retrieve the attributes of a key.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_get_key_attributes" title="psa_get_key_attributes">psa_get_key_attributes</a>(<a class="reference internal" href="#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+                                    <a class="reference internal" href="#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
+<dd>Identifier of the key to query.</dd>
+<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
+<dd>On entry, <code class="docutils literal"><span class="pre">*attributes</span></code> must be in a valid state. On successful return, it contains the attributes of the key. On failure, it is equivalent to a freshly-initialized attribute object.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>This function first resets the attribute object as with <a class="reference internal" href="#c.psa_reset_key_attributes" title="psa_reset_key_attributes"><code class="xref any c c-func docutils literal"><span class="pre">psa_reset_key_attributes()</span></code></a>. It then copies the attributes of the given key into the given attribute object.</p>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">This function clears any previous content from the attribute object and therefore expects it to be in a valid state. In particular, if this function is called on a newly allocated attribute object, the attribute object  must be initialized before calling this function.</p>
+</div>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">This function might allocate memory or other resources. Once this function has been called on an attribute object, <a class="reference internal" href="#c.psa_reset_key_attributes" title="psa_reset_key_attributes"><code class="xref any c c-func docutils literal"><span class="pre">psa_reset_key_attributes()</span></code></a> must be called to free these resources.</p>
+</div>
+</div>
+<div class="section" id="psa_reset_key_attributes">
+<span id="c.psa_reset_key_attributes"></span><h3><code class="docutils literal"><span class="pre">psa_reset_key_attributes</span></code> (function)</h3>
+<p>Reset a key attribute object to a freshly initialized state.</p>
+<pre class="literal-block">
+void <a class="reference internal" href="#c.psa_reset_key_attributes" title="psa_reset_key_attributes">psa_reset_key_attributes</a>(<a class="reference internal" href="#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
+<dd>The attribute object to reset.</dd>
+</dl>
+<p class="rubric">Returns: <code class="docutils literal"><span class="pre">void</span></code></p>
+<p class="rubric">Description</p>
+<p>The attribute object must be initialized as described in the documentation of the type <a class="reference internal" href="#c.psa_key_attributes_t" title="psa_key_attributes_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_attributes_t</span></code></a> before calling this function. Once the object has been initialized, this function can be called at any time.</p>
+<p>This function frees any auxiliary resources that the object might contain.</p>
+</div>
+</div>
+</div>
+
+
+          </div>
+        </div>
+      </div>
+      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
+        <div class="sphinxsidebarwrapper">
+  <h3><a href="../../index.html">Table Of Contents</a></h3>
+  <ul>
+<li><a class="reference internal" href="#">Key attributes</a><ul>
+<li><a class="reference internal" href="#attribute-types">Attribute types</a><ul>
+<li><a class="reference internal" href="#psa_key_lifetime_t"><code class="docutils literal"><span class="pre">psa_key_lifetime_t</span></code> (type)</a></li>
+<li><a class="reference internal" href="#psa_key_id_t"><code class="docutils literal"><span class="pre">psa_key_id_t</span></code> (type)</a></li>
+<li><a class="reference internal" href="#psa_key_type_t"><code class="docutils literal"><span class="pre">psa_key_type_t</span></code> (type)</a></li>
+<li><a class="reference internal" href="#psa_key_usage_t"><code class="docutils literal"><span class="pre">psa_key_usage_t</span></code> (type)</a></li>
+<li><a class="reference internal" href="#psa_algorithm_t"><code class="docutils literal"><span class="pre">psa_algorithm_t</span></code> (type)</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#managing-attributes">Managing attributes</a><ul>
+<li><a class="reference internal" href="#psa_key_attributes_t"><code class="docutils literal"><span class="pre">psa_key_attributes_t</span></code> (type)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_ATTRIBUTES_INIT"><code class="docutils literal"><span class="pre">PSA_KEY_ATTRIBUTES_INIT</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#psa_key_attributes_init"><code class="docutils literal"><span class="pre">psa_key_attributes_init</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_get_key_attributes"><code class="docutils literal"><span class="pre">psa_get_key_attributes</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_reset_key_attributes"><code class="docutils literal"><span class="pre">psa_reset_key_attributes</span></code> (function)</a></li>
+</ul>
+</li>
+</ul>
+</li>
+</ul>
+<div class="relations">
+<h3>Related Topics</h3>
+<ul>
+  <li><a href="../../index.html">Documentation overview</a><ul>
+  <li><a href="index.html">Key management reference</a><ul>
+      <li>Previous: <a href="index.html" title="previous chapter">Key management reference</a></li>
+      <li>Next: <a href="locations.html" title="next chapter">Key locations</a></li>
+  </ul></li>
+  </ul></li>
+</ul>
+</div>
+  <div role="note" aria-label="source link">
+    <h3>This Page</h3>
+    <ul class="this-page-menu">
+      <li><a href="../../_sources/api/keys/attributes.rst.txt"
+            rel="nofollow">Show Source</a></li>
+    </ul>
+   </div>
+<div id="searchbox" style="display: none" role="search">
+  <h3>Quick search</h3>
+    <form class="search" action="../../search.html" method="get">
+      <div><input type="text" name="q" /></div>
+      <div><input type="submit" value="Go" /></div>
+      <input type="hidden" name="check_keywords" value="yes" />
+      <input type="hidden" name="area" value="default" />
+    </form>
+</div>
+<script type="text/javascript">$('#searchbox').show(0);</script>
+        </div>
+      </div>
+      <div class="clearer"></div>
+    </div>
+    <div class="footer">
+      &copy; 2019-2020, Arm Limited or its affiliates. All rights reserved.
+      
+      |
+      Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
+      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
+      
+      |
+      <a href="../../_sources/api/keys/attributes.rst.txt"
+          rel="nofollow">Page source</a>
+    </div>
+
+    
+
+    
+  </body>
+</html>
\ No newline at end of file
diff --git a/docs/html/api/keys/index.html b/docs/html/api/keys/index.html
new file mode 100644
index 0000000..1ebb944
--- /dev/null
+++ b/docs/html/api/keys/index.html
@@ -0,0 +1,276 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <title>Key management reference &#8212; PSA Crypto API 1.0.0 documentation</title>
+    <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
+    <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
+    <script type="text/javascript">
+      var DOCUMENTATION_OPTIONS = {
+        URL_ROOT:    '../../',
+        VERSION:     '1.0.0',
+        COLLAPSE_INDEX: false,
+        FILE_SUFFIX: '.html',
+        HAS_SOURCE:  true,
+        SOURCELINK_SUFFIX: '.txt'
+      };
+    </script>
+    <script type="text/javascript" src="../../_static/jquery.js"></script>
+    <script type="text/javascript" src="../../_static/underscore.js"></script>
+    <script type="text/javascript" src="../../_static/doctools.js"></script>
+    <link rel="index" title="Index" href="../../genindex.html" />
+    <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="Key attributes" href="attributes.html" />
+    <link rel="prev" title="PSA Crypto library" href="../library/library.html" />
+   
+  <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
+  
+  <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
+
+  </head>
+  <body>
+  
+
+    <div class="document">
+      <div class="documentwrapper">
+        <div class="bodywrapper">
+          <div class="body" role="main">
+            
+  <div class="section" id="key-management-reference">
+<span id="key-management"></span><h1>Key management reference</h1>
+<div class="toctree-wrapper compound">
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="attributes.html">Key attributes</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="attributes.html#attribute-types">Attribute types</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="attributes.html#psa_key_lifetime_t"><code class="docutils literal"><span class="pre">psa_key_lifetime_t</span></code> (type)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="attributes.html#psa_key_id_t"><code class="docutils literal"><span class="pre">psa_key_id_t</span></code> (type)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="attributes.html#psa_key_type_t"><code class="docutils literal"><span class="pre">psa_key_type_t</span></code> (type)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="attributes.html#psa_key_usage_t"><code class="docutils literal"><span class="pre">psa_key_usage_t</span></code> (type)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="attributes.html#psa_algorithm_t"><code class="docutils literal"><span class="pre">psa_algorithm_t</span></code> (type)</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="attributes.html#managing-attributes">Managing attributes</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="attributes.html#psa_key_attributes_t"><code class="docutils literal"><span class="pre">psa_key_attributes_t</span></code> (type)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="attributes.html#PSA_KEY_ATTRIBUTES_INIT"><code class="docutils literal"><span class="pre">PSA_KEY_ATTRIBUTES_INIT</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="attributes.html#psa_key_attributes_init"><code class="docutils literal"><span class="pre">psa_key_attributes_init</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="attributes.html#psa_get_key_attributes"><code class="docutils literal"><span class="pre">psa_get_key_attributes</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="attributes.html#psa_reset_key_attributes"><code class="docutils literal"><span class="pre">psa_reset_key_attributes</span></code> (function)</a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="locations.html">Key locations</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="locations.html#key-lifetimes">Key lifetimes</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="locations.html#PSA_KEY_LIFETIME_VOLATILE"><code class="docutils literal"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="locations.html#PSA_KEY_LIFETIME_PERSISTENT"><code class="docutils literal"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code> (macro)</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="locations.html#key-identifiers">Key identifiers</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="locations.html#PSA_KEY_ID_NULL"><code class="docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="locations.html#PSA_KEY_ID_USER_MIN"><code class="docutils literal"><span class="pre">PSA_KEY_ID_USER_MIN</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="locations.html#PSA_KEY_ID_USER_MAX"><code class="docutils literal"><span class="pre">PSA_KEY_ID_USER_MAX</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="locations.html#PSA_KEY_ID_VENDOR_MIN"><code class="docutils literal"><span class="pre">PSA_KEY_ID_VENDOR_MIN</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="locations.html#PSA_KEY_ID_VENDOR_MAX"><code class="docutils literal"><span class="pre">PSA_KEY_ID_VENDOR_MAX</span></code> (macro)</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="locations.html#attribute-accessors">Attribute accessors</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="locations.html#psa_set_key_lifetime"><code class="docutils literal"><span class="pre">psa_set_key_lifetime</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="locations.html#psa_get_key_lifetime"><code class="docutils literal"><span class="pre">psa_get_key_lifetime</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="locations.html#psa_set_key_id"><code class="docutils literal"><span class="pre">psa_set_key_id</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="locations.html#psa_get_key_id"><code class="docutils literal"><span class="pre">psa_get_key_id</span></code> (function)</a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="types.html">Key types</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="types.html#key-categories">Key categories</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_NONE"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_NONE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_IS_UNSTRUCTURED"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_UNSTRUCTURED</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_IS_ASYMMETRIC"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ASYMMETRIC</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_IS_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_PUBLIC_KEY</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_IS_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_KEY_PAIR</span></code> (macro)</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="types.html#symmetric-keys">Symmetric keys</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_RAW_DATA"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_RAW_DATA</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_HMAC"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_HMAC</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_DERIVE"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DERIVE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_AES"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_AES</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_DES"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DES</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_CAMELLIA"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_CAMELLIA</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_ARC4"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ARC4</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_CHACHA20"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_CHACHA20</span></code> (macro)</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="types.html#rsa-keys">RSA keys</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_RSA_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_RSA_PUBLIC_KEY</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_RSA_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_RSA_KEY_PAIR</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_IS_RSA"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_RSA</span></code> (macro)</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="types.html#elliptic-curve-keys">Elliptic Curve keys</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="types.html#psa_ecc_family_t"><code class="docutils literal"><span class="pre">psa_ecc_family_t</span></code> (type)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_ECC_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_ECC_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_PUBLIC_KEY</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_ECC_FAMILY_SECP_K1"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECP_K1</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_ECC_FAMILY_SECP_R1"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECP_R1</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_ECC_FAMILY_SECP_R2"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECP_R2</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_ECC_FAMILY_SECT_K1"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECT_K1</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_ECC_FAMILY_SECT_R1"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECT_R1</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_ECC_FAMILY_SECT_R2"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECT_R2</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_ECC_FAMILY_BRAINPOOL_P_R1"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_BRAINPOOL_P_R1</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_ECC_FAMILY_FRP"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_FRP</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_ECC_FAMILY_MONTGOMERY"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_MONTGOMERY</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_IS_ECC"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ECC</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_IS_ECC_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ECC_KEY_PAIR</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_ECC_GET_FAMILY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_GET_FAMILY</span></code> (macro)</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="types.html#diffie-hellman-keys">Diffie Hellman keys</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="types.html#psa_dh_family_t"><code class="docutils literal"><span class="pre">psa_dh_family_t</span></code> (type)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_DH_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DH_KEY_PAIR</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_DH_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DH_PUBLIC_KEY</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_DH_FAMILY_RFC7919"><code class="docutils literal"><span class="pre">PSA_DH_FAMILY_RFC7919</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_IS_DH"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_DH</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_IS_DH_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_DH_KEY_PAIR</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_IS_DH_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_DH_PUBLIC_KEY</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_DH_GET_FAMILY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DH_GET_FAMILY</span></code> (macro)</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="types.html#attribute-accessors">Attribute accessors</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="types.html#psa_set_key_type"><code class="docutils literal"><span class="pre">psa_set_key_type</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="types.html#psa_get_key_type"><code class="docutils literal"><span class="pre">psa_get_key_type</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="types.html#psa_get_key_bits"><code class="docutils literal"><span class="pre">psa_get_key_bits</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="types.html#psa_set_key_bits"><code class="docutils literal"><span class="pre">psa_set_key_bits</span></code> (function)</a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="usage.html">Key policies</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="usage.html#key-usage-flags">Key usage flags</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="usage.html#PSA_KEY_USAGE_EXPORT"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="usage.html#PSA_KEY_USAGE_COPY"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_COPY</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="usage.html#PSA_KEY_USAGE_CACHE"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_CACHE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="usage.html#PSA_KEY_USAGE_ENCRYPT"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="usage.html#PSA_KEY_USAGE_DECRYPT"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="usage.html#PSA_KEY_USAGE_SIGN_MESSAGE"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="usage.html#PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="usage.html#PSA_KEY_USAGE_SIGN_HASH"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_HASH</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="usage.html#PSA_KEY_USAGE_VERIFY_HASH"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_HASH</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="usage.html#PSA_KEY_USAGE_DERIVE"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code> (macro)</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="usage.html#attribute-accessors">Attribute accessors</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="usage.html#psa_set_key_usage_flags"><code class="docutils literal"><span class="pre">psa_set_key_usage_flags</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="usage.html#psa_get_key_usage_flags"><code class="docutils literal"><span class="pre">psa_get_key_usage_flags</span></code> (function)</a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="algorithms.html">Algorithms</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="algorithms.html#algorithm-categories">Algorithm categories</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="algorithms.html#PSA_ALG_NONE"><code class="docutils literal"><span class="pre">PSA_ALG_NONE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="algorithms.html#PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="algorithms.html#PSA_ALG_IS_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_MAC</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="algorithms.html#PSA_ALG_IS_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="algorithms.html#PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="algorithms.html#PSA_ALG_IS_SIGN"><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="algorithms.html#PSA_ALG_IS_ASYMMETRIC_ENCRYPTION"><code class="docutils literal"><span class="pre">PSA_ALG_IS_ASYMMETRIC_ENCRYPTION</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="algorithms.html#PSA_ALG_IS_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_AGREEMENT</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="algorithms.html#PSA_ALG_IS_KEY_DERIVATION"><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_DERIVATION</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="algorithms.html#PSA_ALG_IS_WILDCARD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_WILDCARD</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="algorithms.html#PSA_ALG_GET_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_GET_HASH</span></code> (macro)</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="algorithms.html#attribute-accessors">Attribute accessors</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="algorithms.html#psa_set_key_algorithm"><code class="docutils literal"><span class="pre">psa_set_key_algorithm</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="algorithms.html#psa_get_key_algorithm"><code class="docutils literal"><span class="pre">psa_get_key_algorithm</span></code> (function)</a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="management.html">Key management functions</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="management.html#key-creation">Key creation</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="management.html#psa_import_key"><code class="docutils literal"><span class="pre">psa_import_key</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="management.html#psa_generate_key"><code class="docutils literal"><span class="pre">psa_generate_key</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="management.html#psa_copy_key"><code class="docutils literal"><span class="pre">psa_copy_key</span></code> (function)</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="management.html#key-destruction">Key destruction</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="management.html#psa_destroy_key"><code class="docutils literal"><span class="pre">psa_destroy_key</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="management.html#psa_purge_key"><code class="docutils literal"><span class="pre">psa_purge_key</span></code> (function)</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="management.html#key-export">Key export</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="management.html#psa_export_key"><code class="docutils literal"><span class="pre">psa_export_key</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="management.html#psa_export_public_key"><code class="docutils literal"><span class="pre">psa_export_public_key</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="management.html#PSA_EXPORT_KEY_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_EXPORT_KEY_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="management.html#PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="management.html#PSA_EXPORT_KEY_PAIR_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_EXPORT_KEY_PAIR_MAX_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="management.html#PSA_EXPORT_PUBLIC_KEY_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_EXPORT_PUBLIC_KEY_MAX_SIZE</span></code> (macro)</a></li>
+</ul>
+</li>
+</ul>
+</li>
+</ul>
+</div>
+</div>
+
+
+          </div>
+        </div>
+      </div>
+      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
+        <div class="sphinxsidebarwrapper"><div class="relations">
+<h3>Related Topics</h3>
+<ul>
+  <li><a href="../../index.html">Documentation overview</a><ul>
+      <li>Previous: <a href="../library/library.html" title="previous chapter">PSA Crypto library</a></li>
+      <li>Next: <a href="attributes.html" title="next chapter">Key attributes</a></li>
+  </ul></li>
+</ul>
+</div>
+  <div role="note" aria-label="source link">
+    <h3>This Page</h3>
+    <ul class="this-page-menu">
+      <li><a href="../../_sources/api/keys/index.rst.txt"
+            rel="nofollow">Show Source</a></li>
+    </ul>
+   </div>
+<div id="searchbox" style="display: none" role="search">
+  <h3>Quick search</h3>
+    <form class="search" action="../../search.html" method="get">
+      <div><input type="text" name="q" /></div>
+      <div><input type="submit" value="Go" /></div>
+      <input type="hidden" name="check_keywords" value="yes" />
+      <input type="hidden" name="area" value="default" />
+    </form>
+</div>
+<script type="text/javascript">$('#searchbox').show(0);</script>
+        </div>
+      </div>
+      <div class="clearer"></div>
+    </div>
+    <div class="footer">
+      &copy; 2019-2020, Arm Limited or its affiliates. All rights reserved.
+      
+      |
+      Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
+      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
+      
+      |
+      <a href="../../_sources/api/keys/index.rst.txt"
+          rel="nofollow">Page source</a>
+    </div>
+
+    
+
+    
+  </body>
+</html>
\ No newline at end of file
diff --git a/docs/html/api/keys/locations.html b/docs/html/api/keys/locations.html
new file mode 100644
index 0000000..3a9d745
--- /dev/null
+++ b/docs/html/api/keys/locations.html
@@ -0,0 +1,289 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <title>Key locations &#8212; PSA Crypto API 1.0.0 documentation</title>
+    <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
+    <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
+    <script type="text/javascript">
+      var DOCUMENTATION_OPTIONS = {
+        URL_ROOT:    '../../',
+        VERSION:     '1.0.0',
+        COLLAPSE_INDEX: false,
+        FILE_SUFFIX: '.html',
+        HAS_SOURCE:  true,
+        SOURCELINK_SUFFIX: '.txt'
+      };
+    </script>
+    <script type="text/javascript" src="../../_static/jquery.js"></script>
+    <script type="text/javascript" src="../../_static/underscore.js"></script>
+    <script type="text/javascript" src="../../_static/doctools.js"></script>
+    <link rel="index" title="Index" href="../../genindex.html" />
+    <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="Key types" href="types.html" />
+    <link rel="prev" title="Key attributes" href="attributes.html" />
+   
+  <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
+  
+  <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
+
+  </head>
+  <body>
+  
+
+    <div class="document">
+      <div class="documentwrapper">
+        <div class="bodywrapper">
+          <div class="body" role="main">
+            
+  <div class="section" id="key-locations">
+<span id="id1"></span><h1>Key locations</h1>
+<div class="section" id="key-lifetimes">
+<h2>Key lifetimes</h2>
+<div class="section" id="PSA_KEY_LIFETIME_VOLATILE">
+<span id="c.PSA_KEY_LIFETIME_VOLATILE"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code> (macro)</h3>
+<p>A lifetime value that indicates a volatile key.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE">PSA_KEY_LIFETIME_VOLATILE</a> ((<a class="reference internal" href="attributes.html#c.psa_key_lifetime_t" title="psa_key_lifetime_t">psa_key_lifetime_t</a>)0x00000000)
+</pre>
+<p>A volatile key only exists as long as the identifier to it is not destroyed.</p>
+<p>The key material is guaranteed to be erased on a power reset.</p>
+</div>
+<div class="section" id="PSA_KEY_LIFETIME_PERSISTENT">
+<span id="c.PSA_KEY_LIFETIME_PERSISTENT"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code> (macro)</h3>
+<p>The default storage area for persistent keys.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_LIFETIME_PERSISTENT" title="PSA_KEY_LIFETIME_PERSISTENT">PSA_KEY_LIFETIME_PERSISTENT</a> ((<a class="reference internal" href="attributes.html#c.psa_key_lifetime_t" title="psa_key_lifetime_t">psa_key_lifetime_t</a>)0x00000001)
+</pre>
+<p>A persistent key remains in storage until it is explicitly destroyed or until the corresponding storage area is wiped. This specification does not define any mechanism to wipe a storage area. Implementations are permitted to provide their own mechanism, for example, to perform a factory reset, to prepare for device refurbishment, or to uninstall an application.</p>
+<p>This lifetime value is the default storage area for the calling application. Implementations can offer other storage areas designated by other lifetime values as implementation-specific extensions.</p>
+</div>
+</div>
+<div class="section" id="key-identifiers">
+<span id="id2"></span><h2>Key identifiers</h2>
+<div class="section" id="PSA_KEY_ID_NULL">
+<span id="c.PSA_KEY_ID_NULL"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code> (macro)</h3>
+<p>The null key identifier.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL">PSA_KEY_ID_NULL</a> ((<a class="reference internal" href="attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a>)0)
+</pre>
+<p>The null key identifier is always invalid, except when used without in a call to <a class="reference internal" href="management.html#c.psa_destroy_key" title="psa_destroy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_destroy_key()</span></code></a> which will return <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SUCCESS</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_KEY_ID_USER_MIN">
+<span id="c.PSA_KEY_ID_USER_MIN"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_ID_USER_MIN</span></code> (macro)</h3>
+<p>The minimum value for a key identifier chosen by the application.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_ID_USER_MIN" title="PSA_KEY_ID_USER_MIN">PSA_KEY_ID_USER_MIN</a> ((<a class="reference internal" href="attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a>)0x00000001)
+</pre>
+</div>
+<div class="section" id="PSA_KEY_ID_USER_MAX">
+<span id="c.PSA_KEY_ID_USER_MAX"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_ID_USER_MAX</span></code> (macro)</h3>
+<p>The maximum value for a key identifier chosen by the application.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_ID_USER_MAX" title="PSA_KEY_ID_USER_MAX">PSA_KEY_ID_USER_MAX</a> ((<a class="reference internal" href="attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a>)0x3fffffff)
+</pre>
+</div>
+<div class="section" id="PSA_KEY_ID_VENDOR_MIN">
+<span id="c.PSA_KEY_ID_VENDOR_MIN"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_ID_VENDOR_MIN</span></code> (macro)</h3>
+<p>The minimum value for a key identifier chosen by the implementation.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_ID_VENDOR_MIN" title="PSA_KEY_ID_VENDOR_MIN">PSA_KEY_ID_VENDOR_MIN</a> ((<a class="reference internal" href="attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a>)0x40000000)
+</pre>
+</div>
+<div class="section" id="PSA_KEY_ID_VENDOR_MAX">
+<span id="c.PSA_KEY_ID_VENDOR_MAX"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_ID_VENDOR_MAX</span></code> (macro)</h3>
+<p>The maximum value for a key identifier chosen by the implementation.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_ID_VENDOR_MAX" title="PSA_KEY_ID_VENDOR_MAX">PSA_KEY_ID_VENDOR_MAX</a> ((<a class="reference internal" href="attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a>)0x7fffffff)
+</pre>
+</div>
+</div>
+<div class="section" id="attribute-accessors">
+<h2>Attribute accessors</h2>
+<div class="section" id="psa_set_key_lifetime">
+<span id="c.psa_set_key_lifetime"></span><h3><code class="docutils literal"><span class="pre">psa_set_key_lifetime</span></code> (function)</h3>
+<p>Set the location of a persistent key.</p>
+<pre class="literal-block">
+void <a class="reference internal" href="#c.psa_set_key_lifetime" title="psa_set_key_lifetime">psa_set_key_lifetime</a>(<a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
+                          <a class="reference internal" href="attributes.html#c.psa_key_lifetime_t" title="psa_key_lifetime_t">psa_key_lifetime_t</a> lifetime);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
+<dd>The attribute object to write to.</dd>
+<dt> <code class="docutils literal"><span class="pre">lifetime</span></code></dt>
+<dd>The lifetime for the key. If this is <a class="reference internal" href="#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code></a>, the key will be volatile, and the key identifier attribute is reset to <a class="reference internal" href="#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a>.</dd>
+</dl>
+<p class="rubric">Returns: <code class="docutils literal"><span class="pre">void</span></code></p>
+<p class="rubric">Description</p>
+<p>To make a key persistent, give it a persistent key identifier by using <a class="reference internal" href="#c.psa_set_key_id" title="psa_set_key_id"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_id()</span></code></a>. By default, a key that has a persistent identifier is stored in the default storage area identifier by <a class="reference internal" href="#c.PSA_KEY_LIFETIME_PERSISTENT" title="PSA_KEY_LIFETIME_PERSISTENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code></a>. Call this function to choose a storage area, or to explicitly declare the key as volatile.</p>
+<p>This function does not access storage, it merely stores the given value in the attribute object. The persistent key will be written to storage when the attribute object is passed to a key creation function such as <a class="reference internal" href="management.html#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_import_key()</span></code></a>, <a class="reference internal" href="management.html#c.psa_generate_key" title="psa_generate_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_generate_key()</span></code></a>, <a class="reference internal" href="../ops/kdf.html#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_key()</span></code></a> or <a class="reference internal" href="management.html#c.psa_copy_key" title="psa_copy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_copy_key()</span></code></a>.</p>
+<div class="admonition-implementation-note admonition">
+<p class="first admonition-title">Implementation note</p>
+<p>This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:</p>
+<ul class="last simple">
+<li>This function can be declared as <code class="docutils literal"><span class="pre">static</span></code> or <code class="docutils literal"><span class="pre">inline</span></code>, instead of using the default external linkage.</li>
+<li>This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.</li>
+</ul>
+</div>
+</div>
+<div class="section" id="psa_get_key_lifetime">
+<span id="c.psa_get_key_lifetime"></span><h3><code class="docutils literal"><span class="pre">psa_get_key_lifetime</span></code> (function)</h3>
+<p>Retrieve the lifetime from key attributes.</p>
+<pre class="literal-block">
+<a class="reference internal" href="attributes.html#c.psa_key_lifetime_t" title="psa_key_lifetime_t">psa_key_lifetime_t</a> <a class="reference internal" href="#c.psa_get_key_lifetime" title="psa_get_key_lifetime">psa_get_key_lifetime</a>(const <a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
+<dd>The key attribute object to query.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="attributes.html#c.psa_key_lifetime_t" title="psa_key_lifetime_t"><code class="docutils literal"><span class="pre">psa_key_lifetime_t</span></code></a></p>
+<p>The lifetime value stored in the attribute object.</p>
+<p class="rubric">Description</p>
+<div class="admonition-implementation-note admonition">
+<p class="first admonition-title">Implementation note</p>
+<p>This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:</p>
+<ul class="last simple">
+<li>This function can be declared as <code class="docutils literal"><span class="pre">static</span></code> or <code class="docutils literal"><span class="pre">inline</span></code>, instead of using the default external linkage.</li>
+<li>This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.</li>
+</ul>
+</div>
+</div>
+<div class="section" id="psa_set_key_id">
+<span id="c.psa_set_key_id"></span><h3><code class="docutils literal"><span class="pre">psa_set_key_id</span></code> (function)</h3>
+<p>Declare a key as persistent and set its key identifier.</p>
+<pre class="literal-block">
+void <a class="reference internal" href="#c.psa_set_key_id" title="psa_set_key_id">psa_set_key_id</a>(<a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
+                    <a class="reference internal" href="attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> id);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
+<dd>The attribute object to write to.</dd>
+<dt> <code class="docutils literal"><span class="pre">id</span></code></dt>
+<dd>The persistent identifier for the key.</dd>
+</dl>
+<p class="rubric">Returns: <code class="docutils literal"><span class="pre">void</span></code></p>
+<p class="rubric">Description</p>
+<p>If the attribute object currently declares the key as volatile, which is the default lifetime of an attribute object, this function sets the lifetime attribute to <a class="reference internal" href="#c.PSA_KEY_LIFETIME_PERSISTENT" title="PSA_KEY_LIFETIME_PERSISTENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code></a>.</p>
+<p>This function does not access storage, it merely stores the given value in the attribute object. The persistent key will be written to storage when the attribute object is passed to a key creation function such as <a class="reference internal" href="management.html#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_import_key()</span></code></a>, <a class="reference internal" href="management.html#c.psa_generate_key" title="psa_generate_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_generate_key()</span></code></a>, <a class="reference internal" href="../ops/kdf.html#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_key()</span></code></a> or <a class="reference internal" href="management.html#c.psa_copy_key" title="psa_copy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_copy_key()</span></code></a>.</p>
+<div class="admonition-implementation-note admonition">
+<p class="first admonition-title">Implementation note</p>
+<p>This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:</p>
+<ul class="last simple">
+<li>This function can be declared as <code class="docutils literal"><span class="pre">static</span></code> or <code class="docutils literal"><span class="pre">inline</span></code>, instead of using the default external linkage.</li>
+<li>This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.</li>
+</ul>
+</div>
+</div>
+<div class="section" id="psa_get_key_id">
+<span id="c.psa_get_key_id"></span><h3><code class="docutils literal"><span class="pre">psa_get_key_id</span></code> (function)</h3>
+<p>Retrieve the key identifier from key attributes.</p>
+<pre class="literal-block">
+<a class="reference internal" href="attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> <a class="reference internal" href="#c.psa_get_key_id" title="psa_get_key_id">psa_get_key_id</a>(const <a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
+<dd>The key attribute object to query.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="attributes.html#c.psa_key_id_t" title="psa_key_id_t"><code class="docutils literal"><span class="pre">psa_key_id_t</span></code></a></p>
+<p>The persistent identifier stored in the attribute object. This value is unspecified if the attribute object declares the key as volatile.</p>
+<p class="rubric">Description</p>
+<div class="admonition-implementation-note admonition">
+<p class="first admonition-title">Implementation note</p>
+<p>This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:</p>
+<ul class="last simple">
+<li>This function can be declared as <code class="docutils literal"><span class="pre">static</span></code> or <code class="docutils literal"><span class="pre">inline</span></code>, instead of using the default external linkage.</li>
+<li>This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.</li>
+</ul>
+</div>
+</div>
+</div>
+</div>
+
+
+          </div>
+        </div>
+      </div>
+      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
+        <div class="sphinxsidebarwrapper">
+  <h3><a href="../../index.html">Table Of Contents</a></h3>
+  <ul>
+<li><a class="reference internal" href="#">Key locations</a><ul>
+<li><a class="reference internal" href="#key-lifetimes">Key lifetimes</a><ul>
+<li><a class="reference internal" href="#PSA_KEY_LIFETIME_VOLATILE"><code class="docutils literal"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_LIFETIME_PERSISTENT"><code class="docutils literal"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code> (macro)</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#key-identifiers">Key identifiers</a><ul>
+<li><a class="reference internal" href="#PSA_KEY_ID_NULL"><code class="docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_ID_USER_MIN"><code class="docutils literal"><span class="pre">PSA_KEY_ID_USER_MIN</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_ID_USER_MAX"><code class="docutils literal"><span class="pre">PSA_KEY_ID_USER_MAX</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_ID_VENDOR_MIN"><code class="docutils literal"><span class="pre">PSA_KEY_ID_VENDOR_MIN</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_ID_VENDOR_MAX"><code class="docutils literal"><span class="pre">PSA_KEY_ID_VENDOR_MAX</span></code> (macro)</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#attribute-accessors">Attribute accessors</a><ul>
+<li><a class="reference internal" href="#psa_set_key_lifetime"><code class="docutils literal"><span class="pre">psa_set_key_lifetime</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_get_key_lifetime"><code class="docutils literal"><span class="pre">psa_get_key_lifetime</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_set_key_id"><code class="docutils literal"><span class="pre">psa_set_key_id</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_get_key_id"><code class="docutils literal"><span class="pre">psa_get_key_id</span></code> (function)</a></li>
+</ul>
+</li>
+</ul>
+</li>
+</ul>
+<div class="relations">
+<h3>Related Topics</h3>
+<ul>
+  <li><a href="../../index.html">Documentation overview</a><ul>
+  <li><a href="index.html">Key management reference</a><ul>
+      <li>Previous: <a href="attributes.html" title="previous chapter">Key attributes</a></li>
+      <li>Next: <a href="types.html" title="next chapter">Key types</a></li>
+  </ul></li>
+  </ul></li>
+</ul>
+</div>
+  <div role="note" aria-label="source link">
+    <h3>This Page</h3>
+    <ul class="this-page-menu">
+      <li><a href="../../_sources/api/keys/locations.rst.txt"
+            rel="nofollow">Show Source</a></li>
+    </ul>
+   </div>
+<div id="searchbox" style="display: none" role="search">
+  <h3>Quick search</h3>
+    <form class="search" action="../../search.html" method="get">
+      <div><input type="text" name="q" /></div>
+      <div><input type="submit" value="Go" /></div>
+      <input type="hidden" name="check_keywords" value="yes" />
+      <input type="hidden" name="area" value="default" />
+    </form>
+</div>
+<script type="text/javascript">$('#searchbox').show(0);</script>
+        </div>
+      </div>
+      <div class="clearer"></div>
+    </div>
+    <div class="footer">
+      &copy; 2019-2020, Arm Limited or its affiliates. All rights reserved.
+      
+      |
+      Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
+      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
+      
+      |
+      <a href="../../_sources/api/keys/locations.rst.txt"
+          rel="nofollow">Page source</a>
+    </div>
+
+    
+
+    
+  </body>
+</html>
\ No newline at end of file
diff --git a/docs/html/api/keys/management.html b/docs/html/api/keys/management.html
new file mode 100644
index 0000000..234fa72
--- /dev/null
+++ b/docs/html/api/keys/management.html
@@ -0,0 +1,670 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <title>Key management functions &#8212; PSA Crypto API 1.0.0 documentation</title>
+    <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
+    <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
+    <script type="text/javascript">
+      var DOCUMENTATION_OPTIONS = {
+        URL_ROOT:    '../../',
+        VERSION:     '1.0.0',
+        COLLAPSE_INDEX: false,
+        FILE_SUFFIX: '.html',
+        HAS_SOURCE:  true,
+        SOURCELINK_SUFFIX: '.txt'
+      };
+    </script>
+    <script type="text/javascript" src="../../_static/jquery.js"></script>
+    <script type="text/javascript" src="../../_static/underscore.js"></script>
+    <script type="text/javascript" src="../../_static/doctools.js"></script>
+    <link rel="index" title="Index" href="../../genindex.html" />
+    <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="Cryptographic operation reference" href="../ops/index.html" />
+    <link rel="prev" title="Algorithms" href="algorithms.html" />
+   
+  <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
+  
+  <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
+
+  </head>
+  <body>
+  
+
+    <div class="document">
+      <div class="documentwrapper">
+        <div class="bodywrapper">
+          <div class="body" role="main">
+            
+  <div class="section" id="key-management-functions">
+<h1>Key management functions</h1>
+<div class="section" id="key-creation">
+<span id="id1"></span><h2>Key creation</h2>
+<div class="section" id="psa_import_key">
+<span id="c.psa_import_key"></span><h3><code class="docutils literal"><span class="pre">psa_import_key</span></code> (function)</h3>
+<p>Import a key in binary format.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_import_key" title="psa_import_key">psa_import_key</a>(const <a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
+                            const uint8_t * data,
+                            size_t data_length,
+                            <a class="reference internal" href="attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> * key);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
+<dd>The attributes for the new key. The key size is always determined from the <code class="docutils literal"><span class="pre">data</span></code> buffer. If the key size in <code class="docutils literal"><span class="pre">attributes</span></code> is nonzero, it must be equal to the size from <code class="docutils literal"><span class="pre">data</span></code>.</dd>
+<dt> <code class="docutils literal"><span class="pre">data</span></code></dt>
+<dd>Buffer containing the key data.
+The content of this buffer is interpreted according to the type declared in <code class="docutils literal"><span class="pre">attributes</span></code>.
+All implementations must support at least the format described in the documentation of <a class="reference internal" href="#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_key()</span></code></a> or <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_public_key()</span></code></a> for the chosen type.
+Implementations can support other formats, but be conservative in interpreting the key data: it is recommended that implementations reject content if it might be erroneous, for example, if it is the wrong type or is truncated.</dd>
+<dt> <code class="docutils literal"><span class="pre">data_length</span></code></dt>
+<dd>Size of the <code class="docutils literal"><span class="pre">data</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
+<dd>On success, an identifier for the newly created key. <a class="reference internal" href="locations.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a> on failure.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd>Success. If the key is persistent, the key material and the key’s metadata have been saved to persistent storage.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_ALREADY_EXISTS" title="PSA_ERROR_ALREADY_EXISTS"><code class="docutils literal"><span class="pre">PSA_ERROR_ALREADY_EXISTS</span></code></a></dt>
+<dd>This is an attempt to create a persistent key, and there is already a persistent key with the given identifier.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
+<dd>The key type or key size is not supported, either by the implementation in general or in this particular persistent location.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd>The key attributes, as a whole, are invalid.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd>The key data is not correctly formatted.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd>The size in <code class="docutils literal"><span class="pre">attributes</span></code> is nonzero and does not match the size of the key data.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_STORAGE" title="PSA_ERROR_INSUFFICIENT_STORAGE"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_STORAGE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>This function supports any output from <a class="reference internal" href="#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_key()</span></code></a>. Refer to the documentation of <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_public_key()</span></code></a> for the format of public keys and to the documentation of <a class="reference internal" href="#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_key()</span></code></a> for the format for other key types.</p>
+<p>The key data determines the key size. The attributes can optionally specify a key size; in this case it must match the size determined from the key data. A key size of <code class="docutils literal"><span class="pre">0</span></code> in <code class="docutils literal"><span class="pre">attributes</span></code> indicates that the key size is solely determined by the key data.</p>
+<p>Implementations must reject an attempt to import a key of size <code class="docutils literal"><span class="pre">0</span></code>.</p>
+<p>This specification defines a single format for each key type. Implementations can optionally support other formats in addition to the standard format. It is recommended that implementations that support other formats ensure that the formats are clearly unambiguous, to minimize the risk that an invalid input is accidentally interpreted according to a different format.</p>
+</div>
+<div class="section" id="psa_generate_key">
+<span id="c.psa_generate_key"></span><h3><code class="docutils literal"><span class="pre">psa_generate_key</span></code> (function)</h3>
+<p>Generate a key or key pair.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_generate_key" title="psa_generate_key">psa_generate_key</a>(const <a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
+                              <a class="reference internal" href="attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> * key);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
+<dd>The attributes for the new key.</dd>
+<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
+<dd>On success, an identifier for the newly created key. <a class="reference internal" href="locations.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a> on failure.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd>Success. If the key is persistent, the key material and the key’s metadata have been saved to persistent storage.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_ALREADY_EXISTS" title="PSA_ERROR_ALREADY_EXISTS"><code class="docutils literal"><span class="pre">PSA_ERROR_ALREADY_EXISTS</span></code></a></dt>
+<dd>This is an attempt to create a persistent key, and there is already a persistent key with the given identifier.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_ENTROPY" title="PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_STORAGE" title="PSA_ERROR_INSUFFICIENT_STORAGE"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_STORAGE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>The key is generated randomly. Its location, usage policy, type and size are taken from <code class="docutils literal"><span class="pre">attributes</span></code>.</p>
+<p>Implementations must reject an attempt to generate a key of size <code class="docutils literal"><span class="pre">0</span></code>.</p>
+<p>The following type-specific considerations apply:</p>
+<ul class="simple">
+<li>For RSA keys (<a class="reference internal" href="types.html#c.PSA_KEY_TYPE_RSA_KEY_PAIR" title="PSA_KEY_TYPE_RSA_KEY_PAIR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_RSA_KEY_PAIR</span></code></a>), the public exponent is 65537. The modulus is a product of two probabilistic primes between 2^{n-1} and 2^n where n is the bit size specified in the attributes.</li>
+</ul>
+</div>
+<div class="section" id="psa_copy_key">
+<span id="c.psa_copy_key"></span><h3><code class="docutils literal"><span class="pre">psa_copy_key</span></code> (function)</h3>
+<p>Make a copy of a key.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_copy_key" title="psa_copy_key">psa_copy_key</a>(<a class="reference internal" href="attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> source_key,
+                          const <a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
+                          <a class="reference internal" href="attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> * target_key);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">source_key</span></code></dt>
+<dd>The key to copy.
+It must allow the usage <a class="reference internal" href="usage.html#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_COPY</span></code></a>.
+If a private or secret key is being copied outside of a secure element it must also allow <a class="reference internal" href="usage.html#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code></a>.</dd>
+<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
+<dd><p class="first">The attributes for the new key. They are used as follows:</p>
+<ul class="last simple">
+<li>The key type and size can be <code class="docutils literal"><span class="pre">0</span></code>. If either is nonzero, it must match the corresponding attribute of the source key.</li>
+<li>The key location (the lifetime and, for persistent keys, the key identifier) is used directly.</li>
+<li>The policy constraints (usage flags and algorithm policy) are combined from the source key and <code class="docutils literal"><span class="pre">attributes</span></code> so that both sets of restrictions apply, as described in the documentation of this function.</li>
+</ul>
+</dd>
+<dt> <code class="docutils literal"><span class="pre">target_key</span></code></dt>
+<dd>On success, an identifier for the newly created key. <a class="reference internal" href="locations.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a> on failure.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">source_key</span></code> is invalid.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_ALREADY_EXISTS" title="PSA_ERROR_ALREADY_EXISTS"><code class="docutils literal"><span class="pre">PSA_ERROR_ALREADY_EXISTS</span></code></a></dt>
+<dd>This is an attempt to create a persistent key, and there is already a persistent key with the given identifier.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd>The lifetime or identifier in <code class="docutils literal"><span class="pre">attributes</span></code> are invalid.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd>The policy constraints on <code class="docutils literal"><span class="pre">source_key</span></code> and specified in <code class="docutils literal"><span class="pre">attributes</span></code> are incompatible.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">attributes</span></code> specifies a key type or key size which does not match the attributes of <code class="docutils literal"><span class="pre">source</span> <span class="pre">key</span></code>.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">source_key</span></code> does not have the <a class="reference internal" href="usage.html#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_COPY</span></code></a> usage flag.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">source_key</span></code> does not have the <a class="reference internal" href="usage.html#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code></a> usage flag and its lifetime does not allow copying it to the target’s lifetime.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_STORAGE" title="PSA_ERROR_INSUFFICIENT_STORAGE"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_STORAGE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>Copy key material from one location to another.</p>
+<p>This function is primarily useful to copy a key from one location to another, as it populates a key using the material from another key which can have a different lifetime.</p>
+<p>This function can be used to share a key with a different party, subject to implementation-defined restrictions on key sharing.</p>
+<p>The policy on the source key must have the usage flag <a class="reference internal" href="usage.html#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_COPY</span></code></a> set. This flag is sufficient to permit the copy if the key has the lifetime <a class="reference internal" href="locations.html#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code></a> or <a class="reference internal" href="locations.html#c.PSA_KEY_LIFETIME_PERSISTENT" title="PSA_KEY_LIFETIME_PERSISTENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code></a>. Some secure elements do not provide a way to copy a key without making it extractable from the secure element. If a key is located in such a secure element, then the key must have both usage flags <a class="reference internal" href="usage.html#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_COPY</span></code></a> and <a class="reference internal" href="usage.html#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code></a> in order to make a copy of the key outside the secure element.</p>
+<p>The resulting key can only be used in a way that conforms to both the policy of the original key and the policy specified in the <code class="docutils literal"><span class="pre">attributes</span></code> parameter:</p>
+<ul class="simple">
+<li>The usage flags on the resulting key are the bitwise-and of the usage flags on the source policy and the usage flags in <code class="docutils literal"><span class="pre">attributes</span></code>.</li>
+<li>If both allow the same algorithm or wildcard-based algorithm policy, the resulting key has the same algorithm policy.</li>
+<li>If either of the policies allows an algorithm and the other policy allows a wildcard-based algorithm policy that includes this algorithm, the resulting key allows the same algorithm.</li>
+<li>If the policies do not allow any algorithm in common, this function fails with the status <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a>.</li>
+</ul>
+<p>The effect of this function on implementation-defined attributes is implementation-defined.</p>
+</div>
+</div>
+<div class="section" id="key-destruction">
+<span id="id2"></span><h2>Key destruction</h2>
+<div class="section" id="psa_destroy_key">
+<span id="c.psa_destroy_key"></span><h3><code class="docutils literal"><span class="pre">psa_destroy_key</span></code> (function)</h3>
+<p>Destroy a key.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_destroy_key" title="psa_destroy_key">psa_destroy_key</a>(<a class="reference internal" href="attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
+<dd>Identifier of the key to erase.
+If this is <a class="reference internal" href="locations.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a>, do nothing and return <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SUCCESS</span></code></a>.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">key</span></code> was a valid key identifier and the key material that it referred to has been erased.
+Alternatively, <code class="docutils literal"><span class="pre">key</span></code> is <a class="reference internal" href="locations.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a>.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
+<dd>The key cannot be erased because it is read-only, either due to a policy or due to physical restrictions.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">key</span></code> is not a valid handle nor <a class="reference internal" href="locations.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a>.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd>There was an failure in communication with the cryptoprocessor. The key material might still be present in the cryptoprocessor.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd>The storage operation failed. Implementations must make a best effort to erase key material even in this situation, however, it might be impossible to guarantee that the key material is not recoverable in such cases.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd>The storage is corrupted. Implementations must make a best effort to erase key material even in this situation, however, it might be impossible to guarantee that the key material is not recoverable in such cases.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd>An unexpected condition which is not a storage corruption or a communication failure occurred. The cryptoprocessor might have been compromised.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>This function destroys a key from both volatile memory and, if applicable, non-volatile storage. Implementations must make a best effort to ensure that that the key material cannot be recovered.</p>
+<p>This function also erases any metadata such as policies and frees resources associated with the key.</p>
+<p>Destroying the key makes the key identifier invalid, and the key identifier must not be used again by the application.</p>
+<p>If a key is currently in use in a multi-part operation, then destroying the key will cause the multi-part operation to fail.</p>
+</div>
+<div class="section" id="psa_purge_key">
+<span id="c.psa_purge_key"></span><h3><code class="docutils literal"><span class="pre">psa_purge_key</span></code> (function)</h3>
+<p>Remove non-essential copies of key material from memory.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_purge_key" title="psa_purge_key">psa_purge_key</a>(<a class="reference internal" href="attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
+<dd>Identifier of the key to purge.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd>The key material will have been removed from memory if it is not currently required.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>An implementation is permitted to make additional copies of key material
+For keys that have been created with the <a class="reference internal" href="usage.html#c.PSA_KEY_USAGE_CACHE" title="PSA_KEY_USAGE_CACHE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_CACHE</span></code></a> policy, an implementation is permitted to make additional copies of the key material that are not in storage and not for the purpose of ongoing operations.</p>
+<p>This function will remove these extra copies of the key material from memory.</p>
+<p>This function is not required to remove key material from memory in any of the following situations:</p>
+<ul class="simple">
+<li>The key is currently in use in a cryptographic operation.</li>
+<li>The key is volatile.</li>
+</ul>
+<p>See also <em><a class="reference internal" href="../../overview/implementation.html#key-material"><span class="std std-ref">Managing key material</span></a></em>.</p>
+</div>
+</div>
+<div class="section" id="key-export">
+<span id="id3"></span><h2>Key export</h2>
+<div class="section" id="psa_export_key">
+<span id="c.psa_export_key"></span><h3><code class="docutils literal"><span class="pre">psa_export_key</span></code> (function)</h3>
+<p>Export a key in binary format.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_export_key" title="psa_export_key">psa_export_key</a>(<a class="reference internal" href="attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+                            uint8_t * data,
+                            size_t data_size,
+                            size_t * data_length);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
+<dd>Identifier of the key to export.
+It must allow the usage <a class="reference internal" href="usage.html#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code></a>, unless it is a public key.</dd>
+<dt> <code class="docutils literal"><span class="pre">data</span></code></dt>
+<dd>Buffer where the key data is to be written.</dd>
+<dt> <code class="docutils literal"><span class="pre">data_size</span></code></dt>
+<dd><p class="first">Size of the <code class="docutils literal"><span class="pre">data</span></code> buffer in bytes.
+This must be appropriate for the key:</p>
+<ul class="last simple">
+<li>The required output size is <a class="reference internal" href="#c.PSA_EXPORT_KEY_OUTPUT_SIZE" title="PSA_EXPORT_KEY_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_EXPORT_KEY_OUTPUT_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">bits</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">type</span></code> is the key type and <code class="docutils literal"><span class="pre">bits</span></code> is the key size in bits.</li>
+<li>For asymmetric keys, <a class="reference internal" href="#c.PSA_EXPORT_KEY_PAIR_MAX_SIZE" title="PSA_EXPORT_KEY_PAIR_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_EXPORT_KEY_PAIR_MAX_SIZE</span></code></a> evaluates to the maximum output size of any supported public key or key pair.</li>
+</ul>
+</dd>
+<dt> <code class="docutils literal"><span class="pre">data_length</span></code></dt>
+<dd>On success, the number of bytes that make up the key data.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
+<dd>The key does not have the <a class="reference internal" href="usage.html#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code></a> flag.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
+<dd>The size of the <code class="docutils literal"><span class="pre">data</span></code> buffer is too small.
+<a class="reference internal" href="#c.PSA_EXPORT_KEY_OUTPUT_SIZE" title="PSA_EXPORT_KEY_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_EXPORT_KEY_OUTPUT_SIZE()</span></code></a> or <a class="reference internal" href="#c.PSA_EXPORT_KEY_PAIR_MAX_SIZE" title="PSA_EXPORT_KEY_PAIR_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_EXPORT_KEY_PAIR_MAX_SIZE</span></code></a> can be used to determine the required buffer size.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>The output of this function can be passed to <a class="reference internal" href="#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_import_key()</span></code></a> to create an equivalent object.</p>
+<p>If the implementation of <a class="reference internal" href="#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_import_key()</span></code></a> supports other formats beyond the format specified here, the output from <a class="reference internal" href="#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_key()</span></code></a> must use the representation specified here, not the original representation.</p>
+<p>For standard key types, the output format is as follows:</p>
+<ul class="simple">
+<li>For symmetric keys, including MAC keys, the format is the raw bytes of the key.</li>
+<li>For DES, the key data consists of 8 bytes. The parity bits must be correct.</li>
+<li>For Triple-DES, the format is the concatenation of the two or three DES keys.</li>
+<li>For RSA key pairs, with key type <a class="reference internal" href="types.html#c.PSA_KEY_TYPE_RSA_KEY_PAIR" title="PSA_KEY_TYPE_RSA_KEY_PAIR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_RSA_KEY_PAIR</span></code></a>, the format is the non-encrypted DER encoding of the representation defined by PKCS#1 in <a class="reference external" href="https://tools.ietf.org/html/rfc8017.html">RFC 8017</a> as <code class="docutils literal"><span class="pre">RSAPrivateKey</span></code>, version <code class="docutils literal"><span class="pre">0</span></code>.</li>
+<li>For elliptic curve key pairs, with key types for which <a class="reference internal" href="types.html#c.PSA_KEY_TYPE_IS_ECC_KEY_PAIR" title="PSA_KEY_TYPE_IS_ECC_KEY_PAIR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ECC_KEY_PAIR()</span></code></a> is true, the format is a representation of the private value.<ul>
+<li>For Weierstrass curve families <code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECT_XX</span></code>, <code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECP_XX</span></code>, <a class="reference internal" href="types.html#c.PSA_ECC_FAMILY_FRP" title="PSA_ECC_FAMILY_FRP"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_FRP</span></code></a> and <a class="reference internal" href="types.html#c.PSA_ECC_FAMILY_BRAINPOOL_P_R1" title="PSA_ECC_FAMILY_BRAINPOOL_P_R1"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_BRAINPOOL_P_R1</span></code></a>, the content of the <code class="docutils literal"><span class="pre">privateKey</span></code> field of the <code class="docutils literal"><span class="pre">ECPrivateKey</span></code> format defined by <a class="reference external" href="https://tools.ietf.org/html/rfc5915.html">RFC 5915</a>. This is a <code class="docutils literal"><span class="pre">ceiling(m/8)</span></code>-byte string in big-endian order where <code class="docutils literal"><span class="pre">m</span></code> is the key size in bits.</li>
+<li>For curve family <a class="reference internal" href="types.html#c.PSA_ECC_FAMILY_MONTGOMERY" title="PSA_ECC_FAMILY_MONTGOMERY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_MONTGOMERY</span></code></a>, the scalar value of the ‘private key’ in little-endian order as defined by <a class="reference external" href="https://tools.ietf.org/html/rfc7748.html#section-6">RFC 7748 §6</a>. This is a <code class="docutils literal"><span class="pre">ceiling(m/8)</span></code>-byte string where <code class="docutils literal"><span class="pre">m</span></code> is the key size in bits. This is 32 bytes for Curve25519, and 56 bytes for Curve448.</li>
+</ul>
+</li>
+<li>For Diffie-Hellman key exchange key pairs, with key types for which <a class="reference internal" href="types.html#c.PSA_KEY_TYPE_IS_DH_KEY_PAIR" title="PSA_KEY_TYPE_IS_DH_KEY_PAIR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_IS_DH_KEY_PAIR()</span></code></a> is true, the format is the representation of the private key <code class="docutils literal"><span class="pre">x</span></code> as a big-endian byte string. The length of the byte string is the private key size in bytes, and leading zeroes are not stripped.</li>
+<li>For public keys, with key types for which <a class="reference internal" href="types.html#c.PSA_KEY_TYPE_IS_PUBLIC_KEY" title="PSA_KEY_TYPE_IS_PUBLIC_KEY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_IS_PUBLIC_KEY()</span></code></a> is true, the format is the same as for <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_public_key()</span></code></a>.</li>
+</ul>
+<p>The policy on the key must have the usage flag <a class="reference internal" href="usage.html#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code></a> set.</p>
+</div>
+<div class="section" id="psa_export_public_key">
+<span id="c.psa_export_public_key"></span><h3><code class="docutils literal"><span class="pre">psa_export_public_key</span></code> (function)</h3>
+<p>Export a public key or the public part of a key pair in binary format.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key">psa_export_public_key</a>(<a class="reference internal" href="attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+                                   uint8_t * data,
+                                   size_t data_size,
+                                   size_t * data_length);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
+<dd>Identifier of the key to export.</dd>
+<dt> <code class="docutils literal"><span class="pre">data</span></code></dt>
+<dd>Buffer where the key data is to be written.</dd>
+<dt> <code class="docutils literal"><span class="pre">data_size</span></code></dt>
+<dd><p class="first">Size of the <code class="docutils literal"><span class="pre">data</span></code> buffer in bytes.
+This must be appropriate for the key:</p>
+<ul class="last simple">
+<li>The required output size is <a class="reference internal" href="#c.PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE" title="PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">bits</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">type</span></code> is the key type and <code class="docutils literal"><span class="pre">bits</span></code> is the key size in bits.</li>
+<li><a class="reference internal" href="#c.PSA_EXPORT_PUBLIC_KEY_MAX_SIZE" title="PSA_EXPORT_PUBLIC_KEY_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_EXPORT_PUBLIC_KEY_MAX_SIZE</span></code></a> evaluates to the maximum output size of any supported public key or public part of a key pair.</li>
+</ul>
+</dd>
+<dt> <code class="docutils literal"><span class="pre">data_length</span></code></dt>
+<dd>On success, the number of bytes that make up the key data.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd>The key is neither a public key nor a key pair.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
+<dd>The size of the <code class="docutils literal"><span class="pre">data</span></code> buffer is too small.
+<a class="reference internal" href="#c.PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE" title="PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE()</span></code></a> or <a class="reference internal" href="#c.PSA_EXPORT_PUBLIC_KEY_MAX_SIZE" title="PSA_EXPORT_PUBLIC_KEY_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_EXPORT_PUBLIC_KEY_MAX_SIZE</span></code></a> can be used to determine the required buffer size.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>The output of this function can be passed to <a class="reference internal" href="#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_import_key()</span></code></a> to create an object that is equivalent to the public key.</p>
+<p>If the implementation of <a class="reference internal" href="#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_import_key()</span></code></a> supports other formats beyond the format specified here, the output from <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_public_key()</span></code></a> must use the representation specified here, not the original representation.</p>
+<p>For standard key types, the output format is as follows:</p>
+<ul class="simple">
+<li>For RSA public keys, with key type <a class="reference internal" href="types.html#c.PSA_KEY_TYPE_RSA_PUBLIC_KEY" title="PSA_KEY_TYPE_RSA_PUBLIC_KEY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_RSA_PUBLIC_KEY</span></code></a>, the DER encoding of the representation defined by <a class="reference external" href="https://tools.ietf.org/html/rfc3279.html#section-2.3.1">RFC 3279 §2.3.1</a> as <code class="docutils literal"><span class="pre">RSAPublicKey</span></code>.</li>
+<li>For elliptic curve key pairs, with key types for which <a class="reference internal" href="types.html#c.PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY" title="PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY()</span></code></a> is true, the format depends on the key family:<ul>
+<li>For Weierstrass curve families <code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECT_XX</span></code>, <code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECP_XX</span></code>, <a class="reference internal" href="types.html#c.PSA_ECC_FAMILY_FRP" title="PSA_ECC_FAMILY_FRP"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_FRP</span></code></a> and <a class="reference internal" href="types.html#c.PSA_ECC_FAMILY_BRAINPOOL_P_R1" title="PSA_ECC_FAMILY_BRAINPOOL_P_R1"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_BRAINPOOL_P_R1</span></code></a>, the uncompressed representation defined by <em>Standards for Efficient Cryptography</em>, <a class="reference external" href="https://www.secg.org/sec1-v2.pdf"><em>SEC 1: Elliptic Curve Cryptography</em></a> §2.3.3 as the content of an <code class="docutils literal"><span class="pre">ECPoint</span></code>. If <code class="docutils literal"><span class="pre">m</span></code> is the bit size associated with the curve, i.e. the bit size of <code class="docutils literal"><span class="pre">q</span></code> for a curve over <code class="docutils literal"><span class="pre">F_q</span></code>. The representation consists of:<ul>
+<li>The byte <code class="docutils literal"><span class="pre">0x04</span></code>;</li>
+<li><code class="docutils literal"><span class="pre">x_P</span></code> as a <code class="docutils literal"><span class="pre">ceiling(m/8)</span></code>-byte string, big-endian;</li>
+<li><code class="docutils literal"><span class="pre">y_P</span></code> as a <code class="docutils literal"><span class="pre">ceiling(m/8)</span></code>-byte string, big-endian.</li>
+</ul>
+</li>
+<li>For curve family <a class="reference internal" href="types.html#c.PSA_ECC_FAMILY_MONTGOMERY" title="PSA_ECC_FAMILY_MONTGOMERY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_MONTGOMERY</span></code></a>, the scalar value of the ‘public key’ in little-endian order as defined by <a class="reference external" href="https://tools.ietf.org/html/rfc7748.html#section-6">RFC 7748 §6</a>. This is a <code class="docutils literal"><span class="pre">ceiling(m/8)</span></code>-byte string where <code class="docutils literal"><span class="pre">m</span></code> is the key size in bits.<ul>
+<li>This is 32 bytes for Curve25519, computed as <code class="docutils literal"><span class="pre">X25519(private_key,</span> <span class="pre">9)</span></code>.</li>
+<li>This is 56 bytes for Curve448, computed as <code class="docutils literal"><span class="pre">X448(private_key,</span> <span class="pre">5)</span></code>.</li>
+</ul>
+</li>
+</ul>
+</li>
+<li>For Diffie-Hellman key exchange public keys, with key types for which <a class="reference internal" href="types.html#c.PSA_KEY_TYPE_IS_DH_PUBLIC_KEY" title="PSA_KEY_TYPE_IS_DH_PUBLIC_KEY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_IS_DH_PUBLIC_KEY</span></code></a> is true, the format is the representation of the public key <code class="docutils literal"><span class="pre">y</span> <span class="pre">=</span> <span class="pre">g^x</span> <span class="pre">mod</span> <span class="pre">p</span></code> as a big-endian byte string. The length of the byte string is the length of the base prime <code class="docutils literal"><span class="pre">p</span></code> in bytes.</li>
+</ul>
+<p>Exporting a public key object or the public part of a key pair is always permitted, regardless of the key’s usage flags.</p>
+</div>
+<div class="section" id="PSA_EXPORT_KEY_OUTPUT_SIZE">
+<span id="c.PSA_EXPORT_KEY_OUTPUT_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_EXPORT_KEY_OUTPUT_SIZE</span></code> (macro)</h3>
+<p>Sufficient output buffer size for <a class="reference internal" href="#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_key()</span></code></a>.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_EXPORT_KEY_OUTPUT_SIZE" title="PSA_EXPORT_KEY_OUTPUT_SIZE">PSA_EXPORT_KEY_OUTPUT_SIZE</a>(key_type, key_bits) \
+    <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
+<dd>A supported key type.</dd>
+<dt> <code class="docutils literal"><span class="pre">key_bits</span></code></dt>
+<dd>The size of the key in bits.</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>If the parameters are valid and supported, return a buffer size in bytes that guarantees that <a class="reference internal" href="#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_key()</span></code></a> or <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_public_key()</span></code></a> will not fail with <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a>. If the parameters are a valid combination that is not supported by the implementation, this macro must return either a sensible size or <code class="docutils literal"><span class="pre">0</span></code>. If the parameters are not valid, the return value is unspecified.</p>
+<p class="rubric">Description</p>
+<p>This macro returns a compile-time constant if its arguments are compile-time constants.</p>
+<div class="admonition warning">
+<p class="first admonition-title">Warning</p>
+<p class="last">This function can evaluate its arguments multiple times or zero times. Providing arguments that have side effects will result in implementation-specific behavior, and is non-portable.</p>
+</div>
+<p>The following code illustrates how to allocate enough memory to export a key by querying the key type and size at runtime.</p>
+<pre class="literal-block">
+<a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> attributes = <a class="reference internal" href="attributes.html#c.PSA_KEY_ATTRIBUTES_INIT" title="PSA_KEY_ATTRIBUTES_INIT">PSA_KEY_ATTRIBUTES_INIT</a>;
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> status;
+status = <a class="reference internal" href="attributes.html#c.psa_get_key_attributes" title="psa_get_key_attributes">psa_get_key_attributes</a>(key, &amp;attributes);
+if (status != <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS">PSA_SUCCESS</a>)
+    handle_error(...);
+<a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a> key_type = <a class="reference internal" href="types.html#c.psa_get_key_type" title="psa_get_key_type">psa_get_key_type</a>(&amp;attributes);
+size_t key_bits = <a class="reference internal" href="types.html#c.psa_get_key_bits" title="psa_get_key_bits">psa_get_key_bits</a>(&amp;attributes);
+size_t buffer_size = <a class="reference internal" href="#c.PSA_EXPORT_KEY_OUTPUT_SIZE" title="PSA_EXPORT_KEY_OUTPUT_SIZE">PSA_EXPORT_KEY_OUTPUT_SIZE</a>(key_type, key_bits);
+<a class="reference internal" href="attributes.html#c.psa_reset_key_attributes" title="psa_reset_key_attributes">psa_reset_key_attributes</a>(&amp;attributes);
+uint8_t *buffer = malloc(buffer_size);
+if (buffer == NULL)
+    handle_error(...);
+size_t buffer_length;
+status = <a class="reference internal" href="#c.psa_export_key" title="psa_export_key">psa_export_key</a>(key, buffer, buffer_size, &amp;buffer_length);
+if (status != <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS">PSA_SUCCESS</a>)
+    handle_error(...);
+</pre>
+<p>See also <a class="reference internal" href="#c.PSA_EXPORT_KEY_PAIR_MAX_SIZE" title="PSA_EXPORT_KEY_PAIR_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_EXPORT_KEY_PAIR_MAX_SIZE</span></code></a> and <a class="reference internal" href="#c.PSA_EXPORT_PUBLIC_KEY_MAX_SIZE" title="PSA_EXPORT_PUBLIC_KEY_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_EXPORT_PUBLIC_KEY_MAX_SIZE</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE">
+<span id="c.PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE</span></code> (macro)</h3>
+<p>Sufficient output buffer size for <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_public_key()</span></code></a>.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE" title="PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE">PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE</a>(key_type, key_bits) \
+    <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
+<dd>A public key or key pair key type.</dd>
+<dt> <code class="docutils literal"><span class="pre">key_bits</span></code></dt>
+<dd>The size of the key in bits.</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>If the parameters are valid and supported, return a buffer size in bytes that guarantees that <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_public_key()</span></code></a> will not fail with <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a>. If the parameters are a valid combination that is not supported by the implementation, this macro must return either a sensible size or <code class="docutils literal"><span class="pre">0</span></code>. If the parameters are not valid, the return value is unspecified.</p>
+<p>If the parameters are valid and supported, it is recommended that this macro returns the same result as <a class="reference internal" href="#c.PSA_EXPORT_KEY_OUTPUT_SIZE" title="PSA_EXPORT_KEY_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_EXPORT_KEY_OUTPUT_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="types.html#c.PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR" title="PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">),</span> </code><code class="docutils literal"><span class="pre">key_bits</span></code><code class="docutils literal"><span class="pre">)</span></code>.</p>
+<p class="rubric">Description</p>
+<p>This macro returns a compile-time constant if its arguments are compile-time constants.</p>
+<div class="admonition warning">
+<p class="first admonition-title">Warning</p>
+<p class="last">This function can evaluate its arguments multiple times or zero times. Providing arguments that have side effects will result in implementation-specific behavior, and is non-portable.</p>
+</div>
+<p>The following code illustrates how to allocate enough memory to export a public key by querying the key type and size at runtime.</p>
+<pre class="literal-block">
+<a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> attributes = <a class="reference internal" href="attributes.html#c.PSA_KEY_ATTRIBUTES_INIT" title="PSA_KEY_ATTRIBUTES_INIT">PSA_KEY_ATTRIBUTES_INIT</a>;
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> status;
+status = <a class="reference internal" href="attributes.html#c.psa_get_key_attributes" title="psa_get_key_attributes">psa_get_key_attributes</a>(key, &amp;attributes);
+if (status != <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS">PSA_SUCCESS</a>)
+    handle_error(...);
+<a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a> key_type = <a class="reference internal" href="types.html#c.psa_get_key_type" title="psa_get_key_type">psa_get_key_type</a>(&amp;attributes);
+size_t key_bits = <a class="reference internal" href="types.html#c.psa_get_key_bits" title="psa_get_key_bits">psa_get_key_bits</a>(&amp;attributes);
+size_t buffer_size = <a class="reference internal" href="#c.PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE" title="PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE">PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE</a>(key_type, key_bits);
+<a class="reference internal" href="attributes.html#c.psa_reset_key_attributes" title="psa_reset_key_attributes">psa_reset_key_attributes</a>(&amp;attributes);
+uint8_t *buffer = malloc(buffer_size);
+if (buffer == NULL)
+    handle_error(...);
+size_t buffer_length;
+status = <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key">psa_export_public_key</a>(key, buffer, buffer_size, &amp;buffer_length);
+if (status != <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS">PSA_SUCCESS</a>)
+    handle_error(...);
+</pre>
+<p>See also <a class="reference internal" href="#c.PSA_EXPORT_PUBLIC_KEY_MAX_SIZE" title="PSA_EXPORT_PUBLIC_KEY_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_EXPORT_PUBLIC_KEY_MAX_SIZE</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_EXPORT_KEY_PAIR_MAX_SIZE">
+<span id="c.PSA_EXPORT_KEY_PAIR_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_EXPORT_KEY_PAIR_MAX_SIZE</span></code> (macro)</h3>
+<p>Sufficient buffer size for exporting any asymmetric key pair.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_EXPORT_KEY_PAIR_MAX_SIZE" title="PSA_EXPORT_KEY_PAIR_MAX_SIZE">PSA_EXPORT_KEY_PAIR_MAX_SIZE</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p>This macro must expand to a compile-time constant integer.
+This value must be a sufficient buffer size when calling <a class="reference internal" href="#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_key()</span></code></a> to export any asymmetric key pair that is supported by the implementation, regardless of the exact key type and key size.</p>
+<p>See also <a class="reference internal" href="#c.PSA_EXPORT_KEY_OUTPUT_SIZE" title="PSA_EXPORT_KEY_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_EXPORT_KEY_OUTPUT_SIZE()</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_EXPORT_PUBLIC_KEY_MAX_SIZE">
+<span id="c.PSA_EXPORT_PUBLIC_KEY_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_EXPORT_PUBLIC_KEY_MAX_SIZE</span></code> (macro)</h3>
+<p>Sufficient buffer size for exporting any asymmetric public key.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_EXPORT_PUBLIC_KEY_MAX_SIZE" title="PSA_EXPORT_PUBLIC_KEY_MAX_SIZE">PSA_EXPORT_PUBLIC_KEY_MAX_SIZE</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p>This macro must expand to a compile-time constant integer.
+This value must be a sufficient buffer size when calling <a class="reference internal" href="#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_key()</span></code></a> or <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_public_key()</span></code></a> to export any asymmetric public key that is supported by the implementation, regardless of the exact key type and key size.</p>
+<p>See also <a class="reference internal" href="#c.PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE" title="PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE()</span></code></a>.</p>
+</div>
+</div>
+</div>
+
+
+          </div>
+        </div>
+      </div>
+      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
+        <div class="sphinxsidebarwrapper">
+  <h3><a href="../../index.html">Table Of Contents</a></h3>
+  <ul>
+<li><a class="reference internal" href="#">Key management functions</a><ul>
+<li><a class="reference internal" href="#key-creation">Key creation</a><ul>
+<li><a class="reference internal" href="#psa_import_key"><code class="docutils literal"><span class="pre">psa_import_key</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_generate_key"><code class="docutils literal"><span class="pre">psa_generate_key</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_copy_key"><code class="docutils literal"><span class="pre">psa_copy_key</span></code> (function)</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#key-destruction">Key destruction</a><ul>
+<li><a class="reference internal" href="#psa_destroy_key"><code class="docutils literal"><span class="pre">psa_destroy_key</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_purge_key"><code class="docutils literal"><span class="pre">psa_purge_key</span></code> (function)</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#key-export">Key export</a><ul>
+<li><a class="reference internal" href="#psa_export_key"><code class="docutils literal"><span class="pre">psa_export_key</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_export_public_key"><code class="docutils literal"><span class="pre">psa_export_public_key</span></code> (function)</a></li>
+<li><a class="reference internal" href="#PSA_EXPORT_KEY_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_EXPORT_KEY_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_EXPORT_KEY_PAIR_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_EXPORT_KEY_PAIR_MAX_SIZE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_EXPORT_PUBLIC_KEY_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_EXPORT_PUBLIC_KEY_MAX_SIZE</span></code> (macro)</a></li>
+</ul>
+</li>
+</ul>
+</li>
+</ul>
+<div class="relations">
+<h3>Related Topics</h3>
+<ul>
+  <li><a href="../../index.html">Documentation overview</a><ul>
+  <li><a href="index.html">Key management reference</a><ul>
+      <li>Previous: <a href="algorithms.html" title="previous chapter">Algorithms</a></li>
+      <li>Next: <a href="../ops/index.html" title="next chapter">Cryptographic operation reference</a></li>
+  </ul></li>
+  </ul></li>
+</ul>
+</div>
+  <div role="note" aria-label="source link">
+    <h3>This Page</h3>
+    <ul class="this-page-menu">
+      <li><a href="../../_sources/api/keys/management.rst.txt"
+            rel="nofollow">Show Source</a></li>
+    </ul>
+   </div>
+<div id="searchbox" style="display: none" role="search">
+  <h3>Quick search</h3>
+    <form class="search" action="../../search.html" method="get">
+      <div><input type="text" name="q" /></div>
+      <div><input type="submit" value="Go" /></div>
+      <input type="hidden" name="check_keywords" value="yes" />
+      <input type="hidden" name="area" value="default" />
+    </form>
+</div>
+<script type="text/javascript">$('#searchbox').show(0);</script>
+        </div>
+      </div>
+      <div class="clearer"></div>
+    </div>
+    <div class="footer">
+      &copy; 2019-2020, Arm Limited or its affiliates. All rights reserved.
+      
+      |
+      Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
+      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
+      
+      |
+      <a href="../../_sources/api/keys/management.rst.txt"
+          rel="nofollow">Page source</a>
+    </div>
+
+    
+
+    
+  </body>
+</html>
\ No newline at end of file
diff --git a/docs/html/api/keys/types.html b/docs/html/api/keys/types.html
new file mode 100644
index 0000000..ff01b00
--- /dev/null
+++ b/docs/html/api/keys/types.html
@@ -0,0 +1,833 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <title>Key types &#8212; PSA Crypto API 1.0.0 documentation</title>
+    <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
+    <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
+    <script type="text/javascript">
+      var DOCUMENTATION_OPTIONS = {
+        URL_ROOT:    '../../',
+        VERSION:     '1.0.0',
+        COLLAPSE_INDEX: false,
+        FILE_SUFFIX: '.html',
+        HAS_SOURCE:  true,
+        SOURCELINK_SUFFIX: '.txt'
+      };
+    </script>
+    <script type="text/javascript" src="../../_static/jquery.js"></script>
+    <script type="text/javascript" src="../../_static/underscore.js"></script>
+    <script type="text/javascript" src="../../_static/doctools.js"></script>
+    <link rel="index" title="Index" href="../../genindex.html" />
+    <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="Key policies" href="usage.html" />
+    <link rel="prev" title="Key locations" href="locations.html" />
+   
+  <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
+  
+  <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
+
+  </head>
+  <body>
+  
+
+    <div class="document">
+      <div class="documentwrapper">
+        <div class="bodywrapper">
+          <div class="body" role="main">
+            
+  <div class="section" id="key-types">
+<span id="id1"></span><h1>Key types</h1>
+<div class="section" id="key-categories">
+<h2>Key categories</h2>
+<div class="section" id="PSA_KEY_TYPE_NONE">
+<span id="c.PSA_KEY_TYPE_NONE"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_NONE</span></code> (macro)</h3>
+<p>An invalid key type value.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_TYPE_NONE" title="PSA_KEY_TYPE_NONE">PSA_KEY_TYPE_NONE</a> ((<a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x0000)
+</pre>
+<p>Zero is not the encoding of any key type.</p>
+</div>
+<div class="section" id="PSA_KEY_TYPE_IS_UNSTRUCTURED">
+<span id="c.PSA_KEY_TYPE_IS_UNSTRUCTURED"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_UNSTRUCTURED</span></code> (macro)</h3>
+<p>Whether a key type is an unstructured array of bytes.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_TYPE_IS_UNSTRUCTURED" title="PSA_KEY_TYPE_IS_UNSTRUCTURED">PSA_KEY_TYPE_IS_UNSTRUCTURED</a>(type) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
+<dd>A key type (value of type <a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>This encompasses both symmetric keys and non-key data.</p>
+<p>See <em><a class="reference internal" href="#symmetric-keys"><span class="std std-ref">Symmetric keys</span></a></em> for a list of symmetric key types.</p>
+</div>
+<div class="section" id="PSA_KEY_TYPE_IS_ASYMMETRIC">
+<span id="c.PSA_KEY_TYPE_IS_ASYMMETRIC"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ASYMMETRIC</span></code> (macro)</h3>
+<p>Whether a key type is asymmetric: either a key pair or a public key.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_TYPE_IS_ASYMMETRIC" title="PSA_KEY_TYPE_IS_ASYMMETRIC">PSA_KEY_TYPE_IS_ASYMMETRIC</a>(type) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
+<dd>A key type (value of type <a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>See <em><a class="reference internal" href="#asymmetric-keys"><span class="std std-ref">RSA keys</span></a></em> for a list of asymmetric key types.</p>
+</div>
+<div class="section" id="PSA_KEY_TYPE_IS_PUBLIC_KEY">
+<span id="c.PSA_KEY_TYPE_IS_PUBLIC_KEY"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_PUBLIC_KEY</span></code> (macro)</h3>
+<p>Whether a key type is the public part of a key pair.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_TYPE_IS_PUBLIC_KEY" title="PSA_KEY_TYPE_IS_PUBLIC_KEY">PSA_KEY_TYPE_IS_PUBLIC_KEY</a>(type) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
+<dd>A key type (value of type <a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>).</dd>
+</dl>
+</div>
+<div class="section" id="PSA_KEY_TYPE_IS_KEY_PAIR">
+<span id="c.PSA_KEY_TYPE_IS_KEY_PAIR"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_KEY_PAIR</span></code> (macro)</h3>
+<p>Whether a key type is a key pair containing a private part and a public part.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_TYPE_IS_KEY_PAIR" title="PSA_KEY_TYPE_IS_KEY_PAIR">PSA_KEY_TYPE_IS_KEY_PAIR</a>(type) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
+<dd>A key type (value of type <a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>).</dd>
+</dl>
+</div>
+</div>
+<div class="section" id="symmetric-keys">
+<span id="id2"></span><h2>Symmetric keys</h2>
+<div class="section" id="PSA_KEY_TYPE_RAW_DATA">
+<span id="c.PSA_KEY_TYPE_RAW_DATA"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_RAW_DATA</span></code> (macro)</h3>
+<p>Raw data.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_TYPE_RAW_DATA" title="PSA_KEY_TYPE_RAW_DATA">PSA_KEY_TYPE_RAW_DATA</a> ((<a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x1001)
+</pre>
+<p>A “key” of this type cannot be used for any cryptographic operation. Applications can use this type to store arbitrary data in the keystore.</p>
+</div>
+<div class="section" id="PSA_KEY_TYPE_HMAC">
+<span id="c.PSA_KEY_TYPE_HMAC"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_HMAC</span></code> (macro)</h3>
+<p>HMAC key.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_TYPE_HMAC" title="PSA_KEY_TYPE_HMAC">PSA_KEY_TYPE_HMAC</a> ((<a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x1100)
+</pre>
+<p>The key policy determines which underlying hash algorithm the key can be used for.</p>
+<p>HMAC keys typically have the same size as the underlying hash. This size can be calculated with <a class="reference internal" href="../ops/hashes.html#c.PSA_HASH_LENGTH" title="PSA_HASH_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">alg</span></code> is the HMAC algorithm or the underlying hash algorithm.</p>
+</div>
+<div class="section" id="PSA_KEY_TYPE_DERIVE">
+<span id="c.PSA_KEY_TYPE_DERIVE"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DERIVE</span></code> (macro)</h3>
+<p>A secret for key derivation.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_TYPE_DERIVE" title="PSA_KEY_TYPE_DERIVE">PSA_KEY_TYPE_DERIVE</a> ((<a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x1200)
+</pre>
+<p>The key policy determines which key derivation algorithm the key can be used for.</p>
+</div>
+<div class="section" id="PSA_KEY_TYPE_AES">
+<span id="c.PSA_KEY_TYPE_AES"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_AES</span></code> (macro)</h3>
+<p>Key for a cipher, AEAD or MAC algorithm based on the AES block cipher.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_TYPE_AES" title="PSA_KEY_TYPE_AES">PSA_KEY_TYPE_AES</a> ((<a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x2400)
+</pre>
+<p>The size of the key can be 16 bytes (AES-128), 24 bytes (AES-192) or 32 bytes (AES-256).</p>
+</div>
+<div class="section" id="PSA_KEY_TYPE_DES">
+<span id="c.PSA_KEY_TYPE_DES"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DES</span></code> (macro)</h3>
+<p>Key for a cipher or MAC algorithm based on DES or 3DES (Triple-DES).</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_TYPE_DES" title="PSA_KEY_TYPE_DES">PSA_KEY_TYPE_DES</a> ((<a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x2301)
+</pre>
+<p>The size of the key can be 8 bytes (single DES), 16 bytes (2-key 3DES) or 24 bytes (3-key 3DES).</p>
+<div class="admonition warning">
+<p class="first admonition-title">Warning</p>
+<p>Single DES and 2-key 3DES are weak and strongly deprecated and are only recommended for decrypting legacy data.</p>
+<p class="last">3-key 3DES is weak and deprecated and is only recommended for use in legacy protocols.</p>
+</div>
+</div>
+<div class="section" id="PSA_KEY_TYPE_CAMELLIA">
+<span id="c.PSA_KEY_TYPE_CAMELLIA"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_CAMELLIA</span></code> (macro)</h3>
+<p>Key for a cipher, AEAD or MAC algorithm based on the Camellia block cipher.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_TYPE_CAMELLIA" title="PSA_KEY_TYPE_CAMELLIA">PSA_KEY_TYPE_CAMELLIA</a> ((<a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x2403)
+</pre>
+</div>
+<div class="section" id="PSA_KEY_TYPE_ARC4">
+<span id="c.PSA_KEY_TYPE_ARC4"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ARC4</span></code> (macro)</h3>
+<p>Key for the RC4 stream cipher.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_TYPE_ARC4" title="PSA_KEY_TYPE_ARC4">PSA_KEY_TYPE_ARC4</a> ((<a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x2002)
+</pre>
+<p>Use algorithm <a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_STREAM_CIPHER" title="PSA_ALG_STREAM_CIPHER"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_STREAM_CIPHER</span></code></a> to use this key with the ARC4 cipher.</p>
+<div class="admonition warning">
+<p class="first admonition-title">Warning</p>
+<p class="last">The RC4 cipher is weak and deprecated and is only recommended for use in legacy protocols.</p>
+</div>
+<p>The ARC4 cipher does not use an initialization vector (IV). When using a multi-part cipher operation with the <a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_STREAM_CIPHER" title="PSA_ALG_STREAM_CIPHER"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_STREAM_CIPHER</span></code></a> algorithm and an ARC4 key, <a class="reference internal" href="../ops/ciphers.html#c.psa_cipher_generate_iv" title="psa_cipher_generate_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_generate_iv()</span></code></a> and <a class="reference internal" href="../ops/ciphers.html#c.psa_cipher_set_iv" title="psa_cipher_set_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_set_iv()</span></code></a> must not be called.</p>
+</div>
+<div class="section" id="PSA_KEY_TYPE_CHACHA20">
+<span id="c.PSA_KEY_TYPE_CHACHA20"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_CHACHA20</span></code> (macro)</h3>
+<p>Key for the ChaCha20 stream cipher or the Chacha20-Poly1305 AEAD algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_TYPE_CHACHA20" title="PSA_KEY_TYPE_CHACHA20">PSA_KEY_TYPE_CHACHA20</a> ((<a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x2004)
+</pre>
+<p>ChaCha20 and the ChaCha20_Poly1305 construction are defined in <a class="reference external" href="https://tools.ietf.org/html/rfc7539.html">RFC 7539</a>.</p>
+<p>Variants of these algorithms are defined by the length of the nonce:</p>
+<ul class="simple">
+<li>Implementations must support a 12-byte nonce, as defined in <a class="reference external" href="https://tools.ietf.org/html/rfc7539.html">RFC 7539</a>.</li>
+<li>Implementations can optionally support an 8-byte nonce, the original variant.</li>
+<li>It is recommended that implementations do not support other sizes of nonce.</li>
+</ul>
+<p>Use algorithm <a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_STREAM_CIPHER" title="PSA_ALG_STREAM_CIPHER"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_STREAM_CIPHER</span></code></a> to use this key with the ChaCha20 cipher for unauthenticated encryption.</p>
+</div>
+</div>
+<div class="section" id="rsa-keys">
+<span id="asymmetric-keys"></span><h2>RSA keys</h2>
+<div class="section" id="PSA_KEY_TYPE_RSA_PUBLIC_KEY">
+<span id="c.PSA_KEY_TYPE_RSA_PUBLIC_KEY"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_RSA_PUBLIC_KEY</span></code> (macro)</h3>
+<p>RSA public key.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_TYPE_RSA_PUBLIC_KEY" title="PSA_KEY_TYPE_RSA_PUBLIC_KEY">PSA_KEY_TYPE_RSA_PUBLIC_KEY</a> ((<a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x4001)
+</pre>
+</div>
+<div class="section" id="PSA_KEY_TYPE_RSA_KEY_PAIR">
+<span id="c.PSA_KEY_TYPE_RSA_KEY_PAIR"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_RSA_KEY_PAIR</span></code> (macro)</h3>
+<p>RSA key pair: both the private and public key.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_TYPE_RSA_KEY_PAIR" title="PSA_KEY_TYPE_RSA_KEY_PAIR">PSA_KEY_TYPE_RSA_KEY_PAIR</a> ((<a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x7001)
+</pre>
+</div>
+<div class="section" id="PSA_KEY_TYPE_IS_RSA">
+<span id="c.PSA_KEY_TYPE_IS_RSA"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_RSA</span></code> (macro)</h3>
+<p>Whether a key type is an RSA key. This includes both key pairs and public keys.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_TYPE_IS_RSA" title="PSA_KEY_TYPE_IS_RSA">PSA_KEY_TYPE_IS_RSA</a>(type) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
+<dd>A key type (value of type <a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>).</dd>
+</dl>
+</div>
+</div>
+<div class="section" id="elliptic-curve-keys">
+<h2>Elliptic Curve keys</h2>
+<div class="section" id="psa_ecc_family_t">
+<span id="c.psa_ecc_family_t"></span><h3><code class="docutils literal"><span class="pre">psa_ecc_family_t</span></code> (type)</h3>
+<p>The type of PSA elliptic curve family identifiers.</p>
+<pre class="literal-block">
+typedef uint8_t <a class="reference internal" href="#c.psa_ecc_family_t" title="psa_ecc_family_t">psa_ecc_family_t</a>;
+</pre>
+<p>The curve identifier is required to create an ECC key using the <a class="reference internal" href="#c.PSA_KEY_TYPE_ECC_KEY_PAIR" title="PSA_KEY_TYPE_ECC_KEY_PAIR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR()</span></code></a> or <a class="reference internal" href="#c.PSA_KEY_TYPE_ECC_PUBLIC_KEY" title="PSA_KEY_TYPE_ECC_PUBLIC_KEY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_PUBLIC_KEY()</span></code></a> macros.</p>
+<p>The specific ECC curve within a family is identified by the <code class="docutils literal"><span class="pre">key_bits</span></code> attribute of the key.</p>
+<p>The range of Elliptic curve family identifier values is divided as follows:</p>
+<dl class="docutils">
+<dt><code class="docutils literal"><span class="pre">0</span></code><code class="docutils literal"><span class="pre">x00</span></code><code class="docutils literal"> <span class="pre">-</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7f</span></code></dt>
+<dd>ECC family identifiers defined by this standard.
+Unallocated values in this range are reserved for future use.</dd>
+<dt><code class="docutils literal"><span class="pre">0</span></code><code class="docutils literal"><span class="pre">x80</span></code><code class="docutils literal"> <span class="pre">-</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">xff</span></code></dt>
+<dd>Implementations that define additional families must use an encoding in this range.</dd>
+</dl>
+</div>
+<div class="section" id="PSA_KEY_TYPE_ECC_KEY_PAIR">
+<span id="c.PSA_KEY_TYPE_ECC_KEY_PAIR"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR</span></code> (macro)</h3>
+<p>Elliptic curve key pair: both the private and public key.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_TYPE_ECC_KEY_PAIR" title="PSA_KEY_TYPE_ECC_KEY_PAIR">PSA_KEY_TYPE_ECC_KEY_PAIR</a>(curve) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">curve</span></code></dt>
+<dd>A value of type <a class="reference internal" href="#c.psa_ecc_family_t" title="psa_ecc_family_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_ecc_family_t</span></code></a> that identifies the ECC curve family to be used.</dd>
+</dl>
+</div>
+<div class="section" id="PSA_KEY_TYPE_ECC_PUBLIC_KEY">
+<span id="c.PSA_KEY_TYPE_ECC_PUBLIC_KEY"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_PUBLIC_KEY</span></code> (macro)</h3>
+<p>Elliptic curve public key.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_TYPE_ECC_PUBLIC_KEY" title="PSA_KEY_TYPE_ECC_PUBLIC_KEY">PSA_KEY_TYPE_ECC_PUBLIC_KEY</a>(curve) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">curve</span></code></dt>
+<dd>A value of type <a class="reference internal" href="#c.psa_ecc_family_t" title="psa_ecc_family_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_ecc_family_t</span></code></a> that identifies the ECC curve family to be used.</dd>
+</dl>
+</div>
+<div class="section" id="PSA_ECC_FAMILY_SECP_K1">
+<span id="c.PSA_ECC_FAMILY_SECP_K1"></span><h3><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECP_K1</span></code> (macro)</h3>
+<p>SEC Koblitz curves over prime fields.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ECC_FAMILY_SECP_K1" title="PSA_ECC_FAMILY_SECP_K1">PSA_ECC_FAMILY_SECP_K1</a> ((<a class="reference internal" href="#c.psa_ecc_family_t" title="psa_ecc_family_t">psa_ecc_family_t</a>) 0x17)
+</pre>
+<p>This family comprises the following curves:</p>
+<ul class="simple">
+<li>secp192k1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">192</span></code></li>
+<li>secp224k1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">225</span></code></li>
+<li>secp256k1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">256</span></code></li>
+</ul>
+<p>They are defined in <em>Standards for Efficient Cryptography</em>, <a class="reference external" href="https://www.secg.org/sec2-v2.pdf"><em>SEC 2: Recommended Elliptic Curve Domain Parameters</em></a>.</p>
+</div>
+<div class="section" id="PSA_ECC_FAMILY_SECP_R1">
+<span id="c.PSA_ECC_FAMILY_SECP_R1"></span><h3><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECP_R1</span></code> (macro)</h3>
+<p>SEC random curves over prime fields.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ECC_FAMILY_SECP_R1" title="PSA_ECC_FAMILY_SECP_R1">PSA_ECC_FAMILY_SECP_R1</a> ((<a class="reference internal" href="#c.psa_ecc_family_t" title="psa_ecc_family_t">psa_ecc_family_t</a>) 0x12)
+</pre>
+<p>This family comprises the following curves:</p>
+<ul class="simple">
+<li>secp192r1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">192</span></code></li>
+<li>secp224r1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">224</span></code></li>
+<li>secp256r1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">256</span></code></li>
+<li>secp384r1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">384</span></code></li>
+<li>secp521r1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">512</span></code></li>
+</ul>
+<p>They are defined in <em>Standards for Efficient Cryptography</em>, <a class="reference external" href="https://www.secg.org/sec2-v2.pdf"><em>SEC 2: Recommended Elliptic Curve Domain Parameters</em></a></p>
+</div>
+<div class="section" id="PSA_ECC_FAMILY_SECP_R2">
+<span id="c.PSA_ECC_FAMILY_SECP_R2"></span><h3><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECP_R2</span></code> (macro)</h3>
+<div class="admonition warning">
+<p class="first admonition-title">Warning</p>
+<p class="last">This family of curves is weak and deprecated.</p>
+</div>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ECC_FAMILY_SECP_R2" title="PSA_ECC_FAMILY_SECP_R2">PSA_ECC_FAMILY_SECP_R2</a> ((<a class="reference internal" href="#c.psa_ecc_family_t" title="psa_ecc_family_t">psa_ecc_family_t</a>) 0x1b)
+</pre>
+<p>This family comprises the following curves:</p>
+<ul class="simple">
+<li>secp160r2 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">160</span></code> <em>(Deprecated)</em></li>
+</ul>
+<p>It is defined in the superseded <a class="reference external" href="https://www.secg.org/SEC2-Ver-1.0.pdf"><em>SEC 2: Recommended Elliptic Curve Domain Parameters, Version 1.0</em></a>.</p>
+</div>
+<div class="section" id="PSA_ECC_FAMILY_SECT_K1">
+<span id="c.PSA_ECC_FAMILY_SECT_K1"></span><h3><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECT_K1</span></code> (macro)</h3>
+<p>SEC Koblitz curves over binary fields.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ECC_FAMILY_SECT_K1" title="PSA_ECC_FAMILY_SECT_K1">PSA_ECC_FAMILY_SECT_K1</a> ((<a class="reference internal" href="#c.psa_ecc_family_t" title="psa_ecc_family_t">psa_ecc_family_t</a>) 0x27)
+</pre>
+<p>This family comprises the following curves:</p>
+<ul class="simple">
+<li>sect163k1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">163</span></code> <em>(Deprecated)</em></li>
+<li>sect233k1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">233</span></code></li>
+<li>sect239k1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">239</span></code></li>
+<li>sect283k1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">283</span></code></li>
+<li>sect409k1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">409</span></code></li>
+<li>sect571k1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">571</span></code></li>
+</ul>
+<p>They are defined in <em>Standards for Efficient Cryptography</em>, <a class="reference external" href="https://www.secg.org/sec2-v2.pdf"><em>SEC 2: Recommended Elliptic Curve Domain Parameters</em></a></p>
+<div class="admonition warning">
+<p class="first admonition-title">Warning</p>
+<p class="last">The 163-bit curve sect163k1 is weak and deprecated and is only recommended for use in legacy protocols.</p>
+</div>
+</div>
+<div class="section" id="PSA_ECC_FAMILY_SECT_R1">
+<span id="c.PSA_ECC_FAMILY_SECT_R1"></span><h3><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECT_R1</span></code> (macro)</h3>
+<p>SEC random curves over binary fields.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ECC_FAMILY_SECT_R1" title="PSA_ECC_FAMILY_SECT_R1">PSA_ECC_FAMILY_SECT_R1</a> ((<a class="reference internal" href="#c.psa_ecc_family_t" title="psa_ecc_family_t">psa_ecc_family_t</a>) 0x22)
+</pre>
+<p>This family comprises the following curves:</p>
+<ul class="simple">
+<li>sect163r1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">163</span></code> <em>(Deprecated)</em></li>
+<li>sect233r1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">233</span></code></li>
+<li>sect283r1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">283</span></code></li>
+<li>sect409r1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">409</span></code></li>
+<li>sect571r1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">571</span></code></li>
+</ul>
+<p>They are defined in <em>Standards for Efficient Cryptography</em>, <a class="reference external" href="https://www.secg.org/sec2-v2.pdf"><em>SEC 2: Recommended Elliptic Curve Domain Parameters</em></a></p>
+<div class="admonition warning">
+<p class="first admonition-title">Warning</p>
+<p class="last">The 163-bit curve sect163r1 is weak and deprecated and is only recommended for use in legacy protocols.</p>
+</div>
+</div>
+<div class="section" id="PSA_ECC_FAMILY_SECT_R2">
+<span id="c.PSA_ECC_FAMILY_SECT_R2"></span><h3><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECT_R2</span></code> (macro)</h3>
+<p>SEC additional random curves over binary fields.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ECC_FAMILY_SECT_R2" title="PSA_ECC_FAMILY_SECT_R2">PSA_ECC_FAMILY_SECT_R2</a> ((<a class="reference internal" href="#c.psa_ecc_family_t" title="psa_ecc_family_t">psa_ecc_family_t</a>) 0x2b)
+</pre>
+<p>This family comprises the following curves:</p>
+<ul class="simple">
+<li>sect163r2 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">163</span></code> <em>(Deprecated)</em></li>
+</ul>
+<p>It is defined in <em>Standards for Efficient Cryptography</em>, <a class="reference external" href="https://www.secg.org/sec2-v2.pdf"><em>SEC 2: Recommended Elliptic Curve Domain Parameters</em></a></p>
+<div class="admonition warning">
+<p class="first admonition-title">Warning</p>
+<p class="last">The 163-bit curve sect163r2 is weak and deprecated and is only recommended for use in legacy protocols.</p>
+</div>
+</div>
+<div class="section" id="PSA_ECC_FAMILY_BRAINPOOL_P_R1">
+<span id="c.PSA_ECC_FAMILY_BRAINPOOL_P_R1"></span><h3><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_BRAINPOOL_P_R1</span></code> (macro)</h3>
+<p>Brainpool P random curves.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ECC_FAMILY_BRAINPOOL_P_R1" title="PSA_ECC_FAMILY_BRAINPOOL_P_R1">PSA_ECC_FAMILY_BRAINPOOL_P_R1</a> ((<a class="reference internal" href="#c.psa_ecc_family_t" title="psa_ecc_family_t">psa_ecc_family_t</a>) 0x30)
+</pre>
+<p>This family comprises the following curves:</p>
+<ul class="simple">
+<li>brainpoolP160r1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">160</span></code> <em>(Deprecated)</em></li>
+<li>brainpoolP192r1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">192</span></code></li>
+<li>brainpoolP224r1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">224</span></code></li>
+<li>brainpoolP256r1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">256</span></code></li>
+<li>brainpoolP320r1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">320</span></code></li>
+<li>brainpoolP384r1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">384</span></code></li>
+<li>brainpoolP512r1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">512</span></code></li>
+</ul>
+<p>They are defined in <a class="reference external" href="https://tools.ietf.org/html/rfc5639.html">RFC 5639</a>.</p>
+<div class="admonition warning">
+<p class="first admonition-title">Warning</p>
+<p class="last">The 160-bit curve brainpoolP160r1 is weak and deprecated and is only recommended for use in legacy protocols.</p>
+</div>
+</div>
+<div class="section" id="PSA_ECC_FAMILY_FRP">
+<span id="c.PSA_ECC_FAMILY_FRP"></span><h3><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_FRP</span></code> (macro)</h3>
+<p>Curve used primarily in France and elsewhere in Europe.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ECC_FAMILY_FRP" title="PSA_ECC_FAMILY_FRP">PSA_ECC_FAMILY_FRP</a> ((<a class="reference internal" href="#c.psa_ecc_family_t" title="psa_ecc_family_t">psa_ecc_family_t</a>) 0x33)
+</pre>
+<p>This family comprises one 256-bit curve:</p>
+<ul class="simple">
+<li>FRP256v1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">256</span></code></li>
+</ul>
+<p>This is defined by <em>Agence nationale de la sécurité des systèmes d’information</em> in <a class="reference external" href="https://www.ssi.gouv.fr/agence/publication/publication-dun-parametrage-de-courbe-elliptique-visant-des-applications-de-passeport-electronique-et-de-ladministration-electronique-francaise/"><em>Publication d’un paramétrage de courbe elliptique visant des applications de passeport électronique et de l’administration électronique française</em></a>, 21 November 2011.</p>
+</div>
+<div class="section" id="PSA_ECC_FAMILY_MONTGOMERY">
+<span id="c.PSA_ECC_FAMILY_MONTGOMERY"></span><h3><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_MONTGOMERY</span></code> (macro)</h3>
+<p>Montgomery curves.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ECC_FAMILY_MONTGOMERY" title="PSA_ECC_FAMILY_MONTGOMERY">PSA_ECC_FAMILY_MONTGOMERY</a> ((<a class="reference internal" href="#c.psa_ecc_family_t" title="psa_ecc_family_t">psa_ecc_family_t</a>) 0x41)
+</pre>
+<p>This family comprises the following Montgomery curves:</p>
+<ul>
+<li><p class="first">Curve25519 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">255</span></code></p>
+<p>This curve is defined in Bernstein et al., <a class="reference external" href="https://www.iacr.org/archive/pkc2006/39580209/39580209.pdf"><em>Curve25519: new Diffie-Hellman speed records</em></a>, LNCS 3958, 2006.</p>
+<p>The algorithm <a class="reference internal" href="../ops/ka.html#c.PSA_ALG_ECDH" title="PSA_ALG_ECDH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDH</span></code></a> performs X25519 when used with this curve.</p>
+</li>
+<li><p class="first">Curve448 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">448</span></code></p>
+<p>This curve is defined in Hamburg, <a class="reference external" href="https://eprint.iacr.org/2015/625.pdf"><em>Ed448-Goldilocks, a new elliptic curve</em></a>, NIST ECC Workshop, 2015.</p>
+<p>The algorithm <a class="reference internal" href="../ops/ka.html#c.PSA_ALG_ECDH" title="PSA_ALG_ECDH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDH</span></code></a> performs X448 when used with this curve.</p>
+</li>
+</ul>
+</div>
+<div class="section" id="PSA_KEY_TYPE_IS_ECC">
+<span id="c.PSA_KEY_TYPE_IS_ECC"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ECC</span></code> (macro)</h3>
+<p>Whether a key type is an elliptic curve key, either a key pair or a public key.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_TYPE_IS_ECC" title="PSA_KEY_TYPE_IS_ECC">PSA_KEY_TYPE_IS_ECC</a>(type) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
+<dd>A key type (value of type <a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>).</dd>
+</dl>
+</div>
+<div class="section" id="PSA_KEY_TYPE_IS_ECC_KEY_PAIR">
+<span id="c.PSA_KEY_TYPE_IS_ECC_KEY_PAIR"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ECC_KEY_PAIR</span></code> (macro)</h3>
+<p>Whether a key type is an elliptic curve key pair.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_TYPE_IS_ECC_KEY_PAIR" title="PSA_KEY_TYPE_IS_ECC_KEY_PAIR">PSA_KEY_TYPE_IS_ECC_KEY_PAIR</a>(type) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
+<dd>A key type (value of type <a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>).</dd>
+</dl>
+</div>
+<div class="section" id="PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY">
+<span id="c.PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY</span></code> (macro)</h3>
+<p>Whether a key type is an elliptic curve public key.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY" title="PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY">PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY</a>(type) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
+<dd>A key type (value of type <a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>).</dd>
+</dl>
+</div>
+<div class="section" id="PSA_KEY_TYPE_ECC_GET_FAMILY">
+<span id="c.PSA_KEY_TYPE_ECC_GET_FAMILY"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_GET_FAMILY</span></code> (macro)</h3>
+<p>Extract the curve family from an elliptic curve key type.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_TYPE_ECC_GET_FAMILY" title="PSA_KEY_TYPE_ECC_GET_FAMILY">PSA_KEY_TYPE_ECC_GET_FAMILY</a>(type) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
+<dd>An elliptic curve key type (value of type <a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a> such that <a class="reference internal" href="#c.PSA_KEY_TYPE_IS_ECC" title="PSA_KEY_TYPE_IS_ECC"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ECC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="#c.psa_ecc_family_t" title="psa_ecc_family_t"><code class="docutils literal"><span class="pre">psa_ecc_family_t</span></code></a></p>
+<p>The elliptic curve family id, if <code class="docutils literal"><span class="pre">type</span></code> is a supported elliptic curve key. Unspecified if <code class="docutils literal"><span class="pre">type</span></code> is not a supported elliptic curve key.</p>
+</div>
+</div>
+<div class="section" id="diffie-hellman-keys">
+<h2>Diffie Hellman keys</h2>
+<div class="section" id="psa_dh_family_t">
+<span id="c.psa_dh_family_t"></span><h3><code class="docutils literal"><span class="pre">psa_dh_family_t</span></code> (type)</h3>
+<p>The type of PSA Diffie-Hellman group family identifiers.</p>
+<pre class="literal-block">
+typedef uint8_t <a class="reference internal" href="#c.psa_dh_family_t" title="psa_dh_family_t">psa_dh_family_t</a>;
+</pre>
+<p>The group family identifier is required to create an Diffie-Hellman key using the <a class="reference internal" href="#c.PSA_KEY_TYPE_DH_KEY_PAIR" title="PSA_KEY_TYPE_DH_KEY_PAIR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_DH_KEY_PAIR()</span></code></a> or <a class="reference internal" href="#c.PSA_KEY_TYPE_DH_PUBLIC_KEY" title="PSA_KEY_TYPE_DH_PUBLIC_KEY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_DH_PUBLIC_KEY()</span></code></a> macros.</p>
+<p>The specific Diffie-Hellman group within a family is identified by the <code class="docutils literal"><span class="pre">key_bits</span></code> attribute of the key.</p>
+<p>The range of Diffie-Hellman group family identifier values is divided as follows:</p>
+<dl class="docutils">
+<dt><code class="docutils literal"><span class="pre">0</span></code><code class="docutils literal"><span class="pre">x00</span></code><code class="docutils literal"> <span class="pre">-</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7f</span></code></dt>
+<dd>DH group family identifiers defined by this standard.
+Unallocated values in this range are reserved for future use.</dd>
+<dt><code class="docutils literal"><span class="pre">0</span></code><code class="docutils literal"><span class="pre">x80</span></code><code class="docutils literal"> <span class="pre">-</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">xff</span></code></dt>
+<dd>Implementations that define additional families must use an encoding in this range.</dd>
+</dl>
+</div>
+<div class="section" id="PSA_KEY_TYPE_DH_KEY_PAIR">
+<span id="c.PSA_KEY_TYPE_DH_KEY_PAIR"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DH_KEY_PAIR</span></code> (macro)</h3>
+<p>Diffie-Hellman key pair: both the private key and public key.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_TYPE_DH_KEY_PAIR" title="PSA_KEY_TYPE_DH_KEY_PAIR">PSA_KEY_TYPE_DH_KEY_PAIR</a>(group) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">group</span></code></dt>
+<dd>A value of type <a class="reference internal" href="#c.psa_dh_family_t" title="psa_dh_family_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_dh_family_t</span></code></a> that identifies the Diffie-Hellman group family to be used.</dd>
+</dl>
+</div>
+<div class="section" id="PSA_KEY_TYPE_DH_PUBLIC_KEY">
+<span id="c.PSA_KEY_TYPE_DH_PUBLIC_KEY"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DH_PUBLIC_KEY</span></code> (macro)</h3>
+<p>Diffie-Hellman public key.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_TYPE_DH_PUBLIC_KEY" title="PSA_KEY_TYPE_DH_PUBLIC_KEY">PSA_KEY_TYPE_DH_PUBLIC_KEY</a>(group) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">group</span></code></dt>
+<dd>A value of type <a class="reference internal" href="#c.psa_dh_family_t" title="psa_dh_family_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_dh_family_t</span></code></a> that identifies the Diffie-Hellman group family to be used.</dd>
+</dl>
+</div>
+<div class="section" id="PSA_DH_FAMILY_RFC7919">
+<span id="c.PSA_DH_FAMILY_RFC7919"></span><h3><code class="docutils literal"><span class="pre">PSA_DH_FAMILY_RFC7919</span></code> (macro)</h3>
+<p>Diffie-Hellman groups defined in <a class="reference external" href="https://tools.ietf.org/html/rfc7919.html#appendix-A">RFC 7919 Appendix A</a>.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_DH_FAMILY_RFC7919" title="PSA_DH_FAMILY_RFC7919">PSA_DH_FAMILY_RFC7919</a> ((<a class="reference internal" href="#c.psa_dh_family_t" title="psa_dh_family_t">psa_dh_family_t</a>) 0x03)
+</pre>
+<p>This family includes groups with the following key sizes (in bits): 2048, 3072, 4096, 6144, 8192.
+An implementation can support all of these sizes or only a subset.</p>
+</div>
+<div class="section" id="PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY">
+<span id="c.PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY</span></code> (macro)</h3>
+<p>The key pair type corresponding to a public key type.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY" title="PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY">PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY</a>(type) \
+    <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
+<dd>A public key type or key pair type.</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>The corresponding key pair type. If <code class="docutils literal"><span class="pre">type</span></code> is not a public key or a key pair, the return value is undefined.</p>
+<p class="rubric">Description</p>
+<p>If <code class="docutils literal"><span class="pre">type</span></code> is a key pair type, it will be left unchanged.</p>
+</div>
+<div class="section" id="PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR">
+<span id="c.PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR</span></code> (macro)</h3>
+<p>The public key type corresponding to a key pair type.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR" title="PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR</a>(type) \
+    <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
+<dd>A public key type or key pair type.</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>The corresponding public key type. If <code class="docutils literal"><span class="pre">type</span></code> is not a public key or a key pair, the return value is undefined.</p>
+<p class="rubric">Description</p>
+<p>If <code class="docutils literal"><span class="pre">type</span></code> is a public key type, it will be left unchanged.</p>
+</div>
+<div class="section" id="PSA_KEY_TYPE_IS_DH">
+<span id="c.PSA_KEY_TYPE_IS_DH"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_DH</span></code> (macro)</h3>
+<p>Whether a key type is a Diffie-Hellman key, either a key pair or a public key.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_TYPE_IS_DH" title="PSA_KEY_TYPE_IS_DH">PSA_KEY_TYPE_IS_DH</a>(type) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
+<dd>A key type (value of type <a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>).</dd>
+</dl>
+</div>
+<div class="section" id="PSA_KEY_TYPE_IS_DH_KEY_PAIR">
+<span id="c.PSA_KEY_TYPE_IS_DH_KEY_PAIR"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_DH_KEY_PAIR</span></code> (macro)</h3>
+<p>Whether a key type is a Diffie-Hellman key pair.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_TYPE_IS_DH_KEY_PAIR" title="PSA_KEY_TYPE_IS_DH_KEY_PAIR">PSA_KEY_TYPE_IS_DH_KEY_PAIR</a>(type) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
+<dd>A key type (value of type <a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>).</dd>
+</dl>
+</div>
+<div class="section" id="PSA_KEY_TYPE_IS_DH_PUBLIC_KEY">
+<span id="c.PSA_KEY_TYPE_IS_DH_PUBLIC_KEY"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_DH_PUBLIC_KEY</span></code> (macro)</h3>
+<p>Whether a key type is a Diffie-Hellman public key.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_TYPE_IS_DH_PUBLIC_KEY" title="PSA_KEY_TYPE_IS_DH_PUBLIC_KEY">PSA_KEY_TYPE_IS_DH_PUBLIC_KEY</a>(type) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
+<dd>A key type (value of type <a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>).</dd>
+</dl>
+</div>
+<div class="section" id="PSA_KEY_TYPE_DH_GET_FAMILY">
+<span id="c.PSA_KEY_TYPE_DH_GET_FAMILY"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DH_GET_FAMILY</span></code> (macro)</h3>
+<p>Extract the group family from a Diffie-Hellman key type.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_TYPE_DH_GET_FAMILY" title="PSA_KEY_TYPE_DH_GET_FAMILY">PSA_KEY_TYPE_DH_GET_FAMILY</a>(type) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
+<dd>A Diffie-Hellman key type (value of type <a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a> such that <a class="reference internal" href="#c.PSA_KEY_TYPE_IS_DH" title="PSA_KEY_TYPE_IS_DH"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_DH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="#c.psa_dh_family_t" title="psa_dh_family_t"><code class="docutils literal"><span class="pre">psa_dh_family_t</span></code></a></p>
+<p>The Diffie-Hellman group family id, if <code class="docutils literal"><span class="pre">type</span></code> is a supported Diffie-Hellman key. Unspecified if <code class="docutils literal"><span class="pre">type</span></code> is not a supported Diffie-Hellman key.</p>
+</div>
+</div>
+<div class="section" id="attribute-accessors">
+<h2>Attribute accessors</h2>
+<div class="section" id="psa_set_key_type">
+<span id="c.psa_set_key_type"></span><h3><code class="docutils literal"><span class="pre">psa_set_key_type</span></code> (function)</h3>
+<p>Declare the type of a key.</p>
+<pre class="literal-block">
+void <a class="reference internal" href="#c.psa_set_key_type" title="psa_set_key_type">psa_set_key_type</a>(<a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
+                      <a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a> type);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
+<dd>The attribute object to write to.</dd>
+<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
+<dd>The key type to write. If this is <a class="reference internal" href="#c.PSA_KEY_TYPE_NONE" title="PSA_KEY_TYPE_NONE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_NONE</span></code></a>, the key type in <code class="docutils literal"><span class="pre">attributes</span></code> becomes unspecified.</dd>
+</dl>
+<p class="rubric">Returns: <code class="docutils literal"><span class="pre">void</span></code></p>
+<p class="rubric">Description</p>
+<p>This function overwrites any key type previously set in <code class="docutils literal"><span class="pre">attributes</span></code>.</p>
+<div class="admonition-implementation-note admonition">
+<p class="first admonition-title">Implementation note</p>
+<p>This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:</p>
+<ul class="last simple">
+<li>This function can be declared as <code class="docutils literal"><span class="pre">static</span></code> or <code class="docutils literal"><span class="pre">inline</span></code>, instead of using the default external linkage.</li>
+<li>This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.</li>
+</ul>
+</div>
+</div>
+<div class="section" id="psa_get_key_type">
+<span id="c.psa_get_key_type"></span><h3><code class="docutils literal"><span class="pre">psa_get_key_type</span></code> (function)</h3>
+<p>Retrieve the key type from key attributes.</p>
+<pre class="literal-block">
+<a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a> <a class="reference internal" href="#c.psa_get_key_type" title="psa_get_key_type">psa_get_key_type</a>(const <a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
+<dd>The key attribute object to query.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="docutils literal"><span class="pre">psa_key_type_t</span></code></a></p>
+<p>The key type stored in the attribute object.</p>
+<p class="rubric">Description</p>
+<div class="admonition-implementation-note admonition">
+<p class="first admonition-title">Implementation note</p>
+<p>This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:</p>
+<ul class="last simple">
+<li>This function can be declared as <code class="docutils literal"><span class="pre">static</span></code> or <code class="docutils literal"><span class="pre">inline</span></code>, instead of using the default external linkage.</li>
+<li>This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.</li>
+</ul>
+</div>
+</div>
+<div class="section" id="psa_get_key_bits">
+<span id="c.psa_get_key_bits"></span><h3><code class="docutils literal"><span class="pre">psa_get_key_bits</span></code> (function)</h3>
+<p>Retrieve the key size from key attributes.</p>
+<pre class="literal-block">
+size_t <a class="reference internal" href="#c.psa_get_key_bits" title="psa_get_key_bits">psa_get_key_bits</a>(const <a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
+<dd>The key attribute object to query.</dd>
+</dl>
+<p class="rubric">Returns: <code class="docutils literal"><span class="pre">size_t</span></code></p>
+<p>The key size stored in the attribute object, in bits.</p>
+<p class="rubric">Description</p>
+<div class="admonition-implementation-note admonition">
+<p class="first admonition-title">Implementation note</p>
+<p>This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:</p>
+<ul class="last simple">
+<li>This function can be declared as <code class="docutils literal"><span class="pre">static</span></code> or <code class="docutils literal"><span class="pre">inline</span></code>, instead of using the default external linkage.</li>
+<li>This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.</li>
+</ul>
+</div>
+</div>
+<div class="section" id="psa_set_key_bits">
+<span id="c.psa_set_key_bits"></span><h3><code class="docutils literal"><span class="pre">psa_set_key_bits</span></code> (function)</h3>
+<p>Declare the size of a key.</p>
+<pre class="literal-block">
+void <a class="reference internal" href="#c.psa_set_key_bits" title="psa_set_key_bits">psa_set_key_bits</a>(<a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
+                      size_t bits);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
+<dd>The attribute object to write to.</dd>
+<dt> <code class="docutils literal"><span class="pre">bits</span></code></dt>
+<dd>The key size in bits. If this is <code class="docutils literal"><span class="pre">0</span></code>, the key size in <code class="docutils literal"><span class="pre">attributes</span></code> becomes unspecified. Keys of size <code class="docutils literal"><span class="pre">0</span></code> are not supported.</dd>
+</dl>
+<p class="rubric">Returns: <code class="docutils literal"><span class="pre">void</span></code></p>
+<p class="rubric">Description</p>
+<p>This function overwrites any key size previously set in <code class="docutils literal"><span class="pre">attributes</span></code>.</p>
+<div class="admonition-implementation-note admonition">
+<p class="first admonition-title">Implementation note</p>
+<p>This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:</p>
+<ul class="last simple">
+<li>This function can be declared as <code class="docutils literal"><span class="pre">static</span></code> or <code class="docutils literal"><span class="pre">inline</span></code>, instead of using the default external linkage.</li>
+<li>This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.</li>
+</ul>
+</div>
+</div>
+</div>
+</div>
+
+
+          </div>
+        </div>
+      </div>
+      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
+        <div class="sphinxsidebarwrapper">
+  <h3><a href="../../index.html">Table Of Contents</a></h3>
+  <ul>
+<li><a class="reference internal" href="#">Key types</a><ul>
+<li><a class="reference internal" href="#key-categories">Key categories</a><ul>
+<li><a class="reference internal" href="#PSA_KEY_TYPE_NONE"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_NONE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_TYPE_IS_UNSTRUCTURED"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_UNSTRUCTURED</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_TYPE_IS_ASYMMETRIC"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ASYMMETRIC</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_TYPE_IS_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_PUBLIC_KEY</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_TYPE_IS_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_KEY_PAIR</span></code> (macro)</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#symmetric-keys">Symmetric keys</a><ul>
+<li><a class="reference internal" href="#PSA_KEY_TYPE_RAW_DATA"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_RAW_DATA</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_TYPE_HMAC"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_HMAC</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_TYPE_DERIVE"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DERIVE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_TYPE_AES"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_AES</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_TYPE_DES"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DES</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_TYPE_CAMELLIA"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_CAMELLIA</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_TYPE_ARC4"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ARC4</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_TYPE_CHACHA20"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_CHACHA20</span></code> (macro)</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#rsa-keys">RSA keys</a><ul>
+<li><a class="reference internal" href="#PSA_KEY_TYPE_RSA_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_RSA_PUBLIC_KEY</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_TYPE_RSA_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_RSA_KEY_PAIR</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_TYPE_IS_RSA"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_RSA</span></code> (macro)</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#elliptic-curve-keys">Elliptic Curve keys</a><ul>
+<li><a class="reference internal" href="#psa_ecc_family_t"><code class="docutils literal"><span class="pre">psa_ecc_family_t</span></code> (type)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_TYPE_ECC_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_TYPE_ECC_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_PUBLIC_KEY</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ECC_FAMILY_SECP_K1"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECP_K1</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ECC_FAMILY_SECP_R1"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECP_R1</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ECC_FAMILY_SECP_R2"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECP_R2</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ECC_FAMILY_SECT_K1"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECT_K1</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ECC_FAMILY_SECT_R1"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECT_R1</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ECC_FAMILY_SECT_R2"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECT_R2</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ECC_FAMILY_BRAINPOOL_P_R1"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_BRAINPOOL_P_R1</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ECC_FAMILY_FRP"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_FRP</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ECC_FAMILY_MONTGOMERY"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_MONTGOMERY</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_TYPE_IS_ECC"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ECC</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_TYPE_IS_ECC_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ECC_KEY_PAIR</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_TYPE_ECC_GET_FAMILY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_GET_FAMILY</span></code> (macro)</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#diffie-hellman-keys">Diffie Hellman keys</a><ul>
+<li><a class="reference internal" href="#psa_dh_family_t"><code class="docutils literal"><span class="pre">psa_dh_family_t</span></code> (type)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_TYPE_DH_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DH_KEY_PAIR</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_TYPE_DH_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DH_PUBLIC_KEY</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_DH_FAMILY_RFC7919"><code class="docutils literal"><span class="pre">PSA_DH_FAMILY_RFC7919</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_TYPE_IS_DH"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_DH</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_TYPE_IS_DH_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_DH_KEY_PAIR</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_TYPE_IS_DH_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_DH_PUBLIC_KEY</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_TYPE_DH_GET_FAMILY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DH_GET_FAMILY</span></code> (macro)</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#attribute-accessors">Attribute accessors</a><ul>
+<li><a class="reference internal" href="#psa_set_key_type"><code class="docutils literal"><span class="pre">psa_set_key_type</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_get_key_type"><code class="docutils literal"><span class="pre">psa_get_key_type</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_get_key_bits"><code class="docutils literal"><span class="pre">psa_get_key_bits</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_set_key_bits"><code class="docutils literal"><span class="pre">psa_set_key_bits</span></code> (function)</a></li>
+</ul>
+</li>
+</ul>
+</li>
+</ul>
+<div class="relations">
+<h3>Related Topics</h3>
+<ul>
+  <li><a href="../../index.html">Documentation overview</a><ul>
+  <li><a href="index.html">Key management reference</a><ul>
+      <li>Previous: <a href="locations.html" title="previous chapter">Key locations</a></li>
+      <li>Next: <a href="usage.html" title="next chapter">Key policies</a></li>
+  </ul></li>
+  </ul></li>
+</ul>
+</div>
+  <div role="note" aria-label="source link">
+    <h3>This Page</h3>
+    <ul class="this-page-menu">
+      <li><a href="../../_sources/api/keys/types.rst.txt"
+            rel="nofollow">Show Source</a></li>
+    </ul>
+   </div>
+<div id="searchbox" style="display: none" role="search">
+  <h3>Quick search</h3>
+    <form class="search" action="../../search.html" method="get">
+      <div><input type="text" name="q" /></div>
+      <div><input type="submit" value="Go" /></div>
+      <input type="hidden" name="check_keywords" value="yes" />
+      <input type="hidden" name="area" value="default" />
+    </form>
+</div>
+<script type="text/javascript">$('#searchbox').show(0);</script>
+        </div>
+      </div>
+      <div class="clearer"></div>
+    </div>
+    <div class="footer">
+      &copy; 2019-2020, Arm Limited or its affiliates. All rights reserved.
+      
+      |
+      Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
+      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
+      
+      |
+      <a href="../../_sources/api/keys/types.rst.txt"
+          rel="nofollow">Page source</a>
+    </div>
+
+    
+
+    
+  </body>
+</html>
\ No newline at end of file
diff --git a/docs/html/api/keys/usage.html b/docs/html/api/keys/usage.html
new file mode 100644
index 0000000..984b37c
--- /dev/null
+++ b/docs/html/api/keys/usage.html
@@ -0,0 +1,309 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <title>Key policies &#8212; PSA Crypto API 1.0.0 documentation</title>
+    <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
+    <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
+    <script type="text/javascript">
+      var DOCUMENTATION_OPTIONS = {
+        URL_ROOT:    '../../',
+        VERSION:     '1.0.0',
+        COLLAPSE_INDEX: false,
+        FILE_SUFFIX: '.html',
+        HAS_SOURCE:  true,
+        SOURCELINK_SUFFIX: '.txt'
+      };
+    </script>
+    <script type="text/javascript" src="../../_static/jquery.js"></script>
+    <script type="text/javascript" src="../../_static/underscore.js"></script>
+    <script type="text/javascript" src="../../_static/doctools.js"></script>
+    <link rel="index" title="Index" href="../../genindex.html" />
+    <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="Algorithms" href="algorithms.html" />
+    <link rel="prev" title="Key types" href="types.html" />
+   
+  <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
+  
+  <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
+
+  </head>
+  <body>
+  
+
+    <div class="document">
+      <div class="documentwrapper">
+        <div class="bodywrapper">
+          <div class="body" role="main">
+            
+  <div class="section" id="key-policies">
+<span id="key-usage"></span><h1>Key policies</h1>
+<div class="section" id="key-usage-flags">
+<h2>Key usage flags</h2>
+<div class="section" id="PSA_KEY_USAGE_EXPORT">
+<span id="c.PSA_KEY_USAGE_EXPORT"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code> (macro)</h3>
+<p>Permission to export the key.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT">PSA_KEY_USAGE_EXPORT</a> ((<a class="reference internal" href="attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000001)
+</pre>
+<p>This flag allows the use of <a class="reference internal" href="management.html#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_key()</span></code></a> to export a key from the cryptoprocessor. A public key or the public part of a key pair can always be exported regardless of the value of this permission flag.</p>
+<p>This flag can also be required to copy a key using <a class="reference internal" href="management.html#c.psa_copy_key" title="psa_copy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_copy_key()</span></code></a> outside of a secure element. See also <a class="reference internal" href="#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_COPY</span></code></a>.</p>
+<p>If a key does not have export permission, implementations must not allow the key to be exported in plain form from the cryptoprocessor, whether through <a class="reference internal" href="management.html#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_key()</span></code></a> or through a proprietary interface. The key might still be exportable in a wrapped form, i.e. in a form where it is encrypted by another key.</p>
+</div>
+<div class="section" id="PSA_KEY_USAGE_COPY">
+<span id="c.PSA_KEY_USAGE_COPY"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_COPY</span></code> (macro)</h3>
+<p>Permission to copy the key.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY">PSA_KEY_USAGE_COPY</a> ((<a class="reference internal" href="attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000002)
+</pre>
+<p>This flag allows the use of <a class="reference internal" href="management.html#c.psa_copy_key" title="psa_copy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_copy_key()</span></code></a> to make a copy of the key with the same policy or a more restrictive policy.</p>
+<p>For lifetimes for which the key is located in a secure element which enforce the non-exportability of keys, copying a key outside the secure element also requires the usage flag <a class="reference internal" href="#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code></a>. Copying the key inside the secure element is permitted with just <a class="reference internal" href="#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_COPY</span></code></a> if the secure element supports it. For keys with the lifetime <a class="reference internal" href="locations.html#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code></a> or <a class="reference internal" href="locations.html#c.PSA_KEY_LIFETIME_PERSISTENT" title="PSA_KEY_LIFETIME_PERSISTENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code></a>, the usage flag <a class="reference internal" href="#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_COPY</span></code></a> is sufficient to permit the copy.</p>
+</div>
+<div class="section" id="PSA_KEY_USAGE_CACHE">
+<span id="c.PSA_KEY_USAGE_CACHE"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_CACHE</span></code> (macro)</h3>
+<p>Permission for the implementation to cache the key.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_USAGE_CACHE" title="PSA_KEY_USAGE_CACHE">PSA_KEY_USAGE_CACHE</a> ((<a class="reference internal" href="attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000004)
+</pre>
+<p>This flag allows the implementation to make additional copies of the key material that are not in storage and not for the purpose of an ongoing operation. Applications can use it as a hint to keep the key around for repeated access.</p>
+<p>An application can request that cached key material is removed from memory by calling <a class="reference internal" href="management.html#c.psa_purge_key" title="psa_purge_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_purge_key()</span></code></a>.</p>
+<p>The presence of this key policy when creating a key is a hint:</p>
+<ul class="simple">
+<li>An implementation is not required to cache keys that have this policy.</li>
+<li>An implementation must not report an error if it does not cache keys.</li>
+</ul>
+<p>If this key policy is not present, the implementation must ensure key material is removed from memory as soon as it is not required for an operation or for maintenance of a volatile key.</p>
+<p>This flag must be preserved when reading back the attributes for all keys, regardless of key type or implementation behavior.</p>
+<p>See also <em><a class="reference internal" href="../../overview/implementation.html#key-material"><span class="std std-ref">Managing key material</span></a></em>.</p>
+</div>
+<div class="section" id="PSA_KEY_USAGE_ENCRYPT">
+<span id="c.PSA_KEY_USAGE_ENCRYPT"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code> (macro)</h3>
+<p>Permission to encrypt a message with the key.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT">PSA_KEY_USAGE_ENCRYPT</a> ((<a class="reference internal" href="attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000100)
+</pre>
+<p>This flag allows the key to be used for a symmetric encryption operation, for an AEAD encryption-and-authentication operation, or for an asymmetric encryption operation, if otherwise permitted by the key’s type and policy. The flag must be present on keys used with the following APIs:</p>
+<ul class="simple">
+<li><a class="reference internal" href="../ops/ciphers.html#c.psa_cipher_encrypt" title="psa_cipher_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_encrypt()</span></code></a></li>
+<li><a class="reference internal" href="../ops/ciphers.html#c.psa_cipher_encrypt_setup" title="psa_cipher_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_encrypt_setup()</span></code></a></li>
+<li><a class="reference internal" href="../ops/aead.html#c.psa_aead_encrypt" title="psa_aead_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_encrypt()</span></code></a></li>
+<li><a class="reference internal" href="../ops/aead.html#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_encrypt_setup()</span></code></a></li>
+<li><a class="reference internal" href="../ops/pke.html#c.psa_asymmetric_encrypt" title="psa_asymmetric_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_asymmetric_encrypt()</span></code></a></li>
+</ul>
+<p>For a key pair, this concerns the public key.</p>
+</div>
+<div class="section" id="PSA_KEY_USAGE_DECRYPT">
+<span id="c.PSA_KEY_USAGE_DECRYPT"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code> (macro)</h3>
+<p>Permission to decrypt a message with the key.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT">PSA_KEY_USAGE_DECRYPT</a> ((<a class="reference internal" href="attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000200)
+</pre>
+<p>This flag allows the key to be used for a symmetric decryption operation, for an AEAD decryption-and-verification operation, or for an asymmetric decryption operation, if otherwise permitted by the key’s type and policy. The flag must be present on keys used with the following APIs:</p>
+<ul class="simple">
+<li><a class="reference internal" href="../ops/ciphers.html#c.psa_cipher_decrypt" title="psa_cipher_decrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_decrypt()</span></code></a></li>
+<li><a class="reference internal" href="../ops/ciphers.html#c.psa_cipher_decrypt_setup" title="psa_cipher_decrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_decrypt_setup()</span></code></a></li>
+<li><a class="reference internal" href="../ops/aead.html#c.psa_aead_decrypt" title="psa_aead_decrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_decrypt()</span></code></a></li>
+<li><a class="reference internal" href="../ops/aead.html#c.psa_aead_decrypt_setup" title="psa_aead_decrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_decrypt_setup()</span></code></a></li>
+<li><a class="reference internal" href="../ops/pke.html#c.psa_asymmetric_decrypt" title="psa_asymmetric_decrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_asymmetric_decrypt()</span></code></a></li>
+</ul>
+<p>For a key pair, this concerns the private key.</p>
+</div>
+<div class="section" id="PSA_KEY_USAGE_SIGN_MESSAGE">
+<span id="c.PSA_KEY_USAGE_SIGN_MESSAGE"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code> (macro)</h3>
+<p>Permission to sign a message with the key.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE">PSA_KEY_USAGE_SIGN_MESSAGE</a> ((<a class="reference internal" href="attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000400)
+</pre>
+<p>This flag allows the key to be used for a MAC calculation operation or for an asymmetric message signature operation, if otherwise permitted by the key’s type and policy. The flag must be present on keys used with the following APIs:</p>
+<ul class="simple">
+<li><a class="reference internal" href="../ops/macs.html#c.psa_mac_compute" title="psa_mac_compute"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_compute()</span></code></a></li>
+<li><a class="reference internal" href="../ops/macs.html#c.psa_mac_sign_setup" title="psa_mac_sign_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_sign_setup()</span></code></a></li>
+<li><a class="reference internal" href="../ops/sign.html#c.psa_sign_message" title="psa_sign_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_message()</span></code></a></li>
+</ul>
+<p>For a key pair, this concerns the private key.</p>
+</div>
+<div class="section" id="PSA_KEY_USAGE_VERIFY_MESSAGE">
+<span id="c.PSA_KEY_USAGE_VERIFY_MESSAGE"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code> (macro)</h3>
+<p>Permission to verify a message signature with the key.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE">PSA_KEY_USAGE_VERIFY_MESSAGE</a> ((<a class="reference internal" href="attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000800)
+</pre>
+<p>This flag allows the key to be used for a MAC verification operation or for an asymmetric message signature verification operation, if otherwise permitted by the key’s type and policy. The flag must be present on keys used with the following APIs:</p>
+<ul class="simple">
+<li><a class="reference internal" href="../ops/macs.html#c.psa_mac_verify" title="psa_mac_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_verify()</span></code></a></li>
+<li><a class="reference internal" href="../ops/macs.html#c.psa_mac_verify_setup" title="psa_mac_verify_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_verify_setup()</span></code></a></li>
+<li><a class="reference internal" href="../ops/sign.html#c.psa_verify_message" title="psa_verify_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_message()</span></code></a></li>
+</ul>
+<p>For a key pair, this concerns the public key.</p>
+</div>
+<div class="section" id="PSA_KEY_USAGE_SIGN_HASH">
+<span id="c.PSA_KEY_USAGE_SIGN_HASH"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_HASH</span></code> (macro)</h3>
+<p>Permission to sign a message hash with the key.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_USAGE_SIGN_HASH" title="PSA_KEY_USAGE_SIGN_HASH">PSA_KEY_USAGE_SIGN_HASH</a> ((<a class="reference internal" href="attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00001000)
+</pre>
+<p>This flag allows the key to be used to sign a message hash as part of an asymmetric signature operation, if otherwise permitted by the key’s type and policy. The flag must be present on keys used when calling <a class="reference internal" href="../ops/sign.html#c.psa_sign_hash" title="psa_sign_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_hash()</span></code></a>.</p>
+<p>This flag automatically sets <a class="reference internal" href="#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code></a>: if an application sets the flag <a class="reference internal" href="#c.PSA_KEY_USAGE_SIGN_HASH" title="PSA_KEY_USAGE_SIGN_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_HASH</span></code></a> when creating a key, then the key always has the permissions conveyed by <a class="reference internal" href="#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code></a>, and the flag <a class="reference internal" href="#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code></a> will also be present when the application queries the usage policy of the key.</p>
+<p>For a key pair, this concerns the private key.</p>
+</div>
+<div class="section" id="PSA_KEY_USAGE_VERIFY_HASH">
+<span id="c.PSA_KEY_USAGE_VERIFY_HASH"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_HASH</span></code> (macro)</h3>
+<p>Permission to verify a message hash with the key.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_USAGE_VERIFY_HASH" title="PSA_KEY_USAGE_VERIFY_HASH">PSA_KEY_USAGE_VERIFY_HASH</a> ((<a class="reference internal" href="attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00002000)
+</pre>
+<p>This flag allows the key to be used to verify a message hash as part of an asymmetric signature verification operation, if otherwise permitted by the key’s type and policy. The flag must be present on keys used when calling <a class="reference internal" href="../ops/sign.html#c.psa_verify_hash" title="psa_verify_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_hash()</span></code></a>.</p>
+<p>This flag automatically sets <a class="reference internal" href="#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code></a>: if an application sets the flag <a class="reference internal" href="#c.PSA_KEY_USAGE_VERIFY_HASH" title="PSA_KEY_USAGE_VERIFY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_HASH</span></code></a> when creating a key, then the key always has the permissions conveyed by <a class="reference internal" href="#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code></a>, and the flag <a class="reference internal" href="#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code></a> will also be present when the application queries the usage policy of the key.</p>
+<p>For a key pair, this concerns the public key.</p>
+</div>
+<div class="section" id="PSA_KEY_USAGE_DERIVE">
+<span id="c.PSA_KEY_USAGE_DERIVE"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code> (macro)</h3>
+<p>Permission to derive other keys from this key.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_USAGE_DERIVE" title="PSA_KEY_USAGE_DERIVE">PSA_KEY_USAGE_DERIVE</a> ((<a class="reference internal" href="attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00004000)
+</pre>
+<p>This flag allows the key to be used for a key derivation operation or for a key agreement operation, if otherwise permitted by by the key’s type and policy. The flag must be present on keys used with the following APIs:</p>
+<ul class="simple">
+<li><a class="reference internal" href="../ops/kdf.html#c.psa_key_derivation_input_key" title="psa_key_derivation_input_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_input_key()</span></code></a></li>
+<li><a class="reference internal" href="../ops/ka.html#c.psa_key_derivation_key_agreement" title="psa_key_derivation_key_agreement"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_key_agreement()</span></code></a></li>
+<li><a class="reference internal" href="../ops/ka.html#c.psa_raw_key_agreement" title="psa_raw_key_agreement"><code class="xref any c c-func docutils literal"><span class="pre">psa_raw_key_agreement()</span></code></a></li>
+</ul>
+</div>
+</div>
+<div class="section" id="attribute-accessors">
+<h2>Attribute accessors</h2>
+<div class="section" id="psa_set_key_usage_flags">
+<span id="c.psa_set_key_usage_flags"></span><h3><code class="docutils literal"><span class="pre">psa_set_key_usage_flags</span></code> (function)</h3>
+<p>Declare usage flags for a key.</p>
+<pre class="literal-block">
+void <a class="reference internal" href="#c.psa_set_key_usage_flags" title="psa_set_key_usage_flags">psa_set_key_usage_flags</a>(<a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
+                             <a class="reference internal" href="attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a> usage_flags);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
+<dd>The attribute object to write to.</dd>
+<dt> <code class="docutils literal"><span class="pre">usage_flags</span></code></dt>
+<dd>The usage flags to write.</dd>
+</dl>
+<p class="rubric">Returns: <code class="docutils literal"><span class="pre">void</span></code></p>
+<p class="rubric">Description</p>
+<p>Usage flags are part of a key’s usage policy. They encode what kind of operations are permitted on the key. For more details, refer to the documentation of the type <a class="reference internal" href="attributes.html#c.psa_key_usage_t" title="psa_key_usage_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_usage_t</span></code></a>.</p>
+<p>This function overwrites any usage flags previously set in <code class="docutils literal"><span class="pre">attributes</span></code>.</p>
+<div class="admonition-implementation-note admonition">
+<p class="first admonition-title">Implementation note</p>
+<p>This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:</p>
+<ul class="last simple">
+<li>This function can be declared as <code class="docutils literal"><span class="pre">static</span></code> or <code class="docutils literal"><span class="pre">inline</span></code>, instead of using the default external linkage.</li>
+<li>This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.</li>
+</ul>
+</div>
+</div>
+<div class="section" id="psa_get_key_usage_flags">
+<span id="c.psa_get_key_usage_flags"></span><h3><code class="docutils literal"><span class="pre">psa_get_key_usage_flags</span></code> (function)</h3>
+<p>Retrieve the usage flags from key attributes.</p>
+<pre class="literal-block">
+<a class="reference internal" href="attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a> <a class="reference internal" href="#c.psa_get_key_usage_flags" title="psa_get_key_usage_flags">psa_get_key_usage_flags</a>(const <a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
+<dd>The key attribute object to query.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="attributes.html#c.psa_key_usage_t" title="psa_key_usage_t"><code class="docutils literal"><span class="pre">psa_key_usage_t</span></code></a></p>
+<p>The usage flags stored in the attribute object.</p>
+<p class="rubric">Description</p>
+<div class="admonition-implementation-note admonition">
+<p class="first admonition-title">Implementation note</p>
+<p>This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:</p>
+<ul class="last simple">
+<li>This function can be declared as <code class="docutils literal"><span class="pre">static</span></code> or <code class="docutils literal"><span class="pre">inline</span></code>, instead of using the default external linkage.</li>
+<li>This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.</li>
+</ul>
+</div>
+</div>
+</div>
+</div>
+
+
+          </div>
+        </div>
+      </div>
+      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
+        <div class="sphinxsidebarwrapper">
+  <h3><a href="../../index.html">Table Of Contents</a></h3>
+  <ul>
+<li><a class="reference internal" href="#">Key policies</a><ul>
+<li><a class="reference internal" href="#key-usage-flags">Key usage flags</a><ul>
+<li><a class="reference internal" href="#PSA_KEY_USAGE_EXPORT"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_USAGE_COPY"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_COPY</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_USAGE_CACHE"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_CACHE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_USAGE_ENCRYPT"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_USAGE_DECRYPT"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_USAGE_SIGN_MESSAGE"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_USAGE_SIGN_HASH"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_HASH</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_USAGE_VERIFY_HASH"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_HASH</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_USAGE_DERIVE"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code> (macro)</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#attribute-accessors">Attribute accessors</a><ul>
+<li><a class="reference internal" href="#psa_set_key_usage_flags"><code class="docutils literal"><span class="pre">psa_set_key_usage_flags</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_get_key_usage_flags"><code class="docutils literal"><span class="pre">psa_get_key_usage_flags</span></code> (function)</a></li>
+</ul>
+</li>
+</ul>
+</li>
+</ul>
+<div class="relations">
+<h3>Related Topics</h3>
+<ul>
+  <li><a href="../../index.html">Documentation overview</a><ul>
+  <li><a href="index.html">Key management reference</a><ul>
+      <li>Previous: <a href="types.html" title="previous chapter">Key types</a></li>
+      <li>Next: <a href="algorithms.html" title="next chapter">Algorithms</a></li>
+  </ul></li>
+  </ul></li>
+</ul>
+</div>
+  <div role="note" aria-label="source link">
+    <h3>This Page</h3>
+    <ul class="this-page-menu">
+      <li><a href="../../_sources/api/keys/usage.rst.txt"
+            rel="nofollow">Show Source</a></li>
+    </ul>
+   </div>
+<div id="searchbox" style="display: none" role="search">
+  <h3>Quick search</h3>
+    <form class="search" action="../../search.html" method="get">
+      <div><input type="text" name="q" /></div>
+      <div><input type="submit" value="Go" /></div>
+      <input type="hidden" name="check_keywords" value="yes" />
+      <input type="hidden" name="area" value="default" />
+    </form>
+</div>
+<script type="text/javascript">$('#searchbox').show(0);</script>
+        </div>
+      </div>
+      <div class="clearer"></div>
+    </div>
+    <div class="footer">
+      &copy; 2019-2020, Arm Limited or its affiliates. All rights reserved.
+      
+      |
+      Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
+      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
+      
+      |
+      <a href="../../_sources/api/keys/usage.rst.txt"
+          rel="nofollow">Page source</a>
+    </div>
+
+    
+
+    
+  </body>
+</html>
\ No newline at end of file
diff --git a/docs/html/api/library/index.html b/docs/html/api/library/index.html
new file mode 100644
index 0000000..df8cde6
--- /dev/null
+++ b/docs/html/api/library/index.html
@@ -0,0 +1,148 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <title>Library management reference &#8212; PSA Crypto API 1.0.0 documentation</title>
+    <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
+    <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
+    <script type="text/javascript">
+      var DOCUMENTATION_OPTIONS = {
+        URL_ROOT:    '../../',
+        VERSION:     '1.0.0',
+        COLLAPSE_INDEX: false,
+        FILE_SUFFIX: '.html',
+        HAS_SOURCE:  true,
+        SOURCELINK_SUFFIX: '.txt'
+      };
+    </script>
+    <script type="text/javascript" src="../../_static/jquery.js"></script>
+    <script type="text/javascript" src="../../_static/underscore.js"></script>
+    <script type="text/javascript" src="../../_static/doctools.js"></script>
+    <link rel="index" title="Index" href="../../genindex.html" />
+    <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="PSA status codes" href="status.html" />
+    <link rel="prev" title="Usage considerations" href="../../overview/usage.html" />
+   
+  <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
+  
+  <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
+
+  </head>
+  <body>
+  
+
+    <div class="document">
+      <div class="documentwrapper">
+        <div class="bodywrapper">
+          <div class="body" role="main">
+            
+  <div class="section" id="library-management-reference">
+<span id="library-management"></span><span id="api-reference"></span><h1>Library management reference</h1>
+<div class="toctree-wrapper compound">
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="status.html">PSA status codes</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="status.html#status-type">Status type</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="status.html#psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code> (type)</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="status.html#success-codes">Success codes</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code> (macro)</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="status.html#error-codes">Error codes</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_ERROR_GENERIC_ERROR"><code class="docutils literal"><span class="pre">PSA_ERROR_GENERIC_ERROR</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_ERROR_ALREADY_EXISTS"><code class="docutils literal"><span class="pre">PSA_ERROR_ALREADY_EXISTS</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_ERROR_DOES_NOT_EXIST"><code class="docutils literal"><span class="pre">PSA_ERROR_DOES_NOT_EXIST</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_ERROR_INSUFFICIENT_STORAGE"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_STORAGE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_ERROR_INVALID_SIGNATURE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_ERROR_INVALID_PADDING"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_PADDING</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_ERROR_INSUFFICIENT_DATA"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_DATA</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code> (macro)</a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="library.html">PSA Crypto library</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="library.html#api-version">API version</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="library.html#PSA_CRYPTO_API_VERSION_MAJOR"><code class="docutils literal"><span class="pre">PSA_CRYPTO_API_VERSION_MAJOR</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="library.html#PSA_CRYPTO_API_VERSION_MINOR"><code class="docutils literal"><span class="pre">PSA_CRYPTO_API_VERSION_MINOR</span></code> (macro)</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="library.html#library-initialization">Library initialization</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="library.html#psa_crypto_init"><code class="docutils literal"><span class="pre">psa_crypto_init</span></code> (function)</a></li>
+</ul>
+</li>
+</ul>
+</li>
+</ul>
+</div>
+</div>
+
+
+          </div>
+        </div>
+      </div>
+      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
+        <div class="sphinxsidebarwrapper"><div class="relations">
+<h3>Related Topics</h3>
+<ul>
+  <li><a href="../../index.html">Documentation overview</a><ul>
+      <li>Previous: <a href="../../overview/usage.html" title="previous chapter">Usage considerations</a></li>
+      <li>Next: <a href="status.html" title="next chapter">PSA status codes</a></li>
+  </ul></li>
+</ul>
+</div>
+  <div role="note" aria-label="source link">
+    <h3>This Page</h3>
+    <ul class="this-page-menu">
+      <li><a href="../../_sources/api/library/index.rst.txt"
+            rel="nofollow">Show Source</a></li>
+    </ul>
+   </div>
+<div id="searchbox" style="display: none" role="search">
+  <h3>Quick search</h3>
+    <form class="search" action="../../search.html" method="get">
+      <div><input type="text" name="q" /></div>
+      <div><input type="submit" value="Go" /></div>
+      <input type="hidden" name="check_keywords" value="yes" />
+      <input type="hidden" name="area" value="default" />
+    </form>
+</div>
+<script type="text/javascript">$('#searchbox').show(0);</script>
+        </div>
+      </div>
+      <div class="clearer"></div>
+    </div>
+    <div class="footer">
+      &copy; 2019-2020, Arm Limited or its affiliates. All rights reserved.
+      
+      |
+      Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
+      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
+      
+      |
+      <a href="../../_sources/api/library/index.rst.txt"
+          rel="nofollow">Page source</a>
+    </div>
+
+    
+
+    
+  </body>
+</html>
\ No newline at end of file
diff --git a/docs/html/api/library/library.html b/docs/html/api/library/library.html
new file mode 100644
index 0000000..5d2fd9c
--- /dev/null
+++ b/docs/html/api/library/library.html
@@ -0,0 +1,165 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <title>PSA Crypto library &#8212; PSA Crypto API 1.0.0 documentation</title>
+    <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
+    <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
+    <script type="text/javascript">
+      var DOCUMENTATION_OPTIONS = {
+        URL_ROOT:    '../../',
+        VERSION:     '1.0.0',
+        COLLAPSE_INDEX: false,
+        FILE_SUFFIX: '.html',
+        HAS_SOURCE:  true,
+        SOURCELINK_SUFFIX: '.txt'
+      };
+    </script>
+    <script type="text/javascript" src="../../_static/jquery.js"></script>
+    <script type="text/javascript" src="../../_static/underscore.js"></script>
+    <script type="text/javascript" src="../../_static/doctools.js"></script>
+    <link rel="index" title="Index" href="../../genindex.html" />
+    <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="Key management reference" href="../keys/index.html" />
+    <link rel="prev" title="PSA status codes" href="status.html" />
+   
+  <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
+  
+  <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
+
+  </head>
+  <body>
+  
+
+    <div class="document">
+      <div class="documentwrapper">
+        <div class="bodywrapper">
+          <div class="body" role="main">
+            
+  <div class="section" id="psa-crypto-library">
+<h1>PSA Crypto library</h1>
+<div class="section" id="api-version">
+<span id="id1"></span><h2>API version</h2>
+<div class="section" id="PSA_CRYPTO_API_VERSION_MAJOR">
+<span id="c.PSA_CRYPTO_API_VERSION_MAJOR"></span><h3><code class="docutils literal"><span class="pre">PSA_CRYPTO_API_VERSION_MAJOR</span></code> (macro)</h3>
+<p>The major version of this implementation of the PSA Crypto API.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_CRYPTO_API_VERSION_MAJOR" title="PSA_CRYPTO_API_VERSION_MAJOR">PSA_CRYPTO_API_VERSION_MAJOR</a> 1
+</pre>
+</div>
+<div class="section" id="PSA_CRYPTO_API_VERSION_MINOR">
+<span id="c.PSA_CRYPTO_API_VERSION_MINOR"></span><h3><code class="docutils literal"><span class="pre">PSA_CRYPTO_API_VERSION_MINOR</span></code> (macro)</h3>
+<p>The minor version of this implementation of the PSA Crypto API.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_CRYPTO_API_VERSION_MINOR" title="PSA_CRYPTO_API_VERSION_MINOR">PSA_CRYPTO_API_VERSION_MINOR</a> 0
+</pre>
+</div>
+</div>
+<div class="section" id="library-initialization">
+<span id="library-init"></span><h2>Library initialization</h2>
+<div class="section" id="psa_crypto_init">
+<span id="c.psa_crypto_init"></span><h3><code class="docutils literal"><span class="pre">psa_crypto_init</span></code> (function)</h3>
+<p>Library initialization.</p>
+<pre class="literal-block">
+<a class="reference internal" href="status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init">psa_crypto_init</a>(void);
+</pre>
+<p class="rubric">Returns: <a class="reference internal" href="status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="status.html#c.PSA_ERROR_INSUFFICIENT_ENTROPY" title="PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code></a></dt>
+<dd></dd>
+</dl>
+<p class="rubric">Description</p>
+<p>Applications must call this function before calling any other function in this module.</p>
+<p>Applications are permitted to call this function more than once. Once a call succeeds, subsequent calls are guaranteed to succeed.</p>
+<p>If the application calls other functions before calling <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>, the behavior is undefined. In this situation:</p>
+<ul class="simple">
+<li>Implementations are encouraged to either perform the operation as if the library had been initialized or to return <a class="reference internal" href="status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a> or some other applicable error.</li>
+<li>Implementations must not return a success status if the lack of initialization might have security implications, for example due to improper seeding of the random number generator.</li>
+</ul>
+</div>
+</div>
+</div>
+
+
+          </div>
+        </div>
+      </div>
+      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
+        <div class="sphinxsidebarwrapper">
+  <h3><a href="../../index.html">Table Of Contents</a></h3>
+  <ul>
+<li><a class="reference internal" href="#">PSA Crypto library</a><ul>
+<li><a class="reference internal" href="#api-version">API version</a><ul>
+<li><a class="reference internal" href="#PSA_CRYPTO_API_VERSION_MAJOR"><code class="docutils literal"><span class="pre">PSA_CRYPTO_API_VERSION_MAJOR</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_CRYPTO_API_VERSION_MINOR"><code class="docutils literal"><span class="pre">PSA_CRYPTO_API_VERSION_MINOR</span></code> (macro)</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#library-initialization">Library initialization</a><ul>
+<li><a class="reference internal" href="#psa_crypto_init"><code class="docutils literal"><span class="pre">psa_crypto_init</span></code> (function)</a></li>
+</ul>
+</li>
+</ul>
+</li>
+</ul>
+<div class="relations">
+<h3>Related Topics</h3>
+<ul>
+  <li><a href="../../index.html">Documentation overview</a><ul>
+  <li><a href="index.html">Library management reference</a><ul>
+      <li>Previous: <a href="status.html" title="previous chapter">PSA status codes</a></li>
+      <li>Next: <a href="../keys/index.html" title="next chapter">Key management reference</a></li>
+  </ul></li>
+  </ul></li>
+</ul>
+</div>
+  <div role="note" aria-label="source link">
+    <h3>This Page</h3>
+    <ul class="this-page-menu">
+      <li><a href="../../_sources/api/library/library.rst.txt"
+            rel="nofollow">Show Source</a></li>
+    </ul>
+   </div>
+<div id="searchbox" style="display: none" role="search">
+  <h3>Quick search</h3>
+    <form class="search" action="../../search.html" method="get">
+      <div><input type="text" name="q" /></div>
+      <div><input type="submit" value="Go" /></div>
+      <input type="hidden" name="check_keywords" value="yes" />
+      <input type="hidden" name="area" value="default" />
+    </form>
+</div>
+<script type="text/javascript">$('#searchbox').show(0);</script>
+        </div>
+      </div>
+      <div class="clearer"></div>
+    </div>
+    <div class="footer">
+      &copy; 2019-2020, Arm Limited or its affiliates. All rights reserved.
+      
+      |
+      Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
+      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
+      
+      |
+      <a href="../../_sources/api/library/library.rst.txt"
+          rel="nofollow">Page source</a>
+    </div>
+
+    
+
+    
+  </body>
+</html>
\ No newline at end of file
diff --git a/docs/html/api/library/status.html b/docs/html/api/library/status.html
new file mode 100644
index 0000000..36673ac
--- /dev/null
+++ b/docs/html/api/library/status.html
@@ -0,0 +1,374 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <title>PSA status codes &#8212; PSA Crypto API 1.0.0 documentation</title>
+    <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
+    <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
+    <script type="text/javascript">
+      var DOCUMENTATION_OPTIONS = {
+        URL_ROOT:    '../../',
+        VERSION:     '1.0.0',
+        COLLAPSE_INDEX: false,
+        FILE_SUFFIX: '.html',
+        HAS_SOURCE:  true,
+        SOURCELINK_SUFFIX: '.txt'
+      };
+    </script>
+    <script type="text/javascript" src="../../_static/jquery.js"></script>
+    <script type="text/javascript" src="../../_static/underscore.js"></script>
+    <script type="text/javascript" src="../../_static/doctools.js"></script>
+    <link rel="index" title="Index" href="../../genindex.html" />
+    <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="PSA Crypto library" href="library.html" />
+    <link rel="prev" title="Library management reference" href="index.html" />
+   
+  <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
+  
+  <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
+
+  </head>
+  <body>
+  
+
+    <div class="document">
+      <div class="documentwrapper">
+        <div class="bodywrapper">
+          <div class="body" role="main">
+            
+  <div class="section" id="psa-status-codes">
+<span id="status-codes"></span><h1>PSA status codes</h1>
+<div class="section" id="status-type">
+<h2>Status type</h2>
+<div class="section" id="psa_status_t">
+<span id="c.psa_status_t"></span><h3><code class="docutils literal"><span class="pre">psa_status_t</span></code> (type)</h3>
+<p>Function return status.</p>
+<pre class="literal-block">
+typedef int32_t <a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>;
+</pre>
+<p>This is either <a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SUCCESS</span></code></a>, which is zero, indicating success; or a small negative value indicating that an error occurred. Errors are encoded as one of the <code class="docutils literal"><span class="pre">PSA_ERROR_xxx</span></code> values defined here.</p>
+</div>
+</div>
+<div class="section" id="success-codes">
+<h2>Success codes</h2>
+<div class="section" id="PSA_SUCCESS">
+<span id="c.PSA_SUCCESS"></span><h3><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code> (macro)</h3>
+<p>The action was completed successfully.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS">PSA_SUCCESS</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)0)
+</pre>
+</div>
+</div>
+<div class="section" id="error-codes">
+<h2>Error codes</h2>
+<div class="section" id="PSA_ERROR_GENERIC_ERROR">
+<span id="c.PSA_ERROR_GENERIC_ERROR"></span><h3><code class="docutils literal"><span class="pre">PSA_ERROR_GENERIC_ERROR</span></code> (macro)</h3>
+<p>An error occurred that does not correspond to any defined failure cause.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ERROR_GENERIC_ERROR" title="PSA_ERROR_GENERIC_ERROR">PSA_ERROR_GENERIC_ERROR</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-132)
+</pre>
+<p>Implementations can use this error code if none of the other standard error codes are applicable.</p>
+</div>
+<div class="section" id="PSA_ERROR_NOT_SUPPORTED">
+<span id="c.PSA_ERROR_NOT_SUPPORTED"></span><h3><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code> (macro)</h3>
+<p>The requested operation or a parameter is not supported by this implementation.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED">PSA_ERROR_NOT_SUPPORTED</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-134)
+</pre>
+<p>It is recommended that implementations return this error code when an enumeration parameter such as a key type, algorithm, etc. is not recognized. If a combination of parameters is recognized and identified as not valid, return <a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a> instead.</p>
+</div>
+<div class="section" id="PSA_ERROR_NOT_PERMITTED">
+<span id="c.PSA_ERROR_NOT_PERMITTED"></span><h3><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code> (macro)</h3>
+<p>The requested action is denied by a policy.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED">PSA_ERROR_NOT_PERMITTED</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-133)
+</pre>
+<p>It is recommended that implementations return this error code when the parameters are recognized as valid and supported, and a policy explicitly denies the requested operation.</p>
+<p>If a subset of the parameters of a function call identify a forbidden operation, and another subset of the parameters are not valid or not supported, it is unspecified whether the function returns <a class="reference internal" href="#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a>, <a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a> or <a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_ERROR_BUFFER_TOO_SMALL">
+<span id="c.PSA_ERROR_BUFFER_TOO_SMALL"></span><h3><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code> (macro)</h3>
+<p>An output buffer is too small.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL">PSA_ERROR_BUFFER_TOO_SMALL</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-138)
+</pre>
+<p>Applications can call the <code class="docutils literal"><span class="pre">PSA_xxx_SIZE</span></code> macro listed in the function description to determine a sufficient buffer size.</p>
+<p>It is recommended that implementations only return this error code in cases when performing the operation with a larger output buffer would succeed. However, implementations can also return this error if a function has invalid or unsupported parameters in addition to an insufficient output buffer size.</p>
+</div>
+<div class="section" id="PSA_ERROR_ALREADY_EXISTS">
+<span id="c.PSA_ERROR_ALREADY_EXISTS"></span><h3><code class="docutils literal"><span class="pre">PSA_ERROR_ALREADY_EXISTS</span></code> (macro)</h3>
+<p>Asking for an item that already exists.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ERROR_ALREADY_EXISTS" title="PSA_ERROR_ALREADY_EXISTS">PSA_ERROR_ALREADY_EXISTS</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-139)
+</pre>
+<p>It is recommended that implementations return this error code when attempting to write to a location where a key is already present.</p>
+</div>
+<div class="section" id="PSA_ERROR_DOES_NOT_EXIST">
+<span id="c.PSA_ERROR_DOES_NOT_EXIST"></span><h3><code class="docutils literal"><span class="pre">PSA_ERROR_DOES_NOT_EXIST</span></code> (macro)</h3>
+<p>Asking for an item that doesn’t exist.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ERROR_DOES_NOT_EXIST" title="PSA_ERROR_DOES_NOT_EXIST">PSA_ERROR_DOES_NOT_EXIST</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-140)
+</pre>
+<p>It is recommended that implementations return this error code if a requested key does not exist.</p>
+</div>
+<div class="section" id="PSA_ERROR_BAD_STATE">
+<span id="c.PSA_ERROR_BAD_STATE"></span><h3><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code> (macro)</h3>
+<p>The requested action cannot be performed in the current state.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE">PSA_ERROR_BAD_STATE</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-137)
+</pre>
+<p>Multi-part operations return this error when one of the functions is called out of sequence. Refer to the function descriptions for permitted sequencing of functions.</p>
+<p>Implementations must not return this error code to indicate that a key either exists or not, but must instead return <a class="reference internal" href="#c.PSA_ERROR_ALREADY_EXISTS" title="PSA_ERROR_ALREADY_EXISTS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_ALREADY_EXISTS</span></code></a> or <a class="reference internal" href="#c.PSA_ERROR_DOES_NOT_EXIST" title="PSA_ERROR_DOES_NOT_EXIST"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_DOES_NOT_EXIST</span></code></a> as applicable.</p>
+<p>Implementations must not return this error code to indicate that a key identifier is invalid, but must return <a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a> instead.</p>
+</div>
+<div class="section" id="PSA_ERROR_INVALID_ARGUMENT">
+<span id="c.PSA_ERROR_INVALID_ARGUMENT"></span><h3><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code> (macro)</h3>
+<p>The parameters passed to the function are invalid.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT">PSA_ERROR_INVALID_ARGUMENT</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-135)
+</pre>
+<p>Implementations can return this error any time a parameter or combination of parameters are recognized as invalid.</p>
+<p>Implementations must not return this error code to indicate that a key identifier is invalid, but must return <a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a> instead.</p>
+</div>
+<div class="section" id="PSA_ERROR_INSUFFICIENT_MEMORY">
+<span id="c.PSA_ERROR_INSUFFICIENT_MEMORY"></span><h3><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code> (macro)</h3>
+<p>There is not enough runtime memory.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY">PSA_ERROR_INSUFFICIENT_MEMORY</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-141)
+</pre>
+<p>If the action is carried out across multiple security realms, this error can refer to available memory in any of the security realms.</p>
+</div>
+<div class="section" id="PSA_ERROR_INSUFFICIENT_STORAGE">
+<span id="c.PSA_ERROR_INSUFFICIENT_STORAGE"></span><h3><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_STORAGE</span></code> (macro)</h3>
+<p>There is not enough persistent storage.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_STORAGE" title="PSA_ERROR_INSUFFICIENT_STORAGE">PSA_ERROR_INSUFFICIENT_STORAGE</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-142)
+</pre>
+<p>Functions that modify the key storage return this error code if there is insufficient storage space on the host media. In addition, many functions that do not otherwise access storage might return this error code if the implementation requires a mandatory log entry for the requested action and the log storage space is full.</p>
+</div>
+<div class="section" id="PSA_ERROR_COMMUNICATION_FAILURE">
+<span id="c.PSA_ERROR_COMMUNICATION_FAILURE"></span><h3><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code> (macro)</h3>
+<p>There was a communication failure inside the implementation.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE">PSA_ERROR_COMMUNICATION_FAILURE</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-145)
+</pre>
+<p>This can indicate a communication failure between the application and an external cryptoprocessor or between the cryptoprocessor and an external volatile or persistent memory. A communication failure can be transient or permanent depending on the cause.</p>
+<div class="admonition warning">
+<p class="first admonition-title">Warning</p>
+<p class="last">If a function returns this error, it is undetermined whether the requested action has completed. Returning <a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SUCCESS</span></code></a> is recommended on successful completion whenever possible, however functions can return <a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a> if the requested action was completed successfully in an external cryptoprocessor but there was a breakdown of communication before the cryptoprocessor could report the status to the application.</p>
+</div>
+</div>
+<div class="section" id="PSA_ERROR_STORAGE_FAILURE">
+<span id="c.PSA_ERROR_STORAGE_FAILURE"></span><h3><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code> (macro)</h3>
+<p>There was a storage failure that might have led to data loss.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE">PSA_ERROR_STORAGE_FAILURE</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-146)
+</pre>
+<p>This error indicates that some persistent storage could not be read or written by the implementation. It does not indicate the following situations, which have specific error codes:</p>
+<ul class="simple">
+<li>A corruption of volatile memory - use <a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a>.</li>
+<li>A communication error between the cryptoprocessor and its external storage - use <a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a>.</li>
+<li>When the storage is in a valid state but is full - use <a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_STORAGE" title="PSA_ERROR_INSUFFICIENT_STORAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_STORAGE</span></code></a>.</li>
+<li>When the storage or stored data is corrupted - use <a class="reference internal" href="#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a>.</li>
+<li>When the stored data is not valid - use <a class="reference internal" href="#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a>.</li>
+</ul>
+<p>A storage failure does not indicate that any data that was previously read is invalid. However this previously read data might no longer be readable from storage.</p>
+<p>When a storage failure occurs, it is no longer possible to ensure the global integrity of the keystore. Depending on the global integrity guarantees offered by the implementation, access to other data might fail even if the data is still readable but its integrity cannot be guaranteed.</p>
+<p>It is recommended to only use this error code to report a permanent storage corruption. However application writers must keep in mind that transient errors while reading the storage might be reported using this error code.</p>
+</div>
+<div class="section" id="PSA_ERROR_DATA_CORRUPT">
+<span id="c.PSA_ERROR_DATA_CORRUPT"></span><h3><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code> (macro)</h3>
+<p>Stored data has been corrupted.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT">PSA_ERROR_DATA_CORRUPT</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-152)
+</pre>
+<p>This error indicates that some persistent storage has suffered corruption.  It does not indicate the following situations, which have specific error codes:</p>
+<ul class="simple">
+<li>A corruption of volatile memory - use <a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a>.</li>
+<li>A communication error between the cryptoprocessor and its external storage - use <a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a>.</li>
+<li>When the storage is in a valid state but is full - use <a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_STORAGE" title="PSA_ERROR_INSUFFICIENT_STORAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_STORAGE</span></code></a>.</li>
+<li>When the storage fails for other reasons - use <a class="reference internal" href="#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a>.</li>
+<li>When the stored data is not valid - use <a class="reference internal" href="#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a>.</li>
+</ul>
+<p>Note that a storage corruption does not indicate that any data that was previously read is invalid. However this previously read data might no longer be readable from storage.</p>
+<p>When a storage failure occurs, it is no longer possible to ensure the global integrity of the keystore. Depending on the global integrity guarantees offered by the implementation, access to other data might fail even if the data is still readable but its integrity cannot be guaranteed.</p>
+<p>It is recommended to only use this error code to report when a storage component indicates that the stored data is corrupt, or fails an integrity check. For example, in situations that the PSA Internal Trusted Storage API reports <a class="reference internal" href="#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a> or <a class="reference internal" href="#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_ERROR_DATA_INVALID">
+<span id="c.PSA_ERROR_DATA_INVALID"></span><h3><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code> (macro)</h3>
+<p>Data read from storage is not valid for the implementation.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID">PSA_ERROR_DATA_INVALID</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-153)
+</pre>
+<p>This error indicates that some data read from storage does not have a valid format. It does not indicate the following situations, which have specific error codes:</p>
+<ul class="simple">
+<li>When the storage or stored data is corrupted - use <a class="reference internal" href="#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a>.</li>
+<li>When the storage fails for other reasons - use <a class="reference internal" href="#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a>.</li>
+<li>An invalid argument to the API - use <a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a>.</li>
+</ul>
+<p>This error is typically a result of an integration failure, where the implementation reading the data is not compatible with the implementation that stored the data.</p>
+<p>It is recommended to only use this error code to report when data that is successfully read from storage is invalid.</p>
+</div>
+<div class="section" id="PSA_ERROR_HARDWARE_FAILURE">
+<span id="c.PSA_ERROR_HARDWARE_FAILURE"></span><h3><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code> (macro)</h3>
+<p>A hardware failure was detected.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE">PSA_ERROR_HARDWARE_FAILURE</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-147)
+</pre>
+<p>A hardware failure can be transient or permanent depending on the cause.</p>
+</div>
+<div class="section" id="PSA_ERROR_CORRUPTION_DETECTED">
+<span id="c.PSA_ERROR_CORRUPTION_DETECTED"></span><h3><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code> (macro)</h3>
+<p>A tampering attempt was detected.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED">PSA_ERROR_CORRUPTION_DETECTED</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-151)
+</pre>
+<p>If an application receives this error code, there is no guarantee that previously accessed or computed data was correct and remains confidential. In this situation, it is recommended that applications perform no further security functions and enter a safe failure state.</p>
+<p>Implementations can return this error code if they detect an invalid state that cannot happen during normal operation and that indicates that the implementation’s security guarantees no longer hold. Depending on the implementation architecture and on its security and safety goals, the implementation might forcibly terminate the application.</p>
+<p>This error code is intended as a last resort when a security breach is detected and it is unsure whether the keystore data is still protected. Implementations must only return this error code to report an alarm from a tampering detector, to indicate that the confidentiality of stored data can no longer be guaranteed, or to indicate that the integrity of previously returned data is now considered compromised. Implementations must not use this error code to indicate a hardware failure that merely makes it impossible to perform the requested operation, instead use <a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a>, <a class="reference internal" href="#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a>, <a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a>, <a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_ENTROPY" title="PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code></a> or other applicable error code.</p>
+<p>This error indicates an attack against the application. Implementations must not return this error code as a consequence of the behavior of the application itself.</p>
+</div>
+<div class="section" id="PSA_ERROR_INSUFFICIENT_ENTROPY">
+<span id="c.PSA_ERROR_INSUFFICIENT_ENTROPY"></span><h3><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code> (macro)</h3>
+<p>There is not enough entropy to generate random data needed for the requested action.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_ENTROPY" title="PSA_ERROR_INSUFFICIENT_ENTROPY">PSA_ERROR_INSUFFICIENT_ENTROPY</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-148)
+</pre>
+<p>This error indicates a failure of a hardware random generator. Application writers must note that this error can be returned not only by functions whose purpose is to generate random data, such as key, IV or nonce generation, but also by functions that execute an algorithm with a randomized result, as well as functions that use randomization of intermediate computations as a countermeasure to certain attacks.</p>
+<p>It is recommended that implementations do not return this error after <a class="reference internal" href="library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a> has succeeded. This can be achieved if the implementation generates sufficient entropy during initialization and subsequently a cryptographically secure pseudorandom generator (PRNG) is used. However, implementations might return this error at any time, for example, if a policy requires the PRNG to be reseeded during normal operation.</p>
+</div>
+<div class="section" id="PSA_ERROR_INVALID_SIGNATURE">
+<span id="c.PSA_ERROR_INVALID_SIGNATURE"></span><h3><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code> (macro)</h3>
+<p>The signature, MAC or hash is incorrect.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE">PSA_ERROR_INVALID_SIGNATURE</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-149)
+</pre>
+<p>Verification functions return this error if the verification calculations completed successfully, and the value to be verified was determined to be incorrect.</p>
+<p>If the value to verify has an invalid size, implementations can return either <a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a> or <a class="reference internal" href="#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_ERROR_INVALID_PADDING">
+<span id="c.PSA_ERROR_INVALID_PADDING"></span><h3><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_PADDING</span></code> (macro)</h3>
+<p>The decrypted padding is incorrect.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ERROR_INVALID_PADDING" title="PSA_ERROR_INVALID_PADDING">PSA_ERROR_INVALID_PADDING</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-150)
+</pre>
+<div class="admonition warning">
+<p class="first admonition-title">Warning</p>
+<p class="last">In some protocols, when decrypting data, it is essential that the behavior of the application does not depend on whether the padding is correct, down to precise timing. Protocols that use authenticated encryption are recommended for use by applications, rather than plain encryption. If the application must perform a decryption of unauthenticated data, the application writer must take care not to reveal whether the padding is invalid.</p>
+</div>
+<p>Implementations must handle padding carefully, aiming to make it impossible for an external observer to distinguish between valid and invalid padding. In particular, it is recommended that the timing of a decryption operation does not depend on the validity of the padding.</p>
+</div>
+<div class="section" id="PSA_ERROR_INSUFFICIENT_DATA">
+<span id="c.PSA_ERROR_INSUFFICIENT_DATA"></span><h3><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_DATA</span></code> (macro)</h3>
+<p>Return this error when there’s insufficient data when attempting to read from a resource.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_DATA" title="PSA_ERROR_INSUFFICIENT_DATA">PSA_ERROR_INSUFFICIENT_DATA</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-143)
+</pre>
+</div>
+<div class="section" id="PSA_ERROR_INVALID_HANDLE">
+<span id="c.PSA_ERROR_INVALID_HANDLE"></span><h3><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code> (macro)</h3>
+<p>The key identifier is not valid.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE">PSA_ERROR_INVALID_HANDLE</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-136)
+</pre>
+<p>See also <em><a class="reference internal" href="../../overview/functionality.html#key-ids"><span class="std std-ref">Key identifiers</span></a></em>.</p>
+</div>
+</div>
+</div>
+
+
+          </div>
+        </div>
+      </div>
+      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
+        <div class="sphinxsidebarwrapper">
+  <h3><a href="../../index.html">Table Of Contents</a></h3>
+  <ul>
+<li><a class="reference internal" href="#">PSA status codes</a><ul>
+<li><a class="reference internal" href="#status-type">Status type</a><ul>
+<li><a class="reference internal" href="#psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code> (type)</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#success-codes">Success codes</a><ul>
+<li><a class="reference internal" href="#PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code> (macro)</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#error-codes">Error codes</a><ul>
+<li><a class="reference internal" href="#PSA_ERROR_GENERIC_ERROR"><code class="docutils literal"><span class="pre">PSA_ERROR_GENERIC_ERROR</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ERROR_ALREADY_EXISTS"><code class="docutils literal"><span class="pre">PSA_ERROR_ALREADY_EXISTS</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ERROR_DOES_NOT_EXIST"><code class="docutils literal"><span class="pre">PSA_ERROR_DOES_NOT_EXIST</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ERROR_INSUFFICIENT_STORAGE"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_STORAGE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ERROR_INVALID_SIGNATURE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ERROR_INVALID_PADDING"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_PADDING</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ERROR_INSUFFICIENT_DATA"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_DATA</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code> (macro)</a></li>
+</ul>
+</li>
+</ul>
+</li>
+</ul>
+<div class="relations">
+<h3>Related Topics</h3>
+<ul>
+  <li><a href="../../index.html">Documentation overview</a><ul>
+  <li><a href="index.html">Library management reference</a><ul>
+      <li>Previous: <a href="index.html" title="previous chapter">Library management reference</a></li>
+      <li>Next: <a href="library.html" title="next chapter">PSA Crypto library</a></li>
+  </ul></li>
+  </ul></li>
+</ul>
+</div>
+  <div role="note" aria-label="source link">
+    <h3>This Page</h3>
+    <ul class="this-page-menu">
+      <li><a href="../../_sources/api/library/status.rst.txt"
+            rel="nofollow">Show Source</a></li>
+    </ul>
+   </div>
+<div id="searchbox" style="display: none" role="search">
+  <h3>Quick search</h3>
+    <form class="search" action="../../search.html" method="get">
+      <div><input type="text" name="q" /></div>
+      <div><input type="submit" value="Go" /></div>
+      <input type="hidden" name="check_keywords" value="yes" />
+      <input type="hidden" name="area" value="default" />
+    </form>
+</div>
+<script type="text/javascript">$('#searchbox').show(0);</script>
+        </div>
+      </div>
+      <div class="clearer"></div>
+    </div>
+    <div class="footer">
+      &copy; 2019-2020, Arm Limited or its affiliates. All rights reserved.
+      
+      |
+      Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
+      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
+      
+      |
+      <a href="../../_sources/api/library/status.rst.txt"
+          rel="nofollow">Page source</a>
+    </div>
+
+    
+
+    
+  </body>
+</html>
\ No newline at end of file
diff --git a/docs/html/api/ops/aead.html b/docs/html/api/ops/aead.html
new file mode 100644
index 0000000..720a890
--- /dev/null
+++ b/docs/html/api/ops/aead.html
@@ -0,0 +1,1301 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <title>Authenticated encryption with associated data (AEAD) &#8212; PSA Crypto API 1.0.0 documentation</title>
+    <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
+    <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
+    <script type="text/javascript">
+      var DOCUMENTATION_OPTIONS = {
+        URL_ROOT:    '../../',
+        VERSION:     '1.0.0',
+        COLLAPSE_INDEX: false,
+        FILE_SUFFIX: '.html',
+        HAS_SOURCE:  true,
+        SOURCELINK_SUFFIX: '.txt'
+      };
+    </script>
+    <script type="text/javascript" src="../../_static/jquery.js"></script>
+    <script type="text/javascript" src="../../_static/underscore.js"></script>
+    <script type="text/javascript" src="../../_static/doctools.js"></script>
+    <link rel="index" title="Index" href="../../genindex.html" />
+    <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="Key derivation" href="kdf.html" />
+    <link rel="prev" title="Unauthenticated ciphers" href="ciphers.html" />
+   
+  <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
+  
+  <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
+
+  </head>
+  <body>
+  
+
+    <div class="document">
+      <div class="documentwrapper">
+        <div class="bodywrapper">
+          <div class="body" role="main">
+            
+  <div class="section" id="authenticated-encryption-with-associated-data-aead">
+<span id="aead"></span><h1>Authenticated encryption with associated data (AEAD)</h1>
+<div class="section" id="aead-algorithms">
+<span id="id1"></span><h2>AEAD algorithms</h2>
+<div class="section" id="PSA_ALG_CCM">
+<span id="c.PSA_ALG_CCM"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_CCM</span></code> (macro)</h3>
+<p>The CCM authenticated encryption algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_CCM" title="PSA_ALG_CCM">PSA_ALG_CCM</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x05500100)
+</pre>
+<p>The underlying block cipher is determined by the key type.</p>
+</div>
+<div class="section" id="PSA_ALG_GCM">
+<span id="c.PSA_ALG_GCM"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_GCM</span></code> (macro)</h3>
+<p>The GCM authenticated encryption algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_GCM" title="PSA_ALG_GCM">PSA_ALG_GCM</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x05500200)
+</pre>
+<p>The underlying block cipher is determined by the key type.</p>
+</div>
+<div class="section" id="PSA_ALG_CHACHA20_POLY1305">
+<span id="c.PSA_ALG_CHACHA20_POLY1305"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_CHACHA20_POLY1305</span></code> (macro)</h3>
+<p>The Chacha20-Poly1305 AEAD algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_CHACHA20_POLY1305" title="PSA_ALG_CHACHA20_POLY1305">PSA_ALG_CHACHA20_POLY1305</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x05100500)
+</pre>
+<p>The ChaCha20_Poly1305 construction is defined in <a class="reference external" href="https://tools.ietf.org/html/rfc7539.html">RFC 7539</a>.</p>
+<p>Variants of this algorithm are defined by the length of the nonce:</p>
+<ul class="simple">
+<li>Implementations must support a 12-byte nonce, as defined in <a class="reference external" href="https://tools.ietf.org/html/rfc7539.html">RFC 7539</a>.</li>
+<li>Implementations can optionally support an 8-byte nonce, the original variant.</li>
+<li>It is recommended that implementations do not support other sizes of nonce.</li>
+</ul>
+<p>Implementations must support 16-byte tags. It is recommended that truncated tag sizes are rejected.</p>
+</div>
+<div class="section" id="PSA_ALG_AEAD_WITH_SHORTENED_TAG">
+<span id="c.PSA_ALG_AEAD_WITH_SHORTENED_TAG"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_AEAD_WITH_SHORTENED_TAG</span></code> (macro)</h3>
+<p>Macro to build a AEAD algorithm with a shortened tag.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_AEAD_WITH_SHORTENED_TAG" title="PSA_ALG_AEAD_WITH_SHORTENED_TAG">PSA_ALG_AEAD_WITH_SHORTENED_TAG</a>(aead_alg, tag_length) \
+    <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">aead_alg</span></code></dt>
+<dd>An AEAD algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dt> <code class="docutils literal"><span class="pre">tag_length</span></code></dt>
+<dd>Desired length of the authentication tag in bytes.</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>The corresponding AEAD algorithm with the specified tag length.</p>
+<p>Unspecified if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported AEAD algorithm or if <code class="docutils literal"><span class="pre">tag_length</span></code> is not valid for the specified AEAD algorithm.</p>
+<p class="rubric">Description</p>
+<p>An AEAD algorithm with a shortened tag is similar to the corresponding AEAD algorithm, but has an authentication tag that consists of fewer bytes. Depending on the algorithm, the tag length might affect the calculation of the ciphertext.</p>
+<p>The AEAD algorithm with a default length tag can be recovered using <a class="reference internal" href="#c.PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG" title="PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG()</span></code></a>.</p>
+</div>
+</div>
+<div class="section" id="single-part-aead-functions">
+<h2>Single-part AEAD functions</h2>
+<div class="section" id="psa_aead_encrypt">
+<span id="c.psa_aead_encrypt"></span><h3><code class="docutils literal"><span class="pre">psa_aead_encrypt</span></code> (function)</h3>
+<p>Process an authenticated encryption operation.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_aead_encrypt" title="psa_aead_encrypt">psa_aead_encrypt</a>(<a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+                              <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+                              const uint8_t * nonce,
+                              size_t nonce_length,
+                              const uint8_t * additional_data,
+                              size_t additional_data_length,
+                              const uint8_t * plaintext,
+                              size_t plaintext_length,
+                              uint8_t * ciphertext,
+                              size_t ciphertext_size,
+                              size_t * ciphertext_length);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
+<dd>Identifier of the key to use for the operation.
+It must allow the usage <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code></a>.</dd>
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>The AEAD algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dt> <code class="docutils literal"><span class="pre">nonce</span></code></dt>
+<dd>Nonce or IV to use.</dd>
+<dt> <code class="docutils literal"><span class="pre">nonce_length</span></code></dt>
+<dd>Size of the <code class="docutils literal"><span class="pre">nonce</span></code> buffer in bytes. This must be appropriate for the selected algorithm. The default nonce size is <a class="reference internal" href="#c.PSA_AEAD_NONCE_LENGTH" title="PSA_AEAD_NONCE_LENGTH"><code class="docutils literal"><span class="pre">PSA_AEAD_NONCE_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">key_type</span></code> is the type of <code class="docutils literal"><span class="pre">key</span></code>.</dd>
+<dt> <code class="docutils literal"><span class="pre">additional_data</span></code></dt>
+<dd>Additional data that will be authenticated but not encrypted.</dd>
+<dt> <code class="docutils literal"><span class="pre">additional_data_length</span></code></dt>
+<dd>Size of <code class="docutils literal"><span class="pre">additional_data</span></code> in bytes.</dd>
+<dt> <code class="docutils literal"><span class="pre">plaintext</span></code></dt>
+<dd>Data that will be authenticated and encrypted.</dd>
+<dt> <code class="docutils literal"><span class="pre">plaintext_length</span></code></dt>
+<dd>Size of <code class="docutils literal"><span class="pre">plaintext</span></code> in bytes.</dd>
+<dt> <code class="docutils literal"><span class="pre">ciphertext</span></code></dt>
+<dd>Output buffer for the authenticated and encrypted data. The additional data is not part of this output. For algorithms where the encrypted data and the authentication tag are defined as separate outputs, the authentication tag is appended to the encrypted data.</dd>
+<dt> <code class="docutils literal"><span class="pre">ciphertext_size</span></code></dt>
+<dd><p class="first">Size of the <code class="docutils literal"><span class="pre">ciphertext</span></code> buffer in bytes. This must be appropriate for the selected algorithm and key:</p>
+<ul class="last simple">
+<li>A sufficient output size is <a class="reference internal" href="#c.PSA_AEAD_ENCRYPT_OUTPUT_SIZE" title="PSA_AEAD_ENCRYPT_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_ENCRYPT_OUTPUT_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">plaintext_length</span></code><code class="docutils literal"><span class="pre">)</span></code>  where <code class="docutils literal"><span class="pre">key_type</span></code> is the type of <code class="docutils literal"><span class="pre">key</span></code>.</li>
+<li><a class="reference internal" href="#c.PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE" title="PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">plaintext_length</span></code><code class="docutils literal"><span class="pre">)</span></code> evaluates to the maximum ciphertext size of any supported AEAD encryption.</li>
+</ul>
+</dd>
+<dt> <code class="docutils literal"><span class="pre">ciphertext_length</span></code></dt>
+<dd>On success, the size of the output in the <code class="docutils literal"><span class="pre">ciphertext</span></code> buffer.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd>Success.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
+<dd>The key does not have the <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code></a> flag, or it does not permit the requested algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">key</span></code> is not compatible with <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">alg</span></code> is not supported or is not an AEAD algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">ciphertext_size</span></code> is too small. <a class="reference internal" href="#c.PSA_AEAD_ENCRYPT_OUTPUT_SIZE" title="PSA_AEAD_ENCRYPT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_ENCRYPT_OUTPUT_SIZE()</span></code></a> or <a class="reference internal" href="#c.PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE" title="PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE()</span></code></a> can be used to determine the required buffer size.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+</div>
+<div class="section" id="psa_aead_decrypt">
+<span id="c.psa_aead_decrypt"></span><h3><code class="docutils literal"><span class="pre">psa_aead_decrypt</span></code> (function)</h3>
+<p>Process an authenticated decryption operation.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_aead_decrypt" title="psa_aead_decrypt">psa_aead_decrypt</a>(<a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+                              <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+                              const uint8_t * nonce,
+                              size_t nonce_length,
+                              const uint8_t * additional_data,
+                              size_t additional_data_length,
+                              const uint8_t * ciphertext,
+                              size_t ciphertext_length,
+                              uint8_t * plaintext,
+                              size_t plaintext_size,
+                              size_t * plaintext_length);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
+<dd>Identifier of the key to use for the operation.
+It must allow the usage <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code></a>.</dd>
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>The AEAD algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dt> <code class="docutils literal"><span class="pre">nonce</span></code></dt>
+<dd>Nonce or IV to use.</dd>
+<dt> <code class="docutils literal"><span class="pre">nonce_length</span></code></dt>
+<dd>Size of the <code class="docutils literal"><span class="pre">nonce</span></code> buffer in bytes. This must be appropriate for the selected algorithm. The default nonce size is <a class="reference internal" href="#c.PSA_AEAD_NONCE_LENGTH" title="PSA_AEAD_NONCE_LENGTH"><code class="docutils literal"><span class="pre">PSA_AEAD_NONCE_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">key_type</span></code> is the type of <code class="docutils literal"><span class="pre">key</span></code>.</dd>
+<dt> <code class="docutils literal"><span class="pre">additional_data</span></code></dt>
+<dd>Additional data that has been authenticated but not encrypted.</dd>
+<dt> <code class="docutils literal"><span class="pre">additional_data_length</span></code></dt>
+<dd>Size of <code class="docutils literal"><span class="pre">additional_data</span></code> in bytes.</dd>
+<dt> <code class="docutils literal"><span class="pre">ciphertext</span></code></dt>
+<dd>Data that has been authenticated and encrypted. For algorithms where the encrypted data and the authentication tag are defined as separate inputs, the buffer must contain the encrypted data followed by the authentication tag.</dd>
+<dt> <code class="docutils literal"><span class="pre">ciphertext_length</span></code></dt>
+<dd>Size of <code class="docutils literal"><span class="pre">ciphertext</span></code> in bytes.</dd>
+<dt> <code class="docutils literal"><span class="pre">plaintext</span></code></dt>
+<dd>Output buffer for the decrypted data.</dd>
+<dt> <code class="docutils literal"><span class="pre">plaintext_size</span></code></dt>
+<dd><p class="first">Size of the <code class="docutils literal"><span class="pre">plaintext</span></code> buffer in bytes. This must be appropriate for the selected algorithm and key:</p>
+<ul class="last simple">
+<li>A sufficient output size is <a class="reference internal" href="#c.PSA_AEAD_DECRYPT_OUTPUT_SIZE" title="PSA_AEAD_DECRYPT_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_DECRYPT_OUTPUT_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">ciphertext_length</span></code><code class="docutils literal"><span class="pre">)</span></code>  where <code class="docutils literal"><span class="pre">key_type</span></code> is the type of <code class="docutils literal"><span class="pre">key</span></code>.</li>
+<li><a class="reference internal" href="#c.PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE" title="PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">ciphertext_length</span></code><code class="docutils literal"><span class="pre">)</span></code> evaluates to the maximum plaintext size of any supported AEAD decryption.</li>
+</ul>
+</dd>
+<dt> <code class="docutils literal"><span class="pre">plaintext_length</span></code></dt>
+<dd>On success, the size of the output in the <code class="docutils literal"><span class="pre">plaintext</span></code> buffer.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd>Success.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a></dt>
+<dd>The ciphertext is not authentic.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
+<dd>The key does not have the <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code></a> flag, or it does not permit the requested algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">key</span></code> is not compatible with <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">alg</span></code> is not supported or is not an AEAD algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">plaintext_size</span></code> is too small. <a class="reference internal" href="#c.PSA_AEAD_DECRYPT_OUTPUT_SIZE" title="PSA_AEAD_DECRYPT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_DECRYPT_OUTPUT_SIZE()</span></code></a> or <a class="reference internal" href="#c.PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE" title="PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE()</span></code></a> can be used to determine the required buffer size.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+</div>
+</div>
+<div class="section" id="multi-part-aead-operations">
+<h2>Multi-part AEAD operations</h2>
+<div class="admonition warning" id="aead-multi-part-warning">
+<p class="first admonition-title">Warning</p>
+<p>When decrypting using a multi-part AEAD operation, there is no guarantee that the input or output is valid until <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_verify()</span></code></a> has returned <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SUCCESS</span></code></a>.</p>
+<p>A call to <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update()</span></code></a> or <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update_ad()</span></code></a> returning <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SUCCESS</span></code></a> <strong>does not</strong> indicate that the input and output is valid.</p>
+<p>Until an application calls <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_verify()</span></code></a> and it has returned <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SUCCESS</span></code></a>, the following rules apply to input and output data from a multi-part AEAD operation:</p>
+<ul class="simple">
+<li>Do not trust the input. If the application takes any action that depends on the input data, this action will need to be undone if the input turns out to be invalid.</li>
+<li>Store the output in a confidential location. In particular, the application must not copy the output to a memory or storage space which is shared.</li>
+<li>Do not trust the output. If the application takes any action that depends on the tentative decrypted data, this action will need to be undone if the input turns out to be invalid. Furthermore, if an adversary can observe that this action took place, for example, through timing, they might be able to use this fact as an oracle to decrypt any message encrypted with the same key.</li>
+</ul>
+<p class="last">An application that does not follow these rules might be vulnerable to maliciously constructed AEAD input data.</p>
+</div>
+<div class="section" id="psa_aead_operation_t">
+<span id="c.psa_aead_operation_t"></span><h3><code class="docutils literal"><span class="pre">psa_aead_operation_t</span></code> (type)</h3>
+<p>The type of the state object for multi-part AEAD operations.</p>
+<pre class="literal-block">
+typedef <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-type"><span class="std std-ref">/* implementation-defined type */</span></a></em> <a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a>;
+</pre>
+<p>Before calling any function on an AEAD operation object, the application must initialize it by any of the following means:</p>
+<ul>
+<li><p class="first">Set the object to all-bits-zero, for example:</p>
+<pre class="literal-block">
+<a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> operation;
+memset(&amp;operation, 0, sizeof(operation));
+</pre>
+</li>
+<li><p class="first">Initialize the object to logical zero values by declaring the object as static or global without an explicit initializer, for example:</p>
+<pre class="literal-block">
+static <a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> operation;
+</pre>
+</li>
+<li><p class="first">Initialize the object to the initializer <a class="reference internal" href="#c.PSA_AEAD_OPERATION_INIT" title="PSA_AEAD_OPERATION_INIT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_OPERATION_INIT</span></code></a>, for example:</p>
+<pre class="literal-block">
+<a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> operation = <a class="reference internal" href="#c.PSA_AEAD_OPERATION_INIT" title="PSA_AEAD_OPERATION_INIT">PSA_AEAD_OPERATION_INIT</a>;
+</pre>
+</li>
+<li><p class="first">Assign the result of the function <a class="reference internal" href="#c.psa_aead_operation_init" title="psa_aead_operation_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_operation_init()</span></code></a> to the object, for example:</p>
+<pre class="literal-block">
+<a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> operation;
+operation = <a class="reference internal" href="#c.psa_aead_operation_init" title="psa_aead_operation_init">psa_aead_operation_init</a>();
+</pre>
+</li>
+</ul>
+<p>This is an implementation-defined type. Applications that make assumptions about the content of this object will result in in implementation-specific behavior, and are non-portable.</p>
+</div>
+<div class="section" id="PSA_AEAD_OPERATION_INIT">
+<span id="c.PSA_AEAD_OPERATION_INIT"></span><h3><code class="docutils literal"><span class="pre">PSA_AEAD_OPERATION_INIT</span></code> (macro)</h3>
+<p>This macro returns a suitable initializer for an AEAD operation object of type <a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_aead_operation_t</span></code></a>.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_AEAD_OPERATION_INIT" title="PSA_AEAD_OPERATION_INIT">PSA_AEAD_OPERATION_INIT</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+</div>
+<div class="section" id="psa_aead_operation_init">
+<span id="c.psa_aead_operation_init"></span><h3><code class="docutils literal"><span class="pre">psa_aead_operation_init</span></code> (function)</h3>
+<p>Return an initial value for an AEAD operation object.</p>
+<pre class="literal-block">
+<a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> <a class="reference internal" href="#c.psa_aead_operation_init" title="psa_aead_operation_init">psa_aead_operation_init</a>(void);
+</pre>
+<p class="rubric">Returns: <a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t"><code class="docutils literal"><span class="pre">psa_aead_operation_t</span></code></a></p>
+</div>
+<div class="section" id="psa_aead_encrypt_setup">
+<span id="c.psa_aead_encrypt_setup"></span><h3><code class="docutils literal"><span class="pre">psa_aead_encrypt_setup</span></code> (function)</h3>
+<p>Set the key for a multi-part authenticated encryption operation.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup">psa_aead_encrypt_setup</a>(<a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> * operation,
+                                    <a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+                                    <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
+<dd>The operation object to set up. It must have been initialized as per the documentation for <a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_aead_operation_t</span></code></a> and not yet in use.</dd>
+<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
+<dd>Identifier of the key to use for the operation. It must remain valid until the operation terminates.
+It must allow the usage <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code></a>.</dd>
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>The AEAD algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd>Success.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The operation state is not valid: it must be inactive.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
+<dd>The key does not have the <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code></a> flag, or it does not permit the requested algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">key</span></code> is not compatible with <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">alg</span></code> is not supported or is not an AEAD algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>The sequence of operations to encrypt a message with authentication is as follows:</p>
+<ol class="arabic simple">
+<li>Allocate an operation object which will be passed to all the functions listed here.</li>
+<li>Initialize the operation object with one of the methods described in the documentation for <a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_aead_operation_t</span></code></a>, e.g. <a class="reference internal" href="#c.PSA_AEAD_OPERATION_INIT" title="PSA_AEAD_OPERATION_INIT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_OPERATION_INIT</span></code></a>.</li>
+<li>Call <a class="reference internal" href="#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_encrypt_setup()</span></code></a> to specify the algorithm and key.</li>
+<li>If needed, call <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_lengths()</span></code></a> to specify the length of the inputs to the subsequent calls to <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update_ad()</span></code></a> and <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update()</span></code></a>. See the documentation of <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_lengths()</span></code></a> for details.</li>
+<li>Call either <a class="reference internal" href="#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_generate_nonce()</span></code></a> or <a class="reference internal" href="#c.psa_aead_set_nonce" title="psa_aead_set_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_nonce()</span></code></a> to generate or set the nonce. It is recommended to use <a class="reference internal" href="#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_generate_nonce()</span></code></a> unless the protocol being implemented requires a specific nonce value.</li>
+<li>Call <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update_ad()</span></code></a> zero, one or more times, passing a fragment of the non-encrypted additional authenticated data each time.</li>
+<li>Call <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update()</span></code></a> zero, one or more times, passing a fragment of the message to encrypt each time.</li>
+<li>Call <a class="reference internal" href="#c.psa_aead_finish" title="psa_aead_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_finish()</span></code></a>.</li>
+</ol>
+<p>If an error occurs at any step after a call to <a class="reference internal" href="#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_encrypt_setup()</span></code></a>, the operation will need to be reset by a call to <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_abort()</span></code></a>. The application can call <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_abort()</span></code></a> at any time after the operation has been initialized.</p>
+<p>After a successful call to <a class="reference internal" href="#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_encrypt_setup()</span></code></a>, the application must eventually terminate the operation. The following events terminate an operation:</p>
+<ul class="simple">
+<li>A successful call to <a class="reference internal" href="#c.psa_aead_finish" title="psa_aead_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_finish()</span></code></a>.</li>
+<li>A call to <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_abort()</span></code></a>.</li>
+</ul>
+</div>
+<div class="section" id="psa_aead_decrypt_setup">
+<span id="c.psa_aead_decrypt_setup"></span><h3><code class="docutils literal"><span class="pre">psa_aead_decrypt_setup</span></code> (function)</h3>
+<p>Set the key for a multi-part authenticated decryption operation.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_aead_decrypt_setup" title="psa_aead_decrypt_setup">psa_aead_decrypt_setup</a>(<a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> * operation,
+                                    <a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+                                    <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
+<dd>The operation object to set up. It must have been initialized as per the documentation for <a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_aead_operation_t</span></code></a> and not yet in use.</dd>
+<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
+<dd>Identifier of the key to use for the operation. It must remain valid until the operation terminates.
+It must allow the usage <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code></a>.</dd>
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>The AEAD algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd>Success.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The operation state is not valid: it must be inactive.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
+<dd>The key does not have the <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code></a> flag, or it does not permit the requested algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">key</span></code> is not compatible with <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">alg</span></code> is not supported or is not an AEAD algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>The sequence of operations to decrypt a message with authentication is as follows:</p>
+<ol class="arabic simple">
+<li>Allocate an operation object which will be passed to all the functions listed here.</li>
+<li>Initialize the operation object with one of the methods described in the documentation for <a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_aead_operation_t</span></code></a>, e.g. <a class="reference internal" href="#c.PSA_AEAD_OPERATION_INIT" title="PSA_AEAD_OPERATION_INIT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_OPERATION_INIT</span></code></a>.</li>
+<li>Call <a class="reference internal" href="#c.psa_aead_decrypt_setup" title="psa_aead_decrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_decrypt_setup()</span></code></a> to specify the algorithm and key.</li>
+<li>If needed, call <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_lengths()</span></code></a> to specify the length of the inputs to the subsequent calls to <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update_ad()</span></code></a> and <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update()</span></code></a>. See the documentation of <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_lengths()</span></code></a> for details.</li>
+<li>Call <a class="reference internal" href="#c.psa_aead_set_nonce" title="psa_aead_set_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_nonce()</span></code></a> with the nonce for the decryption.</li>
+<li>Call <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update_ad()</span></code></a> zero, one or more times, passing a fragment of the non-encrypted additional authenticated data each time.</li>
+<li>Call <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update()</span></code></a> zero, one or more times, passing a fragment of the ciphertext to decrypt each time.</li>
+<li>Call <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_verify()</span></code></a>.</li>
+</ol>
+<p>If an error occurs at any step after a call to <a class="reference internal" href="#c.psa_aead_decrypt_setup" title="psa_aead_decrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_decrypt_setup()</span></code></a>, the operation will need to be reset by a call to <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_abort()</span></code></a>. The application can call <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_abort()</span></code></a> at any time after the operation has been initialized.</p>
+<p>After a successful call to <a class="reference internal" href="#c.psa_aead_decrypt_setup" title="psa_aead_decrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_decrypt_setup()</span></code></a>, the application must eventually terminate the operation. The following events terminate an operation:</p>
+<ul class="simple">
+<li>A successful call to <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_verify()</span></code></a>.</li>
+<li>A call to <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_abort()</span></code></a>.</li>
+</ul>
+</div>
+<div class="section" id="psa_aead_generate_nonce">
+<span id="c.psa_aead_generate_nonce"></span><h3><code class="docutils literal"><span class="pre">psa_aead_generate_nonce</span></code> (function)</h3>
+<p>Generate a random nonce for an authenticated encryption operation.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce">psa_aead_generate_nonce</a>(<a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> * operation,
+                                     uint8_t * nonce,
+                                     size_t nonce_size,
+                                     size_t * nonce_length);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
+<dd>Active AEAD operation.</dd>
+<dt> <code class="docutils literal"><span class="pre">nonce</span></code></dt>
+<dd>Buffer where the generated nonce is to be written.</dd>
+<dt> <code class="docutils literal"><span class="pre">nonce_size</span></code></dt>
+<dd>Size of the <code class="docutils literal"><span class="pre">nonce</span></code> buffer in bytes. This must be at least <a class="reference internal" href="#c.PSA_AEAD_NONCE_LENGTH" title="PSA_AEAD_NONCE_LENGTH"><code class="docutils literal"><span class="pre">PSA_AEAD_NONCE_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">key_type</span></code> and <code class="docutils literal"><span class="pre">alg</span></code> are type of key and the algorithm respectively that were used to set up the AEAD operation.</dd>
+<dt> <code class="docutils literal"><span class="pre">nonce_length</span></code></dt>
+<dd>On success, the number of bytes of the generated nonce.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd>Success.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The operation state is not valid: it must be an active AEAD encryption operation, with no nonce set.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
+<dd>The size of the <code class="docutils literal"><span class="pre">nonce</span></code> buffer is too small. <a class="reference internal" href="#c.PSA_AEAD_NONCE_LENGTH" title="PSA_AEAD_NONCE_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_NONCE_LENGTH()</span></code></a> or <a class="reference internal" href="#c.PSA_AEAD_NONCE_MAX_SIZE" title="PSA_AEAD_NONCE_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_NONCE_MAX_SIZE</span></code></a> can be used to determine the required buffer size.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>This function generates a random nonce for the authenticated encryption operation with an appropriate size for the chosen algorithm, key type and key size.</p>
+<p>The application must call <a class="reference internal" href="#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_encrypt_setup()</span></code></a> before calling this function.</p>
+<p>If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_abort()</span></code></a>.</p>
+</div>
+<div class="section" id="psa_aead_set_nonce">
+<span id="c.psa_aead_set_nonce"></span><h3><code class="docutils literal"><span class="pre">psa_aead_set_nonce</span></code> (function)</h3>
+<p>Set the nonce for an authenticated encryption or decryption operation.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_aead_set_nonce" title="psa_aead_set_nonce">psa_aead_set_nonce</a>(<a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> * operation,
+                                const uint8_t * nonce,
+                                size_t nonce_length);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
+<dd>Active AEAD operation.</dd>
+<dt> <code class="docutils literal"><span class="pre">nonce</span></code></dt>
+<dd>Buffer containing the nonce to use.</dd>
+<dt> <code class="docutils literal"><span class="pre">nonce_length</span></code></dt>
+<dd>Size of the nonce in bytes. This must be a valid nonce size for the chosen algorithm. The default nonce size is <a class="reference internal" href="#c.PSA_AEAD_NONCE_LENGTH" title="PSA_AEAD_NONCE_LENGTH"><code class="docutils literal"><span class="pre">PSA_AEAD_NONCE_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">key_type</span></code> and <code class="docutils literal"><span class="pre">alg</span></code> are type of key and the algorithm respectively that were used to set up the AEAD operation.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd>Success.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The operation state is not valid: it must be active, with no nonce set.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd>The size of <code class="docutils literal"><span class="pre">nonce</span></code> is not acceptable for the chosen algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>This function sets the nonce for the authenticated encryption or decryption operation.</p>
+<p>The application must call <a class="reference internal" href="#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_encrypt_setup()</span></code></a> or <a class="reference internal" href="#c.psa_aead_decrypt_setup" title="psa_aead_decrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_decrypt_setup()</span></code></a> before calling this function.</p>
+<p>If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_abort()</span></code></a>.</p>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">When encrypting, <a class="reference internal" href="#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_generate_nonce()</span></code></a> is recommended instead of using this function, unless implementing a protocol that requires a non-random IV.</p>
+</div>
+</div>
+<div class="section" id="psa_aead_set_lengths">
+<span id="c.psa_aead_set_lengths"></span><h3><code class="docutils literal"><span class="pre">psa_aead_set_lengths</span></code> (function)</h3>
+<p>Declare the lengths of the message and additional data for AEAD.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths">psa_aead_set_lengths</a>(<a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> * operation,
+                                  size_t ad_length,
+                                  size_t plaintext_length);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
+<dd>Active AEAD operation.</dd>
+<dt> <code class="docutils literal"><span class="pre">ad_length</span></code></dt>
+<dd>Size of the non-encrypted additional authenticated data in bytes.</dd>
+<dt> <code class="docutils literal"><span class="pre">plaintext_length</span></code></dt>
+<dd>Size of the plaintext to encrypt in bytes.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd>Success.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The operation state is not valid: it must be active, and <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update_ad()</span></code></a> and <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update()</span></code></a> must not have been called yet.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd>At least one of the lengths is not acceptable for the chosen algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>The application must call this function before calling <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update_ad()</span></code></a> or <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update()</span></code></a> if the algorithm for the operation requires it. If the algorithm does not require it, calling this function is optional, but if this function is called then the implementation must enforce the lengths.</p>
+<p>This function can be called before or after setting the nonce with <a class="reference internal" href="#c.psa_aead_set_nonce" title="psa_aead_set_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_nonce()</span></code></a> or <a class="reference internal" href="#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_generate_nonce()</span></code></a>.</p>
+<ul class="simple">
+<li>For <a class="reference internal" href="#c.PSA_ALG_CCM" title="PSA_ALG_CCM"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CCM</span></code></a>, calling this function is required.</li>
+<li>For the other AEAD algorithms defined in this specification, calling this function is not required.</li>
+<li>For vendor-defined algorithm, refer to the vendor documentation.</li>
+</ul>
+<p>If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_abort()</span></code></a>.</p>
+</div>
+<div class="section" id="psa_aead_update_ad">
+<span id="c.psa_aead_update_ad"></span><h3><code class="docutils literal"><span class="pre">psa_aead_update_ad</span></code> (function)</h3>
+<p>Pass additional data to an active AEAD operation.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad">psa_aead_update_ad</a>(<a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> * operation,
+                                const uint8_t * input,
+                                size_t input_length);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
+<dd>Active AEAD operation.</dd>
+<dt> <code class="docutils literal"><span class="pre">input</span></code></dt>
+<dd>Buffer containing the fragment of additional data.</dd>
+<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
+<dd>Size of the <code class="docutils literal"><span class="pre">input</span></code> buffer in bytes.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd><p class="first">Success.</p>
+<div class="last admonition warning">
+<p class="first admonition-title">Warning</p>
+<p>When decrypting, do not trust the input until <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_verify()</span></code></a> succeeds.</p>
+<p class="last">See the <a class="reference internal" href="#aead-multi-part-warning"><span class="std std-ref">detailed warning</span></a>.</p>
+</div>
+</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The operation state is not valid: it must be active, have a nonce set, have lengths set if required by the algorithm, and <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update()</span></code></a> must not have been called yet.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd>The total input length overflows the additional data length that was previously specified with <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_lengths()</span></code></a>.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>Additional data is authenticated, but not encrypted.</p>
+<p>This function can be called multiple times to pass successive fragments of the additional data. This function must not be called after passing data to encrypt or decrypt with <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update()</span></code></a>.</p>
+<p>The following must occur before calling this function:</p>
+<ol class="arabic simple">
+<li>Call either <a class="reference internal" href="#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_encrypt_setup()</span></code></a> or <a class="reference internal" href="#c.psa_aead_decrypt_setup" title="psa_aead_decrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_decrypt_setup()</span></code></a>.</li>
+<li>Set the nonce with <a class="reference internal" href="#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_generate_nonce()</span></code></a> or <a class="reference internal" href="#c.psa_aead_set_nonce" title="psa_aead_set_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_nonce()</span></code></a>.</li>
+</ol>
+<p>If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_abort()</span></code></a>.</p>
+</div>
+<div class="section" id="psa_aead_update">
+<span id="c.psa_aead_update"></span><h3><code class="docutils literal"><span class="pre">psa_aead_update</span></code> (function)</h3>
+<p>Encrypt or decrypt a message fragment in an active AEAD operation.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update">psa_aead_update</a>(<a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> * operation,
+                             const uint8_t * input,
+                             size_t input_length,
+                             uint8_t * output,
+                             size_t output_size,
+                             size_t * output_length);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
+<dd>Active AEAD operation.</dd>
+<dt> <code class="docutils literal"><span class="pre">input</span></code></dt>
+<dd>Buffer containing the message fragment to encrypt or decrypt.</dd>
+<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
+<dd>Size of the <code class="docutils literal"><span class="pre">input</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal"><span class="pre">output</span></code></dt>
+<dd>Buffer where the output is to be written.</dd>
+<dt> <code class="docutils literal"><span class="pre">output_size</span></code></dt>
+<dd><p class="first">Size of the <code class="docutils literal"><span class="pre">output</span></code> buffer in bytes. This must be appropriate for the selected algorithm and key:</p>
+<ul class="last simple">
+<li>A sufficient output size is <a class="reference internal" href="#c.PSA_AEAD_UPDATE_OUTPUT_SIZE" title="PSA_AEAD_UPDATE_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_UPDATE_OUTPUT_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">input_length</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">key_type</span></code> is the type of key and <code class="docutils literal"><span class="pre">alg</span></code> is the algorithm that were used to set up the operation.</li>
+<li><a class="reference internal" href="#c.PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE" title="PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">input_length</span></code><code class="docutils literal"><span class="pre">)</span></code> evaluates to the maximum output size of any supported AEAD algorithm.</li>
+</ul>
+</dd>
+<dt> <code class="docutils literal"><span class="pre">output_length</span></code></dt>
+<dd>On success, the number of bytes that make up the returned output.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd><p class="first">Success.</p>
+<div class="last admonition warning">
+<p class="first admonition-title">Warning</p>
+<p>When decrypting, do not use the output until <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_verify()</span></code></a> succeeds.</p>
+<p class="last">See the <a class="reference internal" href="#aead-multi-part-warning"><span class="std std-ref">detailed warning</span></a>.</p>
+</div>
+</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The operation state is not valid: it must be active, have a nonce set, and have lengths set if required by the algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
+<dd>The size of the <code class="docutils literal"><span class="pre">output</span></code> buffer is too small. <a class="reference internal" href="#c.PSA_AEAD_UPDATE_OUTPUT_SIZE" title="PSA_AEAD_UPDATE_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_UPDATE_OUTPUT_SIZE()</span></code></a> or <a class="reference internal" href="#c.PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE" title="PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE()</span></code></a> can be used to determine the required buffer size.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd>The total length of input to <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update_ad()</span></code></a> so far is less than the additional data length that was previously specified with <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_lengths()</span></code></a>.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd>The total input length overflows the plaintext length that was previously specified with <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_lengths()</span></code></a>.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>The following must occur before calling this function:</p>
+<ol class="arabic simple">
+<li>Call either <a class="reference internal" href="#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_encrypt_setup()</span></code></a> or <a class="reference internal" href="#c.psa_aead_decrypt_setup" title="psa_aead_decrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_decrypt_setup()</span></code></a>. The choice of setup function determines whether this function encrypts or decrypts its input.</li>
+<li>Set the nonce with <a class="reference internal" href="#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_generate_nonce()</span></code></a> or <a class="reference internal" href="#c.psa_aead_set_nonce" title="psa_aead_set_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_nonce()</span></code></a>.</li>
+<li>Call <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update_ad()</span></code></a> to pass all the additional data.</li>
+</ol>
+<p>If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_abort()</span></code></a>.</p>
+<p>This function does not require the input to be aligned to any particular block boundary. If the implementation can only process a whole block at a time, it must consume all the input provided, but it might delay the end of the corresponding output until a subsequent call to <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update()</span></code></a>, <a class="reference internal" href="#c.psa_aead_finish" title="psa_aead_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_finish()</span></code></a> or <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_verify()</span></code></a> provides sufficient input. The amount of data that can be delayed in this way is bounded by <a class="reference internal" href="#c.PSA_AEAD_UPDATE_OUTPUT_SIZE" title="PSA_AEAD_UPDATE_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_UPDATE_OUTPUT_SIZE()</span></code></a>.</p>
+</div>
+<div class="section" id="psa_aead_finish">
+<span id="c.psa_aead_finish"></span><h3><code class="docutils literal"><span class="pre">psa_aead_finish</span></code> (function)</h3>
+<p>Finish encrypting a message in an AEAD operation.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_aead_finish" title="psa_aead_finish">psa_aead_finish</a>(<a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> * operation,
+                             uint8_t * ciphertext,
+                             size_t ciphertext_size,
+                             size_t * ciphertext_length,
+                             uint8_t * tag,
+                             size_t tag_size,
+                             size_t * tag_length);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
+<dd>Active AEAD operation.</dd>
+<dt> <code class="docutils literal"><span class="pre">ciphertext</span></code></dt>
+<dd>Buffer where the last part of the ciphertext is to be written.</dd>
+<dt> <code class="docutils literal"><span class="pre">ciphertext_size</span></code></dt>
+<dd><p class="first">Size of the <code class="docutils literal"><span class="pre">ciphertext</span></code> buffer in bytes. This must be appropriate for the selected algorithm and key:</p>
+<ul class="last simple">
+<li>A sufficient output size is <a class="reference internal" href="#c.PSA_AEAD_FINISH_OUTPUT_SIZE" title="PSA_AEAD_FINISH_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_FINISH_OUTPUT_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">key_type</span></code> is the type of key and <code class="docutils literal"><span class="pre">alg</span></code> is the algorithm that were used to set up the operation.</li>
+<li><a class="reference internal" href="#c.PSA_AEAD_FINISH_OUTPUT_MAX_SIZE" title="PSA_AEAD_FINISH_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_FINISH_OUTPUT_MAX_SIZE</span></code></a> evaluates to the maximum output size of any supported AEAD algorithm.</li>
+</ul>
+</dd>
+<dt> <code class="docutils literal"><span class="pre">ciphertext_length</span></code></dt>
+<dd>On success, the number of bytes of returned ciphertext.</dd>
+<dt> <code class="docutils literal"><span class="pre">tag</span></code></dt>
+<dd>Buffer where the authentication tag is to be written.</dd>
+<dt> <code class="docutils literal"><span class="pre">tag_size</span></code></dt>
+<dd><p class="first">Size of the <code class="docutils literal"><span class="pre">tag</span></code> buffer in bytes.
+This must be appropriate for the selected algorithm and key:</p>
+<ul class="last simple">
+<li>The exact tag size is <a class="reference internal" href="#c.PSA_AEAD_TAG_LENGTH" title="PSA_AEAD_TAG_LENGTH"><code class="docutils literal"><span class="pre">PSA_AEAD_TAG_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">key_bits</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">key_type</span></code> and <code class="docutils literal"><span class="pre">key_bits</span></code> are the type and bit-size of the key, and <code class="docutils literal"><span class="pre">alg</span></code> is the algorithm that were used in the call to <a class="reference internal" href="#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_encrypt_setup()</span></code></a>.</li>
+<li><a class="reference internal" href="#c.PSA_AEAD_TAG_MAX_SIZE" title="PSA_AEAD_TAG_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_TAG_MAX_SIZE</span></code></a> evaluates to the maximum tag size of any supported AEAD algorithm.</li>
+</ul>
+</dd>
+<dt> <code class="docutils literal"><span class="pre">tag_length</span></code></dt>
+<dd>On success, the number of bytes that make up the returned tag.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd>Success.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The operation state is not valid: it must be an active encryption operation with a nonce set.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
+<dd>The size of the <code class="docutils literal"><span class="pre">ciphertext</span></code> or <code class="docutils literal"><span class="pre">tag</span></code> buffer is too small.
+<a class="reference internal" href="#c.PSA_AEAD_FINISH_OUTPUT_SIZE" title="PSA_AEAD_FINISH_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_FINISH_OUTPUT_SIZE()</span></code></a> or <a class="reference internal" href="#c.PSA_AEAD_FINISH_OUTPUT_MAX_SIZE" title="PSA_AEAD_FINISH_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_FINISH_OUTPUT_MAX_SIZE</span></code></a> can be used to determine the required <code class="docutils literal"><span class="pre">ciphertext</span></code> buffer size.
+<a class="reference internal" href="#c.PSA_AEAD_TAG_LENGTH" title="PSA_AEAD_TAG_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_TAG_LENGTH()</span></code></a> or <a class="reference internal" href="#c.PSA_AEAD_TAG_MAX_SIZE" title="PSA_AEAD_TAG_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_TAG_MAX_SIZE</span></code></a> can be used to determine the required <code class="docutils literal"><span class="pre">tag</span></code> buffer size.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd>The total length of input to <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update_ad()</span></code></a> so far is less than the additional data length that was previously specified with <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_lengths()</span></code></a>.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd>The total length of input to <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update()</span></code></a> so far is less than the plaintext length that was previously specified with <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_lengths()</span></code></a>.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>The operation must have been set up with <a class="reference internal" href="#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_encrypt_setup()</span></code></a>.</p>
+<p>This function finishes the authentication of the additional data formed by concatenating the inputs passed to preceding calls to <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update_ad()</span></code></a> with the plaintext formed by concatenating the inputs passed to preceding calls to <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update()</span></code></a>.</p>
+<p>This function has two output buffers:</p>
+<ul class="simple">
+<li><code class="docutils literal"><span class="pre">ciphertext</span></code> contains trailing ciphertext that was buffered from preceding calls to <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update()</span></code></a>.</li>
+<li><code class="docutils literal"><span class="pre">tag</span></code> contains the authentication tag.</li>
+</ul>
+<p>When this function returns successfully, the operation becomes inactive. If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_abort()</span></code></a>.</p>
+</div>
+<div class="section" id="psa_aead_verify">
+<span id="c.psa_aead_verify"></span><h3><code class="docutils literal"><span class="pre">psa_aead_verify</span></code> (function)</h3>
+<p>Finish authenticating and decrypting a message in an AEAD operation.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify">psa_aead_verify</a>(<a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> * operation,
+                             uint8_t * plaintext,
+                             size_t plaintext_size,
+                             size_t * plaintext_length,
+                             const uint8_t * tag,
+                             size_t tag_length);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
+<dd>Active AEAD operation.</dd>
+<dt> <code class="docutils literal"><span class="pre">plaintext</span></code></dt>
+<dd>Buffer where the last part of the plaintext is to be written. This is the remaining data from previous calls to <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update()</span></code></a> that could not be processed until the end of the input.</dd>
+<dt> <code class="docutils literal"><span class="pre">plaintext_size</span></code></dt>
+<dd><p class="first">Size of the <code class="docutils literal"><span class="pre">plaintext</span></code> buffer in bytes. This must be appropriate for the selected algorithm and key:</p>
+<ul class="last simple">
+<li>A sufficient output size is <a class="reference internal" href="#c.PSA_AEAD_VERIFY_OUTPUT_SIZE" title="PSA_AEAD_VERIFY_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_VERIFY_OUTPUT_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">key_type</span></code> is the type of key and <code class="docutils literal"><span class="pre">alg</span></code> is the algorithm that were used to set up the operation.</li>
+<li><a class="reference internal" href="#c.PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE" title="PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE</span></code></a> evaluates to the maximum output size of any supported AEAD algorithm.</li>
+</ul>
+</dd>
+<dt> <code class="docutils literal"><span class="pre">plaintext_length</span></code></dt>
+<dd>On success, the number of bytes of returned plaintext.</dd>
+<dt> <code class="docutils literal"><span class="pre">tag</span></code></dt>
+<dd>Buffer containing the authentication tag.</dd>
+<dt> <code class="docutils literal"><span class="pre">tag_length</span></code></dt>
+<dd>Size of the <code class="docutils literal"><span class="pre">tag</span></code> buffer in bytes.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd>Success.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a></dt>
+<dd>The calculations were successful, but the authentication tag is not correct.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The operation state is not valid: it must be an active decryption operation with a nonce set.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
+<dd>The size of the <code class="docutils literal"><span class="pre">plaintext</span></code> buffer is too small. <a class="reference internal" href="#c.PSA_AEAD_VERIFY_OUTPUT_SIZE" title="PSA_AEAD_VERIFY_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_VERIFY_OUTPUT_SIZE()</span></code></a> or <a class="reference internal" href="#c.PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE" title="PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE</span></code></a> can be used to determine the required buffer size.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd>The total length of input to <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update_ad()</span></code></a> so far is less than the additional data length that was previously specified with <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_lengths()</span></code></a>.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd>The total length of input to <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update()</span></code></a> so far is less than the plaintext length that was previously specified with <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_lengths()</span></code></a>.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>The operation must have been set up with <a class="reference internal" href="#c.psa_aead_decrypt_setup" title="psa_aead_decrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_decrypt_setup()</span></code></a>.</p>
+<p>This function finishes the authenticated decryption of the message components:</p>
+<ul class="simple">
+<li>The additional data consisting of the concatenation of the inputs passed to preceding calls to <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update_ad()</span></code></a>.</li>
+<li>The ciphertext consisting of the concatenation of the inputs passed to preceding calls to <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update()</span></code></a>.</li>
+<li>The tag passed to this function call.</li>
+</ul>
+<p>If the authentication tag is correct, this function outputs any remaining plaintext and reports success. If the authentication tag is not correct, this function returns <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a>.</p>
+<p>When this function returns successfully, the operation becomes inactive. If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_abort()</span></code></a>.</p>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">Implementations must make the best effort to ensure that the comparison between the actual tag and the expected tag is performed in constant time.</p>
+</div>
+</div>
+<div class="section" id="psa_aead_abort">
+<span id="c.psa_aead_abort"></span><h3><code class="docutils literal"><span class="pre">psa_aead_abort</span></code> (function)</h3>
+<p>Abort an AEAD operation.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort">psa_aead_abort</a>(<a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> * operation);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
+<dd>Initialized AEAD operation.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>Aborting an operation frees all associated resources except for the <code class="docutils literal"><span class="pre">operation</span></code> object itself. Once aborted, the operation object can be reused for another operation by calling <a class="reference internal" href="#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_encrypt_setup()</span></code></a> or <a class="reference internal" href="#c.psa_aead_decrypt_setup" title="psa_aead_decrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_decrypt_setup()</span></code></a> again.</p>
+<p>This function can be called any time after the operation object has been initialized as described in <a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_aead_operation_t</span></code></a>.</p>
+<p>In particular, calling <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_abort()</span></code></a> after the operation has been terminated by a call to <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_abort()</span></code></a>, <a class="reference internal" href="#c.psa_aead_finish" title="psa_aead_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_finish()</span></code></a> or <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_verify()</span></code></a> is safe and has no effect.</p>
+</div>
+</div>
+<div class="section" id="support-macros">
+<h2>Support macros</h2>
+<div class="section" id="PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER">
+<span id="c.PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER</span></code> (macro)</h3>
+<p>Whether the specified algorithm is an AEAD mode on a block cipher.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER" title="PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER">PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is an AEAD algorithm which is an AEAD mode based on a block cipher, <code class="docutils literal"><span class="pre">0</span></code> otherwise.</p>
+<p>This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+</div>
+<div class="section" id="PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG">
+<span id="c.PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG</span></code> (macro)</h3>
+<p>An AEAD algorithm with the default tag length.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG" title="PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG">PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG</a>(aead_alg) \
+    <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">aead_alg</span></code></dt>
+<dd>An AEAD algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>The corresponding AEAD algorithm with the default tag length for that algorithm.</p>
+<p class="rubric">Description</p>
+<p>This macro can be used to construct the AEAD algorithm with default tag length from an AEAD algorithm with a shortened tag. See also <a class="reference internal" href="#c.PSA_ALG_AEAD_WITH_SHORTENED_TAG" title="PSA_ALG_AEAD_WITH_SHORTENED_TAG"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_AEAD_WITH_SHORTENED_TAG()</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_AEAD_ENCRYPT_OUTPUT_SIZE">
+<span id="c.PSA_AEAD_ENCRYPT_OUTPUT_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_AEAD_ENCRYPT_OUTPUT_SIZE</span></code> (macro)</h3>
+<p>The maximum size of the output of <a class="reference internal" href="#c.psa_aead_encrypt" title="psa_aead_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_encrypt()</span></code></a>, in bytes.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_AEAD_ENCRYPT_OUTPUT_SIZE" title="PSA_AEAD_ENCRYPT_OUTPUT_SIZE">PSA_AEAD_ENCRYPT_OUTPUT_SIZE</a>(key_type, alg, plaintext_length) \
+    <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
+<dd>A symmetric key type that is compatible with algorithm <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An AEAD algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dt> <code class="docutils literal"><span class="pre">plaintext_length</span></code></dt>
+<dd>Size of the plaintext in bytes.</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>The AEAD ciphertext size for the specified key type and algorithm. If the key type or AEAD algorithm is not recognized, or the parameters are incompatible, return <code class="docutils literal"><span class="pre">0</span></code>. An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or a correct size for a key type and AEAD algorithm that it recognizes, but does not support.</p>
+<p class="rubric">Description</p>
+<p>If the size of the ciphertext buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_aead_encrypt" title="psa_aead_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_encrypt()</span></code></a> will not fail due to an insufficient buffer size. Depending on the algorithm, the actual size of the ciphertext might be smaller.</p>
+<p>See also <a class="reference internal" href="#c.PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE" title="PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE">
+<span id="c.PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE</span></code> (macro)</h3>
+<p>A sufficient output buffer size for <a class="reference internal" href="#c.psa_aead_encrypt" title="psa_aead_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_encrypt()</span></code></a>, for any of the supported key types and AEAD algorithms.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE" title="PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE">PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE</a>(plaintext_length) \
+    <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">plaintext_length</span></code></dt>
+<dd>Size of the plaintext in bytes.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>If the size of the ciphertext buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_aead_encrypt" title="psa_aead_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_encrypt()</span></code></a> will not fail due to an insufficient buffer size.</p>
+<p>See also <a class="reference internal" href="#c.PSA_AEAD_ENCRYPT_OUTPUT_SIZE" title="PSA_AEAD_ENCRYPT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_ENCRYPT_OUTPUT_SIZE()</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_AEAD_DECRYPT_OUTPUT_SIZE">
+<span id="c.PSA_AEAD_DECRYPT_OUTPUT_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_AEAD_DECRYPT_OUTPUT_SIZE</span></code> (macro)</h3>
+<p>The maximum size of the output of <a class="reference internal" href="#c.psa_aead_decrypt" title="psa_aead_decrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_decrypt()</span></code></a>, in bytes.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_AEAD_DECRYPT_OUTPUT_SIZE" title="PSA_AEAD_DECRYPT_OUTPUT_SIZE">PSA_AEAD_DECRYPT_OUTPUT_SIZE</a>(key_type, alg, ciphertext_length) \
+    <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
+<dd>A symmetric key type that is compatible with algorithm <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An AEAD algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dt> <code class="docutils literal"><span class="pre">ciphertext_length</span></code></dt>
+<dd>Size of the ciphertext in bytes.</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>The AEAD plaintext size for the specified key type and algorithm. If the key type or AEAD algorithm is not recognized, or the parameters are incompatible, return <code class="docutils literal"><span class="pre">0</span></code>. An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or a correct size for a key type and AEAD algorithm that it recognizes, but does not support.</p>
+<p class="rubric">Description</p>
+<p>If the size of the plaintext buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_aead_decrypt" title="psa_aead_decrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_decrypt()</span></code></a> will not fail due to an insufficient buffer size. Depending on the algorithm, the actual size of the plaintext might be smaller.</p>
+<p>See also <a class="reference internal" href="#c.PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE" title="PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE">
+<span id="c.PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE</span></code> (macro)</h3>
+<p>A sufficient output buffer size for <a class="reference internal" href="#c.psa_aead_decrypt" title="psa_aead_decrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_decrypt()</span></code></a>, for any of the supported key types and AEAD algorithms.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE" title="PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE">PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE</a>(ciphertext_length) \
+    <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">ciphertext_length</span></code></dt>
+<dd>Size of the ciphertext in bytes.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>If the size of the plaintext buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_aead_decrypt" title="psa_aead_decrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_decrypt()</span></code></a> will not fail due to an insufficient buffer size.</p>
+<p>See also <a class="reference internal" href="#c.PSA_AEAD_DECRYPT_OUTPUT_SIZE" title="PSA_AEAD_DECRYPT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_DECRYPT_OUTPUT_SIZE()</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_AEAD_NONCE_LENGTH">
+<span id="c.PSA_AEAD_NONCE_LENGTH"></span><h3><code class="docutils literal"><span class="pre">PSA_AEAD_NONCE_LENGTH</span></code> (macro)</h3>
+<p>The default nonce size for an AEAD algorithm, in bytes.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_AEAD_NONCE_LENGTH" title="PSA_AEAD_NONCE_LENGTH">PSA_AEAD_NONCE_LENGTH</a>(key_type, alg) <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
+<dd>A symmetric key type that is compatible with algorithm <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An AEAD algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>The default nonce size for the specified key type and algorithm. If the key type or AEAD algorithm is not recognized, or the parameters are incompatible, return <code class="docutils literal"><span class="pre">0</span></code>. An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or a correct size for a key type and AEAD algorithm that it recognizes, but does not support.</p>
+<p class="rubric">Description</p>
+<p>This macro can be used to allocate a buffer of sufficient size to store the nonce output from <a class="reference internal" href="#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_generate_nonce()</span></code></a>.</p>
+<p>See also <a class="reference internal" href="#c.PSA_AEAD_NONCE_MAX_SIZE" title="PSA_AEAD_NONCE_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_NONCE_MAX_SIZE</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_AEAD_NONCE_MAX_SIZE">
+<span id="c.PSA_AEAD_NONCE_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_AEAD_NONCE_MAX_SIZE</span></code> (macro)</h3>
+<p>The maximum nonce size for all supported AEAD algorithms, in bytes.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_AEAD_NONCE_MAX_SIZE" title="PSA_AEAD_NONCE_MAX_SIZE">PSA_AEAD_NONCE_MAX_SIZE</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p>See also <a class="reference internal" href="#c.PSA_AEAD_NONCE_LENGTH" title="PSA_AEAD_NONCE_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_NONCE_LENGTH()</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_AEAD_UPDATE_OUTPUT_SIZE">
+<span id="c.PSA_AEAD_UPDATE_OUTPUT_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_AEAD_UPDATE_OUTPUT_SIZE</span></code> (macro)</h3>
+<p>A sufficient output buffer size for <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update()</span></code></a>.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_AEAD_UPDATE_OUTPUT_SIZE" title="PSA_AEAD_UPDATE_OUTPUT_SIZE">PSA_AEAD_UPDATE_OUTPUT_SIZE</a>(key_type, alg, input_length) \
+    <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
+<dd>A symmetric key type that is compatible with algorithm <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An AEAD algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
+<dd>Size of the input in bytes.</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>A sufficient output buffer size for the specified key type and algorithm. If the key type or AEAD algorithm is not recognized, or the parameters are incompatible, return <code class="docutils literal"><span class="pre">0</span></code>. An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or a correct size for a key type and AEAD algorithm that it recognizes, but does not support.</p>
+<p class="rubric">Description</p>
+<p>If the size of the output buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update()</span></code></a> will not fail due to an insufficient buffer size. The actual size of the output might be smaller in any given call.</p>
+<p>See also <a class="reference internal" href="#c.PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE" title="PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE">
+<span id="c.PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE</span></code> (macro)</h3>
+<p>A sufficient output buffer size for <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update()</span></code></a>, for any of the supported key types and AEAD algorithms.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE" title="PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE">PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE</a>(input_length) \
+    <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
+<dd>Size of the input in bytes.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>If the size of the output buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update()</span></code></a> will not fail due to an insufficient buffer size.</p>
+<p>See also <a class="reference internal" href="#c.PSA_AEAD_UPDATE_OUTPUT_SIZE" title="PSA_AEAD_UPDATE_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_UPDATE_OUTPUT_SIZE()</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_AEAD_FINISH_OUTPUT_SIZE">
+<span id="c.PSA_AEAD_FINISH_OUTPUT_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_AEAD_FINISH_OUTPUT_SIZE</span></code> (macro)</h3>
+<p>A sufficient ciphertext buffer size for <a class="reference internal" href="#c.psa_aead_finish" title="psa_aead_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_finish()</span></code></a>.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_AEAD_FINISH_OUTPUT_SIZE" title="PSA_AEAD_FINISH_OUTPUT_SIZE">PSA_AEAD_FINISH_OUTPUT_SIZE</a>(key_type, alg) \
+    <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
+<dd>A symmetric key type that is compatible with algorithm <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An AEAD algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>A sufficient ciphertext buffer size for the specified key type and algorithm. If the key type or AEAD algorithm is not recognized, or the parameters are incompatible, return <code class="docutils literal"><span class="pre">0</span></code>. An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or a correct size for a key type and AEAD algorithm that it recognizes, but does not support.</p>
+<p class="rubric">Description</p>
+<p>If the size of the ciphertext buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_aead_finish" title="psa_aead_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_finish()</span></code></a> will not fail due to an insufficient ciphertext buffer size. The actual size of the output might be smaller in any given call.</p>
+<p>See also <a class="reference internal" href="#c.PSA_AEAD_FINISH_OUTPUT_MAX_SIZE" title="PSA_AEAD_FINISH_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_FINISH_OUTPUT_MAX_SIZE</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_AEAD_FINISH_OUTPUT_MAX_SIZE">
+<span id="c.PSA_AEAD_FINISH_OUTPUT_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_AEAD_FINISH_OUTPUT_MAX_SIZE</span></code> (macro)</h3>
+<p>A sufficient ciphertext buffer size for <a class="reference internal" href="#c.psa_aead_finish" title="psa_aead_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_finish()</span></code></a>, for any of the supported key types and AEAD algorithms.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_AEAD_FINISH_OUTPUT_MAX_SIZE" title="PSA_AEAD_FINISH_OUTPUT_MAX_SIZE">PSA_AEAD_FINISH_OUTPUT_MAX_SIZE</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p>See also <a class="reference internal" href="#c.PSA_AEAD_FINISH_OUTPUT_SIZE" title="PSA_AEAD_FINISH_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_FINISH_OUTPUT_SIZE()</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_AEAD_TAG_LENGTH">
+<span id="c.PSA_AEAD_TAG_LENGTH"></span><h3><code class="docutils literal"><span class="pre">PSA_AEAD_TAG_LENGTH</span></code> (macro)</h3>
+<p>The length of a tag for an AEAD algorithm, in bytes.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_AEAD_TAG_LENGTH" title="PSA_AEAD_TAG_LENGTH">PSA_AEAD_TAG_LENGTH</a>(key_type, key_bits, alg) \
+    <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
+<dd>The type of the AEAD key.</dd>
+<dt> <code class="docutils literal"><span class="pre">key_bits</span></code></dt>
+<dd>The size of the AEAD key in bits.</dd>
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An AEAD algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>The tag length for the specified algorithm and key.
+If the AEAD algorithm does not have an identified tag that can be distinguished from the rest of the ciphertext, return <code class="docutils literal"><span class="pre">0</span></code>. If the AEAD algorithm is not recognized, return <code class="docutils literal"><span class="pre">0</span></code>. An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or a correct size for an AEAD algorithm that it recognizes, but does not support.</p>
+<p class="rubric">Description</p>
+<p>This macro can be used to allocate a buffer of sufficient size to store the tag output from <a class="reference internal" href="#c.psa_aead_finish" title="psa_aead_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_finish()</span></code></a>.</p>
+<p>See also <a class="reference internal" href="#c.PSA_AEAD_TAG_MAX_SIZE" title="PSA_AEAD_TAG_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_TAG_MAX_SIZE</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_AEAD_TAG_MAX_SIZE">
+<span id="c.PSA_AEAD_TAG_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_AEAD_TAG_MAX_SIZE</span></code> (macro)</h3>
+<p>The maximum tag size for all supported AEAD algorithms, in bytes.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_AEAD_TAG_MAX_SIZE" title="PSA_AEAD_TAG_MAX_SIZE">PSA_AEAD_TAG_MAX_SIZE</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p>See also <a class="reference internal" href="#c.PSA_AEAD_TAG_LENGTH" title="PSA_AEAD_TAG_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_TAG_LENGTH()</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_AEAD_VERIFY_OUTPUT_SIZE">
+<span id="c.PSA_AEAD_VERIFY_OUTPUT_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_AEAD_VERIFY_OUTPUT_SIZE</span></code> (macro)</h3>
+<p>A sufficient plaintext buffer size for <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_verify()</span></code></a>.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_AEAD_VERIFY_OUTPUT_SIZE" title="PSA_AEAD_VERIFY_OUTPUT_SIZE">PSA_AEAD_VERIFY_OUTPUT_SIZE</a>(key_type, alg) \
+    <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
+<dd>A symmetric key type that is compatible with algorithm <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An AEAD algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>A sufficient plaintext buffer size for the specified key type and algorithm. If the key type or AEAD algorithm is not recognized, or the parameters are incompatible, return <code class="docutils literal"><span class="pre">0</span></code>. An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or a correct size for a key type and AEAD algorithm that it recognizes, but does not support.</p>
+<p class="rubric">Description</p>
+<p>If the size of the plaintext buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_verify()</span></code></a> will not fail due to an insufficient plaintext buffer size. The actual size of the output might be smaller in any given call.</p>
+<p>See also <a class="reference internal" href="#c.PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE" title="PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE">
+<span id="c.PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE</span></code> (macro)</h3>
+<p>A sufficient plaintext buffer size for <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_verify()</span></code></a>, for any of the supported key types and AEAD algorithms.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE" title="PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE">PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p>See also <a class="reference internal" href="#c.PSA_AEAD_VERIFY_OUTPUT_SIZE" title="PSA_AEAD_VERIFY_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_VERIFY_OUTPUT_SIZE()</span></code></a>.</p>
+</div>
+</div>
+</div>
+
+
+          </div>
+        </div>
+      </div>
+      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
+        <div class="sphinxsidebarwrapper">
+  <h3><a href="../../index.html">Table Of Contents</a></h3>
+  <ul>
+<li><a class="reference internal" href="#">Authenticated encryption with associated data (AEAD)</a><ul>
+<li><a class="reference internal" href="#aead-algorithms">AEAD algorithms</a><ul>
+<li><a class="reference internal" href="#PSA_ALG_CCM"><code class="docutils literal"><span class="pre">PSA_ALG_CCM</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_GCM"><code class="docutils literal"><span class="pre">PSA_ALG_GCM</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_CHACHA20_POLY1305"><code class="docutils literal"><span class="pre">PSA_ALG_CHACHA20_POLY1305</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_AEAD_WITH_SHORTENED_TAG"><code class="docutils literal"><span class="pre">PSA_ALG_AEAD_WITH_SHORTENED_TAG</span></code> (macro)</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#single-part-aead-functions">Single-part AEAD functions</a><ul>
+<li><a class="reference internal" href="#psa_aead_encrypt"><code class="docutils literal"><span class="pre">psa_aead_encrypt</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_aead_decrypt"><code class="docutils literal"><span class="pre">psa_aead_decrypt</span></code> (function)</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#multi-part-aead-operations">Multi-part AEAD operations</a><ul>
+<li><a class="reference internal" href="#psa_aead_operation_t"><code class="docutils literal"><span class="pre">psa_aead_operation_t</span></code> (type)</a></li>
+<li><a class="reference internal" href="#PSA_AEAD_OPERATION_INIT"><code class="docutils literal"><span class="pre">PSA_AEAD_OPERATION_INIT</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#psa_aead_operation_init"><code class="docutils literal"><span class="pre">psa_aead_operation_init</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_aead_encrypt_setup"><code class="docutils literal"><span class="pre">psa_aead_encrypt_setup</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_aead_decrypt_setup"><code class="docutils literal"><span class="pre">psa_aead_decrypt_setup</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_aead_generate_nonce"><code class="docutils literal"><span class="pre">psa_aead_generate_nonce</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_aead_set_nonce"><code class="docutils literal"><span class="pre">psa_aead_set_nonce</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_aead_set_lengths"><code class="docutils literal"><span class="pre">psa_aead_set_lengths</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_aead_update_ad"><code class="docutils literal"><span class="pre">psa_aead_update_ad</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_aead_update"><code class="docutils literal"><span class="pre">psa_aead_update</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_aead_finish"><code class="docutils literal"><span class="pre">psa_aead_finish</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_aead_verify"><code class="docutils literal"><span class="pre">psa_aead_verify</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_aead_abort"><code class="docutils literal"><span class="pre">psa_aead_abort</span></code> (function)</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#support-macros">Support macros</a><ul>
+<li><a class="reference internal" href="#PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG"><code class="docutils literal"><span class="pre">PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_AEAD_ENCRYPT_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_ENCRYPT_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_AEAD_DECRYPT_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_DECRYPT_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_AEAD_NONCE_LENGTH"><code class="docutils literal"><span class="pre">PSA_AEAD_NONCE_LENGTH</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_AEAD_NONCE_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_NONCE_MAX_SIZE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_AEAD_UPDATE_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_UPDATE_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_AEAD_FINISH_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_FINISH_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_AEAD_FINISH_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_FINISH_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_AEAD_TAG_LENGTH"><code class="docutils literal"><span class="pre">PSA_AEAD_TAG_LENGTH</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_AEAD_TAG_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_TAG_MAX_SIZE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_AEAD_VERIFY_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_VERIFY_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
+</ul>
+</li>
+</ul>
+</li>
+</ul>
+<div class="relations">
+<h3>Related Topics</h3>
+<ul>
+  <li><a href="../../index.html">Documentation overview</a><ul>
+  <li><a href="index.html">Cryptographic operation reference</a><ul>
+      <li>Previous: <a href="ciphers.html" title="previous chapter">Unauthenticated ciphers</a></li>
+      <li>Next: <a href="kdf.html" title="next chapter">Key derivation</a></li>
+  </ul></li>
+  </ul></li>
+</ul>
+</div>
+  <div role="note" aria-label="source link">
+    <h3>This Page</h3>
+    <ul class="this-page-menu">
+      <li><a href="../../_sources/api/ops/aead.rst.txt"
+            rel="nofollow">Show Source</a></li>
+    </ul>
+   </div>
+<div id="searchbox" style="display: none" role="search">
+  <h3>Quick search</h3>
+    <form class="search" action="../../search.html" method="get">
+      <div><input type="text" name="q" /></div>
+      <div><input type="submit" value="Go" /></div>
+      <input type="hidden" name="check_keywords" value="yes" />
+      <input type="hidden" name="area" value="default" />
+    </form>
+</div>
+<script type="text/javascript">$('#searchbox').show(0);</script>
+        </div>
+      </div>
+      <div class="clearer"></div>
+    </div>
+    <div class="footer">
+      &copy; 2019-2020, Arm Limited or its affiliates. All rights reserved.
+      
+      |
+      Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
+      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
+      
+      |
+      <a href="../../_sources/api/ops/aead.rst.txt"
+          rel="nofollow">Page source</a>
+    </div>
+
+    
+
+    
+  </body>
+</html>
\ No newline at end of file
diff --git a/docs/html/api/ops/ciphers.html b/docs/html/api/ops/ciphers.html
new file mode 100644
index 0000000..7826c94
--- /dev/null
+++ b/docs/html/api/ops/ciphers.html
@@ -0,0 +1,1060 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <title>Unauthenticated ciphers &#8212; PSA Crypto API 1.0.0 documentation</title>
+    <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
+    <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
+    <script type="text/javascript">
+      var DOCUMENTATION_OPTIONS = {
+        URL_ROOT:    '../../',
+        VERSION:     '1.0.0',
+        COLLAPSE_INDEX: false,
+        FILE_SUFFIX: '.html',
+        HAS_SOURCE:  true,
+        SOURCELINK_SUFFIX: '.txt'
+      };
+    </script>
+    <script type="text/javascript" src="../../_static/jquery.js"></script>
+    <script type="text/javascript" src="../../_static/underscore.js"></script>
+    <script type="text/javascript" src="../../_static/doctools.js"></script>
+    <link rel="index" title="Index" href="../../genindex.html" />
+    <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="Authenticated encryption with associated data (AEAD)" href="aead.html" />
+    <link rel="prev" title="Message authentication codes (MAC)" href="macs.html" />
+   
+  <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
+  
+  <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
+
+  </head>
+  <body>
+  
+
+    <div class="document">
+      <div class="documentwrapper">
+        <div class="bodywrapper">
+          <div class="body" role="main">
+            
+  <div class="section" id="unauthenticated-ciphers">
+<span id="ciphers"></span><h1>Unauthenticated ciphers</h1>
+<div class="admonition warning">
+<p class="first admonition-title">Warning</p>
+<p>The unauthenticated cipher API is provided to implement legacy protocols and
+for use cases where the data integrity and authenticity is guaranteed by
+non-cryptographic means.</p>
+<p class="last">It is recommended that newer protocols use <em><a class="reference internal" href="aead.html#aead"><span class="std std-ref">Authenticated encryption with associated data (AEAD)</span></a></em>.</p>
+</div>
+<div class="section" id="cipher-algorithms">
+<span id="id1"></span><h2>Cipher algorithms</h2>
+<div class="section" id="PSA_ALG_STREAM_CIPHER">
+<span id="c.PSA_ALG_STREAM_CIPHER"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_STREAM_CIPHER</span></code> (macro)</h3>
+<p>The stream cipher mode of a stream cipher algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_STREAM_CIPHER" title="PSA_ALG_STREAM_CIPHER">PSA_ALG_STREAM_CIPHER</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04800100)
+</pre>
+<p>The underlying stream cipher is determined by the key type:</p>
+<ul class="simple">
+<li>To use ChaCha20, use a key type of <a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_CHACHA20" title="PSA_KEY_TYPE_CHACHA20"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_CHACHA20</span></code></a> and algorithm id <a class="reference internal" href="#c.PSA_ALG_STREAM_CIPHER" title="PSA_ALG_STREAM_CIPHER"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_STREAM_CIPHER</span></code></a>.</li>
+<li>To use ARC4, use a key type of <a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_ARC4" title="PSA_KEY_TYPE_ARC4"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_ARC4</span></code></a> and algorithm id <a class="reference internal" href="#c.PSA_ALG_STREAM_CIPHER" title="PSA_ALG_STREAM_CIPHER"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_STREAM_CIPHER</span></code></a>.</li>
+</ul>
+</div>
+<div class="section" id="PSA_ALG_CTR">
+<span id="c.PSA_ALG_CTR"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_CTR</span></code> (macro)</h3>
+<p>A stream cipher built using the Counter (CTR) mode of a block cipher.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_CTR" title="PSA_ALG_CTR">PSA_ALG_CTR</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04c01000)
+</pre>
+<p>CTR is a stream cipher which is built from a block cipher. The underlying block cipher is determined by the key type. For example, to use AES-128-CTR, use this algorithm with a key of type <a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_AES" title="PSA_KEY_TYPE_AES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_AES</span></code></a> and a length of 128 bits (16 bytes).</p>
+</div>
+<div class="section" id="PSA_ALG_CFB">
+<span id="c.PSA_ALG_CFB"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_CFB</span></code> (macro)</h3>
+<p>A stream cipher built using the Cipher Feedback (CFB) mode of a block cipher.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_CFB" title="PSA_ALG_CFB">PSA_ALG_CFB</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04c01100)
+</pre>
+<p>The underlying block cipher is determined by the key type.</p>
+</div>
+<div class="section" id="PSA_ALG_OFB">
+<span id="c.PSA_ALG_OFB"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_OFB</span></code> (macro)</h3>
+<p>A stream cipher built using the Output Feedback (OFB) mode of a block cipher.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_OFB" title="PSA_ALG_OFB">PSA_ALG_OFB</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04c01200)
+</pre>
+<p>The underlying block cipher is determined by the key type.</p>
+</div>
+<div class="section" id="PSA_ALG_XTS">
+<span id="c.PSA_ALG_XTS"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_XTS</span></code> (macro)</h3>
+<p>The XTS cipher mode of a block cipher.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_XTS" title="PSA_ALG_XTS">PSA_ALG_XTS</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x0440ff00)
+</pre>
+<p>XTS is a cipher mode which is built from a block cipher. It requires at least one full block of input, but beyond this minimum the input does not need to be a whole number of blocks.</p>
+</div>
+<div class="section" id="PSA_ALG_ECB_NO_PADDING">
+<span id="c.PSA_ALG_ECB_NO_PADDING"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_ECB_NO_PADDING</span></code> (macro)</h3>
+<p>The Electronic Code Book (ECB) mode of a block cipher, with no padding.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_ECB_NO_PADDING" title="PSA_ALG_ECB_NO_PADDING">PSA_ALG_ECB_NO_PADDING</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04404400)
+</pre>
+<div class="admonition warning">
+<p class="first admonition-title">Warning</p>
+<p class="last">ECB mode does not protect the confidentiality of the encrypted data except in extremely narrow circumstances. It is recommended that applications only use ECB if they need to construct an operating mode that the implementation does not provide. Implementations are encouraged to provide the modes that applications need in preference to supporting direct access to ECB.</p>
+</div>
+<p>The underlying block cipher is determined by the key type.</p>
+<p>This symmetric cipher mode can only be used with messages whose lengths are whole number of blocks for the chosen block cipher.</p>
+<p>ECB mode does not accept an initialization vector (IV). When using a multi-part cipher operation with this algorithm, <a class="reference internal" href="#c.psa_cipher_generate_iv" title="psa_cipher_generate_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_generate_iv()</span></code></a> and <a class="reference internal" href="#c.psa_cipher_set_iv" title="psa_cipher_set_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_set_iv()</span></code></a> must not be called.</p>
+</div>
+<div class="section" id="PSA_ALG_CBC_NO_PADDING">
+<span id="c.PSA_ALG_CBC_NO_PADDING"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_CBC_NO_PADDING</span></code> (macro)</h3>
+<p>The Cipher Block Chaining (CBC) mode of a block cipher, with no padding.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_CBC_NO_PADDING" title="PSA_ALG_CBC_NO_PADDING">PSA_ALG_CBC_NO_PADDING</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04404000)
+</pre>
+<p>The underlying block cipher is determined by the key type.</p>
+<p>This symmetric cipher mode can only be used with messages whose lengths are whole number of blocks for the chosen block cipher.</p>
+</div>
+<div class="section" id="PSA_ALG_CBC_PKCS7">
+<span id="c.PSA_ALG_CBC_PKCS7"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_CBC_PKCS7</span></code> (macro)</h3>
+<p>The Cipher Block Chaining (CBC) mode of a block cipher, with PKCS#7 padding.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_CBC_PKCS7" title="PSA_ALG_CBC_PKCS7">PSA_ALG_CBC_PKCS7</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04404100)
+</pre>
+<p>The underlying block cipher is determined by the key type.</p>
+<p>This is the padding method defined by PKCS#7 <a class="reference external" href="https://tools.ietf.org/html/rfc2315.html#section-10.3">RFC 2315 §10.3</a>.</p>
+</div>
+</div>
+<div class="section" id="single-part-cipher-functions">
+<h2>Single-part cipher functions</h2>
+<div class="section" id="psa_cipher_encrypt">
+<span id="c.psa_cipher_encrypt"></span><h3><code class="docutils literal"><span class="pre">psa_cipher_encrypt</span></code> (function)</h3>
+<p>Encrypt a message using a symmetric cipher.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_cipher_encrypt" title="psa_cipher_encrypt">psa_cipher_encrypt</a>(<a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+                                <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+                                const uint8_t * input,
+                                size_t input_length,
+                                uint8_t * output,
+                                size_t output_size,
+                                size_t * output_length);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
+<dd>Identifier of the key to use for the operation.
+It must allow the usage <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code></a>.</dd>
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>The cipher algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dt> <code class="docutils literal"><span class="pre">input</span></code></dt>
+<dd>Buffer containing the message to encrypt.</dd>
+<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
+<dd>Size of the <code class="docutils literal"><span class="pre">input</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal"><span class="pre">output</span></code></dt>
+<dd>Buffer where the output is to be written. The output contains the IV followed by the ciphertext proper.</dd>
+<dt> <code class="docutils literal"><span class="pre">output_size</span></code></dt>
+<dd><p class="first">Size of the <code class="docutils literal"><span class="pre">output</span></code> buffer in bytes. This must be appropriate for the selected algorithm and key:</p>
+<ul class="last simple">
+<li>A sufficient output size is <a class="reference internal" href="#c.PSA_CIPHER_ENCRYPT_OUTPUT_SIZE" title="PSA_CIPHER_ENCRYPT_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_ENCRYPT_OUTPUT_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">input_length</span></code><code class="docutils literal"><span class="pre">)</span></code>  where <code class="docutils literal"><span class="pre">key_type</span></code> is the type of <code class="docutils literal"><span class="pre">key</span></code>.</li>
+<li><a class="reference internal" href="#c.PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE" title="PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">input_length</span></code><code class="docutils literal"><span class="pre">)</span></code> evaluates to the maximum output size of any supported cipher encryption.</li>
+</ul>
+</dd>
+<dt> <code class="docutils literal"><span class="pre">output_length</span></code></dt>
+<dd>On success, the number of bytes that make up the output.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd>Success.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
+<dd>The key does not have the <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code></a> flag, or it does not permit the requested algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">key</span></code> is not compatible with <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">alg</span></code> is not supported or is not a cipher algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">output_size</span></code> is too small. <a class="reference internal" href="#c.PSA_CIPHER_ENCRYPT_OUTPUT_SIZE" title="PSA_CIPHER_ENCRYPT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_ENCRYPT_OUTPUT_SIZE()</span></code></a> or <a class="reference internal" href="#c.PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE" title="PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE()</span></code></a> can be used to determine the required buffer size.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>This function encrypts a message with a random initialization vector (IV).
+The length of the IV is <a class="reference internal" href="#c.PSA_CIPHER_IV_LENGTH" title="PSA_CIPHER_IV_LENGTH"><code class="docutils literal"><span class="pre">PSA_CIPHER_IV_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">key_type</span></code> is the type of <code class="docutils literal"><span class="pre">key</span></code>.
+The output of <a class="reference internal" href="#c.psa_cipher_encrypt" title="psa_cipher_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_encrypt()</span></code></a> is the IV followed by the ciphertext.</p>
+<p>Use the multi-part operation interface with a <a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_cipher_operation_t</span></code></a> object to provide other forms of IV or to manage the IV and ciphertext independently.</p>
+</div>
+<div class="section" id="psa_cipher_decrypt">
+<span id="c.psa_cipher_decrypt"></span><h3><code class="docutils literal"><span class="pre">psa_cipher_decrypt</span></code> (function)</h3>
+<p>Decrypt a message using a symmetric cipher.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_cipher_decrypt" title="psa_cipher_decrypt">psa_cipher_decrypt</a>(<a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+                                <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+                                const uint8_t * input,
+                                size_t input_length,
+                                uint8_t * output,
+                                size_t output_size,
+                                size_t * output_length);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
+<dd>Identifier of the key to use for the operation. It must remain valid until the operation terminates.
+It must allow the usage <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code></a>.</dd>
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>The cipher algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dt> <code class="docutils literal"><span class="pre">input</span></code></dt>
+<dd>Buffer containing the message to decrypt. This consists of the IV followed by the ciphertext proper.</dd>
+<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
+<dd>Size of the <code class="docutils literal"><span class="pre">input</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal"><span class="pre">output</span></code></dt>
+<dd>Buffer where the plaintext is to be written.</dd>
+<dt> <code class="docutils literal"><span class="pre">output_size</span></code></dt>
+<dd><p class="first">Size of the <code class="docutils literal"><span class="pre">output</span></code> buffer in bytes. This must be appropriate for the selected algorithm and key:</p>
+<ul class="last simple">
+<li>A sufficient output size is <a class="reference internal" href="#c.PSA_CIPHER_DECRYPT_OUTPUT_SIZE" title="PSA_CIPHER_DECRYPT_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_DECRYPT_OUTPUT_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">input_length</span></code><code class="docutils literal"><span class="pre">)</span></code>  where <code class="docutils literal"><span class="pre">key_type</span></code> is the type of <code class="docutils literal"><span class="pre">key</span></code>.</li>
+<li><a class="reference internal" href="#c.PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE" title="PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">input_length</span></code><code class="docutils literal"><span class="pre">)</span></code> evaluates to the maximum output size of any supported cipher decryption.</li>
+</ul>
+</dd>
+<dt> <code class="docutils literal"><span class="pre">output_length</span></code></dt>
+<dd>On success, the number of bytes that make up the output.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd>Success.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
+<dd>The key does not have the <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code></a> flag, or it does not permit the requested algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">key</span></code> is not compatible with <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">alg</span></code> is not supported or is not a cipher algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">output_size</span></code> is too small. <a class="reference internal" href="#c.PSA_CIPHER_DECRYPT_OUTPUT_SIZE" title="PSA_CIPHER_DECRYPT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_DECRYPT_OUTPUT_SIZE()</span></code></a> or <a class="reference internal" href="#c.PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE" title="PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE()</span></code></a> can be used to determine the required buffer size.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>This function decrypts a message encrypted with a symmetric cipher.</p>
+<p>The input to this function must contain the IV followed by the ciphertext, as output by <a class="reference internal" href="#c.psa_cipher_encrypt" title="psa_cipher_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_encrypt()</span></code></a>. The IV must be <a class="reference internal" href="#c.PSA_CIPHER_IV_LENGTH" title="PSA_CIPHER_IV_LENGTH"><code class="docutils literal"><span class="pre">PSA_CIPHER_IV_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> bytes in length, where <code class="docutils literal"><span class="pre">key_type</span></code> is the type of <code class="docutils literal"><span class="pre">key</span></code>.</p>
+<p>Use the multi-part operation interface with a <a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_cipher_operation_t</span></code></a> object to decrypt data which is not in the expected input format.</p>
+</div>
+</div>
+<div class="section" id="multi-part-cipher-operations">
+<h2>Multi-part cipher operations</h2>
+<div class="section" id="psa_cipher_operation_t">
+<span id="c.psa_cipher_operation_t"></span><h3><code class="docutils literal"><span class="pre">psa_cipher_operation_t</span></code> (type)</h3>
+<p>The type of the state object for multi-part cipher operations.</p>
+<pre class="literal-block">
+typedef <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-type"><span class="std std-ref">/* implementation-defined type */</span></a></em> <a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t">psa_cipher_operation_t</a>;
+</pre>
+<p>Before calling any function on a cipher operation object, the application must initialize it by any of the following means:</p>
+<ul>
+<li><p class="first">Set the object to all-bits-zero, for example:</p>
+<pre class="literal-block">
+<a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t">psa_cipher_operation_t</a> operation;
+memset(&amp;operation, 0, sizeof(operation));
+</pre>
+</li>
+<li><p class="first">Initialize the object to logical zero values by declaring the object as static or global without an explicit initializer, for example:</p>
+<pre class="literal-block">
+static <a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t">psa_cipher_operation_t</a> operation;
+</pre>
+</li>
+<li><p class="first">Initialize the object to the initializer <a class="reference internal" href="#c.PSA_CIPHER_OPERATION_INIT" title="PSA_CIPHER_OPERATION_INIT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_OPERATION_INIT</span></code></a>, for example:</p>
+<pre class="literal-block">
+<a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t">psa_cipher_operation_t</a> operation = <a class="reference internal" href="#c.PSA_CIPHER_OPERATION_INIT" title="PSA_CIPHER_OPERATION_INIT">PSA_CIPHER_OPERATION_INIT</a>;
+</pre>
+</li>
+<li><p class="first">Assign the result of the function <a class="reference internal" href="#c.psa_cipher_operation_init" title="psa_cipher_operation_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_operation_init()</span></code></a> to the object, for example:</p>
+<pre class="literal-block">
+<a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t">psa_cipher_operation_t</a> operation;
+operation = <a class="reference internal" href="#c.psa_cipher_operation_init" title="psa_cipher_operation_init">psa_cipher_operation_init</a>();
+</pre>
+</li>
+</ul>
+<p>This is an implementation-defined type. Applications that make assumptions about the content of this object will result in in implementation-specific behavior, and are non-portable.</p>
+</div>
+<div class="section" id="PSA_CIPHER_OPERATION_INIT">
+<span id="c.PSA_CIPHER_OPERATION_INIT"></span><h3><code class="docutils literal"><span class="pre">PSA_CIPHER_OPERATION_INIT</span></code> (macro)</h3>
+<p>This macro returns a suitable initializer for a cipher operation object of type <a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_cipher_operation_t</span></code></a>.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_CIPHER_OPERATION_INIT" title="PSA_CIPHER_OPERATION_INIT">PSA_CIPHER_OPERATION_INIT</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+</div>
+<div class="section" id="psa_cipher_operation_init">
+<span id="c.psa_cipher_operation_init"></span><h3><code class="docutils literal"><span class="pre">psa_cipher_operation_init</span></code> (function)</h3>
+<p>Return an initial value for a cipher operation object.</p>
+<pre class="literal-block">
+<a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t">psa_cipher_operation_t</a> <a class="reference internal" href="#c.psa_cipher_operation_init" title="psa_cipher_operation_init">psa_cipher_operation_init</a>(void);
+</pre>
+<p class="rubric">Returns: <a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t"><code class="docutils literal"><span class="pre">psa_cipher_operation_t</span></code></a></p>
+</div>
+<div class="section" id="psa_cipher_encrypt_setup">
+<span id="c.psa_cipher_encrypt_setup"></span><h3><code class="docutils literal"><span class="pre">psa_cipher_encrypt_setup</span></code> (function)</h3>
+<p>Set the key for a multi-part symmetric encryption operation.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_cipher_encrypt_setup" title="psa_cipher_encrypt_setup">psa_cipher_encrypt_setup</a>(<a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t">psa_cipher_operation_t</a> * operation,
+                                      <a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+                                      <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
+<dd>The operation object to set up. It must have been initialized as per the documentation for <a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_cipher_operation_t</span></code></a> and not yet in use.</dd>
+<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
+<dd>Identifier of the key to use for the operation. It must remain valid until the operation terminates.
+It must allow the usage <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code></a>.</dd>
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>The cipher algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd>Success.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
+<dd>The key does not have the <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code></a> flag, or it does not permit the requested algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">key</span></code> is not compatible with <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">alg</span></code> is not supported or is not a cipher algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The operation state is not valid: it must be inactive.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>The sequence of operations to encrypt a message with a symmetric cipher is as follows:</p>
+<ol class="arabic simple">
+<li>Allocate an operation object which will be passed to all the functions listed here.</li>
+<li>Initialize the operation object with one of the methods described in the documentation for <a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_cipher_operation_t</span></code></a>, e.g. <a class="reference internal" href="#c.PSA_CIPHER_OPERATION_INIT" title="PSA_CIPHER_OPERATION_INIT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_OPERATION_INIT</span></code></a>.</li>
+<li>Call <a class="reference internal" href="#c.psa_cipher_encrypt_setup" title="psa_cipher_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_encrypt_setup()</span></code></a> to specify the algorithm and key.</li>
+<li>Call either <a class="reference internal" href="#c.psa_cipher_generate_iv" title="psa_cipher_generate_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_generate_iv()</span></code></a> or <a class="reference internal" href="#c.psa_cipher_set_iv" title="psa_cipher_set_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_set_iv()</span></code></a> to generate or set the initialization vector (IV), if the algorithm requires one. It is recommended to use <a class="reference internal" href="#c.psa_cipher_generate_iv" title="psa_cipher_generate_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_generate_iv()</span></code></a> unless the protocol being implemented requires a specific IV value.</li>
+<li>Call <a class="reference internal" href="#c.psa_cipher_update" title="psa_cipher_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_update()</span></code></a> zero, one or more times, passing a fragment of the message each time.</li>
+<li>Call <a class="reference internal" href="#c.psa_cipher_finish" title="psa_cipher_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_finish()</span></code></a>.</li>
+</ol>
+<p>If an error occurs at any step after a call to <a class="reference internal" href="#c.psa_cipher_encrypt_setup" title="psa_cipher_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_encrypt_setup()</span></code></a>, the operation will need to be reset by a call to <a class="reference internal" href="#c.psa_cipher_abort" title="psa_cipher_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_abort()</span></code></a>. The application can call <a class="reference internal" href="#c.psa_cipher_abort" title="psa_cipher_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_abort()</span></code></a> at any time after the operation has been initialized.</p>
+<p>After a successful call to <a class="reference internal" href="#c.psa_cipher_encrypt_setup" title="psa_cipher_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_encrypt_setup()</span></code></a>, the application must eventually terminate the operation. The following events terminate an operation:</p>
+<ul class="simple">
+<li>A successful call to <a class="reference internal" href="#c.psa_cipher_finish" title="psa_cipher_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_finish()</span></code></a>.</li>
+<li>A call to <a class="reference internal" href="#c.psa_cipher_abort" title="psa_cipher_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_abort()</span></code></a>.</li>
+</ul>
+</div>
+<div class="section" id="psa_cipher_decrypt_setup">
+<span id="c.psa_cipher_decrypt_setup"></span><h3><code class="docutils literal"><span class="pre">psa_cipher_decrypt_setup</span></code> (function)</h3>
+<p>Set the key for a multi-part symmetric decryption operation.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_cipher_decrypt_setup" title="psa_cipher_decrypt_setup">psa_cipher_decrypt_setup</a>(<a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t">psa_cipher_operation_t</a> * operation,
+                                      <a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+                                      <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
+<dd>The operation object to set up. It must have been initialized as per the documentation for <a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_cipher_operation_t</span></code></a> and not yet in use.</dd>
+<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
+<dd>Identifier of the key to use for the operation. It must remain valid until the operation terminates.
+It must allow the usage <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code></a>.</dd>
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>The cipher algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd>Success.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
+<dd>The key does not have the <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code></a> flag, or it does not permit the requested algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">key</span></code> is not compatible with <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">alg</span></code> is not supported or is not a cipher algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The operation state is not valid: it must be inactive.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>The sequence of operations to decrypt a message with a symmetric cipher is as follows:</p>
+<ol class="arabic simple">
+<li>Allocate an operation object which will be passed to all the functions listed here.</li>
+<li>Initialize the operation object with one of the methods described in the documentation for <a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_cipher_operation_t</span></code></a>, e.g. <a class="reference internal" href="#c.PSA_CIPHER_OPERATION_INIT" title="PSA_CIPHER_OPERATION_INIT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_OPERATION_INIT</span></code></a>.</li>
+<li>Call <a class="reference internal" href="#c.psa_cipher_decrypt_setup" title="psa_cipher_decrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_decrypt_setup()</span></code></a> to specify the algorithm and key.</li>
+<li>Call <a class="reference internal" href="#c.psa_cipher_set_iv" title="psa_cipher_set_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_set_iv()</span></code></a> with the initialization vector (IV) for the decryption, if the algorithm requires one. This must match the IV used for the encryption.</li>
+<li>Call <a class="reference internal" href="#c.psa_cipher_update" title="psa_cipher_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_update()</span></code></a> zero, one or more times, passing a fragment of the message each time.</li>
+<li>Call <a class="reference internal" href="#c.psa_cipher_finish" title="psa_cipher_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_finish()</span></code></a>.</li>
+</ol>
+<p>If an error occurs at any step after a call to <a class="reference internal" href="#c.psa_cipher_decrypt_setup" title="psa_cipher_decrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_decrypt_setup()</span></code></a>, the operation will need to be reset by a call to <a class="reference internal" href="#c.psa_cipher_abort" title="psa_cipher_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_abort()</span></code></a>. The application can call <a class="reference internal" href="#c.psa_cipher_abort" title="psa_cipher_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_abort()</span></code></a> at any time after the operation has been initialized.</p>
+<p>After a successful call to <a class="reference internal" href="#c.psa_cipher_decrypt_setup" title="psa_cipher_decrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_decrypt_setup()</span></code></a>, the application must eventually terminate the operation. The following events terminate an operation:</p>
+<ul class="simple">
+<li>A successful call to <a class="reference internal" href="#c.psa_cipher_finish" title="psa_cipher_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_finish()</span></code></a>.</li>
+<li>A call to <a class="reference internal" href="#c.psa_cipher_abort" title="psa_cipher_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_abort()</span></code></a>.</li>
+</ul>
+</div>
+<div class="section" id="psa_cipher_generate_iv">
+<span id="c.psa_cipher_generate_iv"></span><h3><code class="docutils literal"><span class="pre">psa_cipher_generate_iv</span></code> (function)</h3>
+<p>Generate an initialization vector (IV) for a symmetric encryption operation.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_cipher_generate_iv" title="psa_cipher_generate_iv">psa_cipher_generate_iv</a>(<a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t">psa_cipher_operation_t</a> * operation,
+                                    uint8_t * iv,
+                                    size_t iv_size,
+                                    size_t * iv_length);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
+<dd>Active cipher operation.</dd>
+<dt> <code class="docutils literal"><span class="pre">iv</span></code></dt>
+<dd>Buffer where the generated IV is to be written.</dd>
+<dt> <code class="docutils literal"><span class="pre">iv_size</span></code></dt>
+<dd>Size of the <code class="docutils literal"><span class="pre">iv</span></code> buffer in bytes. This must be at least <a class="reference internal" href="#c.PSA_CIPHER_IV_LENGTH" title="PSA_CIPHER_IV_LENGTH"><code class="docutils literal"><span class="pre">PSA_CIPHER_IV_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">key_type</span></code> and <code class="docutils literal"><span class="pre">alg</span></code> are type of key and the algorithm respectively that were used to set up the cipher operation.</dd>
+<dt> <code class="docutils literal"><span class="pre">iv_length</span></code></dt>
+<dd>On success, the number of bytes of the generated IV.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd>Success.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd><p class="first">Either:</p>
+<ul class="last simple">
+<li>The cipher algorithm does not use an IV.</li>
+<li>The operation state is not valid: it must be active, with no IV set.</li>
+</ul>
+</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
+<dd>The size of the <code class="docutils literal"><span class="pre">iv</span></code> buffer is too small. <a class="reference internal" href="#c.PSA_CIPHER_IV_LENGTH" title="PSA_CIPHER_IV_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_IV_LENGTH()</span></code></a> or <a class="reference internal" href="#c.PSA_CIPHER_IV_MAX_SIZE" title="PSA_CIPHER_IV_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_IV_MAX_SIZE</span></code></a> can be used to determine the required buffer size.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>This function generates a random IV, nonce or initial counter value for the encryption operation as appropriate for the chosen algorithm, key type and key size.</p>
+<p>The generated IV is always the default length for the key and algorithm: <a class="reference internal" href="#c.PSA_CIPHER_IV_LENGTH" title="PSA_CIPHER_IV_LENGTH"><code class="docutils literal"><span class="pre">PSA_CIPHER_IV_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code>, where <code class="docutils literal"><span class="pre">key_type</span></code> is the type of key and <code class="docutils literal"><span class="pre">alg</span></code> is the algorithm that were used to set up the operation. To generate different lengths of IV, use <a class="reference internal" href="rng.html#c.psa_generate_random" title="psa_generate_random"><code class="xref any c c-func docutils literal"><span class="pre">psa_generate_random()</span></code></a> and <a class="reference internal" href="#c.psa_cipher_set_iv" title="psa_cipher_set_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_set_iv()</span></code></a>.</p>
+<p>If the cipher algorithm does not use an IV, calling this function returns a <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a> error. For these algorithms, <a class="reference internal" href="#c.PSA_CIPHER_IV_LENGTH" title="PSA_CIPHER_IV_LENGTH"><code class="docutils literal"><span class="pre">PSA_CIPHER_IV_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> will be zero.</p>
+<p>The application must call <a class="reference internal" href="#c.psa_cipher_encrypt_setup" title="psa_cipher_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_encrypt_setup()</span></code></a> before calling this function.</p>
+<p>If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_cipher_abort" title="psa_cipher_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_abort()</span></code></a>.</p>
+</div>
+<div class="section" id="psa_cipher_set_iv">
+<span id="c.psa_cipher_set_iv"></span><h3><code class="docutils literal"><span class="pre">psa_cipher_set_iv</span></code> (function)</h3>
+<p>Set the initialization vector (IV) for a symmetric encryption or decryption operation.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_cipher_set_iv" title="psa_cipher_set_iv">psa_cipher_set_iv</a>(<a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t">psa_cipher_operation_t</a> * operation,
+                               const uint8_t * iv,
+                               size_t iv_length);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
+<dd>Active cipher operation.</dd>
+<dt> <code class="docutils literal"><span class="pre">iv</span></code></dt>
+<dd>Buffer containing the IV to use.</dd>
+<dt> <code class="docutils literal"><span class="pre">iv_length</span></code></dt>
+<dd>Size of the IV in bytes.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd>Success.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd><p class="first">Either:</p>
+<ul class="last simple">
+<li>The cipher algorithm does not use an IV.</li>
+<li>The operation state is not valid: it must be an active cipher encrypt operation, with no IV set.</li>
+</ul>
+</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd>The size of <code class="docutils literal"><span class="pre">iv</span></code> is not acceptable for the chosen algorithm, or the chosen algorithm does not use an IV.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>This function sets the IV, nonce or initial counter value for the encryption or decryption operation.</p>
+<p>If the cipher algorithm does not use an IV, calling this function returns a <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a> error. For these algorithms, <a class="reference internal" href="#c.PSA_CIPHER_IV_LENGTH" title="PSA_CIPHER_IV_LENGTH"><code class="docutils literal"><span class="pre">PSA_CIPHER_IV_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> will be zero.</p>
+<p>The application must call <a class="reference internal" href="#c.psa_cipher_encrypt_setup" title="psa_cipher_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_encrypt_setup()</span></code></a> or <a class="reference internal" href="#c.psa_cipher_decrypt_setup" title="psa_cipher_decrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_decrypt_setup()</span></code></a> before calling this function.</p>
+<p>If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_cipher_abort" title="psa_cipher_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_abort()</span></code></a>.</p>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">When encrypting, <a class="reference internal" href="#c.psa_cipher_generate_iv" title="psa_cipher_generate_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_generate_iv()</span></code></a> is recommended instead of using this function, unless implementing a protocol that requires a non-random IV.</p>
+</div>
+</div>
+<div class="section" id="psa_cipher_update">
+<span id="c.psa_cipher_update"></span><h3><code class="docutils literal"><span class="pre">psa_cipher_update</span></code> (function)</h3>
+<p>Encrypt or decrypt a message fragment in an active cipher operation.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_cipher_update" title="psa_cipher_update">psa_cipher_update</a>(<a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t">psa_cipher_operation_t</a> * operation,
+                               const uint8_t * input,
+                               size_t input_length,
+                               uint8_t * output,
+                               size_t output_size,
+                               size_t * output_length);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
+<dd>Active cipher operation.</dd>
+<dt> <code class="docutils literal"><span class="pre">input</span></code></dt>
+<dd>Buffer containing the message fragment to encrypt or decrypt.</dd>
+<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
+<dd>Size of the <code class="docutils literal"><span class="pre">input</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal"><span class="pre">output</span></code></dt>
+<dd>Buffer where the output is to be written.</dd>
+<dt> <code class="docutils literal"><span class="pre">output_size</span></code></dt>
+<dd><p class="first">Size of the <code class="docutils literal"><span class="pre">output</span></code> buffer in bytes. This must be appropriate for the selected algorithm and key:</p>
+<ul class="last simple">
+<li>A sufficient output size is <a class="reference internal" href="#c.PSA_CIPHER_UPDATE_OUTPUT_SIZE" title="PSA_CIPHER_UPDATE_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_UPDATE_OUTPUT_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">input_length</span></code><code class="docutils literal"><span class="pre">)</span></code>  where <code class="docutils literal"><span class="pre">key_type</span></code> is the type of key and <code class="docutils literal"><span class="pre">alg</span></code> is the algorithm that were used to set up the operation.</li>
+<li><a class="reference internal" href="#c.PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE" title="PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">input_length</span></code><code class="docutils literal"><span class="pre">)</span></code> evaluates to the maximum output size of any supported cipher algorithm.</li>
+</ul>
+</dd>
+<dt> <code class="docutils literal"><span class="pre">output_length</span></code></dt>
+<dd>On success, the number of bytes that make up the returned output.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd>Success.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The operation state is not valid: it must be active, with an IV set if required for the algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
+<dd>The size of the <code class="docutils literal"><span class="pre">output</span></code> buffer is too small. <a class="reference internal" href="#c.PSA_CIPHER_UPDATE_OUTPUT_SIZE" title="PSA_CIPHER_UPDATE_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_UPDATE_OUTPUT_SIZE()</span></code></a> or <a class="reference internal" href="#c.PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE" title="PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE()</span></code></a> can be used to determine the required buffer size.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>The following must occur before calling this function:</p>
+<ol class="arabic simple">
+<li>Call either <a class="reference internal" href="#c.psa_cipher_encrypt_setup" title="psa_cipher_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_encrypt_setup()</span></code></a> or <a class="reference internal" href="#c.psa_cipher_decrypt_setup" title="psa_cipher_decrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_decrypt_setup()</span></code></a>. The choice of setup function determines whether this function encrypts or decrypts its input.</li>
+<li>If the algorithm requires an IV, call <a class="reference internal" href="#c.psa_cipher_generate_iv" title="psa_cipher_generate_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_generate_iv()</span></code></a> or <a class="reference internal" href="#c.psa_cipher_set_iv" title="psa_cipher_set_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_set_iv()</span></code></a>. <a class="reference internal" href="#c.psa_cipher_generate_iv" title="psa_cipher_generate_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_generate_iv()</span></code></a> is recommended when encrypting.</li>
+</ol>
+<p>If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_cipher_abort" title="psa_cipher_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_abort()</span></code></a>.</p>
+</div>
+<div class="section" id="psa_cipher_finish">
+<span id="c.psa_cipher_finish"></span><h3><code class="docutils literal"><span class="pre">psa_cipher_finish</span></code> (function)</h3>
+<p>Finish encrypting or decrypting a message in a cipher operation.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_cipher_finish" title="psa_cipher_finish">psa_cipher_finish</a>(<a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t">psa_cipher_operation_t</a> * operation,
+                               uint8_t * output,
+                               size_t output_size,
+                               size_t * output_length);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
+<dd>Active cipher operation.</dd>
+<dt> <code class="docutils literal"><span class="pre">output</span></code></dt>
+<dd>Buffer where the output is to be written.</dd>
+<dt> <code class="docutils literal"><span class="pre">output_size</span></code></dt>
+<dd><p class="first">Size of the <code class="docutils literal"><span class="pre">output</span></code> buffer in bytes. This must be appropriate for the selected algorithm and key:</p>
+<ul class="last simple">
+<li>A sufficient output size is <a class="reference internal" href="#c.PSA_CIPHER_FINISH_OUTPUT_SIZE" title="PSA_CIPHER_FINISH_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_FINISH_OUTPUT_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code>  where <code class="docutils literal"><span class="pre">key_type</span></code> is the type of key and <code class="docutils literal"><span class="pre">alg</span></code> is the algorithm that were used to set up the operation.</li>
+<li><a class="reference internal" href="#c.PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE" title="PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE</span></code></a> evaluates to the maximum output size of any supported cipher algorithm.</li>
+</ul>
+</dd>
+<dt> <code class="docutils literal"><span class="pre">output_length</span></code></dt>
+<dd>On success, the number of bytes that make up the returned output.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd>Success.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd>The total input size passed to this operation is not valid for this particular algorithm. For example, the algorithm is a based on block cipher and requires a whole number of blocks, but the total input size is not a multiple of the block size.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_PADDING" title="PSA_ERROR_INVALID_PADDING"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_PADDING</span></code></a></dt>
+<dd>This is a decryption operation for an algorithm that includes padding, and the ciphertext does not contain valid padding.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The operation state is not valid: it must be active, with an IV set if required for the algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
+<dd>The size of the <code class="docutils literal"><span class="pre">output</span></code> buffer is too small. <a class="reference internal" href="#c.PSA_CIPHER_FINISH_OUTPUT_SIZE" title="PSA_CIPHER_FINISH_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_FINISH_OUTPUT_SIZE()</span></code></a> or <a class="reference internal" href="#c.PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE" title="PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE</span></code></a> can be used to determine the required buffer size.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>The application must call <a class="reference internal" href="#c.psa_cipher_encrypt_setup" title="psa_cipher_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_encrypt_setup()</span></code></a> or <a class="reference internal" href="#c.psa_cipher_decrypt_setup" title="psa_cipher_decrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_decrypt_setup()</span></code></a> before calling this function. The choice of setup function determines whether this function encrypts or decrypts its input.</p>
+<p>This function finishes the encryption or decryption of the message formed by concatenating the inputs passed to preceding calls to <a class="reference internal" href="#c.psa_cipher_update" title="psa_cipher_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_update()</span></code></a>.</p>
+<p>When this function returns successfully, the operation becomes inactive. If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_cipher_abort" title="psa_cipher_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_abort()</span></code></a>.</p>
+</div>
+<div class="section" id="psa_cipher_abort">
+<span id="c.psa_cipher_abort"></span><h3><code class="docutils literal"><span class="pre">psa_cipher_abort</span></code> (function)</h3>
+<p>Abort a cipher operation.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_cipher_abort" title="psa_cipher_abort">psa_cipher_abort</a>(<a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t">psa_cipher_operation_t</a> * operation);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
+<dd>Initialized cipher operation.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>Aborting an operation frees all associated resources except for the <code class="docutils literal"><span class="pre">operation</span></code> object itself. Once aborted, the operation object can be reused for another operation by calling <a class="reference internal" href="#c.psa_cipher_encrypt_setup" title="psa_cipher_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_encrypt_setup()</span></code></a> or <a class="reference internal" href="#c.psa_cipher_decrypt_setup" title="psa_cipher_decrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_decrypt_setup()</span></code></a> again.</p>
+<p>This function can be called any time after the operation object has been initialized as described in <a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_cipher_operation_t</span></code></a>.</p>
+<p>In particular, calling <a class="reference internal" href="#c.psa_cipher_abort" title="psa_cipher_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_abort()</span></code></a> after the operation has been terminated by a call to <a class="reference internal" href="#c.psa_cipher_abort" title="psa_cipher_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_abort()</span></code></a> or <a class="reference internal" href="#c.psa_cipher_finish" title="psa_cipher_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_finish()</span></code></a> is safe and has no effect.</p>
+</div>
+</div>
+<div class="section" id="support-macros">
+<h2>Support macros</h2>
+<div class="section" id="PSA_ALG_IS_STREAM_CIPHER">
+<span id="c.PSA_ALG_IS_STREAM_CIPHER"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_STREAM_CIPHER</span></code> (macro)</h3>
+<p>Whether the specified algorithm is a stream cipher.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_IS_STREAM_CIPHER" title="PSA_ALG_IS_STREAM_CIPHER">PSA_ALG_IS_STREAM_CIPHER</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a stream cipher algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier or if it is not a symmetric cipher algorithm.</p>
+<p class="rubric">Description</p>
+<p>A stream cipher is a symmetric cipher that encrypts or decrypts messages by applying a bitwise-xor with a stream of bytes that is generated from a key.</p>
+</div>
+<div class="section" id="PSA_CIPHER_ENCRYPT_OUTPUT_SIZE">
+<span id="c.PSA_CIPHER_ENCRYPT_OUTPUT_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_CIPHER_ENCRYPT_OUTPUT_SIZE</span></code> (macro)</h3>
+<p>The maximum size of the output of <a class="reference internal" href="#c.psa_cipher_encrypt" title="psa_cipher_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_encrypt()</span></code></a>, in bytes.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_CIPHER_ENCRYPT_OUTPUT_SIZE" title="PSA_CIPHER_ENCRYPT_OUTPUT_SIZE">PSA_CIPHER_ENCRYPT_OUTPUT_SIZE</a>(key_type, alg, input_length) \
+    <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
+<dd>A symmetric key type that is compatible with algorithm <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>A cipher algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
+<dd>Size of the input in bytes.</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>A sufficient output size for the specified key type and algorithm. If the key type or cipher algorithm is not recognized, or the parameters are incompatible, return <code class="docutils literal"><span class="pre">0</span></code>. An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or a correct size for a key type and cipher algorithm that it recognizes, but does not support.</p>
+<p class="rubric">Description</p>
+<p>If the size of the output buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_cipher_encrypt" title="psa_cipher_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_encrypt()</span></code></a> will not fail due to an insufficient buffer size. Depending on the algorithm, the actual size of the output might be smaller.</p>
+<p>See also <a class="reference internal" href="#c.PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE" title="PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE">
+<span id="c.PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE</span></code> (macro)</h3>
+<p>A sufficient output buffer size for <a class="reference internal" href="#c.psa_cipher_encrypt" title="psa_cipher_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_encrypt()</span></code></a>, for any of the supported key types and cipher algorithms.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE" title="PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE">PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE</a>(input_length) \
+    <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
+<dd>Size of the input in bytes.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>If the size of the output buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_cipher_encrypt" title="psa_cipher_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_encrypt()</span></code></a> will not fail due to an insufficient buffer size.</p>
+<p>See also <a class="reference internal" href="#c.PSA_CIPHER_ENCRYPT_OUTPUT_SIZE" title="PSA_CIPHER_ENCRYPT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_ENCRYPT_OUTPUT_SIZE()</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_CIPHER_DECRYPT_OUTPUT_SIZE">
+<span id="c.PSA_CIPHER_DECRYPT_OUTPUT_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_CIPHER_DECRYPT_OUTPUT_SIZE</span></code> (macro)</h3>
+<p>The maximum size of the output of <a class="reference internal" href="#c.psa_cipher_decrypt" title="psa_cipher_decrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_decrypt()</span></code></a>, in bytes.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_CIPHER_DECRYPT_OUTPUT_SIZE" title="PSA_CIPHER_DECRYPT_OUTPUT_SIZE">PSA_CIPHER_DECRYPT_OUTPUT_SIZE</a>(key_type, alg, input_length) \
+    <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
+<dd>A symmetric key type that is compatible with algorithm <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>A cipher algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
+<dd>Size of the input in bytes.</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>A sufficient output size for the specified key type and algorithm. If the key type or cipher algorithm is not recognized, or the parameters are incompatible, return <code class="docutils literal"><span class="pre">0</span></code>. An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or a correct size for a key type and cipher algorithm that it recognizes, but does not support.</p>
+<p class="rubric">Description</p>
+<p>If the size of the output buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_cipher_decrypt" title="psa_cipher_decrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_decrypt()</span></code></a> will not fail due to an insufficient buffer size. Depending on the algorithm, the actual size of the output might be smaller.</p>
+<p>See also <a class="reference internal" href="#c.PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE" title="PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE">
+<span id="c.PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE</span></code> (macro)</h3>
+<p>A sufficient output buffer size for <a class="reference internal" href="#c.psa_cipher_decrypt" title="psa_cipher_decrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_decrypt()</span></code></a>, for any of the supported key types and cipher algorithms.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE" title="PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE">PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE</a>(input_length) \
+    <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
+<dd>Size of the input in bytes.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>If the size of the output buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_cipher_decrypt" title="psa_cipher_decrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_decrypt()</span></code></a> will not fail due to an insufficient buffer size.</p>
+<p>See also <a class="reference internal" href="#c.PSA_CIPHER_DECRYPT_OUTPUT_SIZE" title="PSA_CIPHER_DECRYPT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_DECRYPT_OUTPUT_SIZE()</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_CIPHER_IV_LENGTH">
+<span id="c.PSA_CIPHER_IV_LENGTH"></span><h3><code class="docutils literal"><span class="pre">PSA_CIPHER_IV_LENGTH</span></code> (macro)</h3>
+<p>The default IV size for a cipher algorithm, in bytes.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_CIPHER_IV_LENGTH" title="PSA_CIPHER_IV_LENGTH">PSA_CIPHER_IV_LENGTH</a>(key_type, alg) <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
+<dd>A symmetric key type that is compatible with algorithm <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>A cipher algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>The default IV size for the specified key type and algorithm.
+If the algorithm does not use an IV, return <code class="docutils literal"><span class="pre">0</span></code>.
+If the key type or cipher algorithm is not recognized, or the parameters are incompatible, return <code class="docutils literal"><span class="pre">0</span></code>.
+An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or a correct size for a key type and cipher algorithm that it recognizes, but does not support.</p>
+<p class="rubric">Description</p>
+<p>The IV that is generated as part of a call to <a class="reference internal" href="#c.psa_cipher_encrypt" title="psa_cipher_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_encrypt()</span></code></a> is always the default IV length for the algorithm.</p>
+<p>This macro can be used to allocate a buffer of sufficient size to store the IV output from <a class="reference internal" href="#c.psa_cipher_generate_iv" title="psa_cipher_generate_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_generate_iv()</span></code></a> when using a multi-part cipher operation.</p>
+<p>See also <a class="reference internal" href="#c.PSA_CIPHER_IV_MAX_SIZE" title="PSA_CIPHER_IV_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_IV_MAX_SIZE</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_CIPHER_IV_MAX_SIZE">
+<span id="c.PSA_CIPHER_IV_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_CIPHER_IV_MAX_SIZE</span></code> (macro)</h3>
+<p>The maximum IV size for all supported cipher algorithms, in bytes.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_CIPHER_IV_MAX_SIZE" title="PSA_CIPHER_IV_MAX_SIZE">PSA_CIPHER_IV_MAX_SIZE</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p>See also <a class="reference internal" href="#c.PSA_CIPHER_IV_LENGTH" title="PSA_CIPHER_IV_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_IV_LENGTH()</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_CIPHER_UPDATE_OUTPUT_SIZE">
+<span id="c.PSA_CIPHER_UPDATE_OUTPUT_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_CIPHER_UPDATE_OUTPUT_SIZE</span></code> (macro)</h3>
+<p>A sufficient output buffer size for <a class="reference internal" href="#c.psa_cipher_update" title="psa_cipher_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_update()</span></code></a>.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_CIPHER_UPDATE_OUTPUT_SIZE" title="PSA_CIPHER_UPDATE_OUTPUT_SIZE">PSA_CIPHER_UPDATE_OUTPUT_SIZE</a>(key_type, alg, input_length) \
+    <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
+<dd>A symmetric key type that is compatible with algorithm <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>A cipher algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
+<dd>Size of the input in bytes.</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>A sufficient output size for the specified key type and algorithm. If the key type or cipher algorithm is not recognized, or the parameters are incompatible, return <code class="docutils literal"><span class="pre">0</span></code>. An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or a correct size for a key type and cipher algorithm that it recognizes, but does not support.</p>
+<p class="rubric">Description</p>
+<p>If the size of the output buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_cipher_update" title="psa_cipher_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_update()</span></code></a> will not fail due to an insufficient buffer size. The actual size of the output might be smaller in any given call.</p>
+<p>See also <a class="reference internal" href="#c.PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE" title="PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE">
+<span id="c.PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE</span></code> (macro)</h3>
+<p>A sufficient output buffer size for <a class="reference internal" href="#c.psa_cipher_update" title="psa_cipher_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_update()</span></code></a>, for any of the supported key types and cipher algorithms.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE" title="PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE">PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE</a>(input_length) \
+    <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
+<dd>Size of the input in bytes.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>If the size of the output buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_cipher_update" title="psa_cipher_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_update()</span></code></a> will not fail due to an insufficient buffer size.</p>
+<p>See also <a class="reference internal" href="#c.PSA_CIPHER_UPDATE_OUTPUT_SIZE" title="PSA_CIPHER_UPDATE_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_UPDATE_OUTPUT_SIZE()</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_CIPHER_FINISH_OUTPUT_SIZE">
+<span id="c.PSA_CIPHER_FINISH_OUTPUT_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_CIPHER_FINISH_OUTPUT_SIZE</span></code> (macro)</h3>
+<p>A sufficient ciphertext buffer size for <a class="reference internal" href="#c.psa_cipher_finish" title="psa_cipher_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_finish()</span></code></a>.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_CIPHER_FINISH_OUTPUT_SIZE" title="PSA_CIPHER_FINISH_OUTPUT_SIZE">PSA_CIPHER_FINISH_OUTPUT_SIZE</a>(key_type, alg) \
+    <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
+<dd>A symmetric key type that is compatible with algorithm <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>A cipher algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>A sufficient output size for the specified key type and algorithm. If the key type or cipher algorithm is not recognized, or the parameters are incompatible, return <code class="docutils literal"><span class="pre">0</span></code>. An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or a correct size for a key type and cipher algorithm that it recognizes, but does not support.</p>
+<p class="rubric">Description</p>
+<p>If the size of the ciphertext buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_cipher_finish" title="psa_cipher_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_finish()</span></code></a> will not fail due to an insufficient ciphertext buffer size. The actual size of the output might be smaller in any given call.</p>
+<p>See also <a class="reference internal" href="#c.PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE" title="PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE">
+<span id="c.PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE</span></code> (macro)</h3>
+<p>A sufficient ciphertext buffer size for <a class="reference internal" href="#c.psa_cipher_finish" title="psa_cipher_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_finish()</span></code></a>, for any of the supported key types and cipher algorithms.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE" title="PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE">PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p>See also <a class="reference internal" href="#c.PSA_CIPHER_FINISH_OUTPUT_SIZE" title="PSA_CIPHER_FINISH_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_FINISH_OUTPUT_SIZE()</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_BLOCK_CIPHER_BLOCK_LENGTH">
+<span id="c.PSA_BLOCK_CIPHER_BLOCK_LENGTH"></span><h3><code class="docutils literal"><span class="pre">PSA_BLOCK_CIPHER_BLOCK_LENGTH</span></code> (macro)</h3>
+<p>The block size of a block cipher.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_BLOCK_CIPHER_BLOCK_LENGTH" title="PSA_BLOCK_CIPHER_BLOCK_LENGTH">PSA_BLOCK_CIPHER_BLOCK_LENGTH</a>(type) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
+<dd>A cipher key type (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>The block size for a block cipher, or <code class="docutils literal"><span class="pre">1</span></code> for a stream cipher. The return value is undefined if <code class="docutils literal"><span class="pre">type</span></code> is not a supported cipher key type.</p>
+<p class="rubric">Description</p>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">It is possible to build stream cipher algorithms on top of a block cipher, for example CTR mode (<a class="reference internal" href="#c.PSA_ALG_CTR" title="PSA_ALG_CTR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CTR</span></code></a>). This macro only takes the key type into account, so it cannot be used to determine the size of the data that <a class="reference internal" href="#c.psa_cipher_update" title="psa_cipher_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_update()</span></code></a> might buffer for future processing in general.</p>
+</div>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">This macro expression is a compile-time constant if <code class="docutils literal"><span class="pre">type</span></code> is a compile-time constant.</p>
+</div>
+<div class="admonition warning">
+<p class="first admonition-title">Warning</p>
+<p class="last">This macro is permitted to evaluate its argument multiple times.</p>
+</div>
+<p>See also <a class="reference internal" href="#c.PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE" title="PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE">
+<span id="c.PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE</span></code> (macro)</h3>
+<p>The maximum size of a block cipher supported by the implementation.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE" title="PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE">PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p>See also <a class="reference internal" href="#c.PSA_BLOCK_CIPHER_BLOCK_LENGTH" title="PSA_BLOCK_CIPHER_BLOCK_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_BLOCK_CIPHER_BLOCK_LENGTH()</span></code></a>.</p>
+</div>
+</div>
+</div>
+
+
+          </div>
+        </div>
+      </div>
+      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
+        <div class="sphinxsidebarwrapper">
+  <h3><a href="../../index.html">Table Of Contents</a></h3>
+  <ul>
+<li><a class="reference internal" href="#">Unauthenticated ciphers</a><ul>
+<li><a class="reference internal" href="#cipher-algorithms">Cipher algorithms</a><ul>
+<li><a class="reference internal" href="#PSA_ALG_STREAM_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_STREAM_CIPHER</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_CTR"><code class="docutils literal"><span class="pre">PSA_ALG_CTR</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_CFB"><code class="docutils literal"><span class="pre">PSA_ALG_CFB</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_OFB"><code class="docutils literal"><span class="pre">PSA_ALG_OFB</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_XTS"><code class="docutils literal"><span class="pre">PSA_ALG_XTS</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_ECB_NO_PADDING"><code class="docutils literal"><span class="pre">PSA_ALG_ECB_NO_PADDING</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_CBC_NO_PADDING"><code class="docutils literal"><span class="pre">PSA_ALG_CBC_NO_PADDING</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_CBC_PKCS7"><code class="docutils literal"><span class="pre">PSA_ALG_CBC_PKCS7</span></code> (macro)</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#single-part-cipher-functions">Single-part cipher functions</a><ul>
+<li><a class="reference internal" href="#psa_cipher_encrypt"><code class="docutils literal"><span class="pre">psa_cipher_encrypt</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_cipher_decrypt"><code class="docutils literal"><span class="pre">psa_cipher_decrypt</span></code> (function)</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#multi-part-cipher-operations">Multi-part cipher operations</a><ul>
+<li><a class="reference internal" href="#psa_cipher_operation_t"><code class="docutils literal"><span class="pre">psa_cipher_operation_t</span></code> (type)</a></li>
+<li><a class="reference internal" href="#PSA_CIPHER_OPERATION_INIT"><code class="docutils literal"><span class="pre">PSA_CIPHER_OPERATION_INIT</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#psa_cipher_operation_init"><code class="docutils literal"><span class="pre">psa_cipher_operation_init</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_cipher_encrypt_setup"><code class="docutils literal"><span class="pre">psa_cipher_encrypt_setup</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_cipher_decrypt_setup"><code class="docutils literal"><span class="pre">psa_cipher_decrypt_setup</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_cipher_generate_iv"><code class="docutils literal"><span class="pre">psa_cipher_generate_iv</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_cipher_set_iv"><code class="docutils literal"><span class="pre">psa_cipher_set_iv</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_cipher_update"><code class="docutils literal"><span class="pre">psa_cipher_update</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_cipher_finish"><code class="docutils literal"><span class="pre">psa_cipher_finish</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_cipher_abort"><code class="docutils literal"><span class="pre">psa_cipher_abort</span></code> (function)</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#support-macros">Support macros</a><ul>
+<li><a class="reference internal" href="#PSA_ALG_IS_STREAM_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_STREAM_CIPHER</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_CIPHER_ENCRYPT_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_ENCRYPT_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_CIPHER_DECRYPT_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_DECRYPT_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_CIPHER_IV_LENGTH"><code class="docutils literal"><span class="pre">PSA_CIPHER_IV_LENGTH</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_CIPHER_IV_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_IV_MAX_SIZE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_CIPHER_UPDATE_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_UPDATE_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_CIPHER_FINISH_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_FINISH_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_BLOCK_CIPHER_BLOCK_LENGTH"><code class="docutils literal"><span class="pre">PSA_BLOCK_CIPHER_BLOCK_LENGTH</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE</span></code> (macro)</a></li>
+</ul>
+</li>
+</ul>
+</li>
+</ul>
+<div class="relations">
+<h3>Related Topics</h3>
+<ul>
+  <li><a href="../../index.html">Documentation overview</a><ul>
+  <li><a href="index.html">Cryptographic operation reference</a><ul>
+      <li>Previous: <a href="macs.html" title="previous chapter">Message authentication codes (MAC)</a></li>
+      <li>Next: <a href="aead.html" title="next chapter">Authenticated encryption with associated data (AEAD)</a></li>
+  </ul></li>
+  </ul></li>
+</ul>
+</div>
+  <div role="note" aria-label="source link">
+    <h3>This Page</h3>
+    <ul class="this-page-menu">
+      <li><a href="../../_sources/api/ops/ciphers.rst.txt"
+            rel="nofollow">Show Source</a></li>
+    </ul>
+   </div>
+<div id="searchbox" style="display: none" role="search">
+  <h3>Quick search</h3>
+    <form class="search" action="../../search.html" method="get">
+      <div><input type="text" name="q" /></div>
+      <div><input type="submit" value="Go" /></div>
+      <input type="hidden" name="check_keywords" value="yes" />
+      <input type="hidden" name="area" value="default" />
+    </form>
+</div>
+<script type="text/javascript">$('#searchbox').show(0);</script>
+        </div>
+      </div>
+      <div class="clearer"></div>
+    </div>
+    <div class="footer">
+      &copy; 2019-2020, Arm Limited or its affiliates. All rights reserved.
+      
+      |
+      Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
+      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
+      
+      |
+      <a href="../../_sources/api/ops/ciphers.rst.txt"
+          rel="nofollow">Page source</a>
+    </div>
+
+    
+
+    
+  </body>
+</html>
\ No newline at end of file
diff --git a/docs/html/api/ops/hashes.html b/docs/html/api/ops/hashes.html
new file mode 100644
index 0000000..de98091
--- /dev/null
+++ b/docs/html/api/ops/hashes.html
@@ -0,0 +1,1086 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <title>Message digests &#8212; PSA Crypto API 1.0.0 documentation</title>
+    <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
+    <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
+    <script type="text/javascript">
+      var DOCUMENTATION_OPTIONS = {
+        URL_ROOT:    '../../',
+        VERSION:     '1.0.0',
+        COLLAPSE_INDEX: false,
+        FILE_SUFFIX: '.html',
+        HAS_SOURCE:  true,
+        SOURCELINK_SUFFIX: '.txt'
+      };
+    </script>
+    <script type="text/javascript" src="../../_static/jquery.js"></script>
+    <script type="text/javascript" src="../../_static/underscore.js"></script>
+    <script type="text/javascript" src="../../_static/doctools.js"></script>
+    <link rel="index" title="Index" href="../../genindex.html" />
+    <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="Message authentication codes (MAC)" href="macs.html" />
+    <link rel="prev" title="Cryptographic operation reference" href="index.html" />
+   
+  <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
+  
+  <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
+
+  </head>
+  <body>
+  
+
+    <div class="document">
+      <div class="documentwrapper">
+        <div class="bodywrapper">
+          <div class="body" role="main">
+            
+  <div class="section" id="message-digests">
+<span id="hashes"></span><h1>Message digests</h1>
+<div class="section" id="hash-algorithms">
+<span id="id1"></span><h2>Hash algorithms</h2>
+<div class="section" id="PSA_ALG_MD2">
+<span id="c.PSA_ALG_MD2"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_MD2</span></code> (macro)</h3>
+<p>MD2.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_MD2" title="PSA_ALG_MD2">PSA_ALG_MD2</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000001)
+</pre>
+<div class="admonition warning">
+<p class="first admonition-title">Warning</p>
+<p class="last">The MD2 hash is weak and deprecated and is only recommended for use in legacy protocols.</p>
+</div>
+</div>
+<div class="section" id="PSA_ALG_MD4">
+<span id="c.PSA_ALG_MD4"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_MD4</span></code> (macro)</h3>
+<p>MD4.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_MD4" title="PSA_ALG_MD4">PSA_ALG_MD4</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000002)
+</pre>
+<div class="admonition warning">
+<p class="first admonition-title">Warning</p>
+<p class="last">The MD4 hash is weak and deprecated and is only recommended for use in legacy protocols.</p>
+</div>
+</div>
+<div class="section" id="PSA_ALG_MD5">
+<span id="c.PSA_ALG_MD5"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_MD5</span></code> (macro)</h3>
+<p>MD5.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_MD5" title="PSA_ALG_MD5">PSA_ALG_MD5</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000003)
+</pre>
+<div class="admonition warning">
+<p class="first admonition-title">Warning</p>
+<p class="last">The MD5 hash is weak and deprecated and is only recommended for use in legacy protocols.</p>
+</div>
+</div>
+<div class="section" id="PSA_ALG_RIPEMD160">
+<span id="c.PSA_ALG_RIPEMD160"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_RIPEMD160</span></code> (macro)</h3>
+<p>RIPEMD-160.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_RIPEMD160" title="PSA_ALG_RIPEMD160">PSA_ALG_RIPEMD160</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000004)
+</pre>
+</div>
+<div class="section" id="PSA_ALG_SHA_1">
+<span id="c.PSA_ALG_SHA_1"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_SHA_1</span></code> (macro)</h3>
+<p>SHA-1.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_SHA_1" title="PSA_ALG_SHA_1">PSA_ALG_SHA_1</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000005)
+</pre>
+<div class="admonition warning">
+<p class="first admonition-title">Warning</p>
+<p class="last">The SHA-1 hash is weak and deprecated and is only recommended for use in legacy protocols.</p>
+</div>
+</div>
+<div class="section" id="PSA_ALG_SHA_224">
+<span id="c.PSA_ALG_SHA_224"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_SHA_224</span></code> (macro)</h3>
+<p>SHA-224.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_SHA_224" title="PSA_ALG_SHA_224">PSA_ALG_SHA_224</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000008)
+</pre>
+</div>
+<div class="section" id="PSA_ALG_SHA_256">
+<span id="c.PSA_ALG_SHA_256"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_SHA_256</span></code> (macro)</h3>
+<p>SHA-256.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_SHA_256" title="PSA_ALG_SHA_256">PSA_ALG_SHA_256</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000009)
+</pre>
+</div>
+<div class="section" id="PSA_ALG_SHA_384">
+<span id="c.PSA_ALG_SHA_384"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_SHA_384</span></code> (macro)</h3>
+<p>SHA-384.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_SHA_384" title="PSA_ALG_SHA_384">PSA_ALG_SHA_384</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x0200000a)
+</pre>
+</div>
+<div class="section" id="PSA_ALG_SHA_512">
+<span id="c.PSA_ALG_SHA_512"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_SHA_512</span></code> (macro)</h3>
+<p>SHA-512.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_SHA_512" title="PSA_ALG_SHA_512">PSA_ALG_SHA_512</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x0200000b)
+</pre>
+</div>
+<div class="section" id="PSA_ALG_SHA_512_224">
+<span id="c.PSA_ALG_SHA_512_224"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_SHA_512_224</span></code> (macro)</h3>
+<p>SHA-512/224.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_SHA_512_224" title="PSA_ALG_SHA_512_224">PSA_ALG_SHA_512_224</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x0200000c)
+</pre>
+</div>
+<div class="section" id="PSA_ALG_SHA_512_256">
+<span id="c.PSA_ALG_SHA_512_256"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_SHA_512_256</span></code> (macro)</h3>
+<p>SHA-512/256.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_SHA_512_256" title="PSA_ALG_SHA_512_256">PSA_ALG_SHA_512_256</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x0200000d)
+</pre>
+</div>
+<div class="section" id="PSA_ALG_SHA3_224">
+<span id="c.PSA_ALG_SHA3_224"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_SHA3_224</span></code> (macro)</h3>
+<p>SHA3-224.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_SHA3_224" title="PSA_ALG_SHA3_224">PSA_ALG_SHA3_224</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000010)
+</pre>
+</div>
+<div class="section" id="PSA_ALG_SHA3_256">
+<span id="c.PSA_ALG_SHA3_256"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_SHA3_256</span></code> (macro)</h3>
+<p>SHA3-256.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_SHA3_256" title="PSA_ALG_SHA3_256">PSA_ALG_SHA3_256</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000011)
+</pre>
+</div>
+<div class="section" id="PSA_ALG_SHA3_384">
+<span id="c.PSA_ALG_SHA3_384"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_SHA3_384</span></code> (macro)</h3>
+<p>SHA3-384.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_SHA3_384" title="PSA_ALG_SHA3_384">PSA_ALG_SHA3_384</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000012)
+</pre>
+</div>
+<div class="section" id="PSA_ALG_SHA3_512">
+<span id="c.PSA_ALG_SHA3_512"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_SHA3_512</span></code> (macro)</h3>
+<p>SHA3-512.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_SHA3_512" title="PSA_ALG_SHA3_512">PSA_ALG_SHA3_512</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000013)
+</pre>
+</div>
+</div>
+<div class="section" id="single-part-hashing-functions">
+<h2>Single-part hashing functions</h2>
+<div class="section" id="psa_hash_compute">
+<span id="c.psa_hash_compute"></span><h3><code class="docutils literal"><span class="pre">psa_hash_compute</span></code> (function)</h3>
+<p>Calculate the hash (digest) of a message.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_hash_compute" title="psa_hash_compute">psa_hash_compute</a>(<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+                              const uint8_t * input,
+                              size_t input_length,
+                              uint8_t * hash,
+                              size_t hash_size,
+                              size_t * hash_length);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>The hash algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dt> <code class="docutils literal"><span class="pre">input</span></code></dt>
+<dd>Buffer containing the message to hash.</dd>
+<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
+<dd>Size of the <code class="docutils literal"><span class="pre">input</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal"><span class="pre">hash</span></code></dt>
+<dd>Buffer where the hash is to be written.</dd>
+<dt> <code class="docutils literal"><span class="pre">hash_size</span></code></dt>
+<dd>Size of the <code class="docutils literal"><span class="pre">hash</span></code> buffer in bytes.
+This must be at least <a class="reference internal" href="#c.PSA_HASH_LENGTH" title="PSA_HASH_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code>.</dd>
+<dt> <code class="docutils literal"><span class="pre">hash_length</span></code></dt>
+<dd>On success, the number of bytes that make up the hash value. This is always <a class="reference internal" href="#c.PSA_HASH_LENGTH" title="PSA_HASH_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code>.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd>Success.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">alg</span></code> is not supported or is not a hash algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">hash_size</span></code> is too small.
+<a class="reference internal" href="#c.PSA_HASH_LENGTH" title="PSA_HASH_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_HASH_LENGTH()</span></code></a> can be used to determine the required buffer size.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">To verify the hash of a message against an expected value, use <a class="reference internal" href="#c.psa_hash_compare" title="psa_hash_compare"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_compare()</span></code></a> instead.</p>
+</div>
+</div>
+<div class="section" id="psa_hash_compare">
+<span id="c.psa_hash_compare"></span><h3><code class="docutils literal"><span class="pre">psa_hash_compare</span></code> (function)</h3>
+<p>Calculate the hash (digest) of a message and compare it with a reference value.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_hash_compare" title="psa_hash_compare">psa_hash_compare</a>(<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+                              const uint8_t * input,
+                              size_t input_length,
+                              const uint8_t * hash,
+                              size_t hash_length);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>The hash algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dt> <code class="docutils literal"><span class="pre">input</span></code></dt>
+<dd>Buffer containing the message to hash.</dd>
+<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
+<dd>Size of the <code class="docutils literal"><span class="pre">input</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal"><span class="pre">hash</span></code></dt>
+<dd>Buffer containing the expected hash value.</dd>
+<dt> <code class="docutils literal"><span class="pre">hash_length</span></code></dt>
+<dd>Size of the <code class="docutils literal"><span class="pre">hash</span></code> buffer in bytes.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd>The expected hash is identical to the actual hash of the input.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a></dt>
+<dd>The hash of the message was calculated successfully, but it differs from the expected hash.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">alg</span></code> is not supported or is not a hash algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">input_length</span></code> or <code class="docutils literal"><span class="pre">hash_length</span></code> do not match the hash size for <code class="docutils literal"><span class="pre">alg</span></code></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+</div>
+</div>
+<div class="section" id="multi-part-hashing-operations">
+<span id="hash-mp"></span><h2>Multi-part hashing operations</h2>
+<div class="section" id="psa_hash_operation_t">
+<span id="c.psa_hash_operation_t"></span><h3><code class="docutils literal"><span class="pre">psa_hash_operation_t</span></code> (type)</h3>
+<p>The type of the state object for multi-part hash operations.</p>
+<pre class="literal-block">
+typedef <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-type"><span class="std std-ref">/* implementation-defined type */</span></a></em> <a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a>;
+</pre>
+<p>Before calling any function on a hash operation object, the application must initialize it by any of the following means:</p>
+<ul>
+<li><p class="first">Set the object to all-bits-zero, for example:</p>
+<pre class="literal-block">
+<a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a> operation;
+memset(&amp;operation, 0, sizeof(operation));
+</pre>
+</li>
+<li><p class="first">Initialize the object to logical zero values by declaring the object as static or global without an explicit initializer, for example:</p>
+<pre class="literal-block">
+static <a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a> operation;
+</pre>
+</li>
+<li><p class="first">Initialize the object to the initializer <a class="reference internal" href="#c.PSA_HASH_OPERATION_INIT" title="PSA_HASH_OPERATION_INIT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_HASH_OPERATION_INIT</span></code></a>, for example:</p>
+<pre class="literal-block">
+<a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a> operation = <a class="reference internal" href="#c.PSA_HASH_OPERATION_INIT" title="PSA_HASH_OPERATION_INIT">PSA_HASH_OPERATION_INIT</a>;
+</pre>
+</li>
+<li><p class="first">Assign the result of the function <a class="reference internal" href="#c.psa_hash_operation_init" title="psa_hash_operation_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_operation_init()</span></code></a> to the object, for example:</p>
+<pre class="literal-block">
+<a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a> operation;
+operation = <a class="reference internal" href="#c.psa_hash_operation_init" title="psa_hash_operation_init">psa_hash_operation_init</a>();
+</pre>
+</li>
+</ul>
+<p>This is an implementation-defined type. Applications that make assumptions about the content of this object will result in in implementation-specific behavior, and are non-portable.</p>
+</div>
+<div class="section" id="PSA_HASH_OPERATION_INIT">
+<span id="c.PSA_HASH_OPERATION_INIT"></span><h3><code class="docutils literal"><span class="pre">PSA_HASH_OPERATION_INIT</span></code> (macro)</h3>
+<p>This macro returns a suitable initializer for a hash operation object of type <a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_hash_operation_t</span></code></a>.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_HASH_OPERATION_INIT" title="PSA_HASH_OPERATION_INIT">PSA_HASH_OPERATION_INIT</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+</div>
+<div class="section" id="psa_hash_operation_init">
+<span id="c.psa_hash_operation_init"></span><h3><code class="docutils literal"><span class="pre">psa_hash_operation_init</span></code> (function)</h3>
+<p>Return an initial value for a hash operation object.</p>
+<pre class="literal-block">
+<a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a> <a class="reference internal" href="#c.psa_hash_operation_init" title="psa_hash_operation_init">psa_hash_operation_init</a>(void);
+</pre>
+<p class="rubric">Returns: <a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t"><code class="docutils literal"><span class="pre">psa_hash_operation_t</span></code></a></p>
+</div>
+<div class="section" id="psa_hash_setup">
+<span id="c.psa_hash_setup"></span><h3><code class="docutils literal"><span class="pre">psa_hash_setup</span></code> (function)</h3>
+<p>Set up a multi-part hash operation.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup">psa_hash_setup</a>(<a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a> * operation,
+                            <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
+<dd>The operation object to set up. It must have been initialized as per the documentation for <a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_hash_operation_t</span></code></a> and not yet in use.</dd>
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>The hash algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd>Success.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">alg</span></code> is not a supported hash algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">alg</span></code> is not a hash algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The operation state is not valid: it must be inactive.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>The sequence of operations to calculate a hash (message digest) is as follows:</p>
+<ol class="arabic simple">
+<li>Allocate an operation object which will be passed to all the functions listed here.</li>
+<li>Initialize the operation object with one of the methods described in the documentation for <a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_hash_operation_t</span></code></a>, e.g. <a class="reference internal" href="#c.PSA_HASH_OPERATION_INIT" title="PSA_HASH_OPERATION_INIT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_HASH_OPERATION_INIT</span></code></a>.</li>
+<li>Call <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_setup()</span></code></a> to specify the algorithm.</li>
+<li>Call <a class="reference internal" href="#c.psa_hash_update" title="psa_hash_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_update()</span></code></a> zero, one or more times, passing a fragment of the message each time. The hash that is calculated is the hash of the concatenation of these messages in order.</li>
+<li>To calculate the hash, call <a class="reference internal" href="#c.psa_hash_finish" title="psa_hash_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_finish()</span></code></a>. To compare the hash with an expected value, call <a class="reference internal" href="#c.psa_hash_verify" title="psa_hash_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_verify()</span></code></a>. To suspend the hash operation and extract the current state, call <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a>.</li>
+</ol>
+<p>If an error occurs at any step after a call to <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_setup()</span></code></a>, the operation will need to be reset by a call to <a class="reference internal" href="#c.psa_hash_abort" title="psa_hash_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_abort()</span></code></a>. The application can call <a class="reference internal" href="#c.psa_hash_abort" title="psa_hash_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_abort()</span></code></a> at any time after the operation has been initialized.</p>
+<p>After a successful call to <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_setup()</span></code></a>, the application must eventually terminate the operation. The following events terminate an operation:</p>
+<ul class="simple">
+<li>A successful call to <a class="reference internal" href="#c.psa_hash_finish" title="psa_hash_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_finish()</span></code></a> or <a class="reference internal" href="#c.psa_hash_verify" title="psa_hash_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_verify()</span></code></a> or <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a>.</li>
+<li>A call to <a class="reference internal" href="#c.psa_hash_abort" title="psa_hash_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_abort()</span></code></a>.</li>
+</ul>
+</div>
+<div class="section" id="psa_hash_update">
+<span id="c.psa_hash_update"></span><h3><code class="docutils literal"><span class="pre">psa_hash_update</span></code> (function)</h3>
+<p>Add a message fragment to a multi-part hash operation.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_hash_update" title="psa_hash_update">psa_hash_update</a>(<a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a> * operation,
+                             const uint8_t * input,
+                             size_t input_length);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
+<dd>Active hash operation.</dd>
+<dt> <code class="docutils literal"><span class="pre">input</span></code></dt>
+<dd>Buffer containing the message fragment to hash.</dd>
+<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
+<dd>Size of the <code class="docutils literal"><span class="pre">input</span></code> buffer in bytes.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd>Success.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The operation state is not valid: it must be active.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>The application must call <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_setup()</span></code></a> or <a class="reference internal" href="#c.psa_hash_resume" title="psa_hash_resume"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_resume()</span></code></a> before calling this function.</p>
+<p>If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_hash_abort" title="psa_hash_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_abort()</span></code></a>.</p>
+</div>
+<div class="section" id="psa_hash_finish">
+<span id="c.psa_hash_finish"></span><h3><code class="docutils literal"><span class="pre">psa_hash_finish</span></code> (function)</h3>
+<p>Finish the calculation of the hash of a message.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_hash_finish" title="psa_hash_finish">psa_hash_finish</a>(<a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a> * operation,
+                             uint8_t * hash,
+                             size_t hash_size,
+                             size_t * hash_length);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
+<dd>Active hash operation.</dd>
+<dt> <code class="docutils literal"><span class="pre">hash</span></code></dt>
+<dd>Buffer where the hash is to be written.</dd>
+<dt> <code class="docutils literal"><span class="pre">hash_size</span></code></dt>
+<dd>Size of the <code class="docutils literal"><span class="pre">hash</span></code> buffer in bytes. This must be at least <a class="reference internal" href="#c.PSA_HASH_LENGTH" title="PSA_HASH_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">alg</span></code> is the algorithm that the operation performs.</dd>
+<dt> <code class="docutils literal"><span class="pre">hash_length</span></code></dt>
+<dd>On success, the number of bytes that make up the hash value. This is always <a class="reference internal" href="#c.PSA_HASH_LENGTH" title="PSA_HASH_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">alg</span></code> is the hash algorithm that the operation performs.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd>Success.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The operation state is not valid: it must be active.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
+<dd>The size of the <code class="docutils literal"><span class="pre">hash</span></code> buffer is too small.
+<a class="reference internal" href="#c.PSA_HASH_LENGTH" title="PSA_HASH_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_HASH_LENGTH()</span></code></a> can be used to determine the required buffer size.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>The application must call <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_setup()</span></code></a> or <a class="reference internal" href="#c.psa_hash_resume" title="psa_hash_resume"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_resume()</span></code></a> before calling this function. This function calculates the hash of the message formed by concatenating the inputs passed to preceding calls to <a class="reference internal" href="#c.psa_hash_update" title="psa_hash_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_update()</span></code></a>.</p>
+<p>When this function returns successfully, the operation becomes inactive. If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_hash_abort" title="psa_hash_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_abort()</span></code></a>.</p>
+<div class="admonition warning">
+<p class="first admonition-title">Warning</p>
+<p>It is not recommended to use this function when a specific value is expected for the hash. Call <a class="reference internal" href="#c.psa_hash_verify" title="psa_hash_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_verify()</span></code></a> instead with the expected hash value.</p>
+<p class="last">Comparing integrity or authenticity data such as hash values with a function such as <code class="docutils literal"><span class="pre">memcmp()</span></code> is risky because the time taken by the comparison might leak information about the hashed data which could allow an attacker to guess a valid hash and thereby bypass security controls.</p>
+</div>
+</div>
+<div class="section" id="psa_hash_verify">
+<span id="c.psa_hash_verify"></span><h3><code class="docutils literal"><span class="pre">psa_hash_verify</span></code> (function)</h3>
+<p>Finish the calculation of the hash of a message and compare it with an expected value.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_hash_verify" title="psa_hash_verify">psa_hash_verify</a>(<a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a> * operation,
+                             const uint8_t * hash,
+                             size_t hash_length);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
+<dd>Active hash operation.</dd>
+<dt> <code class="docutils literal"><span class="pre">hash</span></code></dt>
+<dd>Buffer containing the expected hash value.</dd>
+<dt> <code class="docutils literal"><span class="pre">hash_length</span></code></dt>
+<dd>Size of the <code class="docutils literal"><span class="pre">hash</span></code> buffer in bytes.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd>The expected hash is identical to the actual hash of the message.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a></dt>
+<dd>The hash of the message was calculated successfully, but it differs from the expected hash.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The operation state is not valid: it must be active.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>The application must call <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_setup()</span></code></a> before calling this function. This function calculates the hash of the message formed by concatenating the inputs passed to preceding calls to <a class="reference internal" href="#c.psa_hash_update" title="psa_hash_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_update()</span></code></a>. It then compares the calculated hash with the expected hash passed as a parameter to this function.</p>
+<p>When this function returns successfully, the operation becomes inactive. If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_hash_abort" title="psa_hash_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_abort()</span></code></a>.</p>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">Implementations must make the best effort to ensure that the comparison between the actual hash and the expected hash is performed in constant time.</p>
+</div>
+</div>
+<div class="section" id="psa_hash_abort">
+<span id="c.psa_hash_abort"></span><h3><code class="docutils literal"><span class="pre">psa_hash_abort</span></code> (function)</h3>
+<p>Abort a hash operation.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_hash_abort" title="psa_hash_abort">psa_hash_abort</a>(<a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a> * operation);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
+<dd>Initialized hash operation.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>Aborting an operation frees all associated resources except for the <code class="docutils literal"><span class="pre">operation</span></code> object itself. Once aborted, the operation object can be reused for another operation by calling <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_setup()</span></code></a> again.</p>
+<p>This function can be called any time after the operation object has been initialized by one of the methods described in <a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_hash_operation_t</span></code></a>.</p>
+<p>In particular, calling <a class="reference internal" href="#c.psa_hash_abort" title="psa_hash_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_abort()</span></code></a> after the operation has been terminated by a call to <a class="reference internal" href="#c.psa_hash_abort" title="psa_hash_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_abort()</span></code></a>, <a class="reference internal" href="#c.psa_hash_finish" title="psa_hash_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_finish()</span></code></a> or <a class="reference internal" href="#c.psa_hash_verify" title="psa_hash_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_verify()</span></code></a> is safe and has no effect.</p>
+</div>
+<div class="section" id="psa_hash_suspend">
+<span id="c.psa_hash_suspend"></span><h3><code class="docutils literal"><span class="pre">psa_hash_suspend</span></code> (function)</h3>
+<p>Halt the hash operation and extract the intermediate state of the hash computation.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend">psa_hash_suspend</a>(<a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a> * operation,
+                              uint8_t * hash_state,
+                              size_t hash_state_size,
+                              size_t * hash_state_length);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
+<dd>Active hash operation.</dd>
+<dt> <code class="docutils literal"><span class="pre">hash_state</span></code></dt>
+<dd>Buffer where the hash suspend state is to be written.</dd>
+<dt> <code class="docutils literal"><span class="pre">hash_state_size</span></code></dt>
+<dd><p class="first">Size of the <code class="docutils literal"><span class="pre">hash_state</span></code> buffer in bytes.
+This must be appropriate for the selected algorithm:</p>
+<ul class="last simple">
+<li>A sufficient output size is <a class="reference internal" href="#c.PSA_HASH_SUSPEND_OUTPUT_SIZE" title="PSA_HASH_SUSPEND_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_OUTPUT_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code>  where <code class="docutils literal"><span class="pre">alg</span></code> is the algorithm that was used to set up the operation.</li>
+<li><a class="reference internal" href="#c.PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE" title="PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE</span></code></a> evaluates to the maximum output size of any supported hash algorithm.</li>
+</ul>
+</dd>
+<dt> <code class="docutils literal"><span class="pre">hash_state_length</span></code></dt>
+<dd>On success, the number of bytes that make up the hash suspend state.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd>Success.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The operation state is not valid: it must be active.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
+<dd>The size of the <code class="docutils literal"><span class="pre">hash_state</span></code> buffer is too small.
+<a class="reference internal" href="#c.PSA_HASH_SUSPEND_OUTPUT_SIZE" title="PSA_HASH_SUSPEND_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_HASH_SUSPEND_OUTPUT_SIZE()</span></code></a> or <a class="reference internal" href="#c.PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE" title="PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE</span></code></a> can be used to determine the required buffer size.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
+<dd>The hash algorithm being computed does not support suspend and resume.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>The application must call <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_setup()</span></code></a> or <a class="reference internal" href="#c.psa_hash_resume" title="psa_hash_resume"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_resume()</span></code></a> before calling this function. This function extracts an intermediate state of the hash computation of the message formed by concatenating the inputs passed to preceding calls to <a class="reference internal" href="#c.psa_hash_update" title="psa_hash_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_update()</span></code></a>.</p>
+<p>This function can be used to halt a hash operation, and then resume the hash operation at a later time, or in another application, by transferring the extracted hash suspend state to a call to <a class="reference internal" href="#c.psa_hash_resume" title="psa_hash_resume"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_resume()</span></code></a>.</p>
+<p>When this function returns successfully, the operation becomes inactive. If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_hash_abort" title="psa_hash_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_abort()</span></code></a>.</p>
+<p>Hash suspend and resume is not defined for the SHA3 family of hash algorithms. <em><a class="reference internal" href="#hash-suspend-state"><span class="std std-ref">Hash suspend state</span></a></em> defines the format of the output from <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a>.</p>
+<div class="admonition warning">
+<p class="first admonition-title">Warning</p>
+<p class="last">Applications must not use any of the hash suspend state as if it was a hash output. Instead, the suspend state must only be used to resume a hash operation, and <a class="reference internal" href="#c.psa_hash_finish" title="psa_hash_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_finish()</span></code></a> or <a class="reference internal" href="#c.psa_hash_verify" title="psa_hash_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_verify()</span></code></a> can then calculate or verify the final hash value.</p>
+</div>
+<p class="rubric">Usage</p>
+<p>The sequence of operations to suspend and resume a hash operation is as follows:</p>
+<ol class="arabic">
+<li><p class="first">Compute the first part of the hash.</p>
+<blockquote>
+<div><ol class="arabic simple">
+<li>Allocate an operation object and initialize it as described in the documentation for <a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_hash_operation_t</span></code></a>.</li>
+<li>Call <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_setup()</span></code></a> to specify the algorithm.</li>
+<li>Call <a class="reference internal" href="#c.psa_hash_update" title="psa_hash_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_update()</span></code></a> zero, one or more times, passing a fragment of the message each time.</li>
+<li>Call <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a> to extract the hash suspend state into a buffer.</li>
+</ol>
+</div></blockquote>
+</li>
+<li><p class="first">Pass the hash state buffer to the application which will resume the operation.</p>
+</li>
+<li><p class="first">Compute the rest of the hash.</p>
+<blockquote>
+<div><ol class="arabic simple">
+<li>Allocate an operation object and initialize it as described in the documentation for <a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_hash_operation_t</span></code></a>.</li>
+<li>Call <a class="reference internal" href="#c.psa_hash_resume" title="psa_hash_resume"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_resume()</span></code></a> with the extracted hash state.</li>
+<li>Call <a class="reference internal" href="#c.psa_hash_update" title="psa_hash_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_update()</span></code></a> zero, one or more times, passing a fragment of the message each time.</li>
+<li>To calculate the hash, call <a class="reference internal" href="#c.psa_hash_finish" title="psa_hash_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_finish()</span></code></a>. To compare the hash with an expected value, call <a class="reference internal" href="#c.psa_hash_verify" title="psa_hash_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_verify()</span></code></a>.</li>
+</ol>
+</div></blockquote>
+</li>
+</ol>
+<p>If an error occurs at any step after a call to <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_setup()</span></code></a> or <a class="reference internal" href="#c.psa_hash_resume" title="psa_hash_resume"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_resume()</span></code></a>, the operation will need to be reset by a call to <a class="reference internal" href="#c.psa_hash_abort" title="psa_hash_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_abort()</span></code></a>. The application can call <a class="reference internal" href="#c.psa_hash_abort" title="psa_hash_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_abort()</span></code></a> at any time after the operation has been initialized.</p>
+</div>
+<div class="section" id="psa_hash_resume">
+<span id="c.psa_hash_resume"></span><h3><code class="docutils literal"><span class="pre">psa_hash_resume</span></code> (function)</h3>
+<p>Set up a multi-part hash operation using the hash suspend state from a previously suspended hash operation.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_hash_resume" title="psa_hash_resume">psa_hash_resume</a>(<a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a> * operation,
+                             const uint8_t * hash_state,
+                             size_t hash_state_length);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
+<dd>The operation object to set up. It must have been initialized as per the documentation for <a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_hash_operation_t</span></code></a> and not yet in use.</dd>
+<dt> <code class="docutils literal"><span class="pre">hash_state</span></code></dt>
+<dd>A buffer containing the suspended hash state which is to be resumed. This must be in the format output by <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a>, which is described in <em><a class="reference internal" href="#hash-suspend-state-format"><span class="std std-ref">Hash suspend state format</span></a></em>.</dd>
+<dt> <code class="docutils literal"><span class="pre">hash_state_length</span></code></dt>
+<dd>Length of <code class="docutils literal"><span class="pre">hash_state</span></code> in bytes.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd>Success.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
+<dd>The provided hash suspend state is for an algorithm that is not supported.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">hash_state</span></code> does not correspond to a valid hash suspend state. See <em><a class="reference internal" href="#hash-suspend-state-format"><span class="std std-ref">Hash suspend state format</span></a></em> for the definition.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The operation state is not valid: it must be inactive.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>See <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a> for an example of how to use this function to suspend and resume a hash operation.</p>
+<p>After a successful call to <a class="reference internal" href="#c.psa_hash_resume" title="psa_hash_resume"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_resume()</span></code></a>, the application must eventually terminate the operation. The following events terminate an operation:</p>
+<ul class="simple">
+<li>A successful call to <a class="reference internal" href="#c.psa_hash_finish" title="psa_hash_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_finish()</span></code></a>, <a class="reference internal" href="#c.psa_hash_verify" title="psa_hash_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_verify()</span></code></a> or <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a>.</li>
+<li>A call to <a class="reference internal" href="#c.psa_hash_abort" title="psa_hash_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_abort()</span></code></a>.</li>
+</ul>
+</div>
+<div class="section" id="psa_hash_clone">
+<span id="c.psa_hash_clone"></span><h3><code class="docutils literal"><span class="pre">psa_hash_clone</span></code> (function)</h3>
+<p>Clone a hash operation.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_hash_clone" title="psa_hash_clone">psa_hash_clone</a>(const <a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a> * source_operation,
+                            <a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a> * target_operation);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">source_operation</span></code></dt>
+<dd>The active hash operation to clone.</dd>
+<dt> <code class="docutils literal"><span class="pre">target_operation</span></code></dt>
+<dd>The operation object to set up. It must be initialized but not active.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The <code class="docutils literal"><span class="pre">source_operation</span></code> state is not valid: it must be active.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The <code class="docutils literal"><span class="pre">target_operation</span></code> state is not valid: it must be inactive.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>This function copies the state of an ongoing hash operation to a new operation object. In other words, this function is equivalent to calling <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_setup()</span></code></a> on <code class="docutils literal"><span class="pre">target_operation</span></code> with the same algorithm that <code class="docutils literal"><span class="pre">source_operation</span></code> was set up for, then <a class="reference internal" href="#c.psa_hash_update" title="psa_hash_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_update()</span></code></a> on <code class="docutils literal"><span class="pre">target_operation</span></code> with the same input that that was passed to <code class="docutils literal"><span class="pre">source_operation</span></code>. After this function returns, the two objects are independent, i.e. subsequent calls involving one of the objects do not affect the other object.</p>
+</div>
+</div>
+<div class="section" id="support-macros">
+<h2>Support macros</h2>
+<div class="section" id="PSA_HASH_LENGTH">
+<span id="c.PSA_HASH_LENGTH"></span><h3><code class="docutils literal"><span class="pre">PSA_HASH_LENGTH</span></code> (macro)</h3>
+<p>The size of the output of <a class="reference internal" href="#c.psa_hash_compute" title="psa_hash_compute"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_compute()</span></code></a> and <a class="reference internal" href="#c.psa_hash_finish" title="psa_hash_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_finish()</span></code></a>, in bytes.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_HASH_LENGTH" title="PSA_HASH_LENGTH">PSA_HASH_LENGTH</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>A hash algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true), or an HMAC algorithm (<a class="reference internal" href="macs.html#c.PSA_ALG_HMAC" title="PSA_ALG_HMAC"><code class="docutils literal"><span class="pre">PSA_ALG_HMAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">hash_alg</span></code> is a hash algorithm).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>The hash length for the specified hash algorithm. If the hash algorithm is not recognized, return <code class="docutils literal"><span class="pre">0</span></code>. An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or the correct size for a hash algorithm that it recognizes, but does not support.</p>
+<p class="rubric">Description</p>
+<p>This is also the hash length that <a class="reference internal" href="#c.psa_hash_compare" title="psa_hash_compare"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_compare()</span></code></a> and <a class="reference internal" href="#c.psa_hash_verify" title="psa_hash_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_verify()</span></code></a> expect.</p>
+<p>See also <a class="reference internal" href="#c.PSA_HASH_MAX_SIZE" title="PSA_HASH_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_HASH_MAX_SIZE</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_HASH_MAX_SIZE">
+<span id="c.PSA_HASH_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_HASH_MAX_SIZE</span></code> (macro)</h3>
+<p>Maximum size of a hash.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_HASH_MAX_SIZE" title="PSA_HASH_MAX_SIZE">PSA_HASH_MAX_SIZE</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p>This macro must expand to a compile-time constant integer.
+It is recommended that this value is the maximum size of a hash supported by the implementation, in bytes. The value must not be smaller than this maximum.</p>
+<p>See also <a class="reference internal" href="#c.PSA_HASH_LENGTH" title="PSA_HASH_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_HASH_LENGTH()</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_HASH_SUSPEND_OUTPUT_SIZE">
+<span id="c.PSA_HASH_SUSPEND_OUTPUT_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_OUTPUT_SIZE</span></code> (macro)</h3>
+<p>A sufficient hash suspend state buffer size for <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a>.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_HASH_SUSPEND_OUTPUT_SIZE" title="PSA_HASH_SUSPEND_OUTPUT_SIZE">PSA_HASH_SUSPEND_OUTPUT_SIZE</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>A hash algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>A sufficient output size for the algorithm. If the hash algorithm is not recognized, or is not supported by <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a>, return <code class="docutils literal"><span class="pre">0</span></code>. An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or a correct size for a hash algorithm that it recognizes, but does not support.</p>
+<p>For a supported hash algorithm <code class="docutils literal"><span class="pre">alg</span></code>, the following expression is true:</p>
+<pre class="literal-block">
+<a class="reference internal" href="#c.PSA_HASH_SUSPEND_OUTPUT_SIZE" title="PSA_HASH_SUSPEND_OUTPUT_SIZE">PSA_HASH_SUSPEND_OUTPUT_SIZE</a>(alg) == <a class="reference internal" href="#c.PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH" title="PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH">PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH</a> +
+                                     <a class="reference internal" href="#c.PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH" title="PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH">PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH</a>(alg) +
+                                     <a class="reference internal" href="#c.PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH" title="PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH">PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH</a>(alg) +
+                                     <a class="reference internal" href="#c.PSA_HASH_BLOCK_LENGTH" title="PSA_HASH_BLOCK_LENGTH">PSA_HASH_BLOCK_LENGTH</a>(alg) - 1
+</pre>
+<p class="rubric">Description</p>
+<p>If the size of the hash state buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a> will not fail due to an insufficient buffer size. The actual size of the output might be smaller in any given call.</p>
+<p>See also <a class="reference internal" href="#c.PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE" title="PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE">
+<span id="c.PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE</span></code> (macro)</h3>
+<p>A sufficient hash suspend state buffer size for <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a>, for any supported hash algorithms.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE" title="PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE">PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p>See also <a class="reference internal" href="#c.PSA_HASH_SUSPEND_OUTPUT_SIZE" title="PSA_HASH_SUSPEND_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_HASH_SUSPEND_OUTPUT_SIZE()</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH">
+<span id="c.PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH"></span><h3><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH</span></code> (macro)</h3>
+<p>The size of the <em>algorithm</em> field that is part of the output of <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a>, in bytes.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH" title="PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH">PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH</a> ((size_t)4)
+</pre>
+<p>Applications can use this value to unpack the hash suspend state that is output by <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH">
+<span id="c.PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH"></span><h3><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH</span></code> (macro)</h3>
+<p>The size of the <em>input-length</em> field that is part of the output of <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a>, in bytes.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH" title="PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH">PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH</a>(alg) \
+    <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>A hash algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>The size, in bytes, of the <em>input-length</em> field of the hash suspend state for the specified hash algorithm. If the hash algorithm is not recognized, return <code class="docutils literal"><span class="pre">0</span></code>. An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or the correct size for a hash algorithm that it recognizes, but does not support.</p>
+<p>The algorithm-specific values are defined in <em><a class="reference internal" href="#hash-suspend-state-constants"><span class="std std-ref">Hash suspend state field sizes</span></a></em>.</p>
+<p class="rubric">Description</p>
+<p>Applications can use this value to unpack the hash suspend state that is output by <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH">
+<span id="c.PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH"></span><h3><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH</span></code> (macro)</h3>
+<p>The size of the <em>hash-state</em> field that is part of the output of <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a>, in bytes.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH" title="PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH">PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH</a>(alg) \
+    <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>A hash algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>The size, in bytes, of the <em>hash-state</em> field of the hash suspend state for the specified hash algorithm. If the hash algorithm is not recognized, return <code class="docutils literal"><span class="pre">0</span></code>. An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or the correct size for a hash algorithm that it recognizes, but does not support.</p>
+<p>The algorithm-specific values are defined in <em><a class="reference internal" href="#hash-suspend-state-constants"><span class="std std-ref">Hash suspend state field sizes</span></a></em>.</p>
+<p class="rubric">Description</p>
+<p>Applications can use this value to unpack the hash suspend state that is output by <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_HASH_BLOCK_LENGTH">
+<span id="c.PSA_HASH_BLOCK_LENGTH"></span><h3><code class="docutils literal"><span class="pre">PSA_HASH_BLOCK_LENGTH</span></code> (macro)</h3>
+<p>The input block size of a hash algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_HASH_BLOCK_LENGTH" title="PSA_HASH_BLOCK_LENGTH">PSA_HASH_BLOCK_LENGTH</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>A hash algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>The block size for the specified hash algorithm. If the hash algorithm is not recognized, return <code class="docutils literal"><span class="pre">0</span></code>. An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or the correct size for a hash algorithm that it recognizes, but does not support.</p>
+<p class="rubric">Description</p>
+<p>Hash algorithms process their input data in blocks. Hash operations will retain any partial blocks until they have enough input to fill the block or until the operation is finished.</p>
+<p>This affects the output from <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a>.</p>
+</div>
+</div>
+<div class="section" id="hash-suspend-state">
+<span id="id2"></span><h2>Hash suspend state</h2>
+<p>The hash suspend state is output by <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a> and input to <a class="reference internal" href="#c.psa_hash_resume" title="psa_hash_resume"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_resume()</span></code></a>.</p>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">Hash suspend and resume is not defined for the SHA3 family of hash algorithms.</p>
+</div>
+<p class="rubric" id="hash-suspend-state-format">Hash suspend state format</p>
+<p>The hash suspend state has the following format:</p>
+<p><em>hash-suspend-state</em> = <em>algorithm</em> || <em>input-length</em> || <em>hash-state</em> || <em>unprocessed-input</em></p>
+<p>The fields in the hash suspend state are defined as follows:</p>
+<table border="1" class="colwidths-given docutils">
+<colgroup>
+<col width="25%" />
+<col width="75%" />
+</colgroup>
+<tbody valign="top">
+<tr class="row-odd"><td><p class="first"><em>algorithm</em></p>
+<p class="last">big-endian 32-bit unsigned integer</p>
+</td>
+<td><p class="first">The PSA Crypto API algorithm identifier. Encoded as a big-endian 32-bit unsigned integer.</p>
+<p class="last">The byte length of the <em>algorithm</em> field can be evaluated using <a class="reference internal" href="#c.PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH" title="PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH</span></code></a>.</p>
+</td>
+</tr>
+<tr class="row-even"><td><p class="first"><em>input-length</em></p>
+<p class="last">big-endian unsigned integer</p>
+</td>
+<td><p class="first">The content of this field is algorithm-specific:</p>
+<ul class="simple">
+<li>For MD2, this is the number of bytes in the <em>unprocessed-input</em>.</li>
+<li>For all other hash algorithms, this is the total number of bytes of input to the hash computation. This includes the <em>unprocessed-input</em> bytes.</li>
+</ul>
+<p>The size of this field is algorithm-specific:</p>
+<ul class="simple">
+<li>For MD2: <em>input-length</em> is an 8-bit unsigned integer.</li>
+<li>For MD4, MD5, RIPEMD-160, SHA-1, SHA-224 and SHA-256: <em>input-length</em> is a 64-bit unsigned integer.</li>
+<li>For SHA-512, SHA-384 and SHA-512/256: <em>input-length</em> is a 128-bit unsigned integer.</li>
+</ul>
+<p class="last">The length, in bytes, of the <em>input-length</em> field can be calculated using <a class="reference internal" href="#c.PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH" title="PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">alg</span></code> is a hash algorithm.
+See <em><a class="reference internal" href="#hash-suspend-state-constants"><span class="std std-ref">Hash suspend state field sizes</span></a></em>.</p>
+</td>
+</tr>
+<tr class="row-odd"><td><p class="first"><em>hash-state</em></p>
+<p class="last">array of bytes</p>
+</td>
+<td><p class="first">Algorithm-specific intermediate hash state:</p>
+<ul class="simple">
+<li>For MD2: 16 bytes of internal checksum, then 48 bytes of intermediate digest.</li>
+<li>For MD4 and MD5: 4x 32-bit integers, in little-endian encoding.</li>
+<li>For RIPEMD-160: 5x 32-bit integers, in little-endian encoding.</li>
+<li>For SHA-1: 5x 32-bit integers, in big-endian encoding.</li>
+<li>For SHA-224 and SHA-256: 8x 32-bit integers, in big-endian encoding.</li>
+<li>For SHA-512, SHA-384 and SHA-512/256: 8x 64-bit integers, in big-endian encoding.</li>
+</ul>
+<p class="last">The length of this field is specific to the algorithm.
+The length, in bytes, of the <em>hash-state</em> field can be calculated using <a class="reference internal" href="#c.PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH" title="PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">alg</span></code> is a hash algorithm.
+See <em><a class="reference internal" href="#hash-suspend-state-constants"><span class="std std-ref">Hash suspend state field sizes</span></a></em>.</p>
+</td>
+</tr>
+<tr class="row-even"><td><p class="first"><em>unprocessed-input</em></p>
+<p class="last">0 to (<em>hash-block-size</em>-1) bytes</p>
+</td>
+<td><p class="first">A partial block of unprocessed input data. This is between zero and <em>hash-block-size</em>-1 bytes of data, the length can be calculated by:</p>
+<p><code class="docutils literal"><span class="pre">length(</span></code><em>unprocessed-input</em><code class="docutils literal"><span class="pre">)</span></code> <code class="docutils literal"><span class="pre">=</span></code> <em>input-length</em> <code class="docutils literal"><span class="pre">%</span></code> <em>hash-block-size</em>.</p>
+<p class="last">The <em>hash-block-size</em> is specific to the algorithm.
+The size of a hash block can be calculated using <a class="reference internal" href="#c.PSA_HASH_BLOCK_LENGTH" title="PSA_HASH_BLOCK_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_BLOCK_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">alg</span></code> is a hash algorithm.
+See <em><a class="reference internal" href="#hash-suspend-state-constants"><span class="std std-ref">Hash suspend state field sizes</span></a></em>.</p>
+</td>
+</tr>
+</tbody>
+</table>
+<p class="rubric" id="hash-suspend-state-constants">Hash suspend state field sizes</p>
+<p>The following table defines the algorithm-specific field lengths for the hash suspend state returned by <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a>. All of the field lengths are in bytes. To compute the field lengths for algorithm <code class="docutils literal"><span class="pre">alg</span></code>, use the following expressions:</p>
+<ul class="simple">
+<li><a class="reference internal" href="#c.PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH" title="PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH</span></code></a> returns the length of the <em>algorithm</em> field.</li>
+<li><a class="reference internal" href="#c.PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH" title="PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> returns the length of the <em>input-length</em> field.</li>
+<li><a class="reference internal" href="#c.PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH" title="PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> returns the length of the <em>hash-state</em> field.</li>
+<li><a class="reference internal" href="#c.PSA_HASH_BLOCK_LENGTH" title="PSA_HASH_BLOCK_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_BLOCK_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)-1</span></code> is the maximum length of the <em>unprocessed-bytes</em> field.</li>
+<li><a class="reference internal" href="#c.PSA_HASH_SUSPEND_OUTPUT_SIZE" title="PSA_HASH_SUSPEND_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_OUTPUT_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">slg</span></code><code class="docutils literal"><span class="pre">)</span></code> returns the maximum size of the hash suspend state.</li>
+</ul>
+<table border="1" class="docutils">
+<colgroup>
+<col width="25%" />
+<col width="25%" />
+<col width="25%" />
+<col width="25%" />
+</colgroup>
+<thead valign="bottom">
+<tr class="row-odd"><th class="head">Hash algorithm</th>
+<th class="head"><em>input-length</em> size (bytes)</th>
+<th class="head"><em>hash-state</em> length (bytes)</th>
+<th class="head"><em>unprocessed-bytes</em> length (bytes)</th>
+</tr>
+</thead>
+<tbody valign="top">
+<tr class="row-even"><td><a class="reference internal" href="#c.PSA_ALG_MD2" title="PSA_ALG_MD2"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_MD2</span></code></a></td>
+<td>1</td>
+<td>64</td>
+<td>0 - 15</td>
+</tr>
+<tr class="row-odd"><td><a class="reference internal" href="#c.PSA_ALG_MD4" title="PSA_ALG_MD4"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_MD4</span></code></a></td>
+<td>8</td>
+<td>16</td>
+<td>0 - 63</td>
+</tr>
+<tr class="row-even"><td><a class="reference internal" href="#c.PSA_ALG_MD5" title="PSA_ALG_MD5"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_MD5</span></code></a></td>
+<td>8</td>
+<td>16</td>
+<td>0 - 63</td>
+</tr>
+<tr class="row-odd"><td><a class="reference internal" href="#c.PSA_ALG_RIPEMD160" title="PSA_ALG_RIPEMD160"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RIPEMD160</span></code></a></td>
+<td>8</td>
+<td>20</td>
+<td>0 - 63</td>
+</tr>
+<tr class="row-even"><td><a class="reference internal" href="#c.PSA_ALG_SHA_1" title="PSA_ALG_SHA_1"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_SHA_1</span></code></a></td>
+<td>8</td>
+<td>20</td>
+<td>0 - 63</td>
+</tr>
+<tr class="row-odd"><td><a class="reference internal" href="#c.PSA_ALG_SHA_224" title="PSA_ALG_SHA_224"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_SHA_224</span></code></a></td>
+<td>8</td>
+<td>32</td>
+<td>0 - 63</td>
+</tr>
+<tr class="row-even"><td><a class="reference internal" href="#c.PSA_ALG_SHA_256" title="PSA_ALG_SHA_256"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_SHA_256</span></code></a></td>
+<td>8</td>
+<td>32</td>
+<td>0 - 63</td>
+</tr>
+<tr class="row-odd"><td><a class="reference internal" href="#c.PSA_ALG_SHA_512_256" title="PSA_ALG_SHA_512_256"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_SHA_512_256</span></code></a></td>
+<td>16</td>
+<td>64</td>
+<td>0 - 127</td>
+</tr>
+<tr class="row-even"><td><a class="reference internal" href="#c.PSA_ALG_SHA_384" title="PSA_ALG_SHA_384"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_SHA_384</span></code></a></td>
+<td>16</td>
+<td>64</td>
+<td>0 - 127</td>
+</tr>
+<tr class="row-odd"><td><a class="reference internal" href="#c.PSA_ALG_SHA_512" title="PSA_ALG_SHA_512"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_SHA_512</span></code></a></td>
+<td>16</td>
+<td>64</td>
+<td>0 - 127</td>
+</tr>
+</tbody>
+</table>
+</div>
+</div>
+
+
+          </div>
+        </div>
+      </div>
+      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
+        <div class="sphinxsidebarwrapper">
+  <h3><a href="../../index.html">Table Of Contents</a></h3>
+  <ul>
+<li><a class="reference internal" href="#">Message digests</a><ul>
+<li><a class="reference internal" href="#hash-algorithms">Hash algorithms</a><ul>
+<li><a class="reference internal" href="#PSA_ALG_MD2"><code class="docutils literal"><span class="pre">PSA_ALG_MD2</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_MD4"><code class="docutils literal"><span class="pre">PSA_ALG_MD4</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_MD5"><code class="docutils literal"><span class="pre">PSA_ALG_MD5</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_RIPEMD160"><code class="docutils literal"><span class="pre">PSA_ALG_RIPEMD160</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_SHA_1"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_1</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_SHA_224"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_224</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_SHA_256"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_256</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_SHA_384"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_384</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_SHA_512"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_512</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_SHA_512_224"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_512_224</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_SHA_512_256"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_512_256</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_SHA3_224"><code class="docutils literal"><span class="pre">PSA_ALG_SHA3_224</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_SHA3_256"><code class="docutils literal"><span class="pre">PSA_ALG_SHA3_256</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_SHA3_384"><code class="docutils literal"><span class="pre">PSA_ALG_SHA3_384</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_SHA3_512"><code class="docutils literal"><span class="pre">PSA_ALG_SHA3_512</span></code> (macro)</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#single-part-hashing-functions">Single-part hashing functions</a><ul>
+<li><a class="reference internal" href="#psa_hash_compute"><code class="docutils literal"><span class="pre">psa_hash_compute</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_hash_compare"><code class="docutils literal"><span class="pre">psa_hash_compare</span></code> (function)</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#multi-part-hashing-operations">Multi-part hashing operations</a><ul>
+<li><a class="reference internal" href="#psa_hash_operation_t"><code class="docutils literal"><span class="pre">psa_hash_operation_t</span></code> (type)</a></li>
+<li><a class="reference internal" href="#PSA_HASH_OPERATION_INIT"><code class="docutils literal"><span class="pre">PSA_HASH_OPERATION_INIT</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#psa_hash_operation_init"><code class="docutils literal"><span class="pre">psa_hash_operation_init</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_hash_setup"><code class="docutils literal"><span class="pre">psa_hash_setup</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_hash_update"><code class="docutils literal"><span class="pre">psa_hash_update</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_hash_finish"><code class="docutils literal"><span class="pre">psa_hash_finish</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_hash_verify"><code class="docutils literal"><span class="pre">psa_hash_verify</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_hash_abort"><code class="docutils literal"><span class="pre">psa_hash_abort</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_hash_suspend"><code class="docutils literal"><span class="pre">psa_hash_suspend</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_hash_resume"><code class="docutils literal"><span class="pre">psa_hash_resume</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_hash_clone"><code class="docutils literal"><span class="pre">psa_hash_clone</span></code> (function)</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#support-macros">Support macros</a><ul>
+<li><a class="reference internal" href="#PSA_HASH_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_LENGTH</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_HASH_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_HASH_MAX_SIZE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_HASH_SUSPEND_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_HASH_BLOCK_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_BLOCK_LENGTH</span></code> (macro)</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#hash-suspend-state">Hash suspend state</a></li>
+</ul>
+</li>
+</ul>
+<div class="relations">
+<h3>Related Topics</h3>
+<ul>
+  <li><a href="../../index.html">Documentation overview</a><ul>
+  <li><a href="index.html">Cryptographic operation reference</a><ul>
+      <li>Previous: <a href="index.html" title="previous chapter">Cryptographic operation reference</a></li>
+      <li>Next: <a href="macs.html" title="next chapter">Message authentication codes (MAC)</a></li>
+  </ul></li>
+  </ul></li>
+</ul>
+</div>
+  <div role="note" aria-label="source link">
+    <h3>This Page</h3>
+    <ul class="this-page-menu">
+      <li><a href="../../_sources/api/ops/hashes.rst.txt"
+            rel="nofollow">Show Source</a></li>
+    </ul>
+   </div>
+<div id="searchbox" style="display: none" role="search">
+  <h3>Quick search</h3>
+    <form class="search" action="../../search.html" method="get">
+      <div><input type="text" name="q" /></div>
+      <div><input type="submit" value="Go" /></div>
+      <input type="hidden" name="check_keywords" value="yes" />
+      <input type="hidden" name="area" value="default" />
+    </form>
+</div>
+<script type="text/javascript">$('#searchbox').show(0);</script>
+        </div>
+      </div>
+      <div class="clearer"></div>
+    </div>
+    <div class="footer">
+      &copy; 2019-2020, Arm Limited or its affiliates. All rights reserved.
+      
+      |
+      Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
+      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
+      
+      |
+      <a href="../../_sources/api/ops/hashes.rst.txt"
+          rel="nofollow">Page source</a>
+    </div>
+
+    
+
+    
+  </body>
+</html>
\ No newline at end of file
diff --git a/docs/html/api/ops/index.html b/docs/html/api/ops/index.html
new file mode 100644
index 0000000..9fe1155
--- /dev/null
+++ b/docs/html/api/ops/index.html
@@ -0,0 +1,415 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <title>Cryptographic operation reference &#8212; PSA Crypto API 1.0.0 documentation</title>
+    <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
+    <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
+    <script type="text/javascript">
+      var DOCUMENTATION_OPTIONS = {
+        URL_ROOT:    '../../',
+        VERSION:     '1.0.0',
+        COLLAPSE_INDEX: false,
+        FILE_SUFFIX: '.html',
+        HAS_SOURCE:  true,
+        SOURCELINK_SUFFIX: '.txt'
+      };
+    </script>
+    <script type="text/javascript" src="../../_static/jquery.js"></script>
+    <script type="text/javascript" src="../../_static/underscore.js"></script>
+    <script type="text/javascript" src="../../_static/doctools.js"></script>
+    <link rel="index" title="Index" href="../../genindex.html" />
+    <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="Message digests" href="hashes.html" />
+    <link rel="prev" title="Key management functions" href="../keys/management.html" />
+   
+  <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
+  
+  <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
+
+  </head>
+  <body>
+  
+
+    <div class="document">
+      <div class="documentwrapper">
+        <div class="bodywrapper">
+          <div class="body" role="main">
+            
+  <div class="section" id="cryptographic-operation-reference">
+<span id="crypto-operations"></span><h1>Cryptographic operation reference</h1>
+<div class="toctree-wrapper compound">
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="hashes.html">Message digests</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="hashes.html#hash-algorithms">Hash algorithms</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_ALG_MD2"><code class="docutils literal"><span class="pre">PSA_ALG_MD2</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_ALG_MD4"><code class="docutils literal"><span class="pre">PSA_ALG_MD4</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_ALG_MD5"><code class="docutils literal"><span class="pre">PSA_ALG_MD5</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_ALG_RIPEMD160"><code class="docutils literal"><span class="pre">PSA_ALG_RIPEMD160</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_ALG_SHA_1"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_1</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_ALG_SHA_224"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_224</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_ALG_SHA_256"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_256</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_ALG_SHA_384"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_384</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_ALG_SHA_512"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_512</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_ALG_SHA_512_224"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_512_224</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_ALG_SHA_512_256"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_512_256</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_ALG_SHA3_224"><code class="docutils literal"><span class="pre">PSA_ALG_SHA3_224</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_ALG_SHA3_256"><code class="docutils literal"><span class="pre">PSA_ALG_SHA3_256</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_ALG_SHA3_384"><code class="docutils literal"><span class="pre">PSA_ALG_SHA3_384</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_ALG_SHA3_512"><code class="docutils literal"><span class="pre">PSA_ALG_SHA3_512</span></code> (macro)</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="hashes.html#single-part-hashing-functions">Single-part hashing functions</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="hashes.html#psa_hash_compute"><code class="docutils literal"><span class="pre">psa_hash_compute</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="hashes.html#psa_hash_compare"><code class="docutils literal"><span class="pre">psa_hash_compare</span></code> (function)</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="hashes.html#multi-part-hashing-operations">Multi-part hashing operations</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="hashes.html#psa_hash_operation_t"><code class="docutils literal"><span class="pre">psa_hash_operation_t</span></code> (type)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_HASH_OPERATION_INIT"><code class="docutils literal"><span class="pre">PSA_HASH_OPERATION_INIT</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="hashes.html#psa_hash_operation_init"><code class="docutils literal"><span class="pre">psa_hash_operation_init</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="hashes.html#psa_hash_setup"><code class="docutils literal"><span class="pre">psa_hash_setup</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="hashes.html#psa_hash_update"><code class="docutils literal"><span class="pre">psa_hash_update</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="hashes.html#psa_hash_finish"><code class="docutils literal"><span class="pre">psa_hash_finish</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="hashes.html#psa_hash_verify"><code class="docutils literal"><span class="pre">psa_hash_verify</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="hashes.html#psa_hash_abort"><code class="docutils literal"><span class="pre">psa_hash_abort</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="hashes.html#psa_hash_suspend"><code class="docutils literal"><span class="pre">psa_hash_suspend</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="hashes.html#psa_hash_resume"><code class="docutils literal"><span class="pre">psa_hash_resume</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="hashes.html#psa_hash_clone"><code class="docutils literal"><span class="pre">psa_hash_clone</span></code> (function)</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="hashes.html#support-macros">Support macros</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_HASH_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_LENGTH</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_HASH_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_HASH_MAX_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_HASH_SUSPEND_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_HASH_BLOCK_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_BLOCK_LENGTH</span></code> (macro)</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="hashes.html#hash-suspend-state">Hash suspend state</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="macs.html">Message authentication codes (MAC)</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="macs.html#mac-algorithms">MAC algorithms</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="macs.html#PSA_ALG_HMAC"><code class="docutils literal"><span class="pre">PSA_ALG_HMAC</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="macs.html#PSA_ALG_TRUNCATED_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_TRUNCATED_MAC</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="macs.html#PSA_ALG_CBC_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_CBC_MAC</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="macs.html#PSA_ALG_CMAC"><code class="docutils literal"><span class="pre">PSA_ALG_CMAC</span></code> (macro)</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="macs.html#single-part-mac-functions">Single-part MAC functions</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="macs.html#psa_mac_compute"><code class="docutils literal"><span class="pre">psa_mac_compute</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="macs.html#psa_mac_verify"><code class="docutils literal"><span class="pre">psa_mac_verify</span></code> (function)</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="macs.html#multi-part-mac-operations">Multi-part MAC operations</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="macs.html#psa_mac_operation_t"><code class="docutils literal"><span class="pre">psa_mac_operation_t</span></code> (type)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="macs.html#PSA_MAC_OPERATION_INIT"><code class="docutils literal"><span class="pre">PSA_MAC_OPERATION_INIT</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="macs.html#psa_mac_operation_init"><code class="docutils literal"><span class="pre">psa_mac_operation_init</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="macs.html#psa_mac_sign_setup"><code class="docutils literal"><span class="pre">psa_mac_sign_setup</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="macs.html#psa_mac_verify_setup"><code class="docutils literal"><span class="pre">psa_mac_verify_setup</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="macs.html#psa_mac_update"><code class="docutils literal"><span class="pre">psa_mac_update</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="macs.html#psa_mac_sign_finish"><code class="docutils literal"><span class="pre">psa_mac_sign_finish</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="macs.html#psa_mac_verify_finish"><code class="docutils literal"><span class="pre">psa_mac_verify_finish</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="macs.html#psa_mac_abort"><code class="docutils literal"><span class="pre">psa_mac_abort</span></code> (function)</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="macs.html#support-macros">Support macros</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="macs.html#PSA_ALG_IS_HMAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HMAC</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="macs.html#PSA_ALG_IS_BLOCK_CIPHER_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_BLOCK_CIPHER_MAC</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="macs.html#PSA_ALG_FULL_LENGTH_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_FULL_LENGTH_MAC</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="macs.html#PSA_MAC_LENGTH"><code class="docutils literal"><span class="pre">PSA_MAC_LENGTH</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="macs.html#PSA_MAC_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_MAC_MAX_SIZE</span></code> (macro)</a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="ciphers.html">Unauthenticated ciphers</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="ciphers.html#cipher-algorithms">Cipher algorithms</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_ALG_STREAM_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_STREAM_CIPHER</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_ALG_CTR"><code class="docutils literal"><span class="pre">PSA_ALG_CTR</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_ALG_CFB"><code class="docutils literal"><span class="pre">PSA_ALG_CFB</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_ALG_OFB"><code class="docutils literal"><span class="pre">PSA_ALG_OFB</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_ALG_XTS"><code class="docutils literal"><span class="pre">PSA_ALG_XTS</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_ALG_ECB_NO_PADDING"><code class="docutils literal"><span class="pre">PSA_ALG_ECB_NO_PADDING</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_ALG_CBC_NO_PADDING"><code class="docutils literal"><span class="pre">PSA_ALG_CBC_NO_PADDING</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_ALG_CBC_PKCS7"><code class="docutils literal"><span class="pre">PSA_ALG_CBC_PKCS7</span></code> (macro)</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="ciphers.html#single-part-cipher-functions">Single-part cipher functions</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="ciphers.html#psa_cipher_encrypt"><code class="docutils literal"><span class="pre">psa_cipher_encrypt</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ciphers.html#psa_cipher_decrypt"><code class="docutils literal"><span class="pre">psa_cipher_decrypt</span></code> (function)</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="ciphers.html#multi-part-cipher-operations">Multi-part cipher operations</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="ciphers.html#psa_cipher_operation_t"><code class="docutils literal"><span class="pre">psa_cipher_operation_t</span></code> (type)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_CIPHER_OPERATION_INIT"><code class="docutils literal"><span class="pre">PSA_CIPHER_OPERATION_INIT</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ciphers.html#psa_cipher_operation_init"><code class="docutils literal"><span class="pre">psa_cipher_operation_init</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ciphers.html#psa_cipher_encrypt_setup"><code class="docutils literal"><span class="pre">psa_cipher_encrypt_setup</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ciphers.html#psa_cipher_decrypt_setup"><code class="docutils literal"><span class="pre">psa_cipher_decrypt_setup</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ciphers.html#psa_cipher_generate_iv"><code class="docutils literal"><span class="pre">psa_cipher_generate_iv</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ciphers.html#psa_cipher_set_iv"><code class="docutils literal"><span class="pre">psa_cipher_set_iv</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ciphers.html#psa_cipher_update"><code class="docutils literal"><span class="pre">psa_cipher_update</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ciphers.html#psa_cipher_finish"><code class="docutils literal"><span class="pre">psa_cipher_finish</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ciphers.html#psa_cipher_abort"><code class="docutils literal"><span class="pre">psa_cipher_abort</span></code> (function)</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="ciphers.html#support-macros">Support macros</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_ALG_IS_STREAM_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_STREAM_CIPHER</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_CIPHER_ENCRYPT_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_ENCRYPT_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_CIPHER_DECRYPT_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_DECRYPT_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_CIPHER_IV_LENGTH"><code class="docutils literal"><span class="pre">PSA_CIPHER_IV_LENGTH</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_CIPHER_IV_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_IV_MAX_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_CIPHER_UPDATE_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_UPDATE_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_CIPHER_FINISH_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_FINISH_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_BLOCK_CIPHER_BLOCK_LENGTH"><code class="docutils literal"><span class="pre">PSA_BLOCK_CIPHER_BLOCK_LENGTH</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE</span></code> (macro)</a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="aead.html">Authenticated encryption with associated data (AEAD)</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="aead.html#aead-algorithms">AEAD algorithms</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_ALG_CCM"><code class="docutils literal"><span class="pre">PSA_ALG_CCM</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_ALG_GCM"><code class="docutils literal"><span class="pre">PSA_ALG_GCM</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_ALG_CHACHA20_POLY1305"><code class="docutils literal"><span class="pre">PSA_ALG_CHACHA20_POLY1305</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_ALG_AEAD_WITH_SHORTENED_TAG"><code class="docutils literal"><span class="pre">PSA_ALG_AEAD_WITH_SHORTENED_TAG</span></code> (macro)</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="aead.html#single-part-aead-functions">Single-part AEAD functions</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="aead.html#psa_aead_encrypt"><code class="docutils literal"><span class="pre">psa_aead_encrypt</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="aead.html#psa_aead_decrypt"><code class="docutils literal"><span class="pre">psa_aead_decrypt</span></code> (function)</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="aead.html#multi-part-aead-operations">Multi-part AEAD operations</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="aead.html#psa_aead_operation_t"><code class="docutils literal"><span class="pre">psa_aead_operation_t</span></code> (type)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_AEAD_OPERATION_INIT"><code class="docutils literal"><span class="pre">PSA_AEAD_OPERATION_INIT</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="aead.html#psa_aead_operation_init"><code class="docutils literal"><span class="pre">psa_aead_operation_init</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="aead.html#psa_aead_encrypt_setup"><code class="docutils literal"><span class="pre">psa_aead_encrypt_setup</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="aead.html#psa_aead_decrypt_setup"><code class="docutils literal"><span class="pre">psa_aead_decrypt_setup</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="aead.html#psa_aead_generate_nonce"><code class="docutils literal"><span class="pre">psa_aead_generate_nonce</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="aead.html#psa_aead_set_nonce"><code class="docutils literal"><span class="pre">psa_aead_set_nonce</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="aead.html#psa_aead_set_lengths"><code class="docutils literal"><span class="pre">psa_aead_set_lengths</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="aead.html#psa_aead_update_ad"><code class="docutils literal"><span class="pre">psa_aead_update_ad</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="aead.html#psa_aead_update"><code class="docutils literal"><span class="pre">psa_aead_update</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="aead.html#psa_aead_finish"><code class="docutils literal"><span class="pre">psa_aead_finish</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="aead.html#psa_aead_verify"><code class="docutils literal"><span class="pre">psa_aead_verify</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="aead.html#psa_aead_abort"><code class="docutils literal"><span class="pre">psa_aead_abort</span></code> (function)</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="aead.html#support-macros">Support macros</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG"><code class="docutils literal"><span class="pre">PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_AEAD_ENCRYPT_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_ENCRYPT_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_AEAD_DECRYPT_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_DECRYPT_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_AEAD_NONCE_LENGTH"><code class="docutils literal"><span class="pre">PSA_AEAD_NONCE_LENGTH</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_AEAD_NONCE_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_NONCE_MAX_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_AEAD_UPDATE_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_UPDATE_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_AEAD_FINISH_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_FINISH_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_AEAD_FINISH_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_FINISH_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_AEAD_TAG_LENGTH"><code class="docutils literal"><span class="pre">PSA_AEAD_TAG_LENGTH</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_AEAD_TAG_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_TAG_MAX_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_AEAD_VERIFY_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_VERIFY_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="kdf.html">Key derivation</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="kdf.html#key-derivation-algorithms">Key derivation algorithms</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="kdf.html#PSA_ALG_HKDF"><code class="docutils literal"><span class="pre">PSA_ALG_HKDF</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kdf.html#PSA_ALG_TLS12_PRF"><code class="docutils literal"><span class="pre">PSA_ALG_TLS12_PRF</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kdf.html#PSA_ALG_TLS12_PSK_TO_MS"><code class="docutils literal"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS</span></code> (macro)</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="kdf.html#input-step-types">Input step types</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="kdf.html#psa_key_derivation_step_t"><code class="docutils literal"><span class="pre">psa_key_derivation_step_t</span></code> (type)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kdf.html#PSA_KEY_DERIVATION_INPUT_SECRET"><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kdf.html#PSA_KEY_DERIVATION_INPUT_LABEL"><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_LABEL</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kdf.html#PSA_KEY_DERIVATION_INPUT_CONTEXT"><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_CONTEXT</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kdf.html#PSA_KEY_DERIVATION_INPUT_SALT"><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SALT</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kdf.html#PSA_KEY_DERIVATION_INPUT_INFO"><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_INFO</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kdf.html#PSA_KEY_DERIVATION_INPUT_SEED"><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SEED</span></code> (macro)</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="kdf.html#key-derivation-functions">Key derivation functions</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="kdf.html#psa_key_derivation_operation_t"><code class="docutils literal"><span class="pre">psa_key_derivation_operation_t</span></code> (type)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kdf.html#PSA_KEY_DERIVATION_OPERATION_INIT"><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_OPERATION_INIT</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kdf.html#psa_key_derivation_operation_init"><code class="docutils literal"><span class="pre">psa_key_derivation_operation_init</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kdf.html#psa_key_derivation_setup"><code class="docutils literal"><span class="pre">psa_key_derivation_setup</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kdf.html#psa_key_derivation_get_capacity"><code class="docutils literal"><span class="pre">psa_key_derivation_get_capacity</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kdf.html#psa_key_derivation_set_capacity"><code class="docutils literal"><span class="pre">psa_key_derivation_set_capacity</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kdf.html#psa_key_derivation_input_bytes"><code class="docutils literal"><span class="pre">psa_key_derivation_input_bytes</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kdf.html#psa_key_derivation_input_key"><code class="docutils literal"><span class="pre">psa_key_derivation_input_key</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kdf.html#psa_key_derivation_output_bytes"><code class="docutils literal"><span class="pre">psa_key_derivation_output_bytes</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kdf.html#psa_key_derivation_output_key"><code class="docutils literal"><span class="pre">psa_key_derivation_output_key</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kdf.html#psa_key_derivation_abort"><code class="docutils literal"><span class="pre">psa_key_derivation_abort</span></code> (function)</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="kdf.html#support-macros">Support macros</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="kdf.html#PSA_ALG_IS_HKDF"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HKDF</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kdf.html#PSA_ALG_IS_TLS12_PRF"><code class="docutils literal"><span class="pre">PSA_ALG_IS_TLS12_PRF</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kdf.html#PSA_ALG_IS_TLS12_PSK_TO_MS"><code class="docutils literal"><span class="pre">PSA_ALG_IS_TLS12_PSK_TO_MS</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kdf.html#PSA_KEY_DERIVATION_UNLIMITED_CAPACITY"><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_UNLIMITED_CAPACITY</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="kdf.html#PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE</span></code> (macro)</a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="sign.html">Asymmetric signature</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="sign.html#asymmetric-signature-algorithms">Asymmetric signature algorithms</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_ALG_RSA_PKCS1V15_SIGN"><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_ALG_RSA_PKCS1V15_SIGN_RAW"><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_ALG_RSA_PSS"><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PSS</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_ALG_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_ECDSA</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_ALG_ECDSA_ANY"><code class="docutils literal"><span class="pre">PSA_ALG_ECDSA_ANY</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_ALG_DETERMINISTIC_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code> (macro)</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="sign.html#asymmetric-signature-functions">Asymmetric signature functions</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="sign.html#psa_sign_message"><code class="docutils literal"><span class="pre">psa_sign_message</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="sign.html#psa_verify_message"><code class="docutils literal"><span class="pre">psa_verify_message</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="sign.html#psa_sign_hash"><code class="docutils literal"><span class="pre">psa_sign_hash</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="sign.html#psa_verify_hash"><code class="docutils literal"><span class="pre">psa_verify_hash</span></code> (function)</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="sign.html#support-macros">Support macros</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_ALG_IS_SIGN_MESSAGE"><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN_MESSAGE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_ALG_IS_SIGN_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN_HASH</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_ALG_IS_RSA_PKCS1V15_SIGN"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RSA_PKCS1V15_SIGN</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_ALG_IS_RSA_PSS"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RSA_PSS</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_ALG_IS_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_IS_ECDSA</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_ALG_IS_DETERMINISTIC_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_IS_DETERMINISTIC_ECDSA</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_ALG_IS_RANDOMIZED_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RANDOMIZED_ECDSA</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_ALG_IS_HASH_AND_SIGN"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH_AND_SIGN</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_ALG_ANY_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_SIGN_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_SIGN_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_SIGNATURE_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_SIGNATURE_MAX_SIZE</span></code> (macro)</a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="pke.html">Asymmetric encryption</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="pke.html#asymmetric-encryption-algorithms">Asymmetric encryption algorithms</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="pke.html#PSA_ALG_RSA_PKCS1V15_CRYPT"><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_CRYPT</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="pke.html#PSA_ALG_RSA_OAEP"><code class="docutils literal"><span class="pre">PSA_ALG_RSA_OAEP</span></code> (macro)</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="pke.html#asymmetric-encryption-functions">Asymmetric encryption functions</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="pke.html#psa_asymmetric_encrypt"><code class="docutils literal"><span class="pre">psa_asymmetric_encrypt</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="pke.html#psa_asymmetric_decrypt"><code class="docutils literal"><span class="pre">psa_asymmetric_decrypt</span></code> (function)</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="pke.html#support-macros">Support macros</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="pke.html#PSA_ALG_IS_RSA_OAEP"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RSA_OAEP</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="pke.html#PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="pke.html#PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="pke.html#PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="pke.html#PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="ka.html">Key agreement</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="ka.html#key-agreement-algorithms">Key agreement algorithms</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="ka.html#PSA_ALG_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ka.html#PSA_ALG_FFDH"><code class="docutils literal"><span class="pre">PSA_ALG_FFDH</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ka.html#PSA_ALG_ECDH"><code class="docutils literal"><span class="pre">PSA_ALG_ECDH</span></code> (macro)</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="ka.html#standalone-key-agreement">Standalone key agreement</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="ka.html#psa_raw_key_agreement"><code class="docutils literal"><span class="pre">psa_raw_key_agreement</span></code> (function)</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="ka.html#combining-key-agreement-and-key-derivation">Combining key agreement and key derivation</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="ka.html#psa_key_derivation_key_agreement"><code class="docutils literal"><span class="pre">psa_key_derivation_key_agreement</span></code> (function)</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="ka.html#support-macros">Support macros</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="ka.html#PSA_ALG_KEY_AGREEMENT_GET_BASE"><code class="docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_BASE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ka.html#PSA_ALG_KEY_AGREEMENT_GET_KDF"><code class="docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_KDF</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ka.html#PSA_ALG_IS_RAW_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RAW_KEY_AGREEMENT</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ka.html#PSA_ALG_IS_FFDH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_FFDH</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ka.html#PSA_ALG_IS_ECDH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_ECDH</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ka.html#PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ka.html#PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="rng.html">Other cryptographic services</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="rng.html#random-number-generation">Random number generation</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="rng.html#psa_generate_random"><code class="docutils literal"><span class="pre">psa_generate_random</span></code> (function)</a></li>
+</ul>
+</li>
+</ul>
+</li>
+</ul>
+</div>
+</div>
+
+
+          </div>
+        </div>
+      </div>
+      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
+        <div class="sphinxsidebarwrapper"><div class="relations">
+<h3>Related Topics</h3>
+<ul>
+  <li><a href="../../index.html">Documentation overview</a><ul>
+      <li>Previous: <a href="../keys/management.html" title="previous chapter">Key management functions</a></li>
+      <li>Next: <a href="hashes.html" title="next chapter">Message digests</a></li>
+  </ul></li>
+</ul>
+</div>
+  <div role="note" aria-label="source link">
+    <h3>This Page</h3>
+    <ul class="this-page-menu">
+      <li><a href="../../_sources/api/ops/index.rst.txt"
+            rel="nofollow">Show Source</a></li>
+    </ul>
+   </div>
+<div id="searchbox" style="display: none" role="search">
+  <h3>Quick search</h3>
+    <form class="search" action="../../search.html" method="get">
+      <div><input type="text" name="q" /></div>
+      <div><input type="submit" value="Go" /></div>
+      <input type="hidden" name="check_keywords" value="yes" />
+      <input type="hidden" name="area" value="default" />
+    </form>
+</div>
+<script type="text/javascript">$('#searchbox').show(0);</script>
+        </div>
+      </div>
+      <div class="clearer"></div>
+    </div>
+    <div class="footer">
+      &copy; 2019-2020, Arm Limited or its affiliates. All rights reserved.
+      
+      |
+      Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
+      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
+      
+      |
+      <a href="../../_sources/api/ops/index.rst.txt"
+          rel="nofollow">Page source</a>
+    </div>
+
+    
+
+    
+  </body>
+</html>
\ No newline at end of file
diff --git a/docs/html/api/ops/ka.html b/docs/html/api/ops/ka.html
new file mode 100644
index 0000000..36f38a7
--- /dev/null
+++ b/docs/html/api/ops/ka.html
@@ -0,0 +1,438 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <title>Key agreement &#8212; PSA Crypto API 1.0.0 documentation</title>
+    <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
+    <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
+    <script type="text/javascript">
+      var DOCUMENTATION_OPTIONS = {
+        URL_ROOT:    '../../',
+        VERSION:     '1.0.0',
+        COLLAPSE_INDEX: false,
+        FILE_SUFFIX: '.html',
+        HAS_SOURCE:  true,
+        SOURCELINK_SUFFIX: '.txt'
+      };
+    </script>
+    <script type="text/javascript" src="../../_static/jquery.js"></script>
+    <script type="text/javascript" src="../../_static/underscore.js"></script>
+    <script type="text/javascript" src="../../_static/doctools.js"></script>
+    <link rel="index" title="Index" href="../../genindex.html" />
+    <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="Other cryptographic services" href="rng.html" />
+    <link rel="prev" title="Asymmetric encryption" href="pke.html" />
+   
+  <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
+  
+  <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
+
+  </head>
+  <body>
+  
+
+    <div class="document">
+      <div class="documentwrapper">
+        <div class="bodywrapper">
+          <div class="body" role="main">
+            
+  <div class="section" id="key-agreement">
+<span id="id1"></span><h1>Key agreement</h1>
+<div class="section" id="key-agreement-algorithms">
+<span id="id2"></span><h2>Key agreement algorithms</h2>
+<div class="section" id="PSA_ALG_KEY_AGREEMENT">
+<span id="c.PSA_ALG_KEY_AGREEMENT"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT</span></code> (macro)</h3>
+<p>Macro to build a combined algorithm that chains a key agreement with a key derivation.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_KEY_AGREEMENT" title="PSA_ALG_KEY_AGREEMENT">PSA_ALG_KEY_AGREEMENT</a>(ka_alg, kdf_alg) \
+    <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">ka_alg</span></code></dt>
+<dd>A key agreement algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_KEY_AGREEMENT" title="PSA_ALG_IS_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_AGREEMENT</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">ka_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dt> <code class="docutils literal"><span class="pre">kdf_alg</span></code></dt>
+<dd>A key derivation algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_KEY_DERIVATION" title="PSA_ALG_IS_KEY_DERIVATION"><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_DERIVATION</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">kdf_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>The corresponding key agreement and derivation algorithm.</p>
+<p>Unspecified if <code class="docutils literal"><span class="pre">ka_alg</span></code> is not a supported key agreement algorithm or <code class="docutils literal"><span class="pre">kdf_alg</span></code> is not a supported key derivation algorithm.</p>
+<p class="rubric">Description</p>
+<p>The component parts of a key agreement algorithm can be extracted using <a class="reference internal" href="#c.PSA_ALG_KEY_AGREEMENT_GET_BASE" title="PSA_ALG_KEY_AGREEMENT_GET_BASE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_BASE()</span></code></a> and <a class="reference internal" href="#c.PSA_ALG_KEY_AGREEMENT_GET_KDF" title="PSA_ALG_KEY_AGREEMENT_GET_KDF"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_KDF()</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_ALG_FFDH">
+<span id="c.PSA_ALG_FFDH"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_FFDH</span></code> (macro)</h3>
+<p>The finite-field Diffie-Hellman (DH) key agreement algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_FFDH" title="PSA_ALG_FFDH">PSA_ALG_FFDH</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x09010000)
+</pre>
+<p>The shared secret produced by key agreement is <code class="docutils literal"><span class="pre">g^{ab}</span></code> in big-endian format. It is <code class="docutils literal"><span class="pre">ceiling(m</span> <span class="pre">/</span> <span class="pre">8)</span></code> bytes long where <code class="docutils literal"><span class="pre">m</span></code> is the size of the prime <code class="docutils literal"><span class="pre">p</span></code> in bits.</p>
+</div>
+<div class="section" id="PSA_ALG_ECDH">
+<span id="c.PSA_ALG_ECDH"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_ECDH</span></code> (macro)</h3>
+<p>The elliptic curve Diffie-Hellman (ECDH) key agreement algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_ECDH" title="PSA_ALG_ECDH">PSA_ALG_ECDH</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x09020000)
+</pre>
+<p>The shared secret produced by key agreement is the x-coordinate of the shared secret point. It is always <code class="docutils literal"><span class="pre">ceiling(m</span> <span class="pre">/</span> <span class="pre">8)</span></code> bytes long where <code class="docutils literal"><span class="pre">m</span></code> is the bit size associated with the curve, i.e. the bit size of the order of the curve’s coordinate field. When <code class="docutils literal"><span class="pre">m</span></code> is not a multiple of 8, the byte containing the most significant bit of the shared secret is padded with zero bits. The byte order is either little-endian or big-endian depending on the curve type.</p>
+<ul class="simple">
+<li>For Montgomery curves (curve family <a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_MONTGOMERY" title="PSA_ECC_FAMILY_MONTGOMERY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_MONTGOMERY</span></code></a>), the shared secret is the x-coordinate of <code class="docutils literal"><span class="pre">d_A</span> <span class="pre">Q_B</span> <span class="pre">=</span> <span class="pre">d_B</span> <span class="pre">Q_A</span></code> in little-endian byte order. The bit size is 448 for Curve448 and 255 for Curve25519.</li>
+<li>For Weierstrass curves over prime fields (curve families <code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECP_XX</span></code>, <a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_BRAINPOOL_P_R1" title="PSA_ECC_FAMILY_BRAINPOOL_P_R1"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_BRAINPOOL_P_R1</span></code></a> and <a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_FRP" title="PSA_ECC_FAMILY_FRP"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_FRP</span></code></a>), the shared secret is the x-coordinate of <code class="docutils literal"><span class="pre">d_A</span> <span class="pre">Q_B</span> <span class="pre">=</span> <span class="pre">d_B</span> <span class="pre">Q_A</span></code> in big-endian byte order. The bit size is <code class="docutils literal"><span class="pre">m</span> <span class="pre">=</span> <span class="pre">ceiling(log_2(p))</span></code> for the field <code class="docutils literal"><span class="pre">F_p</span></code>.</li>
+<li>For Weierstrass curves over binary fields (curve families <code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECT_XX</span></code>), the shared secret is the x-coordinate of <code class="docutils literal"><span class="pre">d_A</span> <span class="pre">Q_B</span> <span class="pre">=</span> <span class="pre">d_B</span> <span class="pre">Q_A</span></code> in big-endian byte order. The bit size is <code class="docutils literal"><span class="pre">m</span></code> for the field <code class="docutils literal"><span class="pre">F_{2^m}</span></code>.</li>
+</ul>
+</div>
+</div>
+<div class="section" id="standalone-key-agreement">
+<h2>Standalone key agreement</h2>
+<div class="section" id="psa_raw_key_agreement">
+<span id="c.psa_raw_key_agreement"></span><h3><code class="docutils literal"><span class="pre">psa_raw_key_agreement</span></code> (function)</h3>
+<p>Perform a key agreement and return the raw shared secret.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_raw_key_agreement" title="psa_raw_key_agreement">psa_raw_key_agreement</a>(<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+                                   <a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> private_key,
+                                   const uint8_t * peer_key,
+                                   size_t peer_key_length,
+                                   uint8_t * output,
+                                   size_t output_size,
+                                   size_t * output_length);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>The key agreement algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_RAW_KEY_AGREEMENT" title="PSA_ALG_IS_RAW_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RAW_KEY_AGREEMENT</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dt> <code class="docutils literal"><span class="pre">private_key</span></code></dt>
+<dd>Identifier of the private key to use.
+It must allow the usage <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_DERIVE" title="PSA_KEY_USAGE_DERIVE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code></a>.</dd>
+<dt> <code class="docutils literal"><span class="pre">peer_key</span></code></dt>
+<dd>Public key of the peer. It must be in the same format that <a class="reference internal" href="../keys/management.html#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_import_key()</span></code></a> accepts. The standard formats for public keys are documented in the documentation of <a class="reference internal" href="../keys/management.html#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_public_key()</span></code></a>.</dd>
+<dt> <code class="docutils literal"><span class="pre">peer_key_length</span></code></dt>
+<dd>Size of <code class="docutils literal"><span class="pre">peer_key</span></code> in bytes.</dd>
+<dt> <code class="docutils literal"><span class="pre">output</span></code></dt>
+<dd>Buffer where the decrypted message is to be written.</dd>
+<dt> <code class="docutils literal"><span class="pre">output_size</span></code></dt>
+<dd><p class="first">Size of the <code class="docutils literal"><span class="pre">output</span></code> buffer in bytes.
+This must be appropriate for the keys:</p>
+<ul class="last simple">
+<li>The required output size is <a class="reference internal" href="#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE" title="PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">bits</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">type</span></code> is the type of <code class="docutils literal"><span class="pre">private_key</span></code> and <code class="docutils literal"><span class="pre">bits</span></code> is the bit-size of either <code class="docutils literal"><span class="pre">private_key</span></code> or the <code class="docutils literal"><span class="pre">peer_key</span></code>.</li>
+<li><a class="reference internal" href="#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE" title="PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE</span></code></a> evaluates to the maximum output size of any supported raw key agreement algorithm.</li>
+</ul>
+</dd>
+<dt> <code class="docutils literal"><span class="pre">output_length</span></code></dt>
+<dd>On success, the number of bytes that make up the returned output.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd>Success.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
+<dd>The key does not have the <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_DERIVE" title="PSA_KEY_USAGE_DERIVE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code></a> flag, or it does not permit the requested algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">alg</span></code> is not a key agreement algorithm</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">private_key</span></code> is not compatible with <code class="docutils literal"><span class="pre">alg</span></code>, or <code class="docutils literal"><span class="pre">peer_key</span></code> is not valid for <code class="docutils literal"><span class="pre">alg</span></code> or not compatible with <code class="docutils literal"><span class="pre">private_key</span></code>.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
+<dd>The size of the <code class="docutils literal"><span class="pre">output</span></code> buffer is too small.
+<a class="reference internal" href="#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE" title="PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE()</span></code></a> or <a class="reference internal" href="#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE" title="PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE</span></code></a> can be used to determine the required buffer size.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">alg</span></code> is not a supported key agreement algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<div class="admonition warning">
+<p class="first admonition-title">Warning</p>
+<p class="last">The raw result of a key agreement algorithm such as finite-field Diffie-Hellman or elliptic curve Diffie-Hellman has biases, and is not suitable for use as key material. Instead it is recommended that the result is used as input to a key derivation algorithm. To chain a key agreement with a key derivation, use <a class="reference internal" href="#c.psa_key_derivation_key_agreement" title="psa_key_derivation_key_agreement"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_key_agreement()</span></code></a> and other functions from the key derivation interface.</p>
+</div>
+</div>
+</div>
+<div class="section" id="combining-key-agreement-and-key-derivation">
+<h2>Combining key agreement and key derivation</h2>
+<div class="section" id="psa_key_derivation_key_agreement">
+<span id="c.psa_key_derivation_key_agreement"></span><h3><code class="docutils literal"><span class="pre">psa_key_derivation_key_agreement</span></code> (function)</h3>
+<p>Perform a key agreement and use the shared secret as input to a key derivation.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_key_derivation_key_agreement" title="psa_key_derivation_key_agreement">psa_key_derivation_key_agreement</a>(<a class="reference internal" href="kdf.html#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> * operation,
+                                              <a class="reference internal" href="kdf.html#c.psa_key_derivation_step_t" title="psa_key_derivation_step_t">psa_key_derivation_step_t</a> step,
+                                              <a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> private_key,
+                                              const uint8_t * peer_key,
+                                              size_t peer_key_length);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
+<dd>The key derivation operation object to use. It must have been set up with <a class="reference internal" href="kdf.html#c.psa_key_derivation_setup" title="psa_key_derivation_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_setup()</span></code></a> with a key agreement and derivation algorithm <code class="docutils literal"><span class="pre">alg</span></code> (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_KEY_AGREEMENT" title="PSA_ALG_IS_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_AGREEMENT</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true and <a class="reference internal" href="#c.PSA_ALG_IS_RAW_KEY_AGREEMENT" title="PSA_ALG_IS_RAW_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RAW_KEY_AGREEMENT</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is false). The operation must be ready for an input of the type given by <code class="docutils literal"><span class="pre">step</span></code>.</dd>
+<dt> <code class="docutils literal"><span class="pre">step</span></code></dt>
+<dd>Which step the input data is for.</dd>
+<dt> <code class="docutils literal"><span class="pre">private_key</span></code></dt>
+<dd>Identifier of the private key to use.
+It must allow the usage <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_DERIVE" title="PSA_KEY_USAGE_DERIVE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code></a>.</dd>
+<dt> <code class="docutils literal"><span class="pre">peer_key</span></code></dt>
+<dd>Public key of the peer. The peer key must be in the same format that <a class="reference internal" href="../keys/management.html#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_import_key()</span></code></a> accepts for the public key type corresponding to the type of private_key. That is, this function performs the equivalent of <a class="reference internal" href="../keys/management.html#c.psa_import_key" title="psa_import_key"><code class="docutils literal"><span class="pre">psa_import_key</span></code></a><code class="docutils literal"><span class="pre">(...,</span> </code><code class="docutils literal"><span class="pre">peer_key</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">peer_key_length</span></code><code class="docutils literal"><span class="pre">)</span></code> where with key attributes indicating the public key type corresponding to the type of <code class="docutils literal"><span class="pre">private_key</span></code>. For example, for EC keys, this means that peer_key is interpreted as a point on the curve that the private key is on. The standard formats for public keys are documented in the documentation of <a class="reference internal" href="../keys/management.html#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_public_key()</span></code></a>.</dd>
+<dt> <code class="docutils literal"><span class="pre">peer_key_length</span></code></dt>
+<dd>Size of <code class="docutils literal"><span class="pre">peer_key</span></code> in bytes.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd>Success.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The operation state is not valid for this key agreement <code class="docutils literal"><span class="pre">step</span></code>.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
+<dd>The key does not have the <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_DERIVE" title="PSA_KEY_USAGE_DERIVE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code></a> flag, or it does not permit the requested algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">private_key</span></code> is not compatible with <code class="docutils literal"><span class="pre">alg</span></code>, or <code class="docutils literal"><span class="pre">peer_key</span></code> is not valid for <code class="docutils literal"><span class="pre">alg</span></code> or not compatible with <code class="docutils literal"><span class="pre">private_key</span></code>.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">alg</span></code> is not supported or is not a key derivation algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">step</span></code> does not allow an input resulting from a key agreement.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>A key agreement algorithm takes two inputs: a private key <code class="docutils literal"><span class="pre">private_key</span></code> a public key <code class="docutils literal"><span class="pre">peer_key</span></code>. The result of this function is passed as input to a key derivation. The output of this key derivation can be extracted by reading from the resulting operation to produce keys and other cryptographic material.</p>
+<p>If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="kdf.html#c.psa_key_derivation_abort" title="psa_key_derivation_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_abort()</span></code></a>.</p>
+</div>
+</div>
+<div class="section" id="support-macros">
+<h2>Support macros</h2>
+<div class="section" id="PSA_ALG_KEY_AGREEMENT_GET_BASE">
+<span id="c.PSA_ALG_KEY_AGREEMENT_GET_BASE"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_BASE</span></code> (macro)</h3>
+<p>Get the raw key agreement algorithm from a full key agreement algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_KEY_AGREEMENT_GET_BASE" title="PSA_ALG_KEY_AGREEMENT_GET_BASE">PSA_ALG_KEY_AGREEMENT_GET_BASE</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>A key agreement algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_KEY_AGREEMENT" title="PSA_ALG_IS_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_AGREEMENT</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>The underlying raw key agreement algorithm if <code class="docutils literal"><span class="pre">alg</span></code> is a key agreement algorithm.</p>
+<p>Unspecified if <code class="docutils literal"><span class="pre">alg</span></code> is not a key agreement algorithm or if it is not supported by the implementation.</p>
+<p class="rubric">Description</p>
+<p>See also <a class="reference internal" href="#c.PSA_ALG_KEY_AGREEMENT" title="PSA_ALG_KEY_AGREEMENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT()</span></code></a> and <a class="reference internal" href="#c.PSA_ALG_KEY_AGREEMENT_GET_KDF" title="PSA_ALG_KEY_AGREEMENT_GET_KDF"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_KDF()</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_ALG_KEY_AGREEMENT_GET_KDF">
+<span id="c.PSA_ALG_KEY_AGREEMENT_GET_KDF"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_KDF</span></code> (macro)</h3>
+<p>Get the key derivation algorithm used in a full key agreement algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_KEY_AGREEMENT_GET_KDF" title="PSA_ALG_KEY_AGREEMENT_GET_KDF">PSA_ALG_KEY_AGREEMENT_GET_KDF</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>A key agreement algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_KEY_AGREEMENT" title="PSA_ALG_IS_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_AGREEMENT</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>The underlying key derivation algorithm if <code class="docutils literal"><span class="pre">alg</span></code> is a key agreement algorithm.</p>
+<p>Unspecified if <code class="docutils literal"><span class="pre">alg</span></code> is not a key agreement algorithm or if it is not supported by the implementation.</p>
+<p class="rubric">Description</p>
+<p>See also <a class="reference internal" href="#c.PSA_ALG_KEY_AGREEMENT" title="PSA_ALG_KEY_AGREEMENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT()</span></code></a> and <a class="reference internal" href="#c.PSA_ALG_KEY_AGREEMENT_GET_BASE" title="PSA_ALG_KEY_AGREEMENT_GET_BASE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_BASE()</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_RAW_KEY_AGREEMENT">
+<span id="c.PSA_ALG_IS_RAW_KEY_AGREEMENT"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_RAW_KEY_AGREEMENT</span></code> (macro)</h3>
+<p>Whether the specified algorithm is a raw key agreement algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_IS_RAW_KEY_AGREEMENT" title="PSA_ALG_IS_RAW_KEY_AGREEMENT">PSA_ALG_IS_RAW_KEY_AGREEMENT</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a raw key agreement algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+<p class="rubric">Description</p>
+<p>A raw key agreement algorithm is one that does not specify a key derivation function. Usually, raw key agreement algorithms are constructed directly with a <code class="docutils literal"><span class="pre">PSA_ALG_xxx</span></code> macro while non-raw key agreement algorithms are constructed with <a class="reference internal" href="#c.PSA_ALG_KEY_AGREEMENT" title="PSA_ALG_KEY_AGREEMENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT()</span></code></a>.</p>
+<p>The raw key agreement algorithm can be extracted from a full key agreement algorithm identifier using <a class="reference internal" href="#c.PSA_ALG_KEY_AGREEMENT_GET_BASE" title="PSA_ALG_KEY_AGREEMENT_GET_BASE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_BASE()</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_FFDH">
+<span id="c.PSA_ALG_IS_FFDH"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_FFDH</span></code> (macro)</h3>
+<p>Whether the specified algorithm is a finite field Diffie-Hellman algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_IS_FFDH" title="PSA_ALG_IS_FFDH">PSA_ALG_IS_FFDH</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a finite field Diffie-Hellman algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported key agreement algorithm identifier.</p>
+<p class="rubric">Description</p>
+<p>This includes the raw finite field Diffie-Hellman algorithm as well as finite-field Diffie-Hellman followed by any supporter key derivation algorithm.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_ECDH">
+<span id="c.PSA_ALG_IS_ECDH"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_ECDH</span></code> (macro)</h3>
+<p>Whether the specified algorithm is an elliptic curve Diffie-Hellman algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_IS_ECDH" title="PSA_ALG_IS_ECDH">PSA_ALG_IS_ECDH</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is an elliptic curve Diffie-Hellman algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported key agreement algorithm identifier.</p>
+<p class="rubric">Description</p>
+<p>This includes the raw elliptic curve Diffie-Hellman algorithm as well as elliptic curve Diffie-Hellman followed by any supporter key derivation algorithm.</p>
+</div>
+<div class="section" id="PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE">
+<span id="c.PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE</span></code> (macro)</h3>
+<p>Sufficient output buffer size for <a class="reference internal" href="#c.psa_raw_key_agreement" title="psa_raw_key_agreement"><code class="xref any c c-func docutils literal"><span class="pre">psa_raw_key_agreement()</span></code></a>.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE" title="PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE">PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE</a>(key_type, key_bits) \
+    <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
+<dd>A supported key type.</dd>
+<dt> <code class="docutils literal"><span class="pre">key_bits</span></code></dt>
+<dd>The size of the key in bits.</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>If the parameters are valid and supported, return a buffer size in bytes that guarantees that <a class="reference internal" href="#c.psa_raw_key_agreement" title="psa_raw_key_agreement"><code class="xref any c c-func docutils literal"><span class="pre">psa_raw_key_agreement()</span></code></a> will not fail with <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a>. If the parameters are a valid combination that is not supported by the implementation, this macro must return either a sensible size or <code class="docutils literal"><span class="pre">0</span></code>. If the parameters are not valid, the return value is unspecified.</p>
+<p class="rubric">Description</p>
+<p>This macro returns a compile-time constant if its arguments are compile-time constants.</p>
+<div class="admonition warning">
+<p class="first admonition-title">Warning</p>
+<p class="last">This function might evaluate its arguments multiple times or zero times. Providing arguments that have side effects will result in implementation-specific behavior, and is non-portable.</p>
+</div>
+<p>See also <a class="reference internal" href="#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE" title="PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE">
+<span id="c.PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE</span></code> (macro)</h3>
+<p>Maximum size of the output from <a class="reference internal" href="#c.psa_raw_key_agreement" title="psa_raw_key_agreement"><code class="xref any c c-func docutils literal"><span class="pre">psa_raw_key_agreement()</span></code></a>.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE" title="PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE">PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE</a> \
+    <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p>This macro must expand to a compile-time constant integer.
+It is recommended that this value is the maximum size of the output any raw key agreement algorithm supported by the implementation, in bytes. The value must not be smaller than this maximum.</p>
+<p>See also <a class="reference internal" href="#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE" title="PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE()</span></code></a>.</p>
+</div>
+</div>
+</div>
+
+
+          </div>
+        </div>
+      </div>
+      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
+        <div class="sphinxsidebarwrapper">
+  <h3><a href="../../index.html">Table Of Contents</a></h3>
+  <ul>
+<li><a class="reference internal" href="#">Key agreement</a><ul>
+<li><a class="reference internal" href="#key-agreement-algorithms">Key agreement algorithms</a><ul>
+<li><a class="reference internal" href="#PSA_ALG_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_FFDH"><code class="docutils literal"><span class="pre">PSA_ALG_FFDH</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_ECDH"><code class="docutils literal"><span class="pre">PSA_ALG_ECDH</span></code> (macro)</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#standalone-key-agreement">Standalone key agreement</a><ul>
+<li><a class="reference internal" href="#psa_raw_key_agreement"><code class="docutils literal"><span class="pre">psa_raw_key_agreement</span></code> (function)</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#combining-key-agreement-and-key-derivation">Combining key agreement and key derivation</a><ul>
+<li><a class="reference internal" href="#psa_key_derivation_key_agreement"><code class="docutils literal"><span class="pre">psa_key_derivation_key_agreement</span></code> (function)</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#support-macros">Support macros</a><ul>
+<li><a class="reference internal" href="#PSA_ALG_KEY_AGREEMENT_GET_BASE"><code class="docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_BASE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_KEY_AGREEMENT_GET_KDF"><code class="docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_KDF</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_IS_RAW_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RAW_KEY_AGREEMENT</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_IS_FFDH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_FFDH</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_IS_ECDH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_ECDH</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
+</ul>
+</li>
+</ul>
+</li>
+</ul>
+<div class="relations">
+<h3>Related Topics</h3>
+<ul>
+  <li><a href="../../index.html">Documentation overview</a><ul>
+  <li><a href="index.html">Cryptographic operation reference</a><ul>
+      <li>Previous: <a href="pke.html" title="previous chapter">Asymmetric encryption</a></li>
+      <li>Next: <a href="rng.html" title="next chapter">Other cryptographic services</a></li>
+  </ul></li>
+  </ul></li>
+</ul>
+</div>
+  <div role="note" aria-label="source link">
+    <h3>This Page</h3>
+    <ul class="this-page-menu">
+      <li><a href="../../_sources/api/ops/ka.rst.txt"
+            rel="nofollow">Show Source</a></li>
+    </ul>
+   </div>
+<div id="searchbox" style="display: none" role="search">
+  <h3>Quick search</h3>
+    <form class="search" action="../../search.html" method="get">
+      <div><input type="text" name="q" /></div>
+      <div><input type="submit" value="Go" /></div>
+      <input type="hidden" name="check_keywords" value="yes" />
+      <input type="hidden" name="area" value="default" />
+    </form>
+</div>
+<script type="text/javascript">$('#searchbox').show(0);</script>
+        </div>
+      </div>
+      <div class="clearer"></div>
+    </div>
+    <div class="footer">
+      &copy; 2019-2020, Arm Limited or its affiliates. All rights reserved.
+      
+      |
+      Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
+      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
+      
+      |
+      <a href="../../_sources/api/ops/ka.rst.txt"
+          rel="nofollow">Page source</a>
+    </div>
+
+    
+
+    
+  </body>
+</html>
\ No newline at end of file
diff --git a/docs/html/api/ops/kdf.html b/docs/html/api/ops/kdf.html
new file mode 100644
index 0000000..0fa88a6
--- /dev/null
+++ b/docs/html/api/ops/kdf.html
@@ -0,0 +1,802 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <title>Key derivation &#8212; PSA Crypto API 1.0.0 documentation</title>
+    <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
+    <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
+    <script type="text/javascript">
+      var DOCUMENTATION_OPTIONS = {
+        URL_ROOT:    '../../',
+        VERSION:     '1.0.0',
+        COLLAPSE_INDEX: false,
+        FILE_SUFFIX: '.html',
+        HAS_SOURCE:  true,
+        SOURCELINK_SUFFIX: '.txt'
+      };
+    </script>
+    <script type="text/javascript" src="../../_static/jquery.js"></script>
+    <script type="text/javascript" src="../../_static/underscore.js"></script>
+    <script type="text/javascript" src="../../_static/doctools.js"></script>
+    <link rel="index" title="Index" href="../../genindex.html" />
+    <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="Asymmetric signature" href="sign.html" />
+    <link rel="prev" title="Authenticated encryption with associated data (AEAD)" href="aead.html" />
+   
+  <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
+  
+  <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
+
+  </head>
+  <body>
+  
+
+    <div class="document">
+      <div class="documentwrapper">
+        <div class="bodywrapper">
+          <div class="body" role="main">
+            
+  <div class="section" id="key-derivation">
+<span id="kdf"></span><h1>Key derivation</h1>
+<div class="section" id="key-derivation-algorithms">
+<span id="id1"></span><h2>Key derivation algorithms</h2>
+<div class="section" id="PSA_ALG_HKDF">
+<span id="c.PSA_ALG_HKDF"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_HKDF</span></code> (macro)</h3>
+<p>Macro to build an HKDF algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_HKDF" title="PSA_ALG_HKDF">PSA_ALG_HKDF</a>(hash_alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">hash_alg</span></code></dt>
+<dd>A hash algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>The corresponding HKDF algorithm. For example, <a class="reference internal" href="#c.PSA_ALG_HKDF" title="PSA_ALG_HKDF"><code class="docutils literal"><span class="pre">PSA_ALG_HKDF</span></code></a><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="hashes.html#c.PSA_ALG_SHA_256" title="PSA_ALG_SHA_256"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_256</span></code></a><code class="docutils literal"><span class="pre">)</span></code> is HKDF using HMAC-SHA-256.</p>
+<p>Unspecified if <code class="docutils literal"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
+<p class="rubric">Description</p>
+<p>This key derivation algorithm uses the following inputs:</p>
+<ul class="simple">
+<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SALT" title="PSA_KEY_DERIVATION_INPUT_SALT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SALT</span></code></a> is the salt used in the “extract” step. It is optional; if omitted, the derivation uses an empty salt.</li>
+<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SECRET" title="PSA_KEY_DERIVATION_INPUT_SECRET"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code></a> is the secret key used in the “extract” step.</li>
+<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_INFO" title="PSA_KEY_DERIVATION_INPUT_INFO"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_INFO</span></code></a> is the info string used in the “expand” step.</li>
+</ul>
+<p>If <a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SALT" title="PSA_KEY_DERIVATION_INPUT_SALT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SALT</span></code></a> is provided, it must be before <a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SECRET" title="PSA_KEY_DERIVATION_INPUT_SECRET"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code></a>. <a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_INFO" title="PSA_KEY_DERIVATION_INPUT_INFO"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_INFO</span></code></a> can be provided at any time after setup and before starting to generate output.</p>
+</div>
+<div class="section" id="PSA_ALG_TLS12_PRF">
+<span id="c.PSA_ALG_TLS12_PRF"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_TLS12_PRF</span></code> (macro)</h3>
+<p>Macro to build a TLS-1.2 PRF algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_TLS12_PRF" title="PSA_ALG_TLS12_PRF">PSA_ALG_TLS12_PRF</a>(hash_alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">hash_alg</span></code></dt>
+<dd>A hash algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>The corresponding TLS-1.2 PRF algorithm. For example, <a class="reference internal" href="#c.PSA_ALG_TLS12_PRF" title="PSA_ALG_TLS12_PRF"><code class="docutils literal"><span class="pre">PSA_ALG_TLS12_PRF</span></code></a><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="hashes.html#c.PSA_ALG_SHA_256" title="PSA_ALG_SHA_256"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_256</span></code></a><code class="docutils literal"><span class="pre">)</span></code> represents the TLS 1.2 PRF using HMAC-SHA-256.</p>
+<p>Unspecified if <code class="docutils literal"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
+<p class="rubric">Description</p>
+<p>TLS 1.2 uses a custom pseudorandom function (PRF) for key schedule, specified in <a class="reference external" href="https://tools.ietf.org/html/rfc5246.html#section-5">RFC 5246 §5</a>. It is based on HMAC and can be used with either SHA-256 or SHA-384.</p>
+<p>This key derivation algorithm uses the following inputs, which must be passed in the order given here:</p>
+<ul class="simple">
+<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SEED" title="PSA_KEY_DERIVATION_INPUT_SEED"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SEED</span></code></a> is the seed.</li>
+<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SECRET" title="PSA_KEY_DERIVATION_INPUT_SECRET"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code></a> is the secret key.</li>
+<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_LABEL" title="PSA_KEY_DERIVATION_INPUT_LABEL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_LABEL</span></code></a> is the label.</li>
+</ul>
+<p>For the application to TLS-1.2 key expansion:</p>
+<ul class="simple">
+<li>The seed is the concatenation of <code class="docutils literal"><span class="pre">ServerHello.Random</span> <span class="pre">+</span> <span class="pre">ClientHello.Random</span></code>.</li>
+<li>The label is <code class="docutils literal"><span class="pre">&quot;key</span> <span class="pre">expansion&quot;</span></code>.</li>
+</ul>
+</div>
+<div class="section" id="PSA_ALG_TLS12_PSK_TO_MS">
+<span id="c.PSA_ALG_TLS12_PSK_TO_MS"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS</span></code> (macro)</h3>
+<p>Macro to build a TLS-1.2 PSK-to-MasterSecret algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_TLS12_PSK_TO_MS" title="PSA_ALG_TLS12_PSK_TO_MS">PSA_ALG_TLS12_PSK_TO_MS</a>(hash_alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">hash_alg</span></code></dt>
+<dd>A hash algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>The corresponding TLS-1.2 PSK to MS algorithm. For example, <a class="reference internal" href="#c.PSA_ALG_TLS12_PSK_TO_MS" title="PSA_ALG_TLS12_PSK_TO_MS"><code class="docutils literal"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS</span></code></a><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="hashes.html#c.PSA_ALG_SHA_256" title="PSA_ALG_SHA_256"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_256</span></code></a><code class="docutils literal"><span class="pre">)</span></code> represents the TLS-1.2 PSK to MasterSecret derivation PRF using HMAC-SHA-256.</p>
+<p>Unspecified if <code class="docutils literal"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
+<p class="rubric">Description</p>
+<p>In a pure-PSK handshake in TLS 1.2, the master secret (MS) is derived from the pre-shared key (PSK) through the application of padding (<a class="reference external" href="https://tools.ietf.org/html/rfc4279.html#section-2">RFC 4279 §2</a>) and the TLS-1.2 PRF (<a class="reference external" href="https://tools.ietf.org/html/rfc5246.html#section-5">RFC 5246 §5</a>). The latter is based on HMAC and can be used with either SHA-256 or SHA-384.</p>
+<p>This key derivation algorithm uses the following inputs, which must be passed in the order given here:</p>
+<ul class="simple">
+<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SEED" title="PSA_KEY_DERIVATION_INPUT_SEED"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SEED</span></code></a> is the seed.</li>
+<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SECRET" title="PSA_KEY_DERIVATION_INPUT_SECRET"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code></a> is the PSK. The PSK must not be larger than <a class="reference internal" href="#c.PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE" title="PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE</span></code></a>.</li>
+<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_LABEL" title="PSA_KEY_DERIVATION_INPUT_LABEL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_LABEL</span></code></a> is the label.</li>
+</ul>
+<p>For the application to TLS-1.2:</p>
+<ul class="simple">
+<li>The seed, which is forwarded to the TLS-1.2 PRF, is the concatenation of the <code class="docutils literal"><span class="pre">ClientHello.Random</span> <span class="pre">+</span> <span class="pre">ServerHello.Random</span></code>.</li>
+<li>The label is <code class="docutils literal"><span class="pre">&quot;master</span> <span class="pre">secret&quot;</span></code> or <code class="docutils literal"><span class="pre">&quot;extended</span> <span class="pre">master</span> <span class="pre">secret&quot;</span></code>.</li>
+</ul>
+</div>
+</div>
+<div class="section" id="input-step-types">
+<h2>Input step types</h2>
+<div class="section" id="psa_key_derivation_step_t">
+<span id="c.psa_key_derivation_step_t"></span><h3><code class="docutils literal"><span class="pre">psa_key_derivation_step_t</span></code> (type)</h3>
+<p>Encoding of the step of a key derivation.</p>
+<pre class="literal-block">
+typedef uint16_t <a class="reference internal" href="#c.psa_key_derivation_step_t" title="psa_key_derivation_step_t">psa_key_derivation_step_t</a>;
+</pre>
+</div>
+<div class="section" id="PSA_KEY_DERIVATION_INPUT_SECRET">
+<span id="c.PSA_KEY_DERIVATION_INPUT_SECRET"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code> (macro)</h3>
+<p>A secret input for key derivation.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SECRET" title="PSA_KEY_DERIVATION_INPUT_SECRET">PSA_KEY_DERIVATION_INPUT_SECRET</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p>This is typically a key of type <a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_DERIVE" title="PSA_KEY_TYPE_DERIVE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_DERIVE</span></code></a> passed to <a class="reference internal" href="#c.psa_key_derivation_input_key" title="psa_key_derivation_input_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_input_key()</span></code></a>, or the shared secret resulting from a key agreement obtained via <a class="reference internal" href="ka.html#c.psa_key_derivation_key_agreement" title="psa_key_derivation_key_agreement"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_key_agreement()</span></code></a>.</p>
+<p>The secret can also be a direct input passed to <a class="reference internal" href="#c.psa_key_derivation_input_bytes" title="psa_key_derivation_input_bytes"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_input_bytes()</span></code></a>. In this case, the derivation operation cannot be used to derive keys: the operation will only allow <a class="reference internal" href="#c.psa_key_derivation_output_bytes" title="psa_key_derivation_output_bytes"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_bytes()</span></code></a>, not <a class="reference internal" href="#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_key()</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_KEY_DERIVATION_INPUT_LABEL">
+<span id="c.PSA_KEY_DERIVATION_INPUT_LABEL"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_LABEL</span></code> (macro)</h3>
+<p>A label for key derivation.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_LABEL" title="PSA_KEY_DERIVATION_INPUT_LABEL">PSA_KEY_DERIVATION_INPUT_LABEL</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p>This is typically a direct input. It can also be a key of type <a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_RAW_DATA" title="PSA_KEY_TYPE_RAW_DATA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_RAW_DATA</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_KEY_DERIVATION_INPUT_CONTEXT">
+<span id="c.PSA_KEY_DERIVATION_INPUT_CONTEXT"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_CONTEXT</span></code> (macro)</h3>
+<p>A context for key derivation.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_CONTEXT" title="PSA_KEY_DERIVATION_INPUT_CONTEXT">PSA_KEY_DERIVATION_INPUT_CONTEXT</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p>This is typically a direct input. It can also be a key of type <a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_RAW_DATA" title="PSA_KEY_TYPE_RAW_DATA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_RAW_DATA</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_KEY_DERIVATION_INPUT_SALT">
+<span id="c.PSA_KEY_DERIVATION_INPUT_SALT"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SALT</span></code> (macro)</h3>
+<p>A salt for key derivation.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SALT" title="PSA_KEY_DERIVATION_INPUT_SALT">PSA_KEY_DERIVATION_INPUT_SALT</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p>This is typically a direct input. It can also be a key of type <a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_RAW_DATA" title="PSA_KEY_TYPE_RAW_DATA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_RAW_DATA</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_KEY_DERIVATION_INPUT_INFO">
+<span id="c.PSA_KEY_DERIVATION_INPUT_INFO"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_INFO</span></code> (macro)</h3>
+<p>An information string for key derivation.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_INFO" title="PSA_KEY_DERIVATION_INPUT_INFO">PSA_KEY_DERIVATION_INPUT_INFO</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p>This is typically a direct input. It can also be a key of type <a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_RAW_DATA" title="PSA_KEY_TYPE_RAW_DATA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_RAW_DATA</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_KEY_DERIVATION_INPUT_SEED">
+<span id="c.PSA_KEY_DERIVATION_INPUT_SEED"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SEED</span></code> (macro)</h3>
+<p>A seed for key derivation.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SEED" title="PSA_KEY_DERIVATION_INPUT_SEED">PSA_KEY_DERIVATION_INPUT_SEED</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p>This is typically a direct input. It can also be a key of type <a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_RAW_DATA" title="PSA_KEY_TYPE_RAW_DATA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_RAW_DATA</span></code></a>.</p>
+</div>
+</div>
+<div class="section" id="key-derivation-functions">
+<h2>Key derivation functions</h2>
+<div class="section" id="psa_key_derivation_operation_t">
+<span id="c.psa_key_derivation_operation_t"></span><h3><code class="docutils literal"><span class="pre">psa_key_derivation_operation_t</span></code> (type)</h3>
+<p>The type of the state object for key derivation operations.</p>
+<pre class="literal-block">
+typedef <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-type"><span class="std std-ref">/* implementation-defined type */</span></a></em> <a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a>;
+</pre>
+<p>Before calling any function on a key derivation operation object, the application must initialize it by any of the following means:</p>
+<ul>
+<li><p class="first">Set the object to all-bits-zero, for example:</p>
+<pre class="literal-block">
+<a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> operation;
+memset(&amp;operation, 0, sizeof(operation));
+</pre>
+</li>
+<li><p class="first">Initialize the object to logical zero values by declaring the object as static or global without an explicit initializer, for example:</p>
+<pre class="literal-block">
+static <a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> operation;
+</pre>
+</li>
+<li><p class="first">Initialize the object to the initializer <a class="reference internal" href="#c.PSA_KEY_DERIVATION_OPERATION_INIT" title="PSA_KEY_DERIVATION_OPERATION_INIT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_OPERATION_INIT</span></code></a>, for example:</p>
+<pre class="literal-block">
+<a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> operation = <a class="reference internal" href="#c.PSA_KEY_DERIVATION_OPERATION_INIT" title="PSA_KEY_DERIVATION_OPERATION_INIT">PSA_KEY_DERIVATION_OPERATION_INIT</a>;
+</pre>
+</li>
+<li><p class="first">Assign the result of the function <a class="reference internal" href="#c.psa_key_derivation_operation_init" title="psa_key_derivation_operation_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_operation_init()</span></code></a> to the object, for example:</p>
+<pre class="literal-block">
+<a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> operation;
+operation = <a class="reference internal" href="#c.psa_key_derivation_operation_init" title="psa_key_derivation_operation_init">psa_key_derivation_operation_init</a>();
+</pre>
+</li>
+</ul>
+<p>This is an implementation-defined type. Applications that make assumptions about the content of this object will result in in implementation-specific behavior, and are non-portable.</p>
+</div>
+<div class="section" id="PSA_KEY_DERIVATION_OPERATION_INIT">
+<span id="c.PSA_KEY_DERIVATION_OPERATION_INIT"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_OPERATION_INIT</span></code> (macro)</h3>
+<p>This macro returns a suitable initializer for a key derivation operation object of type <a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_derivation_operation_t</span></code></a>.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_DERIVATION_OPERATION_INIT" title="PSA_KEY_DERIVATION_OPERATION_INIT">PSA_KEY_DERIVATION_OPERATION_INIT</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+</div>
+<div class="section" id="psa_key_derivation_operation_init">
+<span id="c.psa_key_derivation_operation_init"></span><h3><code class="docutils literal"><span class="pre">psa_key_derivation_operation_init</span></code> (function)</h3>
+<p>Return an initial value for a key derivation operation object.</p>
+<pre class="literal-block">
+<a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> <a class="reference internal" href="#c.psa_key_derivation_operation_init" title="psa_key_derivation_operation_init">psa_key_derivation_operation_init</a>(void);
+</pre>
+<p class="rubric">Returns: <a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t"><code class="docutils literal"><span class="pre">psa_key_derivation_operation_t</span></code></a></p>
+</div>
+<div class="section" id="psa_key_derivation_setup">
+<span id="c.psa_key_derivation_setup"></span><h3><code class="docutils literal"><span class="pre">psa_key_derivation_setup</span></code> (function)</h3>
+<p>Set up a key derivation operation.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_key_derivation_setup" title="psa_key_derivation_setup">psa_key_derivation_setup</a>(<a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> * operation,
+                                      <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
+<dd>The key derivation operation object to set up. It must have been initialized but not set up yet.</dd>
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>The key derivation algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_KEY_DERIVATION" title="PSA_ALG_IS_KEY_DERIVATION"><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_DERIVATION</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd>Success.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">alg</span></code> is not a key derivation algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">alg</span></code> is not supported or is not a key derivation algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The operation state is not valid: it must be inactive.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>A key derivation algorithm takes some inputs and uses them to generate a byte stream in a deterministic way. This byte stream can be used to produce keys and other cryptographic material.</p>
+<p>To derive a key:</p>
+<ol class="arabic simple">
+<li>Start with an initialized object of type <a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_derivation_operation_t</span></code></a>.</li>
+<li>Call <a class="reference internal" href="#c.psa_key_derivation_setup" title="psa_key_derivation_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_setup()</span></code></a> to select the algorithm.</li>
+<li>Provide the inputs for the key derivation by calling <a class="reference internal" href="#c.psa_key_derivation_input_bytes" title="psa_key_derivation_input_bytes"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_input_bytes()</span></code></a> or <a class="reference internal" href="#c.psa_key_derivation_input_key" title="psa_key_derivation_input_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_input_key()</span></code></a> as appropriate. Which inputs are needed, in what order, whether keys are permitted, and what type of keys depends on the algorithm.</li>
+<li>Optionally set the operation’s maximum capacity with <a class="reference internal" href="#c.psa_key_derivation_set_capacity" title="psa_key_derivation_set_capacity"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_set_capacity()</span></code></a>. This can be done before, in the middle of, or after providing inputs. For some algorithms, this step is mandatory because the output depends on the maximum capacity.</li>
+<li>To derive a key, call <a class="reference internal" href="#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_key()</span></code></a>. To derive a byte string for a different purpose, call <a class="reference internal" href="#c.psa_key_derivation_output_bytes" title="psa_key_derivation_output_bytes"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_bytes()</span></code></a>. Successive calls to these functions use successive output bytes calculated by the key derivation algorithm.</li>
+<li>Clean up the key derivation operation object with <a class="reference internal" href="#c.psa_key_derivation_abort" title="psa_key_derivation_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_abort()</span></code></a>.</li>
+</ol>
+<p>If this function returns an error, the key derivation operation object is not changed.</p>
+<p>If an error occurs at any step after a call to <a class="reference internal" href="#c.psa_key_derivation_setup" title="psa_key_derivation_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_setup()</span></code></a>, the operation will need to be reset by a call to <a class="reference internal" href="#c.psa_key_derivation_abort" title="psa_key_derivation_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_abort()</span></code></a>.</p>
+<p>Implementations must reject an attempt to derive a key of size <code class="docutils literal"><span class="pre">0</span></code>.</p>
+</div>
+<div class="section" id="psa_key_derivation_get_capacity">
+<span id="c.psa_key_derivation_get_capacity"></span><h3><code class="docutils literal"><span class="pre">psa_key_derivation_get_capacity</span></code> (function)</h3>
+<p>Retrieve the current capacity of a key derivation operation.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_key_derivation_get_capacity" title="psa_key_derivation_get_capacity">psa_key_derivation_get_capacity</a>(const <a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> * operation,
+                                             size_t * capacity);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
+<dd>The operation to query.</dd>
+<dt> <code class="docutils literal"><span class="pre">capacity</span></code></dt>
+<dd>On success, the capacity of the operation.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The operation state is not valid: it must be active.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>The capacity of a key derivation is the maximum number of bytes that it can return. Reading <em>N</em> bytes of output from a key derivation operation reduces its capacity by at least <em>N</em>. The capacity can be reduced by more than <em>N</em> in the following situations:</p>
+<ul class="simple">
+<li>Calling <a class="reference internal" href="#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_key()</span></code></a> can reduce the capacity by more than the key size, depending on the type of key being generated. See  <a class="reference internal" href="#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_key()</span></code></a> for details of the key derivation process.</li>
+<li>When the <a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_derivation_operation_t</span></code></a> object is operating as a deterministic random bit generator (DBRG), which reduces capacity in whole blocks, even when less than a block is read.</li>
+</ul>
+</div>
+<div class="section" id="psa_key_derivation_set_capacity">
+<span id="c.psa_key_derivation_set_capacity"></span><h3><code class="docutils literal"><span class="pre">psa_key_derivation_set_capacity</span></code> (function)</h3>
+<p>Set the maximum capacity of a key derivation operation.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_key_derivation_set_capacity" title="psa_key_derivation_set_capacity">psa_key_derivation_set_capacity</a>(<a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> * operation,
+                                             size_t capacity);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
+<dd>The key derivation operation object to modify.</dd>
+<dt> <code class="docutils literal"><span class="pre">capacity</span></code></dt>
+<dd>The new capacity of the operation. It must be less or equal to the operation’s current capacity.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">capacity</span></code> is larger than the operation’s current capacity. In this case, the operation object remains valid and its capacity remains unchanged.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The operation state is not valid: it must be active.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>The capacity of a key derivation operation is the maximum number of bytes that the key derivation operation can return from this point onwards.</p>
+</div>
+<div class="section" id="psa_key_derivation_input_bytes">
+<span id="c.psa_key_derivation_input_bytes"></span><h3><code class="docutils literal"><span class="pre">psa_key_derivation_input_bytes</span></code> (function)</h3>
+<p>Provide an input for key derivation or key agreement.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_key_derivation_input_bytes" title="psa_key_derivation_input_bytes">psa_key_derivation_input_bytes</a>(<a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> * operation,
+                                            <a class="reference internal" href="#c.psa_key_derivation_step_t" title="psa_key_derivation_step_t">psa_key_derivation_step_t</a> step,
+                                            const uint8_t * data,
+                                            size_t data_length);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
+<dd>The key derivation operation object to use. It must have been set up with <a class="reference internal" href="#c.psa_key_derivation_setup" title="psa_key_derivation_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_setup()</span></code></a> and must not have produced any output yet.</dd>
+<dt> <code class="docutils literal"><span class="pre">step</span></code></dt>
+<dd>Which step the input data is for.</dd>
+<dt> <code class="docutils literal"><span class="pre">data</span></code></dt>
+<dd>Input data to use.</dd>
+<dt> <code class="docutils literal"><span class="pre">data_length</span></code></dt>
+<dd>Size of the <code class="docutils literal"><span class="pre">data</span></code> buffer in bytes.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd>Success.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">step</span></code> is not compatible with the operation’s algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">step</span></code> does not allow direct inputs.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The operation state is not valid for this input <code class="docutils literal"><span class="pre">step</span></code>.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>Which inputs are required and in what order depends on the algorithm. Refer to the documentation of each key derivation or key agreement algorithm for information.</p>
+<p>This function passes direct inputs, which is usually correct for non-secret inputs. To pass a secret input, which is normally in a key object, call <a class="reference internal" href="#c.psa_key_derivation_input_key" title="psa_key_derivation_input_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_input_key()</span></code></a> instead of this function. Refer to the documentation of individual step types (<code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_xxx</span></code> values of type <a class="reference internal" href="#c.psa_key_derivation_step_t" title="psa_key_derivation_step_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_derivation_step_t</span></code></a>) for more information.</p>
+<p>If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_key_derivation_abort" title="psa_key_derivation_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_abort()</span></code></a>.</p>
+</div>
+<div class="section" id="psa_key_derivation_input_key">
+<span id="c.psa_key_derivation_input_key"></span><h3><code class="docutils literal"><span class="pre">psa_key_derivation_input_key</span></code> (function)</h3>
+<p>Provide an input for key derivation in the form of a key.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_key_derivation_input_key" title="psa_key_derivation_input_key">psa_key_derivation_input_key</a>(<a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> * operation,
+                                          <a class="reference internal" href="#c.psa_key_derivation_step_t" title="psa_key_derivation_step_t">psa_key_derivation_step_t</a> step,
+                                          <a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
+<dd>The key derivation operation object to use. It must have been set up with <a class="reference internal" href="#c.psa_key_derivation_setup" title="psa_key_derivation_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_setup()</span></code></a> and must not have produced any output yet.</dd>
+<dt> <code class="docutils literal"><span class="pre">step</span></code></dt>
+<dd>Which step the input data is for.</dd>
+<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
+<dd>Identifier of the key. It must have an appropriate type for <code class="docutils literal"><span class="pre">step</span></code> and must allow the usage <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_DERIVE" title="PSA_KEY_USAGE_DERIVE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code></a>.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd>Success.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
+<dd>The key does not have the <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_DERIVE" title="PSA_KEY_USAGE_DERIVE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code></a> flag.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">step</span></code> is not compatible with the operation’s algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">step</span></code> does not allow key inputs of the given type or does not allow key inputs at all.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The operation state is not valid for this input <code class="docutils literal"><span class="pre">step</span></code>.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>Which inputs are required and in what order depends on the algorithm. Refer to the documentation of each key derivation or key agreement algorithm for information.</p>
+<p>This function obtains input from a key object, which is usually correct for secret inputs or for non-secret personalization strings kept in the key store. To pass a non-secret parameter which is not in the key store, call <a class="reference internal" href="#c.psa_key_derivation_input_bytes" title="psa_key_derivation_input_bytes"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_input_bytes()</span></code></a> instead of this function. Refer to the documentation of individual step types (<code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_xxx</span></code> values of type <a class="reference internal" href="#c.psa_key_derivation_step_t" title="psa_key_derivation_step_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_derivation_step_t</span></code></a>) for more information.</p>
+<p>If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_key_derivation_abort" title="psa_key_derivation_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_abort()</span></code></a>.</p>
+</div>
+<div class="section" id="psa_key_derivation_output_bytes">
+<span id="c.psa_key_derivation_output_bytes"></span><h3><code class="docutils literal"><span class="pre">psa_key_derivation_output_bytes</span></code> (function)</h3>
+<p>Read some data from a key derivation operation.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_key_derivation_output_bytes" title="psa_key_derivation_output_bytes">psa_key_derivation_output_bytes</a>(<a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> * operation,
+                                             uint8_t * output,
+                                             size_t output_length);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
+<dd>The key derivation operation object to read from.</dd>
+<dt> <code class="docutils literal"><span class="pre">output</span></code></dt>
+<dd>Buffer where the output will be written.</dd>
+<dt> <code class="docutils literal"><span class="pre">output_length</span></code></dt>
+<dd>Number of bytes to output.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_DATA" title="PSA_ERROR_INSUFFICIENT_DATA"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_DATA</span></code></a></dt>
+<dd>The operation’s capacity was less than <code class="docutils literal"><span class="pre">output_length</span></code> bytes. Note that in this case, no output is written to the output buffer. The operation’s capacity is set to <code class="docutils literal"><span class="pre">0</span></code>, thus subsequent calls to this function will not succeed, even with a smaller output buffer.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The operation state is not valid: it must be active and completed all required input steps.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>This function calculates output bytes from a key derivation algorithm and return those bytes. If the key derivation’s output is viewed as a stream of bytes, this function consumes the requested number of bytes from the stream and returns them to the caller. The operation’s capacity decreases by the number of bytes read.</p>
+<p>If this function returns an error status other than <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_DATA" title="PSA_ERROR_INSUFFICIENT_DATA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_DATA</span></code></a>, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_key_derivation_abort" title="psa_key_derivation_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_abort()</span></code></a>.</p>
+</div>
+<div class="section" id="psa_key_derivation_output_key">
+<span id="c.psa_key_derivation_output_key"></span><h3><code class="docutils literal"><span class="pre">psa_key_derivation_output_key</span></code> (function)</h3>
+<p>Derive a key from an ongoing key derivation operation.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key">psa_key_derivation_output_key</a>(const <a class="reference internal" href="../keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
+                                           <a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> * operation,
+                                           <a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> * key);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
+<dd>The attributes for the new key.</dd>
+<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
+<dd>The key derivation operation object to read from.</dd>
+<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
+<dd>On success, an identifier for the newly created key. <a class="reference internal" href="../keys/locations.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a> on failure.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd>Success. If the key is persistent, the key material and the key’s metadata have been saved to persistent storage.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_ALREADY_EXISTS" title="PSA_ERROR_ALREADY_EXISTS"><code class="docutils literal"><span class="pre">PSA_ERROR_ALREADY_EXISTS</span></code></a></dt>
+<dd>This is an attempt to create a persistent key, and there is already a persistent key with the given identifier.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_DATA" title="PSA_ERROR_INSUFFICIENT_DATA"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_DATA</span></code></a></dt>
+<dd>There was not enough data to create the desired key. Note that in this case, no output is written to the output buffer. The operation’s capacity is set to <code class="docutils literal"><span class="pre">0</span></code>, thus subsequent calls to this function will not succeed, even with a smaller output buffer.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
+<dd>The key type or key size is not supported, either by the implementation in general or in this particular location.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd>The provided key attributes are not valid for the operation.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
+<dd>The <a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SECRET" title="PSA_KEY_DERIVATION_INPUT_SECRET"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code></a> input was not provided through a key.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The operation state is not valid: it must be active and completed all required input steps.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_STORAGE" title="PSA_ERROR_INSUFFICIENT_STORAGE"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_STORAGE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>This function calculates output bytes from a key derivation algorithm and uses those bytes to generate a key deterministically. The key’s location, usage policy, type and size are taken from <code class="docutils literal"><span class="pre">attributes</span></code>.</p>
+<p>If the key derivation’s output is viewed as a stream of bytes, this function consumes the required number of bytes from the stream. The operation’s capacity decreases by the number of bytes used to derive the key.</p>
+<p>If this function returns an error status other than <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_DATA" title="PSA_ERROR_INSUFFICIENT_DATA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_DATA</span></code></a>, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_key_derivation_abort" title="psa_key_derivation_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_abort()</span></code></a>.</p>
+<p>How much output is produced and consumed from the operation, and how the key is derived, depends on the key type:</p>
+<ul>
+<li><p class="first">For key types for which the key is an arbitrary sequence of bytes of a given size, this function is functionally equivalent to calling <a class="reference internal" href="#c.psa_key_derivation_output_bytes" title="psa_key_derivation_output_bytes"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_bytes()</span></code></a> and passing the resulting output to <a class="reference internal" href="../keys/management.html#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_import_key()</span></code></a>. However, this function has a security benefit: if the implementation provides an isolation boundary then the key material is not exposed outside the isolation boundary. As a consequence, for these key types, this function always consumes exactly <code class="docutils literal"><span class="pre">(bits/8)</span></code> bytes from the operation. The following key types defined in this specification follow this scheme:</p>
+<ul class="simple">
+<li><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_AES" title="PSA_KEY_TYPE_AES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_AES</span></code></a>;</li>
+<li><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_ARC4" title="PSA_KEY_TYPE_ARC4"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_ARC4</span></code></a>;</li>
+<li><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_CAMELLIA" title="PSA_KEY_TYPE_CAMELLIA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_CAMELLIA</span></code></a>;</li>
+<li><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_DERIVE" title="PSA_KEY_TYPE_DERIVE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_DERIVE</span></code></a>;</li>
+<li><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_HMAC" title="PSA_KEY_TYPE_HMAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_HMAC</span></code></a>.</li>
+</ul>
+</li>
+<li><p class="first">For ECC keys on a Montgomery elliptic curve (<a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_ECC_KEY_PAIR" title="PSA_KEY_TYPE_ECC_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR</span></code></a><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_MONTGOMERY" title="PSA_ECC_FAMILY_MONTGOMERY"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_MONTGOMERY</span></code></a><code class="docutils literal"><span class="pre">)</span></code>), this function always draws a byte string whose length is determined by the curve, and sets the mandatory bits accordingly. That is:</p>
+<ul class="simple">
+<li>Curve25519 (<a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_MONTGOMERY" title="PSA_ECC_FAMILY_MONTGOMERY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_MONTGOMERY</span></code></a>, 255 bits): draw a 32-byte string and process it as specified in <a class="reference external" href="https://tools.ietf.org/html/rfc7748.html#section-5">RFC 7748 §5</a>.</li>
+<li>Curve448 (<a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_MONTGOMERY" title="PSA_ECC_FAMILY_MONTGOMERY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_MONTGOMERY</span></code></a>, 448 bits): draw a 56-byte string and process it as specified in <a class="reference external" href="https://tools.ietf.org/html/rfc7748.html#section-5">RFC 7748 §5</a>.</li>
+</ul>
+</li>
+<li><p class="first">For key types for which the key is represented by a single sequence of <code class="docutils literal"><span class="pre">bits</span></code> bits with constraints as to which bit sequences are acceptable, this function draws a byte string of length <code class="docutils literal"><span class="pre">ceiling(bits/8)</span></code> bytes. If the resulting byte string is acceptable, it becomes the key, otherwise the drawn bytes are discarded. This process is repeated until an acceptable byte string is drawn. The byte string drawn from the operation is interpreted as specified for the output produced by <a class="reference internal" href="../keys/management.html#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_key()</span></code></a>. The following key types defined in this specification follow this scheme:</p>
+<ul>
+<li><p class="first"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_DES" title="PSA_KEY_TYPE_DES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_DES</span></code></a>. Force-set the parity bits, but discard forbidden weak keys. For 2-key and 3-key triple-DES, the three keys are generated successively. For example, for 3-key triple-DES, if the first 8 bytes specify a weak key and the next 8 bytes do not, discard the first 8 bytes, use the next 8 bytes as the first key, and continue reading output from the operation to derive the other two keys.</p>
+</li>
+<li><p class="first">Finite-field Diffie-Hellman keys (<a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_DH_KEY_PAIR" title="PSA_KEY_TYPE_DH_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DH_KEY_PAIR</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">dh_family</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">dh_family</span></code> designates any Diffie-Hellman family) and ECC keys on a Weierstrass elliptic curve (<a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_ECC_KEY_PAIR" title="PSA_KEY_TYPE_ECC_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">ecc_family</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">ecc_family</span></code> designates a Weierstrass curve family). For these key types, interpret the byte string as integer in big-endian order. Discard it if it is not in the range [0, <em>N</em> - 2] where <em>N</em> is the boundary of the private key domain: <em>N</em> is the prime <em>p</em> for Diffie-Hellman, or the order of the curve’s base point for ECC. Add <code class="docutils literal"><span class="pre">1</span></code> to the resulting integer and use this as the private key <em>x</em>.</p>
+<p>This method allows compliance to NIST standards, specifically the methods titled <em>Key-Pair Generation by Testing Candidates</em> in the following publications:</p>
+<ul class="simple">
+<li><a class="reference external" href="https://doi.org/10.6028/NIST.SP.800-56Ar3"><em>NIST Special Publication 800-56A: Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography</em></a> (NIST SP 800-56A) §5.6.1.1.4 for Diffie-Hellman keys.</li>
+<li><a class="reference external" href="https://doi.org/10.6028/NIST.SP.800-56Ar3">NIST SP 800-56A</a> §5.6.1.2.2 or <a class="reference external" href="https://doi.org/10.6028/NIST.FIPS.186-4"><em>FIPS Publication 186-4: Digital Signature Standard (DSS)</em></a> (FIPS 186-4) §B.4.2 for elliptic curve keys.</li>
+</ul>
+</li>
+</ul>
+</li>
+<li><p class="first">For other key types, including <a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_RSA_KEY_PAIR" title="PSA_KEY_TYPE_RSA_KEY_PAIR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_RSA_KEY_PAIR</span></code></a>, the way in which the operation output is consumed is implementation-defined.</p>
+</li>
+</ul>
+<p>In all cases, the data that is read is discarded from the operation. The operation’s capacity is decreased by the number of bytes read.</p>
+<p>For algorithms that take an input step <a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SECRET" title="PSA_KEY_DERIVATION_INPUT_SECRET"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code></a>, the input to that step must be provided with <a class="reference internal" href="#c.psa_key_derivation_input_key" title="psa_key_derivation_input_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_input_key()</span></code></a>. Future versions of this specification might include additional restrictions on the derived key based on the attributes and strength of the secret key.</p>
+</div>
+<div class="section" id="psa_key_derivation_abort">
+<span id="c.psa_key_derivation_abort"></span><h3><code class="docutils literal"><span class="pre">psa_key_derivation_abort</span></code> (function)</h3>
+<p>Abort a key derivation operation.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_key_derivation_abort" title="psa_key_derivation_abort">psa_key_derivation_abort</a>(<a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> * operation);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
+<dd>The operation to abort.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>Aborting an operation frees all associated resources except for the <code class="docutils literal"><span class="pre">operation</span></code> object itself. Once aborted, the operation object can be reused for another operation by calling <a class="reference internal" href="#c.psa_key_derivation_setup" title="psa_key_derivation_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_setup()</span></code></a> again.</p>
+<p>This function can be called at any time after the operation object has been initialized as described in <a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_derivation_operation_t</span></code></a>.</p>
+<p>In particular, it is valid to call <a class="reference internal" href="#c.psa_key_derivation_abort" title="psa_key_derivation_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_abort()</span></code></a> twice, or to call <a class="reference internal" href="#c.psa_key_derivation_abort" title="psa_key_derivation_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_abort()</span></code></a> on an operation that has not been set up.</p>
+</div>
+</div>
+<div class="section" id="support-macros">
+<h2>Support macros</h2>
+<div class="section" id="PSA_ALG_IS_HKDF">
+<span id="c.PSA_ALG_IS_HKDF"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_HKDF</span></code> (macro)</h3>
+<p>Whether the specified algorithm is an HKDF algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_IS_HKDF" title="PSA_ALG_IS_HKDF">PSA_ALG_IS_HKDF</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is an HKDF algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported key derivation algorithm identifier.</p>
+<p class="rubric">Description</p>
+<p>HKDF is a family of key derivation algorithms that are based on a hash function and the HMAC construction.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_TLS12_PRF">
+<span id="c.PSA_ALG_IS_TLS12_PRF"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_TLS12_PRF</span></code> (macro)</h3>
+<p>Whether the specified algorithm is a TLS-1.2 PRF algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_IS_TLS12_PRF" title="PSA_ALG_IS_TLS12_PRF">PSA_ALG_IS_TLS12_PRF</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a TLS-1.2 PRF algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported key derivation algorithm identifier.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_TLS12_PSK_TO_MS">
+<span id="c.PSA_ALG_IS_TLS12_PSK_TO_MS"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_TLS12_PSK_TO_MS</span></code> (macro)</h3>
+<p>Whether the specified algorithm is a TLS-1.2 PSK to MS algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_IS_TLS12_PSK_TO_MS" title="PSA_ALG_IS_TLS12_PSK_TO_MS">PSA_ALG_IS_TLS12_PSK_TO_MS</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a TLS-1.2 PSK to MS algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported key derivation algorithm identifier.</p>
+</div>
+<div class="section" id="PSA_KEY_DERIVATION_UNLIMITED_CAPACITY">
+<span id="c.PSA_KEY_DERIVATION_UNLIMITED_CAPACITY"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_UNLIMITED_CAPACITY</span></code> (macro)</h3>
+<p>Use the maximum possible capacity for a key derivation operation.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_DERIVATION_UNLIMITED_CAPACITY" title="PSA_KEY_DERIVATION_UNLIMITED_CAPACITY">PSA_KEY_DERIVATION_UNLIMITED_CAPACITY</a> \
+    <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p>Use this value as the capacity argument when setting up a key derivation to specify that the operation will use the maximum possible capacity. The value of the maximum possible capacity depends on the key derivation algorithm.</p>
+</div>
+<div class="section" id="PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE">
+<span id="c.PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE</span></code> (macro)</h3>
+<p>This macro returns the maximum supported length of the PSK for the TLS-1.2 PSK-to-MS key derivation.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE" title="PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE">PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p>This implementation-defined value specifies the maximum length for the PSK input used with a <a class="reference internal" href="#c.PSA_ALG_TLS12_PSK_TO_MS" title="PSA_ALG_TLS12_PSK_TO_MS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS()</span></code></a> key agreement algorithm.</p>
+<p>Quoting <a class="reference external" href="https://tools.ietf.org/html/rfc4279.html#section-5.3">RFC 4279 §5.3</a>:</p>
+<blockquote>
+<div>TLS implementations supporting these ciphersuites MUST support arbitrary PSK identities up to 128 octets in length, and arbitrary PSKs up to 64 octets in length. Supporting longer identities and keys is RECOMMENDED.</div></blockquote>
+<p>Therefore, it is recommended that implementations define <a class="reference internal" href="#c.PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE" title="PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE</span></code></a> with a value greater than or equal to <code class="docutils literal"><span class="pre">64</span></code>.</p>
+</div>
+</div>
+</div>
+
+
+          </div>
+        </div>
+      </div>
+      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
+        <div class="sphinxsidebarwrapper">
+  <h3><a href="../../index.html">Table Of Contents</a></h3>
+  <ul>
+<li><a class="reference internal" href="#">Key derivation</a><ul>
+<li><a class="reference internal" href="#key-derivation-algorithms">Key derivation algorithms</a><ul>
+<li><a class="reference internal" href="#PSA_ALG_HKDF"><code class="docutils literal"><span class="pre">PSA_ALG_HKDF</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_TLS12_PRF"><code class="docutils literal"><span class="pre">PSA_ALG_TLS12_PRF</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_TLS12_PSK_TO_MS"><code class="docutils literal"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS</span></code> (macro)</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#input-step-types">Input step types</a><ul>
+<li><a class="reference internal" href="#psa_key_derivation_step_t"><code class="docutils literal"><span class="pre">psa_key_derivation_step_t</span></code> (type)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_DERIVATION_INPUT_SECRET"><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_DERIVATION_INPUT_LABEL"><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_LABEL</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_DERIVATION_INPUT_CONTEXT"><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_CONTEXT</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_DERIVATION_INPUT_SALT"><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SALT</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_DERIVATION_INPUT_INFO"><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_INFO</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_DERIVATION_INPUT_SEED"><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SEED</span></code> (macro)</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#key-derivation-functions">Key derivation functions</a><ul>
+<li><a class="reference internal" href="#psa_key_derivation_operation_t"><code class="docutils literal"><span class="pre">psa_key_derivation_operation_t</span></code> (type)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_DERIVATION_OPERATION_INIT"><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_OPERATION_INIT</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#psa_key_derivation_operation_init"><code class="docutils literal"><span class="pre">psa_key_derivation_operation_init</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_key_derivation_setup"><code class="docutils literal"><span class="pre">psa_key_derivation_setup</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_key_derivation_get_capacity"><code class="docutils literal"><span class="pre">psa_key_derivation_get_capacity</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_key_derivation_set_capacity"><code class="docutils literal"><span class="pre">psa_key_derivation_set_capacity</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_key_derivation_input_bytes"><code class="docutils literal"><span class="pre">psa_key_derivation_input_bytes</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_key_derivation_input_key"><code class="docutils literal"><span class="pre">psa_key_derivation_input_key</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_key_derivation_output_bytes"><code class="docutils literal"><span class="pre">psa_key_derivation_output_bytes</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_key_derivation_output_key"><code class="docutils literal"><span class="pre">psa_key_derivation_output_key</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_key_derivation_abort"><code class="docutils literal"><span class="pre">psa_key_derivation_abort</span></code> (function)</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#support-macros">Support macros</a><ul>
+<li><a class="reference internal" href="#PSA_ALG_IS_HKDF"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HKDF</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_IS_TLS12_PRF"><code class="docutils literal"><span class="pre">PSA_ALG_IS_TLS12_PRF</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_IS_TLS12_PSK_TO_MS"><code class="docutils literal"><span class="pre">PSA_ALG_IS_TLS12_PSK_TO_MS</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_KEY_DERIVATION_UNLIMITED_CAPACITY"><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_UNLIMITED_CAPACITY</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE</span></code> (macro)</a></li>
+</ul>
+</li>
+</ul>
+</li>
+</ul>
+<div class="relations">
+<h3>Related Topics</h3>
+<ul>
+  <li><a href="../../index.html">Documentation overview</a><ul>
+  <li><a href="index.html">Cryptographic operation reference</a><ul>
+      <li>Previous: <a href="aead.html" title="previous chapter">Authenticated encryption with associated data (AEAD)</a></li>
+      <li>Next: <a href="sign.html" title="next chapter">Asymmetric signature</a></li>
+  </ul></li>
+  </ul></li>
+</ul>
+</div>
+  <div role="note" aria-label="source link">
+    <h3>This Page</h3>
+    <ul class="this-page-menu">
+      <li><a href="../../_sources/api/ops/kdf.rst.txt"
+            rel="nofollow">Show Source</a></li>
+    </ul>
+   </div>
+<div id="searchbox" style="display: none" role="search">
+  <h3>Quick search</h3>
+    <form class="search" action="../../search.html" method="get">
+      <div><input type="text" name="q" /></div>
+      <div><input type="submit" value="Go" /></div>
+      <input type="hidden" name="check_keywords" value="yes" />
+      <input type="hidden" name="area" value="default" />
+    </form>
+</div>
+<script type="text/javascript">$('#searchbox').show(0);</script>
+        </div>
+      </div>
+      <div class="clearer"></div>
+    </div>
+    <div class="footer">
+      &copy; 2019-2020, Arm Limited or its affiliates. All rights reserved.
+      
+      |
+      Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
+      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
+      
+      |
+      <a href="../../_sources/api/ops/kdf.rst.txt"
+          rel="nofollow">Page source</a>
+    </div>
+
+    
+
+    
+  </body>
+</html>
\ No newline at end of file
diff --git a/docs/html/api/ops/macs.html b/docs/html/api/ops/macs.html
new file mode 100644
index 0000000..c53a533
--- /dev/null
+++ b/docs/html/api/ops/macs.html
@@ -0,0 +1,791 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <title>Message authentication codes (MAC) &#8212; PSA Crypto API 1.0.0 documentation</title>
+    <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
+    <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
+    <script type="text/javascript">
+      var DOCUMENTATION_OPTIONS = {
+        URL_ROOT:    '../../',
+        VERSION:     '1.0.0',
+        COLLAPSE_INDEX: false,
+        FILE_SUFFIX: '.html',
+        HAS_SOURCE:  true,
+        SOURCELINK_SUFFIX: '.txt'
+      };
+    </script>
+    <script type="text/javascript" src="../../_static/jquery.js"></script>
+    <script type="text/javascript" src="../../_static/underscore.js"></script>
+    <script type="text/javascript" src="../../_static/doctools.js"></script>
+    <link rel="index" title="Index" href="../../genindex.html" />
+    <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="Unauthenticated ciphers" href="ciphers.html" />
+    <link rel="prev" title="Message digests" href="hashes.html" />
+   
+  <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
+  
+  <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
+
+  </head>
+  <body>
+  
+
+    <div class="document">
+      <div class="documentwrapper">
+        <div class="bodywrapper">
+          <div class="body" role="main">
+            
+  <div class="section" id="message-authentication-codes-mac">
+<span id="macs"></span><h1>Message authentication codes (MAC)</h1>
+<div class="section" id="mac-algorithms">
+<span id="id1"></span><h2>MAC algorithms</h2>
+<div class="section" id="PSA_ALG_HMAC">
+<span id="c.PSA_ALG_HMAC"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_HMAC</span></code> (macro)</h3>
+<p>Macro to build an HMAC algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_HMAC" title="PSA_ALG_HMAC">PSA_ALG_HMAC</a>(hash_alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">hash_alg</span></code></dt>
+<dd>A hash algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>The corresponding HMAC algorithm.</p>
+<p>Unspecified if <code class="docutils literal"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
+<p class="rubric">Description</p>
+<p>For example, <a class="reference internal" href="#c.PSA_ALG_HMAC" title="PSA_ALG_HMAC"><code class="docutils literal"><span class="pre">PSA_ALG_HMAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="hashes.html#c.PSA_ALG_SHA_256" title="PSA_ALG_SHA_256"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_256</span></code></a><code class="docutils literal"><span class="pre">)</span></code> is HMAC-SHA-256.</p>
+</div>
+<div class="section" id="PSA_ALG_TRUNCATED_MAC">
+<span id="c.PSA_ALG_TRUNCATED_MAC"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_TRUNCATED_MAC</span></code> (macro)</h3>
+<p>Macro to build a truncated MAC algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_TRUNCATED_MAC" title="PSA_ALG_TRUNCATED_MAC">PSA_ALG_TRUNCATED_MAC</a>(mac_alg, mac_length) \
+    <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">mac_alg</span></code></dt>
+<dd>A MAC algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_MAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true). This can be a truncated or untruncated MAC algorithm.</dd>
+<dt> <code class="docutils literal"><span class="pre">mac_length</span></code></dt>
+<dd>Desired length of the truncated MAC in bytes. This must be at most the full length of the MAC and must be at least an implementation-specified minimum. The implementation-specified minimum must not be zero.</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>The corresponding MAC algorithm with the specified length.</p>
+<p>Unspecified if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported MAC algorithm or if <code class="docutils literal"><span class="pre">mac_length</span></code> is too small or too large for the specified MAC algorithm.</p>
+<p class="rubric">Description</p>
+<p>A truncated MAC algorithm is identical to the corresponding MAC algorithm except that the MAC value for the truncated algorithm consists of only the first <code class="docutils literal"><span class="pre">mac_length</span></code> bytes of the MAC value for the untruncated algorithm.</p>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">This macro might allow constructing algorithm identifiers that are not valid, either because the specified length is larger than the untruncated MAC or because the specified length is smaller than permitted by the implementation.</p>
+</div>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">It is implementation-defined whether a truncated MAC that is truncated to the same length as the MAC of the untruncated algorithm is considered identical to the untruncated algorithm for policy comparison purposes.</p>
+</div>
+<p>The full-length MAC algorithm can be recovered using <a class="reference internal" href="#c.PSA_ALG_FULL_LENGTH_MAC" title="PSA_ALG_FULL_LENGTH_MAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_FULL_LENGTH_MAC()</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_ALG_CBC_MAC">
+<span id="c.PSA_ALG_CBC_MAC"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_CBC_MAC</span></code> (macro)</h3>
+<p>The CBC-MAC construction over a block cipher.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_CBC_MAC" title="PSA_ALG_CBC_MAC">PSA_ALG_CBC_MAC</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x03c00100)
+</pre>
+<div class="admonition warning">
+<p class="first admonition-title">Warning</p>
+<p class="last">CBC-MAC is insecure in many cases. A more secure mode, such as <a class="reference internal" href="#c.PSA_ALG_CMAC" title="PSA_ALG_CMAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CMAC</span></code></a>, is recommended.</p>
+</div>
+</div>
+<div class="section" id="PSA_ALG_CMAC">
+<span id="c.PSA_ALG_CMAC"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_CMAC</span></code> (macro)</h3>
+<p>The CMAC construction over a block cipher.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_CMAC" title="PSA_ALG_CMAC">PSA_ALG_CMAC</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x03c00200)
+</pre>
+</div>
+</div>
+<div class="section" id="single-part-mac-functions">
+<h2>Single-part MAC functions</h2>
+<div class="section" id="psa_mac_compute">
+<span id="c.psa_mac_compute"></span><h3><code class="docutils literal"><span class="pre">psa_mac_compute</span></code> (function)</h3>
+<p>Calculate the message authentication code (MAC) of a message.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_mac_compute" title="psa_mac_compute">psa_mac_compute</a>(<a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+                             <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+                             const uint8_t * input,
+                             size_t input_length,
+                             uint8_t * mac,
+                             size_t mac_size,
+                             size_t * mac_length);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
+<dd>Identifier of the key to use for the operation.
+It must allow the usage <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code></a>.</dd>
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>The MAC algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_MAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dt> <code class="docutils literal"><span class="pre">input</span></code></dt>
+<dd>Buffer containing the input message.</dd>
+<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
+<dd>Size of the <code class="docutils literal"><span class="pre">input</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal"><span class="pre">mac</span></code></dt>
+<dd>Buffer where the MAC value is to be written.</dd>
+<dt> <code class="docutils literal"><span class="pre">mac_size</span></code></dt>
+<dd><p class="first">Size of the <code class="docutils literal"><span class="pre">mac</span></code> buffer in bytes.
+This must be appropriate for the selected algorithm and key:</p>
+<ul class="last simple">
+<li>The exact MAC size is <a class="reference internal" href="#c.PSA_MAC_LENGTH" title="PSA_MAC_LENGTH"><code class="docutils literal"><span class="pre">PSA_MAC_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">key_bits</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">key_type</span></code> and <code class="docutils literal"><span class="pre">key_bits</span></code> are attributes of the key used to compute the MAC.</li>
+<li><a class="reference internal" href="#c.PSA_MAC_MAX_SIZE" title="PSA_MAC_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_MAC_MAX_SIZE</span></code></a> evaluates to the maximum MAC size of any supported MAC algorithm.</li>
+</ul>
+</dd>
+<dt> <code class="docutils literal"><span class="pre">mac_length</span></code></dt>
+<dd>On success, the number of bytes that make up the MAC value.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd>Success.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
+<dd>The key does not have the <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code></a> flag, or it does not permit the requested algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">key</span></code> is not compatible with <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">alg</span></code> is not supported or is not a MAC algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
+<dd>The size of the <code class="docutils literal"><span class="pre">mac</span></code> buffer is too small.
+<a class="reference internal" href="#c.PSA_MAC_LENGTH" title="PSA_MAC_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_MAC_LENGTH()</span></code></a> or <a class="reference internal" href="#c.PSA_MAC_MAX_SIZE" title="PSA_MAC_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_MAC_MAX_SIZE</span></code></a> can be used to determine the required buffer size.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd>The key could not be retrieved from storage.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd>The key could not be retrieved from storage.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd>The key could not be retrieved from storage.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">To verify the MAC of a message against an expected value, use <a class="reference internal" href="#c.psa_mac_verify" title="psa_mac_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_verify()</span></code></a> instead. Beware that comparing integrity or authenticity data such as MAC values with a function such as <code class="docutils literal"><span class="pre">memcmp()</span></code> is risky because the time taken by the comparison might leak information about the MAC value which could allow an attacker to guess a valid MAC and thereby bypass security controls.</p>
+</div>
+</div>
+<div class="section" id="psa_mac_verify">
+<span id="c.psa_mac_verify"></span><h3><code class="docutils literal"><span class="pre">psa_mac_verify</span></code> (function)</h3>
+<p>Calculate the MAC of a message and compare it with a reference value.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_mac_verify" title="psa_mac_verify">psa_mac_verify</a>(<a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+                            <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+                            const uint8_t * input,
+                            size_t input_length,
+                            const uint8_t * mac,
+                            size_t mac_length);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
+<dd>Identifier of the key to use for the operation.
+It must allow the usage <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code></a>.</dd>
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>The MAC algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_MAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dt> <code class="docutils literal"><span class="pre">input</span></code></dt>
+<dd>Buffer containing the input message.</dd>
+<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
+<dd>Size of the <code class="docutils literal"><span class="pre">input</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal"><span class="pre">mac</span></code></dt>
+<dd>Buffer containing the expected MAC value.</dd>
+<dt> <code class="docutils literal"><span class="pre">mac_length</span></code></dt>
+<dd>Size of the <code class="docutils literal"><span class="pre">mac</span></code> buffer in bytes.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd>The expected MAC is identical to the actual MAC of the input.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a></dt>
+<dd>The MAC of the message was calculated successfully, but it differs from the expected value.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
+<dd>The key does not have the <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code></a> flag, or it does not permit the requested algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">key</span></code> is not compatible with <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">alg</span></code> is not supported or is not a MAC algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd>The key could not be retrieved from storage.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd>The key could not be retrieved from storage.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd>The key could not be retrieved from storage.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+</div>
+</div>
+<div class="section" id="multi-part-mac-operations">
+<h2>Multi-part MAC operations</h2>
+<div class="section" id="psa_mac_operation_t">
+<span id="c.psa_mac_operation_t"></span><h3><code class="docutils literal"><span class="pre">psa_mac_operation_t</span></code> (type)</h3>
+<p>The type of the state object for multi-part MAC operations.</p>
+<pre class="literal-block">
+typedef <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-type"><span class="std std-ref">/* implementation-defined type */</span></a></em> <a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t">psa_mac_operation_t</a>;
+</pre>
+<p>Before calling any function on a MAC operation object, the application must initialize it by any of the following means:</p>
+<ul>
+<li><p class="first">Set the object to all-bits-zero, for example:</p>
+<pre class="literal-block">
+<a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t">psa_mac_operation_t</a> operation;
+memset(&amp;operation, 0, sizeof(operation));
+</pre>
+</li>
+<li><p class="first">Initialize the object to logical zero values by declaring the object as static or global without an explicit initializer, for example:</p>
+<pre class="literal-block">
+static <a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t">psa_mac_operation_t</a> operation;
+</pre>
+</li>
+<li><p class="first">Initialize the object to the initializer <a class="reference internal" href="#c.PSA_MAC_OPERATION_INIT" title="PSA_MAC_OPERATION_INIT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_MAC_OPERATION_INIT</span></code></a>, for example:</p>
+<pre class="literal-block">
+<a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t">psa_mac_operation_t</a> operation = <a class="reference internal" href="#c.PSA_MAC_OPERATION_INIT" title="PSA_MAC_OPERATION_INIT">PSA_MAC_OPERATION_INIT</a>;
+</pre>
+</li>
+<li><p class="first">Assign the result of the function <a class="reference internal" href="#c.psa_mac_operation_init" title="psa_mac_operation_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_operation_init()</span></code></a> to the object, for example:</p>
+<pre class="literal-block">
+<a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t">psa_mac_operation_t</a> operation;
+operation = <a class="reference internal" href="#c.psa_mac_operation_init" title="psa_mac_operation_init">psa_mac_operation_init</a>();
+</pre>
+</li>
+</ul>
+<p>This is an implementation-defined type. Applications that make assumptions about the content of this object will result in in implementation-specific behavior, and are non-portable.</p>
+</div>
+<div class="section" id="PSA_MAC_OPERATION_INIT">
+<span id="c.PSA_MAC_OPERATION_INIT"></span><h3><code class="docutils literal"><span class="pre">PSA_MAC_OPERATION_INIT</span></code> (macro)</h3>
+<p>This macro returns a suitable initializer for a MAC operation object of type <a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_mac_operation_t</span></code></a>.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_MAC_OPERATION_INIT" title="PSA_MAC_OPERATION_INIT">PSA_MAC_OPERATION_INIT</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+</div>
+<div class="section" id="psa_mac_operation_init">
+<span id="c.psa_mac_operation_init"></span><h3><code class="docutils literal"><span class="pre">psa_mac_operation_init</span></code> (function)</h3>
+<p>Return an initial value for a MAC operation object.</p>
+<pre class="literal-block">
+<a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t">psa_mac_operation_t</a> <a class="reference internal" href="#c.psa_mac_operation_init" title="psa_mac_operation_init">psa_mac_operation_init</a>(void);
+</pre>
+<p class="rubric">Returns: <a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t"><code class="docutils literal"><span class="pre">psa_mac_operation_t</span></code></a></p>
+</div>
+<div class="section" id="psa_mac_sign_setup">
+<span id="c.psa_mac_sign_setup"></span><h3><code class="docutils literal"><span class="pre">psa_mac_sign_setup</span></code> (function)</h3>
+<p>Set up a multi-part MAC calculation operation.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_mac_sign_setup" title="psa_mac_sign_setup">psa_mac_sign_setup</a>(<a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t">psa_mac_operation_t</a> * operation,
+                                <a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+                                <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
+<dd>The operation object to set up. It must have been initialized as per the documentation for <a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_mac_operation_t</span></code></a> and not yet in use.</dd>
+<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
+<dd>Identifier of the key to use for the operation. It must remain valid until the operation terminates.
+It must allow the usage <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code></a>.</dd>
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>The MAC algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_MAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd>Success.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
+<dd>The key does not have the <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code></a> flag, or it does not permit the requested algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">key</span></code> is not compatible with <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">alg</span></code> is not supported or is not a MAC algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd>The key could not be retrieved from storage.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd>The key could not be retrieved from storage.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd>The key could not be retrieved from storage.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The operation state is not valid: it must be inactive.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>This function sets up the calculation of the message authentication code (MAC) of a byte string. To verify the MAC of a message against an expected value, use <a class="reference internal" href="#c.psa_mac_verify_setup" title="psa_mac_verify_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_verify_setup()</span></code></a> instead.</p>
+<p>The sequence of operations to calculate a MAC is as follows:</p>
+<ol class="arabic simple">
+<li>Allocate an operation object which will be passed to all the functions listed here.</li>
+<li>Initialize the operation object with one of the methods described in the documentation for <a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_mac_operation_t</span></code></a>, e.g. <a class="reference internal" href="#c.PSA_MAC_OPERATION_INIT" title="PSA_MAC_OPERATION_INIT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_MAC_OPERATION_INIT</span></code></a>.</li>
+<li>Call <a class="reference internal" href="#c.psa_mac_sign_setup" title="psa_mac_sign_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_sign_setup()</span></code></a> to specify the algorithm and key.</li>
+<li>Call <a class="reference internal" href="#c.psa_mac_update" title="psa_mac_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_update()</span></code></a> zero, one or more times, passing a fragment of the message each time. The MAC that is calculated is the MAC of the concatenation of these messages in order.</li>
+<li>At the end of the message, call <a class="reference internal" href="#c.psa_mac_sign_finish" title="psa_mac_sign_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_sign_finish()</span></code></a> to finish calculating the MAC value and retrieve it.</li>
+</ol>
+<p>If an error occurs at any step after a call to <a class="reference internal" href="#c.psa_mac_sign_setup" title="psa_mac_sign_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_sign_setup()</span></code></a>, the operation will need to be reset by a call to <a class="reference internal" href="#c.psa_mac_abort" title="psa_mac_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_abort()</span></code></a>. The application can call <a class="reference internal" href="#c.psa_mac_abort" title="psa_mac_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_abort()</span></code></a> at any time after the operation has been initialized.</p>
+<p>After a successful call to <a class="reference internal" href="#c.psa_mac_sign_setup" title="psa_mac_sign_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_sign_setup()</span></code></a>, the application must eventually terminate the operation through one of the following methods:</p>
+<ul class="simple">
+<li>A successful call to <a class="reference internal" href="#c.psa_mac_sign_finish" title="psa_mac_sign_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_sign_finish()</span></code></a>.</li>
+<li>A call to <a class="reference internal" href="#c.psa_mac_abort" title="psa_mac_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_abort()</span></code></a>.</li>
+</ul>
+</div>
+<div class="section" id="psa_mac_verify_setup">
+<span id="c.psa_mac_verify_setup"></span><h3><code class="docutils literal"><span class="pre">psa_mac_verify_setup</span></code> (function)</h3>
+<p>Set up a multi-part MAC verification operation.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_mac_verify_setup" title="psa_mac_verify_setup">psa_mac_verify_setup</a>(<a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t">psa_mac_operation_t</a> * operation,
+                                  <a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+                                  <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
+<dd>The operation object to set up. It must have been initialized as per the documentation for <a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_mac_operation_t</span></code></a> and not yet in use.</dd>
+<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
+<dd>Identifier of the key to use for the operation. It must remain valid until the operation terminates.
+It must allow the usage <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code></a>.</dd>
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>The MAC algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_MAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd>Success.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
+<dd>The key does not have the <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code></a> flag, or it does not permit the requested algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">key</span></code> is not compatible with <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
+<dd><code class="docutils literal"><span class="pre">alg</span></code> is not supported or is not a MAC algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd>The key could not be retrieved from storage</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd>The key could not be retrieved from storage.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd>The key could not be retrieved from storage.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The operation state is not valid: it must be inactive.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>This function sets up the verification of the message authentication code (MAC) of a byte string against an expected value.</p>
+<p>The sequence of operations to verify a MAC is as follows:</p>
+<ol class="arabic simple">
+<li>Allocate an operation object which will be passed to all the functions listed here.</li>
+<li>Initialize the operation object with one of the methods described in the documentation for <a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_mac_operation_t</span></code></a>, e.g. <a class="reference internal" href="#c.PSA_MAC_OPERATION_INIT" title="PSA_MAC_OPERATION_INIT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_MAC_OPERATION_INIT</span></code></a>.</li>
+<li>Call <a class="reference internal" href="#c.psa_mac_verify_setup" title="psa_mac_verify_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_verify_setup()</span></code></a> to specify the algorithm and key.</li>
+<li>Call <a class="reference internal" href="#c.psa_mac_update" title="psa_mac_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_update()</span></code></a> zero, one or more times, passing a fragment of the message each time. The MAC that is calculated is the MAC of the concatenation of these messages in order.</li>
+<li>At the end of the message, call <a class="reference internal" href="#c.psa_mac_verify_finish" title="psa_mac_verify_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_verify_finish()</span></code></a> to finish calculating the actual MAC of the message and verify it against the expected value.</li>
+</ol>
+<p>If an error occurs at any step after a call to <a class="reference internal" href="#c.psa_mac_verify_setup" title="psa_mac_verify_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_verify_setup()</span></code></a>, the operation will need to be reset by a call to <a class="reference internal" href="#c.psa_mac_abort" title="psa_mac_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_abort()</span></code></a>. The application can call <a class="reference internal" href="#c.psa_mac_abort" title="psa_mac_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_abort()</span></code></a> at any time after the operation has been initialized.</p>
+<p>After a successful call to <a class="reference internal" href="#c.psa_mac_verify_setup" title="psa_mac_verify_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_verify_setup()</span></code></a>, the application must eventually terminate the operation through one of the following methods:</p>
+<ul class="simple">
+<li>A successful call to <a class="reference internal" href="#c.psa_mac_verify_finish" title="psa_mac_verify_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_verify_finish()</span></code></a>.</li>
+<li>A call to <a class="reference internal" href="#c.psa_mac_abort" title="psa_mac_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_abort()</span></code></a>.</li>
+</ul>
+</div>
+<div class="section" id="psa_mac_update">
+<span id="c.psa_mac_update"></span><h3><code class="docutils literal"><span class="pre">psa_mac_update</span></code> (function)</h3>
+<p>Add a message fragment to a multi-part MAC operation.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_mac_update" title="psa_mac_update">psa_mac_update</a>(<a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t">psa_mac_operation_t</a> * operation,
+                            const uint8_t * input,
+                            size_t input_length);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
+<dd>Active MAC operation.</dd>
+<dt> <code class="docutils literal"><span class="pre">input</span></code></dt>
+<dd>Buffer containing the message fragment to add to the MAC calculation.</dd>
+<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
+<dd>Size of the <code class="docutils literal"><span class="pre">input</span></code> buffer in bytes.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd>Success.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The operation state is not valid: it must be active.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>The application must call <a class="reference internal" href="#c.psa_mac_sign_setup" title="psa_mac_sign_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_sign_setup()</span></code></a> or <a class="reference internal" href="#c.psa_mac_verify_setup" title="psa_mac_verify_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_verify_setup()</span></code></a> before calling this function.</p>
+<p>If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_mac_abort" title="psa_mac_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_abort()</span></code></a>.</p>
+</div>
+<div class="section" id="psa_mac_sign_finish">
+<span id="c.psa_mac_sign_finish"></span><h3><code class="docutils literal"><span class="pre">psa_mac_sign_finish</span></code> (function)</h3>
+<p>Finish the calculation of the MAC of a message.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_mac_sign_finish" title="psa_mac_sign_finish">psa_mac_sign_finish</a>(<a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t">psa_mac_operation_t</a> * operation,
+                                 uint8_t * mac,
+                                 size_t mac_size,
+                                 size_t * mac_length);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
+<dd>Active MAC operation.</dd>
+<dt> <code class="docutils literal"><span class="pre">mac</span></code></dt>
+<dd>Buffer where the MAC value is to be written.</dd>
+<dt> <code class="docutils literal"><span class="pre">mac_size</span></code></dt>
+<dd><p class="first">Size of the <code class="docutils literal"><span class="pre">mac</span></code> buffer in bytes.
+This must be appropriate for the selected algorithm and key:</p>
+<ul class="last simple">
+<li>The exact MAC size is <a class="reference internal" href="#c.PSA_MAC_LENGTH" title="PSA_MAC_LENGTH"><code class="docutils literal"><span class="pre">PSA_MAC_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">key_bits</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">key_type</span></code> and <code class="docutils literal"><span class="pre">key_bits</span></code> are attributes of the key, and <code class="docutils literal"><span class="pre">alg</span></code> is the algorithm used to compute the MAC.</li>
+<li><a class="reference internal" href="#c.PSA_MAC_MAX_SIZE" title="PSA_MAC_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_MAC_MAX_SIZE</span></code></a> evaluates to the maximum MAC size of any supported MAC algorithm.</li>
+</ul>
+</dd>
+<dt> <code class="docutils literal"><span class="pre">mac_length</span></code></dt>
+<dd>On success, the number of bytes that make up the MAC value. This is always <code class="docutils literal"><span class="pre">PSA_MAC_FINAL_SIZE</span></code><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">key_bits</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">key_type</span></code> and <code class="docutils literal"><span class="pre">key_bits</span></code> are the type and bit-size respectively of the key and <code class="docutils literal"><span class="pre">alg</span></code> is the MAC algorithm that is calculated.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd>Success.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The operation state is not valid: it must be an active mac sign operation.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
+<dd>The size of the <code class="docutils literal"><span class="pre">mac</span></code> buffer is too small.
+<a class="reference internal" href="#c.PSA_MAC_LENGTH" title="PSA_MAC_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_MAC_LENGTH()</span></code></a> or <a class="reference internal" href="#c.PSA_MAC_MAX_SIZE" title="PSA_MAC_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_MAC_MAX_SIZE</span></code></a> can be used to determine the required buffer size.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>The application must call <a class="reference internal" href="#c.psa_mac_sign_setup" title="psa_mac_sign_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_sign_setup()</span></code></a> before calling this function. This function calculates the MAC of the message formed by concatenating the inputs passed to preceding calls to <a class="reference internal" href="#c.psa_mac_update" title="psa_mac_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_update()</span></code></a>.</p>
+<p>When this function returns successfully, the operation becomes inactive. If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_mac_abort" title="psa_mac_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_abort()</span></code></a>.</p>
+<div class="admonition warning">
+<p class="first admonition-title">Warning</p>
+<p>It is not recommended to use this function when a specific value is expected for the MAC. Call <a class="reference internal" href="#c.psa_mac_verify_finish" title="psa_mac_verify_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_verify_finish()</span></code></a> instead with the expected MAC value.</p>
+<p class="last">Comparing integrity or authenticity data such as MAC values with a function such as <code class="docutils literal"><span class="pre">memcmp()</span></code> is risky because the time taken by the comparison might leak information about the hashed data which could allow an attacker to guess a valid MAC and thereby bypass security controls.</p>
+</div>
+</div>
+<div class="section" id="psa_mac_verify_finish">
+<span id="c.psa_mac_verify_finish"></span><h3><code class="docutils literal"><span class="pre">psa_mac_verify_finish</span></code> (function)</h3>
+<p>Finish the calculation of the MAC of a message and compare it with an expected value.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_mac_verify_finish" title="psa_mac_verify_finish">psa_mac_verify_finish</a>(<a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t">psa_mac_operation_t</a> * operation,
+                                   const uint8_t * mac,
+                                   size_t mac_length);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
+<dd>Active MAC operation.</dd>
+<dt> <code class="docutils literal"><span class="pre">mac</span></code></dt>
+<dd>Buffer containing the expected MAC value.</dd>
+<dt> <code class="docutils literal"><span class="pre">mac_length</span></code></dt>
+<dd>Size of the <code class="docutils literal"><span class="pre">mac</span></code> buffer in bytes.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd>The expected MAC is identical to the actual MAC of the message.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a></dt>
+<dd>The MAC of the message was calculated successfully, but it differs from the expected MAC.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The operation state is not valid: it must be an active mac verify operation.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>The application must call <a class="reference internal" href="#c.psa_mac_verify_setup" title="psa_mac_verify_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_verify_setup()</span></code></a> before calling this function. This function calculates the MAC of the message formed by concatenating the inputs passed to preceding calls to <a class="reference internal" href="#c.psa_mac_update" title="psa_mac_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_update()</span></code></a>. It then compares the calculated MAC with the expected MAC passed as a parameter to this function.</p>
+<p>When this function returns successfully, the operation becomes inactive. If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_mac_abort" title="psa_mac_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_abort()</span></code></a>.</p>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">Implementations must make the best effort to ensure that the comparison between the actual MAC and the expected MAC is performed in constant time.</p>
+</div>
+</div>
+<div class="section" id="psa_mac_abort">
+<span id="c.psa_mac_abort"></span><h3><code class="docutils literal"><span class="pre">psa_mac_abort</span></code> (function)</h3>
+<p>Abort a MAC operation.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_mac_abort" title="psa_mac_abort">psa_mac_abort</a>(<a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t">psa_mac_operation_t</a> * operation);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
+<dd>Initialized MAC operation.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>Aborting an operation frees all associated resources except for the <code class="docutils literal"><span class="pre">operation</span></code> object itself. Once aborted, the operation object can be reused for another operation by calling <a class="reference internal" href="#c.psa_mac_sign_setup" title="psa_mac_sign_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_sign_setup()</span></code></a> or <a class="reference internal" href="#c.psa_mac_verify_setup" title="psa_mac_verify_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_verify_setup()</span></code></a> again.</p>
+<p>This function can be called any time after the operation object has been initialized by one of the methods described in <a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_mac_operation_t</span></code></a>.</p>
+<p>In particular, calling <a class="reference internal" href="#c.psa_mac_abort" title="psa_mac_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_abort()</span></code></a> after the operation has been terminated by a call to <a class="reference internal" href="#c.psa_mac_abort" title="psa_mac_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_abort()</span></code></a>, <a class="reference internal" href="#c.psa_mac_sign_finish" title="psa_mac_sign_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_sign_finish()</span></code></a> or <a class="reference internal" href="#c.psa_mac_verify_finish" title="psa_mac_verify_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_verify_finish()</span></code></a> is safe and has no effect.</p>
+</div>
+</div>
+<div class="section" id="support-macros">
+<h2>Support macros</h2>
+<div class="section" id="PSA_ALG_IS_HMAC">
+<span id="c.PSA_ALG_IS_HMAC"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_HMAC</span></code> (macro)</h3>
+<p>Whether the specified algorithm is an HMAC algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_IS_HMAC" title="PSA_ALG_IS_HMAC">PSA_ALG_IS_HMAC</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is an HMAC algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+<p class="rubric">Description</p>
+<p>HMAC is a family of MAC algorithms that are based on a hash function.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_BLOCK_CIPHER_MAC">
+<span id="c.PSA_ALG_IS_BLOCK_CIPHER_MAC"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_BLOCK_CIPHER_MAC</span></code> (macro)</h3>
+<p>Whether the specified algorithm is a MAC algorithm based on a block cipher.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_IS_BLOCK_CIPHER_MAC" title="PSA_ALG_IS_BLOCK_CIPHER_MAC">PSA_ALG_IS_BLOCK_CIPHER_MAC</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a MAC algorithm based on a block cipher, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+</div>
+<div class="section" id="PSA_ALG_FULL_LENGTH_MAC">
+<span id="c.PSA_ALG_FULL_LENGTH_MAC"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_FULL_LENGTH_MAC</span></code> (macro)</h3>
+<p>Macro to construct the MAC algorithm with a full length MAC, from a truncated MAC algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_FULL_LENGTH_MAC" title="PSA_ALG_FULL_LENGTH_MAC">PSA_ALG_FULL_LENGTH_MAC</a>(mac_alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">mac_alg</span></code></dt>
+<dd>A MAC algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_MAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true). This can be a truncated or untruncated MAC algorithm.</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>The corresponding MAC algorithm with a full length MAC.</p>
+<p>Unspecified if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported MAC algorithm.</p>
+</div>
+<div class="section" id="PSA_MAC_LENGTH">
+<span id="c.PSA_MAC_LENGTH"></span><h3><code class="docutils literal"><span class="pre">PSA_MAC_LENGTH</span></code> (macro)</h3>
+<p>The size of the output of <a class="reference internal" href="#c.psa_mac_compute" title="psa_mac_compute"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_compute()</span></code></a> and <a class="reference internal" href="#c.psa_mac_sign_finish" title="psa_mac_sign_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_sign_finish()</span></code></a>, in bytes.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_MAC_LENGTH" title="PSA_MAC_LENGTH">PSA_MAC_LENGTH</a>(key_type, key_bits, alg) \
+    <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
+<dd>The type of the MAC key.</dd>
+<dt> <code class="docutils literal"><span class="pre">key_bits</span></code></dt>
+<dd>The size of the MAC key in bits.</dd>
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>A MAC algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_MAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>The MAC length for the specified algorithm with the specified key parameters.</p>
+<p><code class="docutils literal"><span class="pre">0</span></code> if the MAC algorithm is not recognized.</p>
+<p>Either <code class="docutils literal"><span class="pre">0</span></code> or the correct length for a MAC algorithm that the implementation recognizes, but does not support.</p>
+<p>Unspecified if the key parameters are not consistent with the algorithm.</p>
+<p class="rubric">Description</p>
+<p>This is also the MAC length that <a class="reference internal" href="#c.psa_mac_verify" title="psa_mac_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_verify()</span></code></a> and <a class="reference internal" href="#c.psa_mac_verify_finish" title="psa_mac_verify_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_verify_finish()</span></code></a> expects.</p>
+<p>See also <a class="reference internal" href="#c.PSA_MAC_MAX_SIZE" title="PSA_MAC_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_MAC_MAX_SIZE</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_MAC_MAX_SIZE">
+<span id="c.PSA_MAC_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_MAC_MAX_SIZE</span></code> (macro)</h3>
+<p>Maximum size of a MAC.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_MAC_MAX_SIZE" title="PSA_MAC_MAX_SIZE">PSA_MAC_MAX_SIZE</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p>This macro must expand to a compile-time constant integer.
+It is recommended that this value is the maximum size of a MAC supported by the implementation, in bytes. The value must not be smaller than this maximum.</p>
+<p>See also <a class="reference internal" href="#c.PSA_MAC_LENGTH" title="PSA_MAC_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_MAC_LENGTH()</span></code></a>.</p>
+</div>
+</div>
+</div>
+
+
+          </div>
+        </div>
+      </div>
+      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
+        <div class="sphinxsidebarwrapper">
+  <h3><a href="../../index.html">Table Of Contents</a></h3>
+  <ul>
+<li><a class="reference internal" href="#">Message authentication codes (MAC)</a><ul>
+<li><a class="reference internal" href="#mac-algorithms">MAC algorithms</a><ul>
+<li><a class="reference internal" href="#PSA_ALG_HMAC"><code class="docutils literal"><span class="pre">PSA_ALG_HMAC</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_TRUNCATED_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_TRUNCATED_MAC</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_CBC_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_CBC_MAC</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_CMAC"><code class="docutils literal"><span class="pre">PSA_ALG_CMAC</span></code> (macro)</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#single-part-mac-functions">Single-part MAC functions</a><ul>
+<li><a class="reference internal" href="#psa_mac_compute"><code class="docutils literal"><span class="pre">psa_mac_compute</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_mac_verify"><code class="docutils literal"><span class="pre">psa_mac_verify</span></code> (function)</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#multi-part-mac-operations">Multi-part MAC operations</a><ul>
+<li><a class="reference internal" href="#psa_mac_operation_t"><code class="docutils literal"><span class="pre">psa_mac_operation_t</span></code> (type)</a></li>
+<li><a class="reference internal" href="#PSA_MAC_OPERATION_INIT"><code class="docutils literal"><span class="pre">PSA_MAC_OPERATION_INIT</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#psa_mac_operation_init"><code class="docutils literal"><span class="pre">psa_mac_operation_init</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_mac_sign_setup"><code class="docutils literal"><span class="pre">psa_mac_sign_setup</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_mac_verify_setup"><code class="docutils literal"><span class="pre">psa_mac_verify_setup</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_mac_update"><code class="docutils literal"><span class="pre">psa_mac_update</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_mac_sign_finish"><code class="docutils literal"><span class="pre">psa_mac_sign_finish</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_mac_verify_finish"><code class="docutils literal"><span class="pre">psa_mac_verify_finish</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_mac_abort"><code class="docutils literal"><span class="pre">psa_mac_abort</span></code> (function)</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#support-macros">Support macros</a><ul>
+<li><a class="reference internal" href="#PSA_ALG_IS_HMAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HMAC</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_IS_BLOCK_CIPHER_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_BLOCK_CIPHER_MAC</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_FULL_LENGTH_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_FULL_LENGTH_MAC</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_MAC_LENGTH"><code class="docutils literal"><span class="pre">PSA_MAC_LENGTH</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_MAC_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_MAC_MAX_SIZE</span></code> (macro)</a></li>
+</ul>
+</li>
+</ul>
+</li>
+</ul>
+<div class="relations">
+<h3>Related Topics</h3>
+<ul>
+  <li><a href="../../index.html">Documentation overview</a><ul>
+  <li><a href="index.html">Cryptographic operation reference</a><ul>
+      <li>Previous: <a href="hashes.html" title="previous chapter">Message digests</a></li>
+      <li>Next: <a href="ciphers.html" title="next chapter">Unauthenticated ciphers</a></li>
+  </ul></li>
+  </ul></li>
+</ul>
+</div>
+  <div role="note" aria-label="source link">
+    <h3>This Page</h3>
+    <ul class="this-page-menu">
+      <li><a href="../../_sources/api/ops/macs.rst.txt"
+            rel="nofollow">Show Source</a></li>
+    </ul>
+   </div>
+<div id="searchbox" style="display: none" role="search">
+  <h3>Quick search</h3>
+    <form class="search" action="../../search.html" method="get">
+      <div><input type="text" name="q" /></div>
+      <div><input type="submit" value="Go" /></div>
+      <input type="hidden" name="check_keywords" value="yes" />
+      <input type="hidden" name="area" value="default" />
+    </form>
+</div>
+<script type="text/javascript">$('#searchbox').show(0);</script>
+        </div>
+      </div>
+      <div class="clearer"></div>
+    </div>
+    <div class="footer">
+      &copy; 2019-2020, Arm Limited or its affiliates. All rights reserved.
+      
+      |
+      Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
+      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
+      
+      |
+      <a href="../../_sources/api/ops/macs.rst.txt"
+          rel="nofollow">Page source</a>
+    </div>
+
+    
+
+    
+  </body>
+</html>
\ No newline at end of file
diff --git a/docs/html/api/ops/pke.html b/docs/html/api/ops/pke.html
new file mode 100644
index 0000000..0d364c5
--- /dev/null
+++ b/docs/html/api/ops/pke.html
@@ -0,0 +1,406 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <title>Asymmetric encryption &#8212; PSA Crypto API 1.0.0 documentation</title>
+    <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
+    <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
+    <script type="text/javascript">
+      var DOCUMENTATION_OPTIONS = {
+        URL_ROOT:    '../../',
+        VERSION:     '1.0.0',
+        COLLAPSE_INDEX: false,
+        FILE_SUFFIX: '.html',
+        HAS_SOURCE:  true,
+        SOURCELINK_SUFFIX: '.txt'
+      };
+    </script>
+    <script type="text/javascript" src="../../_static/jquery.js"></script>
+    <script type="text/javascript" src="../../_static/underscore.js"></script>
+    <script type="text/javascript" src="../../_static/doctools.js"></script>
+    <link rel="index" title="Index" href="../../genindex.html" />
+    <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="Key agreement" href="ka.html" />
+    <link rel="prev" title="Asymmetric signature" href="sign.html" />
+   
+  <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
+  
+  <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
+
+  </head>
+  <body>
+  
+
+    <div class="document">
+      <div class="documentwrapper">
+        <div class="bodywrapper">
+          <div class="body" role="main">
+            
+  <div class="section" id="asymmetric-encryption">
+<span id="pke"></span><h1>Asymmetric encryption</h1>
+<div class="section" id="asymmetric-encryption-algorithms">
+<span id="id1"></span><h2>Asymmetric encryption algorithms</h2>
+<div class="section" id="PSA_ALG_RSA_PKCS1V15_CRYPT">
+<span id="c.PSA_ALG_RSA_PKCS1V15_CRYPT"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_CRYPT</span></code> (macro)</h3>
+<p>RSA PKCS#1 v1.5 encryption.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_RSA_PKCS1V15_CRYPT" title="PSA_ALG_RSA_PKCS1V15_CRYPT">PSA_ALG_RSA_PKCS1V15_CRYPT</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x07000200)
+</pre>
+</div>
+<div class="section" id="PSA_ALG_RSA_OAEP">
+<span id="c.PSA_ALG_RSA_OAEP"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_RSA_OAEP</span></code> (macro)</h3>
+<p>RSA OAEP encryption.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_RSA_OAEP" title="PSA_ALG_RSA_OAEP">PSA_ALG_RSA_OAEP</a>(hash_alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">hash_alg</span></code></dt>
+<dd>The hash algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true) to use for MGF1.</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>The corresponding RSA OAEP signature algorithm.</p>
+<p>Unspecified if <code class="docutils literal"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
+<p class="rubric">Description</p>
+<p>This is the encryption scheme defined by <a class="reference external" href="https://tools.ietf.org/html/rfc8017.html">RFC 8017</a> (PKCS#1: RSA Cryptography Specifications) under the name RSAES-OAEP, with the message generation function MGF1.</p>
+</div>
+</div>
+<div class="section" id="asymmetric-encryption-functions">
+<h2>Asymmetric encryption functions</h2>
+<div class="section" id="psa_asymmetric_encrypt">
+<span id="c.psa_asymmetric_encrypt"></span><h3><code class="docutils literal"><span class="pre">psa_asymmetric_encrypt</span></code> (function)</h3>
+<p>Encrypt a short message with a public key.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_asymmetric_encrypt" title="psa_asymmetric_encrypt">psa_asymmetric_encrypt</a>(<a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+                                    <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+                                    const uint8_t * input,
+                                    size_t input_length,
+                                    const uint8_t * salt,
+                                    size_t salt_length,
+                                    uint8_t * output,
+                                    size_t output_size,
+                                    size_t * output_length);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
+<dd>Identifer of the key to use for the operation. It must be a public key or an asymmetric key pair.
+It must allow the usage <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code></a>.</dd>
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An asymmetric encryption algorithm that is compatible with the type of <code class="docutils literal"><span class="pre">key</span></code>.</dd>
+<dt> <code class="docutils literal"><span class="pre">input</span></code></dt>
+<dd>The message to encrypt.</dd>
+<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
+<dd>Size of the <code class="docutils literal"><span class="pre">input</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal"><span class="pre">salt</span></code></dt>
+<dd>A salt or label, if supported by the encryption algorithm. If the algorithm does not support a salt, pass <code class="docutils literal"><span class="pre">NULL</span></code>. If the algorithm supports an optional salt, pass <code class="docutils literal"><span class="pre">NULL</span></code> to indicate that there is no salt.</dd>
+<dt> <code class="docutils literal"><span class="pre">salt_length</span></code></dt>
+<dd>Size of the <code class="docutils literal"><span class="pre">salt</span></code> buffer in bytes. If <code class="docutils literal"><span class="pre">salt</span></code> is <code class="docutils literal"><span class="pre">NULL</span></code>, pass <code class="docutils literal"><span class="pre">0</span></code>.</dd>
+<dt> <code class="docutils literal"><span class="pre">output</span></code></dt>
+<dd>Buffer where the encrypted message is to be written.</dd>
+<dt> <code class="docutils literal"><span class="pre">output_size</span></code></dt>
+<dd><p class="first">Size of the <code class="docutils literal"><span class="pre">output</span></code> buffer in bytes.
+This must be appropriate for the selected algorithm and key:</p>
+<ul class="last simple">
+<li>The required output size is <a class="reference internal" href="#c.PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE" title="PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">key_bits</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">key_type</span></code> and <code class="docutils literal"><span class="pre">key_bits</span></code> are the type and bit-size respectively of <code class="docutils literal"><span class="pre">key</span></code>.</li>
+<li><a class="reference internal" href="#c.PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE" title="PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE</span></code></a> evaluates to the maximum output size of any supported asymmetric encryption.</li>
+</ul>
+</dd>
+<dt> <code class="docutils literal"><span class="pre">output_length</span></code></dt>
+<dd>On success, the number of bytes that make up the returned output.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
+<dd>The key does not have the <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code></a> flag, or it does not permit the requested algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
+<dd>The size of the <code class="docutils literal"><span class="pre">output</span></code> buffer is too small.
+<a class="reference internal" href="#c.PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE" title="PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE()</span></code></a> or <a class="reference internal" href="#c.PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE" title="PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE</span></code></a> can be used to determine the required buffer size.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_ENTROPY" title="PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<ul class="simple">
+<li>For <a class="reference internal" href="#c.PSA_ALG_RSA_PKCS1V15_CRYPT" title="PSA_ALG_RSA_PKCS1V15_CRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_CRYPT</span></code></a>, no salt is supported.</li>
+</ul>
+</div>
+<div class="section" id="psa_asymmetric_decrypt">
+<span id="c.psa_asymmetric_decrypt"></span><h3><code class="docutils literal"><span class="pre">psa_asymmetric_decrypt</span></code> (function)</h3>
+<p>Decrypt a short message with a private key.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_asymmetric_decrypt" title="psa_asymmetric_decrypt">psa_asymmetric_decrypt</a>(<a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+                                    <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+                                    const uint8_t * input,
+                                    size_t input_length,
+                                    const uint8_t * salt,
+                                    size_t salt_length,
+                                    uint8_t * output,
+                                    size_t output_size,
+                                    size_t * output_length);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
+<dd>Identifier of the key to use for the operation. It must be an asymmetric key pair.
+It must allow the usage <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code></a>.</dd>
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An asymmetric encryption algorithm that is compatible with the type of <code class="docutils literal"><span class="pre">key</span></code>.</dd>
+<dt> <code class="docutils literal"><span class="pre">input</span></code></dt>
+<dd>The message to decrypt.</dd>
+<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
+<dd>Size of the <code class="docutils literal"><span class="pre">input</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal"><span class="pre">salt</span></code></dt>
+<dd>A salt or label, if supported by the encryption algorithm. If the algorithm does not support a salt, pass <code class="docutils literal"><span class="pre">NULL</span></code>. If the algorithm supports an optional salt, pass <code class="docutils literal"><span class="pre">NULL</span></code> to indicate that there is no salt.</dd>
+<dt> <code class="docutils literal"><span class="pre">salt_length</span></code></dt>
+<dd>Size of the <code class="docutils literal"><span class="pre">salt</span></code> buffer in bytes. If <code class="docutils literal"><span class="pre">salt</span></code> is <code class="docutils literal"><span class="pre">NULL</span></code>, pass <code class="docutils literal"><span class="pre">0</span></code>.</dd>
+<dt> <code class="docutils literal"><span class="pre">output</span></code></dt>
+<dd>Buffer where the decrypted message is to be written.</dd>
+<dt> <code class="docutils literal"><span class="pre">output_size</span></code></dt>
+<dd><p class="first">Size of the <code class="docutils literal"><span class="pre">output</span></code> buffer in bytes.
+This must be appropriate for the selected algorithm and key:</p>
+<ul class="last simple">
+<li>The required output size is <a class="reference internal" href="#c.PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE" title="PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">key_bits</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">key_type</span></code> and <code class="docutils literal"><span class="pre">key_bits</span></code> are the type and bit-size respectively of <code class="docutils literal"><span class="pre">key</span></code>.</li>
+<li><a class="reference internal" href="#c.PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE" title="PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE</span></code></a> evaluates to the maximum output size of any supported asymmetric decryption.</li>
+</ul>
+</dd>
+<dt> <code class="docutils literal"><span class="pre">output_length</span></code></dt>
+<dd>On success, the number of bytes that make up the returned output.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
+<dd>The key does not have the <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code></a> flag, or it does not permit the requested algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
+<dd>The size of the <code class="docutils literal"><span class="pre">output</span></code> buffer is too small.
+<a class="reference internal" href="#c.PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE" title="PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE()</span></code></a> or <a class="reference internal" href="#c.PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE" title="PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE</span></code></a> can be used to determine the required buffer size.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_ENTROPY" title="PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_PADDING" title="PSA_ERROR_INVALID_PADDING"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_PADDING</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<ul class="simple">
+<li>For <a class="reference internal" href="#c.PSA_ALG_RSA_PKCS1V15_CRYPT" title="PSA_ALG_RSA_PKCS1V15_CRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_CRYPT</span></code></a>, no salt is supported.</li>
+</ul>
+</div>
+</div>
+<div class="section" id="support-macros">
+<h2>Support macros</h2>
+<div class="section" id="PSA_ALG_IS_RSA_OAEP">
+<span id="c.PSA_ALG_IS_RSA_OAEP"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_RSA_OAEP</span></code> (macro)</h3>
+<p>Whether the specified algorithm is an RSA OAEP encryption algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_IS_RSA_OAEP" title="PSA_ALG_IS_RSA_OAEP">PSA_ALG_IS_RSA_OAEP</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is an RSA OAEP algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise.</p>
+<p>This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+</div>
+<div class="section" id="PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE">
+<span id="c.PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE</span></code> (macro)</h3>
+<p>Sufficient output buffer size for <a class="reference internal" href="#c.psa_asymmetric_encrypt" title="psa_asymmetric_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_asymmetric_encrypt()</span></code></a>.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE" title="PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE</a>(key_type, key_bits, alg) \
+    <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
+<dd>An asymmetric key type, either a key pair or a public key.</dd>
+<dt> <code class="docutils literal"><span class="pre">key_bits</span></code></dt>
+<dd>The size of the key in bits.</dd>
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>The signature algorithm.</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>If the parameters are valid and supported, return a buffer size in bytes that guarantees that <a class="reference internal" href="#c.psa_asymmetric_encrypt" title="psa_asymmetric_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_asymmetric_encrypt()</span></code></a> will not fail with <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a>. If the parameters are a valid combination that is not supported by the implementation, this macro must return either a sensible size or <code class="docutils literal"><span class="pre">0</span></code>. If the parameters are not valid, the return value is unspecified.</p>
+<p class="rubric">Description</p>
+<p>This macro returns a sufficient buffer size for a ciphertext produced using a key of the specified type and size, with the specified algorithm. Note that the actual size of the ciphertext might be smaller, depending on the algorithm.</p>
+<div class="admonition warning">
+<p class="first admonition-title">Warning</p>
+<p class="last">This function might evaluate its arguments multiple times or zero times. Providing arguments that have side effects will result in implementation-specific behavior, and is non-portable.</p>
+</div>
+<p>See also <a class="reference internal" href="#c.PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE" title="PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE">
+<span id="c.PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE</span></code> (macro)</h3>
+<p>A sufficient output buffer size for <a class="reference internal" href="#c.psa_asymmetric_encrypt" title="psa_asymmetric_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_asymmetric_encrypt()</span></code></a>, for any supported asymmetric encryption.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE" title="PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE</a> \
+    <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p>See also <a class="reference internal" href="#c.PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE" title="PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE()</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE">
+<span id="c.PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE</span></code> (macro)</h3>
+<p>Sufficient output buffer size for <a class="reference internal" href="#c.psa_asymmetric_decrypt" title="psa_asymmetric_decrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_asymmetric_decrypt()</span></code></a>.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE" title="PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE">PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE</a>(key_type, key_bits, alg) \
+    <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
+<dd>An asymmetric key type, either a key pair or a public key.</dd>
+<dt> <code class="docutils literal"><span class="pre">key_bits</span></code></dt>
+<dd>The size of the key in bits.</dd>
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>The signature algorithm.</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>If the parameters are valid and supported, return a buffer size in bytes that guarantees that <a class="reference internal" href="#c.psa_asymmetric_decrypt" title="psa_asymmetric_decrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_asymmetric_decrypt()</span></code></a> will not fail with <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a>. If the parameters are a valid combination that is not supported by the implementation, this macro must return either a sensible size or <code class="docutils literal"><span class="pre">0</span></code>. If the parameters are not valid, the return value is unspecified.</p>
+<p class="rubric">Description</p>
+<p>This macro returns a sufficient buffer size for a ciphertext produced using a key of the specified type and size, with the specified algorithm. Note that the actual size of the ciphertext might be smaller, depending on the algorithm.</p>
+<div class="admonition warning">
+<p class="first admonition-title">Warning</p>
+<p class="last">This function might evaluate its arguments multiple times or zero times. Providing arguments that have side effects will result in implementation-specific behavior, and is non-portable.</p>
+</div>
+<p>See also <a class="reference internal" href="#c.PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE" title="PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE">
+<span id="c.PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE</span></code> (macro)</h3>
+<p>A sufficient output buffer size for <a class="reference internal" href="#c.psa_asymmetric_decrypt" title="psa_asymmetric_decrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_asymmetric_decrypt()</span></code></a>, for any supported asymmetric decryption.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE" title="PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE">PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE</a> \
+    <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p>See also <a class="reference internal" href="#c.PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE" title="PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE()</span></code></a>.</p>
+</div>
+</div>
+</div>
+
+
+          </div>
+        </div>
+      </div>
+      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
+        <div class="sphinxsidebarwrapper">
+  <h3><a href="../../index.html">Table Of Contents</a></h3>
+  <ul>
+<li><a class="reference internal" href="#">Asymmetric encryption</a><ul>
+<li><a class="reference internal" href="#asymmetric-encryption-algorithms">Asymmetric encryption algorithms</a><ul>
+<li><a class="reference internal" href="#PSA_ALG_RSA_PKCS1V15_CRYPT"><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_CRYPT</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_RSA_OAEP"><code class="docutils literal"><span class="pre">PSA_ALG_RSA_OAEP</span></code> (macro)</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#asymmetric-encryption-functions">Asymmetric encryption functions</a><ul>
+<li><a class="reference internal" href="#psa_asymmetric_encrypt"><code class="docutils literal"><span class="pre">psa_asymmetric_encrypt</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_asymmetric_decrypt"><code class="docutils literal"><span class="pre">psa_asymmetric_decrypt</span></code> (function)</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#support-macros">Support macros</a><ul>
+<li><a class="reference internal" href="#PSA_ALG_IS_RSA_OAEP"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RSA_OAEP</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
+</ul>
+</li>
+</ul>
+</li>
+</ul>
+<div class="relations">
+<h3>Related Topics</h3>
+<ul>
+  <li><a href="../../index.html">Documentation overview</a><ul>
+  <li><a href="index.html">Cryptographic operation reference</a><ul>
+      <li>Previous: <a href="sign.html" title="previous chapter">Asymmetric signature</a></li>
+      <li>Next: <a href="ka.html" title="next chapter">Key agreement</a></li>
+  </ul></li>
+  </ul></li>
+</ul>
+</div>
+  <div role="note" aria-label="source link">
+    <h3>This Page</h3>
+    <ul class="this-page-menu">
+      <li><a href="../../_sources/api/ops/pke.rst.txt"
+            rel="nofollow">Show Source</a></li>
+    </ul>
+   </div>
+<div id="searchbox" style="display: none" role="search">
+  <h3>Quick search</h3>
+    <form class="search" action="../../search.html" method="get">
+      <div><input type="text" name="q" /></div>
+      <div><input type="submit" value="Go" /></div>
+      <input type="hidden" name="check_keywords" value="yes" />
+      <input type="hidden" name="area" value="default" />
+    </form>
+</div>
+<script type="text/javascript">$('#searchbox').show(0);</script>
+        </div>
+      </div>
+      <div class="clearer"></div>
+    </div>
+    <div class="footer">
+      &copy; 2019-2020, Arm Limited or its affiliates. All rights reserved.
+      
+      |
+      Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
+      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
+      
+      |
+      <a href="../../_sources/api/ops/pke.rst.txt"
+          rel="nofollow">Page source</a>
+    </div>
+
+    
+
+    
+  </body>
+</html>
\ No newline at end of file
diff --git a/docs/html/api/ops/rng.html b/docs/html/api/ops/rng.html
new file mode 100644
index 0000000..23476b5
--- /dev/null
+++ b/docs/html/api/ops/rng.html
@@ -0,0 +1,156 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <title>Other cryptographic services &#8212; PSA Crypto API 1.0.0 documentation</title>
+    <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
+    <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
+    <script type="text/javascript">
+      var DOCUMENTATION_OPTIONS = {
+        URL_ROOT:    '../../',
+        VERSION:     '1.0.0',
+        COLLAPSE_INDEX: false,
+        FILE_SUFFIX: '.html',
+        HAS_SOURCE:  true,
+        SOURCELINK_SUFFIX: '.txt'
+      };
+    </script>
+    <script type="text/javascript" src="../../_static/jquery.js"></script>
+    <script type="text/javascript" src="../../_static/underscore.js"></script>
+    <script type="text/javascript" src="../../_static/doctools.js"></script>
+    <link rel="index" title="Index" href="../../genindex.html" />
+    <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="Example header file" href="../../appendix/example_header.html" />
+    <link rel="prev" title="Key agreement" href="ka.html" />
+   
+  <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
+  
+  <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
+
+  </head>
+  <body>
+  
+
+    <div class="document">
+      <div class="documentwrapper">
+        <div class="bodywrapper">
+          <div class="body" role="main">
+            
+  <div class="section" id="other-cryptographic-services">
+<h1>Other cryptographic services</h1>
+<div class="section" id="random-number-generation">
+<span id="rng"></span><h2>Random number generation</h2>
+<div class="section" id="psa_generate_random">
+<span id="c.psa_generate_random"></span><h3><code class="docutils literal"><span class="pre">psa_generate_random</span></code> (function)</h3>
+<p>Generate random bytes.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_generate_random" title="psa_generate_random">psa_generate_random</a>(uint8_t * output,
+                                 size_t output_size);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">output</span></code></dt>
+<dd>Output buffer for the generated data.</dd>
+<dt> <code class="docutils literal"><span class="pre">output_size</span></code></dt>
+<dd>Number of bytes to generate and output.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_ENTROPY" title="PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<div class="admonition warning">
+<p class="first admonition-title">Warning</p>
+<p class="last">This function <strong>can</strong> fail! Callers MUST check the return status and MUST NOT use the content of the output buffer if the return status is not <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SUCCESS</span></code></a>.</p>
+</div>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">To generate a key, use <a class="reference internal" href="../keys/management.html#c.psa_generate_key" title="psa_generate_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_generate_key()</span></code></a> instead.</p>
+</div>
+</div>
+</div>
+</div>
+
+
+          </div>
+        </div>
+      </div>
+      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
+        <div class="sphinxsidebarwrapper">
+  <h3><a href="../../index.html">Table Of Contents</a></h3>
+  <ul>
+<li><a class="reference internal" href="#">Other cryptographic services</a><ul>
+<li><a class="reference internal" href="#random-number-generation">Random number generation</a><ul>
+<li><a class="reference internal" href="#psa_generate_random"><code class="docutils literal"><span class="pre">psa_generate_random</span></code> (function)</a></li>
+</ul>
+</li>
+</ul>
+</li>
+</ul>
+<div class="relations">
+<h3>Related Topics</h3>
+<ul>
+  <li><a href="../../index.html">Documentation overview</a><ul>
+  <li><a href="index.html">Cryptographic operation reference</a><ul>
+      <li>Previous: <a href="ka.html" title="previous chapter">Key agreement</a></li>
+      <li>Next: <a href="../../appendix/example_header.html" title="next chapter">Example header file</a></li>
+  </ul></li>
+  </ul></li>
+</ul>
+</div>
+  <div role="note" aria-label="source link">
+    <h3>This Page</h3>
+    <ul class="this-page-menu">
+      <li><a href="../../_sources/api/ops/rng.rst.txt"
+            rel="nofollow">Show Source</a></li>
+    </ul>
+   </div>
+<div id="searchbox" style="display: none" role="search">
+  <h3>Quick search</h3>
+    <form class="search" action="../../search.html" method="get">
+      <div><input type="text" name="q" /></div>
+      <div><input type="submit" value="Go" /></div>
+      <input type="hidden" name="check_keywords" value="yes" />
+      <input type="hidden" name="area" value="default" />
+    </form>
+</div>
+<script type="text/javascript">$('#searchbox').show(0);</script>
+        </div>
+      </div>
+      <div class="clearer"></div>
+    </div>
+    <div class="footer">
+      &copy; 2019-2020, Arm Limited or its affiliates. All rights reserved.
+      
+      |
+      Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
+      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
+      
+      |
+      <a href="../../_sources/api/ops/rng.rst.txt"
+          rel="nofollow">Page source</a>
+    </div>
+
+    
+
+    
+  </body>
+</html>
\ No newline at end of file
diff --git a/docs/html/api/ops/sign.html b/docs/html/api/ops/sign.html
new file mode 100644
index 0000000..c8fb817
--- /dev/null
+++ b/docs/html/api/ops/sign.html
@@ -0,0 +1,708 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <title>Asymmetric signature &#8212; PSA Crypto API 1.0.0 documentation</title>
+    <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
+    <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
+    <script type="text/javascript">
+      var DOCUMENTATION_OPTIONS = {
+        URL_ROOT:    '../../',
+        VERSION:     '1.0.0',
+        COLLAPSE_INDEX: false,
+        FILE_SUFFIX: '.html',
+        HAS_SOURCE:  true,
+        SOURCELINK_SUFFIX: '.txt'
+      };
+    </script>
+    <script type="text/javascript" src="../../_static/jquery.js"></script>
+    <script type="text/javascript" src="../../_static/underscore.js"></script>
+    <script type="text/javascript" src="../../_static/doctools.js"></script>
+    <link rel="index" title="Index" href="../../genindex.html" />
+    <link rel="search" title="Search" href="../../search.html" />
+    <link rel="next" title="Asymmetric encryption" href="pke.html" />
+    <link rel="prev" title="Key derivation" href="kdf.html" />
+   
+  <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
+  
+  <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
+
+  </head>
+  <body>
+  
+
+    <div class="document">
+      <div class="documentwrapper">
+        <div class="bodywrapper">
+          <div class="body" role="main">
+            
+  <div class="section" id="asymmetric-signature">
+<span id="sign"></span><h1>Asymmetric signature</h1>
+<div class="section" id="asymmetric-signature-algorithms">
+<span id="sign-algorithms"></span><h2>Asymmetric signature algorithms</h2>
+<div class="section" id="PSA_ALG_RSA_PKCS1V15_SIGN">
+<span id="c.PSA_ALG_RSA_PKCS1V15_SIGN"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN</span></code> (macro)</h3>
+<p>RSA PKCS#1 v1.5 signature with hashing.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_RSA_PKCS1V15_SIGN" title="PSA_ALG_RSA_PKCS1V15_SIGN">PSA_ALG_RSA_PKCS1V15_SIGN</a>(hash_alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">hash_alg</span></code></dt>
+<dd>A hash algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true). This includes <a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code></a> when specifying the algorithm in a usage policy.</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>The corresponding RSA PKCS#1 v1.5 signature algorithm.</p>
+<p>Unspecified if <code class="docutils literal"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
+<p class="rubric">Description</p>
+<p>This is the signature scheme defined by <a class="reference external" href="https://tools.ietf.org/html/rfc8017.html">RFC 8017</a> (PKCS#1: RSA Cryptography Specifications) under the name RSASSA-PKCS1-v1_5.</p>
+</div>
+<div class="section" id="PSA_ALG_RSA_PKCS1V15_SIGN_RAW">
+<span id="c.PSA_ALG_RSA_PKCS1V15_SIGN_RAW"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</span></code> (macro)</h3>
+<p>Raw PKCS#1 v1.5 signature.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_RSA_PKCS1V15_SIGN_RAW" title="PSA_ALG_RSA_PKCS1V15_SIGN_RAW">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>) 0x06000200))
+</pre>
+<p>The input to this algorithm is the DigestInfo structure used by <a class="reference external" href="https://tools.ietf.org/html/rfc8017.html#section-9.2">RFC 8017 §9.2</a> (PKCS#1: RSA Cryptography Specifications), in steps 3–6.</p>
+</div>
+<div class="section" id="PSA_ALG_RSA_PSS">
+<span id="c.PSA_ALG_RSA_PSS"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PSS</span></code> (macro)</h3>
+<p>RSA PSS signature with hashing.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_RSA_PSS" title="PSA_ALG_RSA_PSS">PSA_ALG_RSA_PSS</a>(hash_alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">hash_alg</span></code></dt>
+<dd>A hash algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true). This includes <a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code></a> when specifying the algorithm in a usage policy.</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>The corresponding RSA PSS signature algorithm.</p>
+<p>Unspecified if <code class="docutils literal"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
+<p class="rubric">Description</p>
+<p>This is the signature scheme defined by <a class="reference external" href="https://tools.ietf.org/html/rfc8017.html">RFC 8017</a> (PKCS#1: RSA Cryptography Specifications) under the name RSASSA-PSS, with the message generation function MGF1, and with a salt length equal to the length of the hash. The specified hash algorithm is used to hash the input message, to create the salted hash, and for the mask generation.</p>
+</div>
+<div class="section" id="PSA_ALG_ECDSA">
+<span id="c.PSA_ALG_ECDSA"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_ECDSA</span></code> (macro)</h3>
+<p>ECDSA signature with hashing.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA">PSA_ALG_ECDSA</a>(hash_alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">hash_alg</span></code></dt>
+<dd>A hash algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true). This includes <a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code></a> when specifying the algorithm in a usage policy.</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>The corresponding ECDSA signature algorithm.</p>
+<p>Unspecified if <code class="docutils literal"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
+<p class="rubric">Description</p>
+<p>This is the <em>Elliptic Curve Digital Signature Algorithm (ECDSA)</em> defined by ANSI X9.62-2005, with a random per-message secret number (<em>k</em>).</p>
+<p>The representation of the signature as a byte string consists of the concatenation of the signature values <em>r</em> and <em>s</em>. Each of <em>r</em> and <em>s</em> is encoded as an <em>N</em>-octet string, where <em>N</em> is the length of the base point of the curve in octets. Each value is represented in big-endian order, with the most significant octet first.</p>
+</div>
+<div class="section" id="PSA_ALG_ECDSA_ANY">
+<span id="c.PSA_ALG_ECDSA_ANY"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_ECDSA_ANY</span></code> (macro)</h3>
+<p>ECDSA signature without hashing.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_ECDSA_ANY" title="PSA_ALG_ECDSA_ANY">PSA_ALG_ECDSA_ANY</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>) 0x06000600))
+</pre>
+<p>This is the same signature scheme as <a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA()</span></code></a>, but without specifying a hash algorithm. This algorithm is only recommended to sign or verify a sequence of bytes that are an already-calculated hash. Note that the input is padded with zeros on the left or truncated on the left as required to fit the curve size.</p>
+</div>
+<div class="section" id="PSA_ALG_DETERMINISTIC_ECDSA">
+<span id="c.PSA_ALG_DETERMINISTIC_ECDSA"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code> (macro)</h3>
+<p>Deterministic ECDSA signature with hashing.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_DETERMINISTIC_ECDSA" title="PSA_ALG_DETERMINISTIC_ECDSA">PSA_ALG_DETERMINISTIC_ECDSA</a>(hash_alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">hash_alg</span></code></dt>
+<dd>A hash algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true). This includes <a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code></a> when specifying the algorithm in a usage policy.</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>The corresponding deterministic ECDSA signature algorithm.</p>
+<p>Unspecified if <code class="docutils literal"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
+<p class="rubric">Description</p>
+<p>This is the deterministic ECDSA signature scheme defined by <a class="reference external" href="https://tools.ietf.org/html/rfc6979.html">RFC 6979</a>.</p>
+<p>The representation of a signature is the same as with <a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA()</span></code></a>.</p>
+<p>Note that when this algorithm is used for verification, signatures made with randomized ECDSA (<a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_ECDSA</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code>) with the same private key are accepted. In other words, <a class="reference internal" href="#c.PSA_ALG_DETERMINISTIC_ECDSA" title="PSA_ALG_DETERMINISTIC_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> differs from <a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_ECDSA</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> only for signature, not for verification.</p>
+</div>
+</div>
+<div class="section" id="asymmetric-signature-functions">
+<h2>Asymmetric signature functions</h2>
+<div class="section" id="psa_sign_message">
+<span id="c.psa_sign_message"></span><h3><code class="docutils literal"><span class="pre">psa_sign_message</span></code> (function)</h3>
+<p>Sign a message with a private key. For hash-and-sign algorithms, this includes the hashing step.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_sign_message" title="psa_sign_message">psa_sign_message</a>(<a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+                              <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+                              const uint8_t * input,
+                              size_t input_length,
+                              uint8_t * signature,
+                              size_t signature_size,
+                              size_t * signature_length);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
+<dd>Identifier of the key to use for the operation. It must be an asymmetric key pair. The key must allow the usage <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code></a>.</dd>
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An asymmetric signature algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_SIGN_MESSAGE" title="PSA_ALG_IS_SIGN_MESSAGE"><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN_MESSAGE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true), that is compatible with the type of <code class="docutils literal"><span class="pre">key</span></code>.</dd>
+<dt> <code class="docutils literal"><span class="pre">input</span></code></dt>
+<dd>The input message to sign.</dd>
+<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
+<dd>Size of the <code class="docutils literal"><span class="pre">input</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal"><span class="pre">signature</span></code></dt>
+<dd>Buffer where the signature is to be written.</dd>
+<dt> <code class="docutils literal"><span class="pre">signature_size</span></code></dt>
+<dd><p class="first">Size of the <code class="docutils literal"><span class="pre">signature</span></code> buffer in bytes.
+This must be appropriate for the selected algorithm and key:</p>
+<ul class="last simple">
+<li>The required signature size is <a class="reference internal" href="#c.PSA_SIGN_OUTPUT_SIZE" title="PSA_SIGN_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_SIGN_OUTPUT_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">key_bits</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">key_type</span></code> and <code class="docutils literal"><span class="pre">key_bits</span></code> are the type and bit-size respectively of <code class="docutils literal"><span class="pre">key</span></code>.</li>
+<li><a class="reference internal" href="#c.PSA_SIGNATURE_MAX_SIZE" title="PSA_SIGNATURE_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SIGNATURE_MAX_SIZE</span></code></a> evaluates to the maximum signature size of any supported signature algorithm.</li>
+</ul>
+</dd>
+<dt> <code class="docutils literal"><span class="pre">signature_length</span></code></dt>
+<dd>On success, the number of bytes that make up the returned signature value.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
+<dd>The key does not have the <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code></a> flag, or it does not permit the requested algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
+<dd>The size of the <code class="docutils literal"><span class="pre">signature</span></code> buffer is too small.
+<a class="reference internal" href="#c.PSA_SIGN_OUTPUT_SIZE" title="PSA_SIGN_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SIGN_OUTPUT_SIZE()</span></code></a> or <a class="reference internal" href="#c.PSA_SIGNATURE_MAX_SIZE" title="PSA_SIGNATURE_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SIGNATURE_MAX_SIZE</span></code></a> can be used to determine the required buffer size.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_ENTROPY" title="PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">To perform a multi-part hash-and-sign signature algorithm, first use a <a class="reference internal" href="hashes.html#hash-mp"><span class="std std-ref">multi-part hash operation</span></a> and then pass the resulting hash to <a class="reference internal" href="#c.psa_sign_hash" title="psa_sign_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_hash()</span></code></a>. <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_GET_HASH" title="PSA_ALG_GET_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_GET_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> can be used to determine the hash algorithm to use.</p>
+</div>
+</div>
+<div class="section" id="psa_verify_message">
+<span id="c.psa_verify_message"></span><h3><code class="docutils literal"><span class="pre">psa_verify_message</span></code> (function)</h3>
+<p>Verify the signature of a message with a public key, using a hash-and-sign verification algorithm.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_verify_message" title="psa_verify_message">psa_verify_message</a>(<a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+                                <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+                                const uint8_t * input,
+                                size_t input_length,
+                                const uint8_t * signature,
+                                size_t signature_length);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
+<dd>Identifier of the key to use for the operation. It must be a public key or an asymmetric key pair. The key must allow the usage <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code></a>.</dd>
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An asymmetric signature algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_SIGN_MESSAGE" title="PSA_ALG_IS_SIGN_MESSAGE"><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN_MESSAGE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true), that is compatible with the type of <code class="docutils literal"><span class="pre">key</span></code>.</dd>
+<dt> <code class="docutils literal"><span class="pre">input</span></code></dt>
+<dd>The message whose signature is to be verified.</dd>
+<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
+<dd>Size of the <code class="docutils literal"><span class="pre">input</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal"><span class="pre">signature</span></code></dt>
+<dd>Buffer containing the signature to verify.</dd>
+<dt> <code class="docutils literal"><span class="pre">signature_length</span></code></dt>
+<dd>Size of the <code class="docutils literal"><span class="pre">signature</span></code> buffer in bytes.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd>The signature is valid.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
+<dd>The key does not have the <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code></a> flag, or it does not permit the requested algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a></dt>
+<dd>The calculation was performed successfully, but the passed signature is not a valid signature.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">To perform a multi-part hash-and-sign signature verification algorithm, first use a <a class="reference internal" href="hashes.html#hash-mp"><span class="std std-ref">multi-part hash operation</span></a> to hash the message and then pass the resulting hash to <a class="reference internal" href="#c.psa_verify_hash" title="psa_verify_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_hash()</span></code></a>. <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_GET_HASH" title="PSA_ALG_GET_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_GET_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> can be used to determine the hash algorithm to use.</p>
+</div>
+</div>
+<div class="section" id="psa_sign_hash">
+<span id="c.psa_sign_hash"></span><h3><code class="docutils literal"><span class="pre">psa_sign_hash</span></code> (function)</h3>
+<p>Sign an already-calculated hash with a private key.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_sign_hash" title="psa_sign_hash">psa_sign_hash</a>(<a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+                           <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+                           const uint8_t * hash,
+                           size_t hash_length,
+                           uint8_t * signature,
+                           size_t signature_size,
+                           size_t * signature_length);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
+<dd>Identifier of the key to use for the operation. It must be an asymmetric key pair. The key must allow the usage <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_SIGN_HASH" title="PSA_KEY_USAGE_SIGN_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_HASH</span></code></a>.</dd>
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An asymmetric signature algorithm that separates the hash and sign operations (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_SIGN_HASH" title="PSA_ALG_IS_SIGN_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true), that is compatible with the type of <code class="docutils literal"><span class="pre">key</span></code>.</dd>
+<dt> <code class="docutils literal"><span class="pre">hash</span></code></dt>
+<dd>The input to sign. This is usually the hash of a message. See the detailed description of this function and the description of individual signature algorithms for a detailed description of acceptable inputs.</dd>
+<dt> <code class="docutils literal"><span class="pre">hash_length</span></code></dt>
+<dd>Size of the <code class="docutils literal"><span class="pre">hash</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal"><span class="pre">signature</span></code></dt>
+<dd>Buffer where the signature is to be written.</dd>
+<dt> <code class="docutils literal"><span class="pre">signature_size</span></code></dt>
+<dd><p class="first">Size of the <code class="docutils literal"><span class="pre">signature</span></code> buffer in bytes.
+This must be appropriate for the selected algorithm and key:</p>
+<ul class="last simple">
+<li>The required signature size is <a class="reference internal" href="#c.PSA_SIGN_OUTPUT_SIZE" title="PSA_SIGN_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_SIGN_OUTPUT_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">key_type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">key_bits</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">key_type</span></code> and <code class="docutils literal"><span class="pre">key_bits</span></code> are the type and bit-size respectively of <code class="docutils literal"><span class="pre">key</span></code>.</li>
+<li><a class="reference internal" href="#c.PSA_SIGNATURE_MAX_SIZE" title="PSA_SIGNATURE_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SIGNATURE_MAX_SIZE</span></code></a> evaluates to the maximum signature size of any supported signature algorithm.</li>
+</ul>
+</dd>
+<dt> <code class="docutils literal"><span class="pre">signature_length</span></code></dt>
+<dd>On success, the number of bytes that make up the returned signature value.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
+<dd>The key does not have the <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_SIGN_HASH" title="PSA_KEY_USAGE_SIGN_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_HASH</span></code></a> flag, or it does not permit the requested algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
+<dd>The size of the <code class="docutils literal"><span class="pre">signature</span></code> buffer is too small.
+<a class="reference internal" href="#c.PSA_SIGN_OUTPUT_SIZE" title="PSA_SIGN_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SIGN_OUTPUT_SIZE()</span></code></a> or <a class="reference internal" href="#c.PSA_SIGNATURE_MAX_SIZE" title="PSA_SIGNATURE_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SIGNATURE_MAX_SIZE</span></code></a> can be used to determine the required buffer size.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_ENTROPY" title="PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>With most signature mechanisms that follow the hash-and-sign paradigm, the hash input to this function is the hash of the message to sign. The hash algorithm is encoded in the signature algorithm.</p>
+<p>Some hash-and-sign mechanisms apply a padding or encoding to the hash. In such cases, the encoded hash must be passed to this function. The current version of this specification defines one such signature algorithm: <a class="reference internal" href="#c.PSA_ALG_RSA_PKCS1V15_SIGN_RAW" title="PSA_ALG_RSA_PKCS1V15_SIGN_RAW"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</span></code></a>.</p>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">To perform a hash-and-sign algorithm, the hash must be calculated before passing it to this function. This can be done by calling <a class="reference internal" href="hashes.html#c.psa_hash_compute" title="psa_hash_compute"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_compute()</span></code></a> or with a multi-part hash operation. Alternatively, to hash and sign a message in a single call, use <a class="reference internal" href="#c.psa_sign_message" title="psa_sign_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_message()</span></code></a>.</p>
+</div>
+</div>
+<div class="section" id="psa_verify_hash">
+<span id="c.psa_verify_hash"></span><h3><code class="docutils literal"><span class="pre">psa_verify_hash</span></code> (function)</h3>
+<p>Verify the signature of a hash or short message using a public key.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_verify_hash" title="psa_verify_hash">psa_verify_hash</a>(<a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+                             <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+                             const uint8_t * hash,
+                             size_t hash_length,
+                             const uint8_t * signature,
+                             size_t signature_length);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
+<dd>Identifier of the key to use for the operation. It must be a public key or an asymmetric key pair. The key must allow the usage <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_VERIFY_HASH" title="PSA_KEY_USAGE_VERIFY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_HASH</span></code></a>.</dd>
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An asymmetric signature algorithm that separates the hash and sign operations (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_SIGN_HASH" title="PSA_ALG_IS_SIGN_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true), that is compatible with the type of <code class="docutils literal"><span class="pre">key</span></code>.</dd>
+<dt> <code class="docutils literal"><span class="pre">hash</span></code></dt>
+<dd>The input whose signature is to be verified. This is usually the hash of a message. See the detailed description of this function and the description of individual signature algorithms for a detailed description of acceptable inputs.</dd>
+<dt> <code class="docutils literal"><span class="pre">hash_length</span></code></dt>
+<dd>Size of the <code class="docutils literal"><span class="pre">hash</span></code> buffer in bytes.</dd>
+<dt> <code class="docutils literal"><span class="pre">signature</span></code></dt>
+<dd>Buffer containing the signature to verify.</dd>
+<dt> <code class="docutils literal"><span class="pre">signature_length</span></code></dt>
+<dd>Size of the <code class="docutils literal"><span class="pre">signature</span></code> buffer in bytes.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd>The signature is valid.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
+<dd>The key does not have the <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_VERIFY_HASH" title="PSA_KEY_USAGE_VERIFY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_HASH</span></code></a> flag, or it does not permit the requested algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a></dt>
+<dd>The calculation was performed successfully, but the passed signature is not a valid signature.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>With most signature mechanisms that follow the hash-and-sign paradigm, the hash input to this function is the hash of the message to sign. The hash algorithm is encoded in the signature algorithm.</p>
+<p>Some hash-and-sign mechanisms apply a padding or encoding to the hash. In such cases, the encoded hash must be passed to this function. The current version of this specification defines one such signature algorithm: <a class="reference internal" href="#c.PSA_ALG_RSA_PKCS1V15_SIGN_RAW" title="PSA_ALG_RSA_PKCS1V15_SIGN_RAW"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</span></code></a>.</p>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">To perform a hash-and-sign verification algorithm, the hash must be calculated before passing it to this function. This can be done by calling <a class="reference internal" href="hashes.html#c.psa_hash_compute" title="psa_hash_compute"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_compute()</span></code></a> or with a multi-part hash operation. Alternatively, to hash and verify a message signature in a single call, use <a class="reference internal" href="#c.psa_verify_message" title="psa_verify_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_message()</span></code></a>.</p>
+</div>
+</div>
+</div>
+<div class="section" id="support-macros">
+<h2>Support macros</h2>
+<div class="section" id="PSA_ALG_IS_SIGN_MESSAGE">
+<span id="c.PSA_ALG_IS_SIGN_MESSAGE"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN_MESSAGE</span></code> (macro)</h3>
+<p>Whether the specified algorithm is a signature algorithm that can be used with <a class="reference internal" href="#c.psa_sign_message" title="psa_sign_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_message()</span></code></a> and <a class="reference internal" href="#c.psa_verify_message" title="psa_verify_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_message()</span></code></a>.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_IS_SIGN_MESSAGE" title="PSA_ALG_IS_SIGN_MESSAGE">PSA_ALG_IS_SIGN_MESSAGE</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a signature algorithm that can be used to sign a message. <code class="docutils literal"><span class="pre">0</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a signature algorithm that can only be used to sign an already-calculated hash. <code class="docutils literal"><span class="pre">0</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a signature algorithm. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_SIGN_HASH">
+<span id="c.PSA_ALG_IS_SIGN_HASH"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN_HASH</span></code> (macro)</h3>
+<p>Whether the specified algorithm is a signature algorithm that can be used with <a class="reference internal" href="#c.psa_sign_hash" title="psa_sign_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_hash()</span></code></a> and <a class="reference internal" href="#c.psa_verify_hash" title="psa_verify_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_hash()</span></code></a>.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_IS_SIGN_HASH" title="PSA_ALG_IS_SIGN_HASH">PSA_ALG_IS_SIGN_HASH</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a signature algorithm that can be used to sign a hash. <code class="docutils literal"><span class="pre">0</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a signature algorithm that can only be used to sign a message. <code class="docutils literal"><span class="pre">0</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a signature algorithm. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_RSA_PKCS1V15_SIGN">
+<span id="c.PSA_ALG_IS_RSA_PKCS1V15_SIGN"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_RSA_PKCS1V15_SIGN</span></code> (macro)</h3>
+<p>Whether the specified algorithm is an RSA PKCS#1 v1.5 signature algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_IS_RSA_PKCS1V15_SIGN" title="PSA_ALG_IS_RSA_PKCS1V15_SIGN">PSA_ALG_IS_RSA_PKCS1V15_SIGN</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is an RSA PKCS#1 v1.5 signature algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise.</p>
+<p>This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_RSA_PSS">
+<span id="c.PSA_ALG_IS_RSA_PSS"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_RSA_PSS</span></code> (macro)</h3>
+<p>Whether the specified algorithm is an RSA PSS signature algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_IS_RSA_PSS" title="PSA_ALG_IS_RSA_PSS">PSA_ALG_IS_RSA_PSS</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is an RSA PSS signature algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise.</p>
+<p>This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_ECDSA">
+<span id="c.PSA_ALG_IS_ECDSA"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_ECDSA</span></code> (macro)</h3>
+<p>Whether the specified algorithm is ECDSA.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_IS_ECDSA" title="PSA_ALG_IS_ECDSA">PSA_ALG_IS_ECDSA</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is an ECDSA algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise.</p>
+<p>This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_DETERMINISTIC_ECDSA">
+<span id="c.PSA_ALG_IS_DETERMINISTIC_ECDSA"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_DETERMINISTIC_ECDSA</span></code> (macro)</h3>
+<p>Whether the specified algorithm is deterministic ECDSA.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_IS_DETERMINISTIC_ECDSA" title="PSA_ALG_IS_DETERMINISTIC_ECDSA">PSA_ALG_IS_DETERMINISTIC_ECDSA</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a deterministic ECDSA algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise.</p>
+<p>This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+<p class="rubric">Description</p>
+<p>See also <a class="reference internal" href="#c.PSA_ALG_IS_ECDSA" title="PSA_ALG_IS_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_ECDSA()</span></code></a> and <a class="reference internal" href="#c.PSA_ALG_IS_RANDOMIZED_ECDSA" title="PSA_ALG_IS_RANDOMIZED_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_RANDOMIZED_ECDSA()</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_RANDOMIZED_ECDSA">
+<span id="c.PSA_ALG_IS_RANDOMIZED_ECDSA"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_RANDOMIZED_ECDSA</span></code> (macro)</h3>
+<p>Whether the specified algorithm is randomized ECDSA.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_IS_RANDOMIZED_ECDSA" title="PSA_ALG_IS_RANDOMIZED_ECDSA">PSA_ALG_IS_RANDOMIZED_ECDSA</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a randomized ECDSA algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise.</p>
+<p>This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+<p class="rubric">Description</p>
+<p>See also <a class="reference internal" href="#c.PSA_ALG_IS_ECDSA" title="PSA_ALG_IS_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_ECDSA()</span></code></a> and <a class="reference internal" href="#c.PSA_ALG_IS_DETERMINISTIC_ECDSA" title="PSA_ALG_IS_DETERMINISTIC_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_DETERMINISTIC_ECDSA()</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_HASH_AND_SIGN">
+<span id="c.PSA_ALG_IS_HASH_AND_SIGN"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH_AND_SIGN</span></code> (macro)</h3>
+<p>Whether the specified algorithm is a hash-and-sign algorithm that signs exactly the hash value.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_IS_HASH_AND_SIGN" title="PSA_ALG_IS_HASH_AND_SIGN">PSA_ALG_IS_HASH_AND_SIGN</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a hash-and-sign algorithm that signs exactly the hash value, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+<p class="rubric">Description</p>
+<p>This macro identifies algorithms that can be used with <a class="reference internal" href="#c.psa_sign_hash" title="psa_sign_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_hash()</span></code></a> that use the exact message hash value as an input the signature operation. This excludes hash-and-sign algorithms that require a encoded or modified hash for the signature step in the algorithm, such as <a class="reference internal" href="#c.PSA_ALG_RSA_PKCS1V15_SIGN_RAW" title="PSA_ALG_RSA_PKCS1V15_SIGN_RAW"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_ALG_ANY_HASH">
+<span id="c.PSA_ALG_ANY_HASH"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code> (macro)</h3>
+<p>In a hash-and-sign algorithm policy, allow any hash algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH">PSA_ALG_ANY_HASH</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x020000ff)
+</pre>
+<p>This value can be used to form the algorithm usage field of a policy for a signature algorithm that is parametrized by a hash. A key with this policy can then be used to perform operations using the same signature algorithm parametrized with any supported hash.
+A signature algorithm policy created using this macro is a wildcard policy, and <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_WILDCARD" title="PSA_ALG_IS_WILDCARD"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_WILDCARD()</span></code></a> will return true.</p>
+<p>This value must not be used to build other algorithms that are parametrized over a hash. For any valid use of this macro to build an algorithm <code class="docutils literal"><span class="pre">alg</span></code>, <a class="reference internal" href="#c.PSA_ALG_IS_HASH_AND_SIGN" title="PSA_ALG_IS_HASH_AND_SIGN"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH_AND_SIGN</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</p>
+<p>This value must not be used to build an algorithm specification to perform an operation. It is only valid to build policies.</p>
+<p class="rubric">Usage</p>
+<p>For example, suppose that <code class="docutils literal"><span class="pre">PSA_xxx_SIGNATURE</span></code> is one of the following macros:</p>
+<ul class="simple">
+<li><a class="reference internal" href="#c.PSA_ALG_RSA_PKCS1V15_SIGN" title="PSA_ALG_RSA_PKCS1V15_SIGN"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN</span></code></a></li>
+<li><a class="reference internal" href="#c.PSA_ALG_RSA_PSS" title="PSA_ALG_RSA_PSS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PSS</span></code></a></li>
+<li><a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA</span></code></a></li>
+<li><a class="reference internal" href="#c.PSA_ALG_DETERMINISTIC_ECDSA" title="PSA_ALG_DETERMINISTIC_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code></a></li>
+</ul>
+<p>The following sequence of operations shows how <a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code></a> can be used in a key policy:</p>
+<ul>
+<li><p class="first">Set the key usage field using <a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code></a>, for example:</p>
+<pre class="literal-block">
+<a class="reference internal" href="../keys/usage.html#c.psa_set_key_usage_flags" title="psa_set_key_usage_flags">psa_set_key_usage_flags</a>(&amp;attributes, <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE">PSA_KEY_USAGE_SIGN_MESSAGE</a>); // or VERIFY_MESSAGE
+<a class="reference internal" href="../keys/algorithms.html#c.psa_set_key_algorithm" title="psa_set_key_algorithm">psa_set_key_algorithm</a>(&amp;attributes, PSA_xxx_SIGNATURE(<a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH">PSA_ALG_ANY_HASH</a>));
+</pre>
+</li>
+<li><p class="first">Import or generate key material.</p>
+</li>
+<li><p class="first">Call <a class="reference internal" href="#c.psa_sign_message" title="psa_sign_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_message()</span></code></a> or <a class="reference internal" href="#c.psa_verify_message" title="psa_verify_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_message()</span></code></a>, passing an algorithm built from <code class="docutils literal"><span class="pre">PSA_xxx_SIGNATURE</span></code> and a specific hash. Each call to sign or verify a message can use a different hash algorithm.</p>
+<pre class="literal-block">
+<a class="reference internal" href="#c.psa_sign_message" title="psa_sign_message">psa_sign_message</a>(key, PSA_xxx_SIGNATURE(<a class="reference internal" href="hashes.html#c.PSA_ALG_SHA_256" title="PSA_ALG_SHA_256">PSA_ALG_SHA_256</a>), ...);
+<a class="reference internal" href="#c.psa_sign_message" title="psa_sign_message">psa_sign_message</a>(key, PSA_xxx_SIGNATURE(<a class="reference internal" href="hashes.html#c.PSA_ALG_SHA_512" title="PSA_ALG_SHA_512">PSA_ALG_SHA_512</a>), ...);
+<a class="reference internal" href="#c.psa_sign_message" title="psa_sign_message">psa_sign_message</a>(key, PSA_xxx_SIGNATURE(<a class="reference internal" href="hashes.html#c.PSA_ALG_SHA3_256" title="PSA_ALG_SHA3_256">PSA_ALG_SHA3_256</a>), ...);
+</pre>
+</li>
+</ul>
+</div>
+<div class="section" id="PSA_SIGN_OUTPUT_SIZE">
+<span id="c.PSA_SIGN_OUTPUT_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_SIGN_OUTPUT_SIZE</span></code> (macro)</h3>
+<p>Sufficient signature buffer size for <a class="reference internal" href="#c.psa_sign_message" title="psa_sign_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_message()</span></code></a> and <a class="reference internal" href="#c.psa_sign_hash" title="psa_sign_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_hash()</span></code></a>.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_SIGN_OUTPUT_SIZE" title="PSA_SIGN_OUTPUT_SIZE">PSA_SIGN_OUTPUT_SIZE</a>(key_type, key_bits, alg) \
+    <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
+<dd>An asymmetric key type. This can be a key pair type or a public key type.</dd>
+<dt> <code class="docutils literal"><span class="pre">key_bits</span></code></dt>
+<dd>The size of the key in bits.</dd>
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>The signature algorithm.</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>If the parameters are valid and supported, return a buffer size in bytes that guarantees that <a class="reference internal" href="#c.psa_sign_message" title="psa_sign_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_message()</span></code></a> and <a class="reference internal" href="#c.psa_sign_hash" title="psa_sign_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_hash()</span></code></a> will not fail with <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a>. If the parameters are a valid combination that is not supported by the implementation, this macro must return either a sensible size or <code class="docutils literal"><span class="pre">0</span></code>. If the parameters are not valid, the return value is unspecified.</p>
+<p class="rubric">Description</p>
+<p>This macro returns a sufficient buffer size for a signature using a key of the specified type and size, with the specified algorithm. Note that the actual size of the signature might be smaller, as some algorithms produce a variable-size signature.</p>
+<div class="admonition warning">
+<p class="first admonition-title">Warning</p>
+<p class="last">This function might evaluate its arguments multiple times or zero times. Providing arguments that have side effects will result in implementation-specific behavior, and is non-portable.</p>
+</div>
+<p>See also <a class="reference internal" href="#c.PSA_SIGNATURE_MAX_SIZE" title="PSA_SIGNATURE_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SIGNATURE_MAX_SIZE</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_SIGNATURE_MAX_SIZE">
+<span id="c.PSA_SIGNATURE_MAX_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_SIGNATURE_MAX_SIZE</span></code> (macro)</h3>
+<p>Maximum size of an asymmetric signature.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_SIGNATURE_MAX_SIZE" title="PSA_SIGNATURE_MAX_SIZE">PSA_SIGNATURE_MAX_SIZE</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+</pre>
+<p>This macro must expand to a compile-time constant integer.
+It is recommended that this value is the maximum size of an asymmetric signature supported by the implementation, in bytes. The value must not be smaller than this maximum.</p>
+<p>See also <a class="reference internal" href="#c.PSA_SIGN_OUTPUT_SIZE" title="PSA_SIGN_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SIGN_OUTPUT_SIZE()</span></code></a>.</p>
+</div>
+</div>
+</div>
+
+
+          </div>
+        </div>
+      </div>
+      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
+        <div class="sphinxsidebarwrapper">
+  <h3><a href="../../index.html">Table Of Contents</a></h3>
+  <ul>
+<li><a class="reference internal" href="#">Asymmetric signature</a><ul>
+<li><a class="reference internal" href="#asymmetric-signature-algorithms">Asymmetric signature algorithms</a><ul>
+<li><a class="reference internal" href="#PSA_ALG_RSA_PKCS1V15_SIGN"><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_RSA_PKCS1V15_SIGN_RAW"><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_RSA_PSS"><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PSS</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_ECDSA</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_ECDSA_ANY"><code class="docutils literal"><span class="pre">PSA_ALG_ECDSA_ANY</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_DETERMINISTIC_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code> (macro)</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#asymmetric-signature-functions">Asymmetric signature functions</a><ul>
+<li><a class="reference internal" href="#psa_sign_message"><code class="docutils literal"><span class="pre">psa_sign_message</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_verify_message"><code class="docutils literal"><span class="pre">psa_verify_message</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_sign_hash"><code class="docutils literal"><span class="pre">psa_sign_hash</span></code> (function)</a></li>
+<li><a class="reference internal" href="#psa_verify_hash"><code class="docutils literal"><span class="pre">psa_verify_hash</span></code> (function)</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#support-macros">Support macros</a><ul>
+<li><a class="reference internal" href="#PSA_ALG_IS_SIGN_MESSAGE"><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN_MESSAGE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_IS_SIGN_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN_HASH</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_IS_RSA_PKCS1V15_SIGN"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RSA_PKCS1V15_SIGN</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_IS_RSA_PSS"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RSA_PSS</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_IS_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_IS_ECDSA</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_IS_DETERMINISTIC_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_IS_DETERMINISTIC_ECDSA</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_IS_RANDOMIZED_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RANDOMIZED_ECDSA</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_IS_HASH_AND_SIGN"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH_AND_SIGN</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_ALG_ANY_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_SIGN_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_SIGN_OUTPUT_SIZE</span></code> (macro)</a></li>
+<li><a class="reference internal" href="#PSA_SIGNATURE_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_SIGNATURE_MAX_SIZE</span></code> (macro)</a></li>
+</ul>
+</li>
+</ul>
+</li>
+</ul>
+<div class="relations">
+<h3>Related Topics</h3>
+<ul>
+  <li><a href="../../index.html">Documentation overview</a><ul>
+  <li><a href="index.html">Cryptographic operation reference</a><ul>
+      <li>Previous: <a href="kdf.html" title="previous chapter">Key derivation</a></li>
+      <li>Next: <a href="pke.html" title="next chapter">Asymmetric encryption</a></li>
+  </ul></li>
+  </ul></li>
+</ul>
+</div>
+  <div role="note" aria-label="source link">
+    <h3>This Page</h3>
+    <ul class="this-page-menu">
+      <li><a href="../../_sources/api/ops/sign.rst.txt"
+            rel="nofollow">Show Source</a></li>
+    </ul>
+   </div>
+<div id="searchbox" style="display: none" role="search">
+  <h3>Quick search</h3>
+    <form class="search" action="../../search.html" method="get">
+      <div><input type="text" name="q" /></div>
+      <div><input type="submit" value="Go" /></div>
+      <input type="hidden" name="check_keywords" value="yes" />
+      <input type="hidden" name="area" value="default" />
+    </form>
+</div>
+<script type="text/javascript">$('#searchbox').show(0);</script>
+        </div>
+      </div>
+      <div class="clearer"></div>
+    </div>
+    <div class="footer">
+      &copy; 2019-2020, Arm Limited or its affiliates. All rights reserved.
+      
+      |
+      Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
+      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
+      
+      |
+      <a href="../../_sources/api/ops/sign.rst.txt"
+          rel="nofollow">Page source</a>
+    </div>
+
+    
+
+    
+  </body>
+</html>
\ No newline at end of file
diff --git a/docs/html/appendix/example_header.html b/docs/html/appendix/example_header.html
new file mode 100644
index 0000000..30f707a
--- /dev/null
+++ b/docs/html/appendix/example_header.html
@@ -0,0 +1,673 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <title>Example header file &#8212; PSA Crypto API 1.0.0 documentation</title>
+    <link rel="stylesheet" href="../_static/alabaster.css" type="text/css" />
+    <link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
+    <script type="text/javascript">
+      var DOCUMENTATION_OPTIONS = {
+        URL_ROOT:    '../',
+        VERSION:     '1.0.0',
+        COLLAPSE_INDEX: false,
+        FILE_SUFFIX: '.html',
+        HAS_SOURCE:  true,
+        SOURCELINK_SUFFIX: '.txt'
+      };
+    </script>
+    <script type="text/javascript" src="../_static/jquery.js"></script>
+    <script type="text/javascript" src="../_static/underscore.js"></script>
+    <script type="text/javascript" src="../_static/doctools.js"></script>
+    <link rel="index" title="Index" href="../genindex.html" />
+    <link rel="search" title="Search" href="../search.html" />
+    <link rel="next" title="Example macro implementations" href="specdef_values.html" />
+    <link rel="prev" title="Other cryptographic services" href="../api/ops/rng.html" />
+   
+  <link rel="stylesheet" href="../_static/custom.css" type="text/css" />
+  
+  <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
+
+  </head>
+  <body>
+  
+
+    <div class="document">
+      <div class="documentwrapper">
+        <div class="bodywrapper">
+          <div class="body" role="main">
+            
+  <div class="section" id="example-header-file">
+<span id="appendix-example-header"></span><h1>Example header file</h1>
+<p>Each implementation of the PSA Crypto API must provide a header file named <strong>psa/crypto.h</strong>, in which the API elements in this specification are defined.</p>
+<p>This appendix provides a example of the <strong>psa/crypto.h</strong> header file with all of the API elements. This can be used as a starting point or reference for an implementation.</p>
+<div class="section" id="psa-crypto-h">
+<h2>psa/crypto.h</h2>
+<pre class="literal-block">
+typedef <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-type"><span class="std std-ref">/* implementation-defined type */</span></a></em> <a class="reference internal" href="../api/ops/aead.html#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a>;
+typedef uint32_t <a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>;
+typedef <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-type"><span class="std std-ref">/* implementation-defined type */</span></a></em> <a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_operation_t" title="psa_cipher_operation_t">psa_cipher_operation_t</a>;
+typedef uint8_t <a class="reference internal" href="../api/keys/types.html#c.psa_dh_family_t" title="psa_dh_family_t">psa_dh_family_t</a>;
+typedef uint8_t <a class="reference internal" href="../api/keys/types.html#c.psa_ecc_family_t" title="psa_ecc_family_t">psa_ecc_family_t</a>;
+typedef <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-type"><span class="std std-ref">/* implementation-defined type */</span></a></em> <a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a>;
+typedef <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-type"><span class="std std-ref">/* implementation-defined type */</span></a></em> <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a>;
+typedef <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-type"><span class="std std-ref">/* implementation-defined type */</span></a></em> <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a>;
+typedef uint16_t <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_step_t" title="psa_key_derivation_step_t">psa_key_derivation_step_t</a>;
+typedef uint32_t <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a>;
+typedef uint32_t <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_lifetime_t" title="psa_key_lifetime_t">psa_key_lifetime_t</a>;
+typedef uint16_t <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>;
+typedef uint32_t <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>;
+typedef <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-type"><span class="std std-ref">/* implementation-defined type */</span></a></em> <a class="reference internal" href="../api/ops/macs.html#c.psa_mac_operation_t" title="psa_mac_operation_t">psa_mac_operation_t</a>;
+typedef int32_t <a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a>;
+#define <a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE" title="PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE">PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE</a>(ciphertext_length) \
+    <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_DECRYPT_OUTPUT_SIZE" title="PSA_AEAD_DECRYPT_OUTPUT_SIZE">PSA_AEAD_DECRYPT_OUTPUT_SIZE</a>(key_type, alg, ciphertext_length) \
+    <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE" title="PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE">PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE</a>(plaintext_length) \
+    <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_ENCRYPT_OUTPUT_SIZE" title="PSA_AEAD_ENCRYPT_OUTPUT_SIZE">PSA_AEAD_ENCRYPT_OUTPUT_SIZE</a>(key_type, alg, plaintext_length) \
+    <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_FINISH_OUTPUT_MAX_SIZE" title="PSA_AEAD_FINISH_OUTPUT_MAX_SIZE">PSA_AEAD_FINISH_OUTPUT_MAX_SIZE</a> <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_FINISH_OUTPUT_SIZE" title="PSA_AEAD_FINISH_OUTPUT_SIZE">PSA_AEAD_FINISH_OUTPUT_SIZE</a>(key_type, alg) \
+    <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_NONCE_LENGTH" title="PSA_AEAD_NONCE_LENGTH">PSA_AEAD_NONCE_LENGTH</a>(key_type, alg) <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_NONCE_MAX_SIZE" title="PSA_AEAD_NONCE_MAX_SIZE">PSA_AEAD_NONCE_MAX_SIZE</a> <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_OPERATION_INIT" title="PSA_AEAD_OPERATION_INIT">PSA_AEAD_OPERATION_INIT</a> <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_TAG_LENGTH" title="PSA_AEAD_TAG_LENGTH">PSA_AEAD_TAG_LENGTH</a>(key_type, key_bits, alg) \
+    <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_TAG_MAX_SIZE" title="PSA_AEAD_TAG_MAX_SIZE">PSA_AEAD_TAG_MAX_SIZE</a> <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE" title="PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE">PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE</a>(input_length) \
+    <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_UPDATE_OUTPUT_SIZE" title="PSA_AEAD_UPDATE_OUTPUT_SIZE">PSA_AEAD_UPDATE_OUTPUT_SIZE</a>(key_type, alg, input_length) \
+    <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE" title="PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE">PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE</a> <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_VERIFY_OUTPUT_SIZE" title="PSA_AEAD_VERIFY_OUTPUT_SIZE">PSA_AEAD_VERIFY_OUTPUT_SIZE</a>(key_type, alg) \
+    <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG" title="PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG">PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG</a>(aead_alg) \
+    <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_AEAD_WITH_SHORTENED_TAG" title="PSA_ALG_AEAD_WITH_SHORTENED_TAG">PSA_ALG_AEAD_WITH_SHORTENED_TAG</a>(aead_alg, tag_length) \
+    <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH">PSA_ALG_ANY_HASH</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x020000ff)
+#define <a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_CBC_MAC" title="PSA_ALG_CBC_MAC">PSA_ALG_CBC_MAC</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x03c00100)
+#define <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_CBC_NO_PADDING" title="PSA_ALG_CBC_NO_PADDING">PSA_ALG_CBC_NO_PADDING</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04404000)
+#define <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_CBC_PKCS7" title="PSA_ALG_CBC_PKCS7">PSA_ALG_CBC_PKCS7</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04404100)
+#define <a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_CCM" title="PSA_ALG_CCM">PSA_ALG_CCM</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x05500100)
+#define <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_CFB" title="PSA_ALG_CFB">PSA_ALG_CFB</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04c01100)
+#define <a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_CHACHA20_POLY1305" title="PSA_ALG_CHACHA20_POLY1305">PSA_ALG_CHACHA20_POLY1305</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x05100500)
+#define <a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_CMAC" title="PSA_ALG_CMAC">PSA_ALG_CMAC</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x03c00200)
+#define <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_CTR" title="PSA_ALG_CTR">PSA_ALG_CTR</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04c01000)
+#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_DETERMINISTIC_ECDSA" title="PSA_ALG_DETERMINISTIC_ECDSA">PSA_ALG_DETERMINISTIC_ECDSA</a>(hash_alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_ECB_NO_PADDING" title="PSA_ALG_ECB_NO_PADDING">PSA_ALG_ECB_NO_PADDING</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04404400)
+#define <a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_ECDH" title="PSA_ALG_ECDH">PSA_ALG_ECDH</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x09020000)
+#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA">PSA_ALG_ECDSA</a>(hash_alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_ECDSA_ANY" title="PSA_ALG_ECDSA_ANY">PSA_ALG_ECDSA_ANY</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>) 0x06000600))
+#define <a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_FFDH" title="PSA_ALG_FFDH">PSA_ALG_FFDH</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x09010000)
+#define <a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_FULL_LENGTH_MAC" title="PSA_ALG_FULL_LENGTH_MAC">PSA_ALG_FULL_LENGTH_MAC</a>(mac_alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_GCM" title="PSA_ALG_GCM">PSA_ALG_GCM</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x05500200)
+#define <a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_GET_HASH" title="PSA_ALG_GET_HASH">PSA_ALG_GET_HASH</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_HKDF" title="PSA_ALG_HKDF">PSA_ALG_HKDF</a>(hash_alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_HMAC" title="PSA_ALG_HMAC">PSA_ALG_HMAC</a>(hash_alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD">PSA_ALG_IS_AEAD</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER" title="PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER">PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_ASYMMETRIC_ENCRYPTION" title="PSA_ALG_IS_ASYMMETRIC_ENCRYPTION">PSA_ALG_IS_ASYMMETRIC_ENCRYPTION</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_IS_BLOCK_CIPHER_MAC" title="PSA_ALG_IS_BLOCK_CIPHER_MAC">PSA_ALG_IS_BLOCK_CIPHER_MAC</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER">PSA_ALG_IS_CIPHER</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_DETERMINISTIC_ECDSA" title="PSA_ALG_IS_DETERMINISTIC_ECDSA">PSA_ALG_IS_DETERMINISTIC_ECDSA</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_IS_ECDH" title="PSA_ALG_IS_ECDH">PSA_ALG_IS_ECDH</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_ECDSA" title="PSA_ALG_IS_ECDSA">PSA_ALG_IS_ECDSA</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_IS_FFDH" title="PSA_ALG_IS_FFDH">PSA_ALG_IS_FFDH</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH">PSA_ALG_IS_HASH</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_HASH_AND_SIGN" title="PSA_ALG_IS_HASH_AND_SIGN">PSA_ALG_IS_HASH_AND_SIGN</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_IS_HKDF" title="PSA_ALG_IS_HKDF">PSA_ALG_IS_HKDF</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_IS_HMAC" title="PSA_ALG_IS_HMAC">PSA_ALG_IS_HMAC</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_KEY_AGREEMENT" title="PSA_ALG_IS_KEY_AGREEMENT">PSA_ALG_IS_KEY_AGREEMENT</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_KEY_DERIVATION" title="PSA_ALG_IS_KEY_DERIVATION">PSA_ALG_IS_KEY_DERIVATION</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC">PSA_ALG_IS_MAC</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_RANDOMIZED_ECDSA" title="PSA_ALG_IS_RANDOMIZED_ECDSA">PSA_ALG_IS_RANDOMIZED_ECDSA</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_IS_RAW_KEY_AGREEMENT" title="PSA_ALG_IS_RAW_KEY_AGREEMENT">PSA_ALG_IS_RAW_KEY_AGREEMENT</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/pke.html#c.PSA_ALG_IS_RSA_OAEP" title="PSA_ALG_IS_RSA_OAEP">PSA_ALG_IS_RSA_OAEP</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_RSA_PKCS1V15_SIGN" title="PSA_ALG_IS_RSA_PKCS1V15_SIGN">PSA_ALG_IS_RSA_PKCS1V15_SIGN</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_RSA_PSS" title="PSA_ALG_IS_RSA_PSS">PSA_ALG_IS_RSA_PSS</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_SIGN" title="PSA_ALG_IS_SIGN">PSA_ALG_IS_SIGN</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_SIGN_HASH" title="PSA_ALG_IS_SIGN_HASH">PSA_ALG_IS_SIGN_HASH</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_SIGN_MESSAGE" title="PSA_ALG_IS_SIGN_MESSAGE">PSA_ALG_IS_SIGN_MESSAGE</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_IS_STREAM_CIPHER" title="PSA_ALG_IS_STREAM_CIPHER">PSA_ALG_IS_STREAM_CIPHER</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_IS_TLS12_PRF" title="PSA_ALG_IS_TLS12_PRF">PSA_ALG_IS_TLS12_PRF</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_IS_TLS12_PSK_TO_MS" title="PSA_ALG_IS_TLS12_PSK_TO_MS">PSA_ALG_IS_TLS12_PSK_TO_MS</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_WILDCARD" title="PSA_ALG_IS_WILDCARD">PSA_ALG_IS_WILDCARD</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_KEY_AGREEMENT" title="PSA_ALG_KEY_AGREEMENT">PSA_ALG_KEY_AGREEMENT</a>(ka_alg, kdf_alg) \
+    <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_KEY_AGREEMENT_GET_BASE" title="PSA_ALG_KEY_AGREEMENT_GET_BASE">PSA_ALG_KEY_AGREEMENT_GET_BASE</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_KEY_AGREEMENT_GET_KDF" title="PSA_ALG_KEY_AGREEMENT_GET_KDF">PSA_ALG_KEY_AGREEMENT_GET_KDF</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_MD2" title="PSA_ALG_MD2">PSA_ALG_MD2</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000001)
+#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_MD4" title="PSA_ALG_MD4">PSA_ALG_MD4</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000002)
+#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_MD5" title="PSA_ALG_MD5">PSA_ALG_MD5</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000003)
+#define <a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_NONE" title="PSA_ALG_NONE">PSA_ALG_NONE</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0)
+#define <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_OFB" title="PSA_ALG_OFB">PSA_ALG_OFB</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04c01200)
+#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_RIPEMD160" title="PSA_ALG_RIPEMD160">PSA_ALG_RIPEMD160</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000004)
+#define <a class="reference internal" href="../api/ops/pke.html#c.PSA_ALG_RSA_OAEP" title="PSA_ALG_RSA_OAEP">PSA_ALG_RSA_OAEP</a>(hash_alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/pke.html#c.PSA_ALG_RSA_PKCS1V15_CRYPT" title="PSA_ALG_RSA_PKCS1V15_CRYPT">PSA_ALG_RSA_PKCS1V15_CRYPT</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x07000200)
+#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_RSA_PKCS1V15_SIGN" title="PSA_ALG_RSA_PKCS1V15_SIGN">PSA_ALG_RSA_PKCS1V15_SIGN</a>(hash_alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_RSA_PKCS1V15_SIGN_RAW" title="PSA_ALG_RSA_PKCS1V15_SIGN_RAW">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>) 0x06000200))
+#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_RSA_PSS" title="PSA_ALG_RSA_PSS">PSA_ALG_RSA_PSS</a>(hash_alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA3_224" title="PSA_ALG_SHA3_224">PSA_ALG_SHA3_224</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000010)
+#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA3_256" title="PSA_ALG_SHA3_256">PSA_ALG_SHA3_256</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000011)
+#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA3_384" title="PSA_ALG_SHA3_384">PSA_ALG_SHA3_384</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000012)
+#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA3_512" title="PSA_ALG_SHA3_512">PSA_ALG_SHA3_512</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000013)
+#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_1" title="PSA_ALG_SHA_1">PSA_ALG_SHA_1</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000005)
+#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_224" title="PSA_ALG_SHA_224">PSA_ALG_SHA_224</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000008)
+#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_256" title="PSA_ALG_SHA_256">PSA_ALG_SHA_256</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000009)
+#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_384" title="PSA_ALG_SHA_384">PSA_ALG_SHA_384</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x0200000a)
+#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_512" title="PSA_ALG_SHA_512">PSA_ALG_SHA_512</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x0200000b)
+#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_512_224" title="PSA_ALG_SHA_512_224">PSA_ALG_SHA_512_224</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x0200000c)
+#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_512_256" title="PSA_ALG_SHA_512_256">PSA_ALG_SHA_512_256</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x0200000d)
+#define <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_STREAM_CIPHER" title="PSA_ALG_STREAM_CIPHER">PSA_ALG_STREAM_CIPHER</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04800100)
+#define <a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_TLS12_PRF" title="PSA_ALG_TLS12_PRF">PSA_ALG_TLS12_PRF</a>(hash_alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_TLS12_PSK_TO_MS" title="PSA_ALG_TLS12_PSK_TO_MS">PSA_ALG_TLS12_PSK_TO_MS</a>(hash_alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_TRUNCATED_MAC" title="PSA_ALG_TRUNCATED_MAC">PSA_ALG_TRUNCATED_MAC</a>(mac_alg, mac_length) \
+    <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_XTS" title="PSA_ALG_XTS">PSA_ALG_XTS</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x0440ff00)
+#define <a class="reference internal" href="../api/ops/pke.html#c.PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE" title="PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE">PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE</a> \
+    <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/pke.html#c.PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE" title="PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE">PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE</a>(key_type, key_bits, alg) \
+    <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/pke.html#c.PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE" title="PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE</a> \
+    <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/pke.html#c.PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE" title="PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE</a>(key_type, key_bits, alg) \
+    <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_BLOCK_CIPHER_BLOCK_LENGTH" title="PSA_BLOCK_CIPHER_BLOCK_LENGTH">PSA_BLOCK_CIPHER_BLOCK_LENGTH</a>(type) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE" title="PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE">PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE</a> <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE" title="PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE">PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE</a>(input_length) \
+    <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_CIPHER_DECRYPT_OUTPUT_SIZE" title="PSA_CIPHER_DECRYPT_OUTPUT_SIZE">PSA_CIPHER_DECRYPT_OUTPUT_SIZE</a>(key_type, alg, input_length) \
+    <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE" title="PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE">PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE</a>(input_length) \
+    <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_CIPHER_ENCRYPT_OUTPUT_SIZE" title="PSA_CIPHER_ENCRYPT_OUTPUT_SIZE">PSA_CIPHER_ENCRYPT_OUTPUT_SIZE</a>(key_type, alg, input_length) \
+    <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE" title="PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE">PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE</a> <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_CIPHER_FINISH_OUTPUT_SIZE" title="PSA_CIPHER_FINISH_OUTPUT_SIZE">PSA_CIPHER_FINISH_OUTPUT_SIZE</a>(key_type, alg) \
+    <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_CIPHER_IV_LENGTH" title="PSA_CIPHER_IV_LENGTH">PSA_CIPHER_IV_LENGTH</a>(key_type, alg) <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_CIPHER_IV_MAX_SIZE" title="PSA_CIPHER_IV_MAX_SIZE">PSA_CIPHER_IV_MAX_SIZE</a> <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_CIPHER_OPERATION_INIT" title="PSA_CIPHER_OPERATION_INIT">PSA_CIPHER_OPERATION_INIT</a> <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE" title="PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE">PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE</a>(input_length) \
+    <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_CIPHER_UPDATE_OUTPUT_SIZE" title="PSA_CIPHER_UPDATE_OUTPUT_SIZE">PSA_CIPHER_UPDATE_OUTPUT_SIZE</a>(key_type, alg, input_length) \
+    <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/library/library.html#c.PSA_CRYPTO_API_VERSION_MAJOR" title="PSA_CRYPTO_API_VERSION_MAJOR">PSA_CRYPTO_API_VERSION_MAJOR</a> 1
+#define <a class="reference internal" href="../api/library/library.html#c.PSA_CRYPTO_API_VERSION_MINOR" title="PSA_CRYPTO_API_VERSION_MINOR">PSA_CRYPTO_API_VERSION_MINOR</a> 0
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_DH_FAMILY_RFC7919" title="PSA_DH_FAMILY_RFC7919">PSA_DH_FAMILY_RFC7919</a> ((<a class="reference internal" href="../api/keys/types.html#c.psa_dh_family_t" title="psa_dh_family_t">psa_dh_family_t</a>) 0x03)
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_ECC_FAMILY_BRAINPOOL_P_R1" title="PSA_ECC_FAMILY_BRAINPOOL_P_R1">PSA_ECC_FAMILY_BRAINPOOL_P_R1</a> ((<a class="reference internal" href="../api/keys/types.html#c.psa_ecc_family_t" title="psa_ecc_family_t">psa_ecc_family_t</a>) 0x30)
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_ECC_FAMILY_FRP" title="PSA_ECC_FAMILY_FRP">PSA_ECC_FAMILY_FRP</a> ((<a class="reference internal" href="../api/keys/types.html#c.psa_ecc_family_t" title="psa_ecc_family_t">psa_ecc_family_t</a>) 0x33)
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_ECC_FAMILY_MONTGOMERY" title="PSA_ECC_FAMILY_MONTGOMERY">PSA_ECC_FAMILY_MONTGOMERY</a> ((<a class="reference internal" href="../api/keys/types.html#c.psa_ecc_family_t" title="psa_ecc_family_t">psa_ecc_family_t</a>) 0x41)
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_ECC_FAMILY_SECP_K1" title="PSA_ECC_FAMILY_SECP_K1">PSA_ECC_FAMILY_SECP_K1</a> ((<a class="reference internal" href="../api/keys/types.html#c.psa_ecc_family_t" title="psa_ecc_family_t">psa_ecc_family_t</a>) 0x17)
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_ECC_FAMILY_SECP_R1" title="PSA_ECC_FAMILY_SECP_R1">PSA_ECC_FAMILY_SECP_R1</a> ((<a class="reference internal" href="../api/keys/types.html#c.psa_ecc_family_t" title="psa_ecc_family_t">psa_ecc_family_t</a>) 0x12)
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_ECC_FAMILY_SECP_R2" title="PSA_ECC_FAMILY_SECP_R2">PSA_ECC_FAMILY_SECP_R2</a> ((<a class="reference internal" href="../api/keys/types.html#c.psa_ecc_family_t" title="psa_ecc_family_t">psa_ecc_family_t</a>) 0x1b)
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_ECC_FAMILY_SECT_K1" title="PSA_ECC_FAMILY_SECT_K1">PSA_ECC_FAMILY_SECT_K1</a> ((<a class="reference internal" href="../api/keys/types.html#c.psa_ecc_family_t" title="psa_ecc_family_t">psa_ecc_family_t</a>) 0x27)
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_ECC_FAMILY_SECT_R1" title="PSA_ECC_FAMILY_SECT_R1">PSA_ECC_FAMILY_SECT_R1</a> ((<a class="reference internal" href="../api/keys/types.html#c.psa_ecc_family_t" title="psa_ecc_family_t">psa_ecc_family_t</a>) 0x22)
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_ECC_FAMILY_SECT_R2" title="PSA_ECC_FAMILY_SECT_R2">PSA_ECC_FAMILY_SECT_R2</a> ((<a class="reference internal" href="../api/keys/types.html#c.psa_ecc_family_t" title="psa_ecc_family_t">psa_ecc_family_t</a>) 0x2b)
+#define <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_ALREADY_EXISTS" title="PSA_ERROR_ALREADY_EXISTS">PSA_ERROR_ALREADY_EXISTS</a> ((<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-139)
+#define <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE">PSA_ERROR_BAD_STATE</a> ((<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-137)
+#define <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL">PSA_ERROR_BUFFER_TOO_SMALL</a> ((<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-138)
+#define <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE">PSA_ERROR_COMMUNICATION_FAILURE</a> ((<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-145)
+#define <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED">PSA_ERROR_CORRUPTION_DETECTED</a> ((<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-151)
+#define <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT">PSA_ERROR_DATA_CORRUPT</a> ((<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-152)
+#define <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID">PSA_ERROR_DATA_INVALID</a> ((<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-153)
+#define <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_DOES_NOT_EXIST" title="PSA_ERROR_DOES_NOT_EXIST">PSA_ERROR_DOES_NOT_EXIST</a> ((<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-140)
+#define <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_GENERIC_ERROR" title="PSA_ERROR_GENERIC_ERROR">PSA_ERROR_GENERIC_ERROR</a> ((<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-132)
+#define <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE">PSA_ERROR_HARDWARE_FAILURE</a> ((<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-147)
+#define <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_INSUFFICIENT_DATA" title="PSA_ERROR_INSUFFICIENT_DATA">PSA_ERROR_INSUFFICIENT_DATA</a> ((<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-143)
+#define <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_INSUFFICIENT_ENTROPY" title="PSA_ERROR_INSUFFICIENT_ENTROPY">PSA_ERROR_INSUFFICIENT_ENTROPY</a> ((<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-148)
+#define <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY">PSA_ERROR_INSUFFICIENT_MEMORY</a> ((<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-141)
+#define <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_INSUFFICIENT_STORAGE" title="PSA_ERROR_INSUFFICIENT_STORAGE">PSA_ERROR_INSUFFICIENT_STORAGE</a> ((<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-142)
+#define <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT">PSA_ERROR_INVALID_ARGUMENT</a> ((<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-135)
+#define <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE">PSA_ERROR_INVALID_HANDLE</a> ((<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-136)
+#define <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_INVALID_PADDING" title="PSA_ERROR_INVALID_PADDING">PSA_ERROR_INVALID_PADDING</a> ((<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-150)
+#define <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE">PSA_ERROR_INVALID_SIGNATURE</a> ((<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-149)
+#define <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED">PSA_ERROR_NOT_PERMITTED</a> ((<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-133)
+#define <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED">PSA_ERROR_NOT_SUPPORTED</a> ((<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-134)
+#define <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE">PSA_ERROR_STORAGE_FAILURE</a> ((<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-146)
+#define <a class="reference internal" href="../api/keys/management.html#c.PSA_EXPORT_KEY_OUTPUT_SIZE" title="PSA_EXPORT_KEY_OUTPUT_SIZE">PSA_EXPORT_KEY_OUTPUT_SIZE</a>(key_type, key_bits) \
+    <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/keys/management.html#c.PSA_EXPORT_KEY_PAIR_MAX_SIZE" title="PSA_EXPORT_KEY_PAIR_MAX_SIZE">PSA_EXPORT_KEY_PAIR_MAX_SIZE</a> <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/keys/management.html#c.PSA_EXPORT_PUBLIC_KEY_MAX_SIZE" title="PSA_EXPORT_PUBLIC_KEY_MAX_SIZE">PSA_EXPORT_PUBLIC_KEY_MAX_SIZE</a> <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/keys/management.html#c.PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE" title="PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE">PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE</a>(key_type, key_bits) \
+    <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_BLOCK_LENGTH" title="PSA_HASH_BLOCK_LENGTH">PSA_HASH_BLOCK_LENGTH</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_LENGTH" title="PSA_HASH_LENGTH">PSA_HASH_LENGTH</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_MAX_SIZE" title="PSA_HASH_MAX_SIZE">PSA_HASH_MAX_SIZE</a> <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_OPERATION_INIT" title="PSA_HASH_OPERATION_INIT">PSA_HASH_OPERATION_INIT</a> <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH" title="PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH">PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH</a> ((size_t)4)
+#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH" title="PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH">PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH</a>(alg) \
+    <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH" title="PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH">PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH</a>(alg) \
+    <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE" title="PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE">PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE</a> <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_SUSPEND_OUTPUT_SIZE" title="PSA_HASH_SUSPEND_OUTPUT_SIZE">PSA_HASH_SUSPEND_OUTPUT_SIZE</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/keys/attributes.html#c.PSA_KEY_ATTRIBUTES_INIT" title="PSA_KEY_ATTRIBUTES_INIT">PSA_KEY_ATTRIBUTES_INIT</a> <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/kdf.html#c.PSA_KEY_DERIVATION_INPUT_CONTEXT" title="PSA_KEY_DERIVATION_INPUT_CONTEXT">PSA_KEY_DERIVATION_INPUT_CONTEXT</a> <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/kdf.html#c.PSA_KEY_DERIVATION_INPUT_INFO" title="PSA_KEY_DERIVATION_INPUT_INFO">PSA_KEY_DERIVATION_INPUT_INFO</a> <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/kdf.html#c.PSA_KEY_DERIVATION_INPUT_LABEL" title="PSA_KEY_DERIVATION_INPUT_LABEL">PSA_KEY_DERIVATION_INPUT_LABEL</a> <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/kdf.html#c.PSA_KEY_DERIVATION_INPUT_SALT" title="PSA_KEY_DERIVATION_INPUT_SALT">PSA_KEY_DERIVATION_INPUT_SALT</a> <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/kdf.html#c.PSA_KEY_DERIVATION_INPUT_SECRET" title="PSA_KEY_DERIVATION_INPUT_SECRET">PSA_KEY_DERIVATION_INPUT_SECRET</a> <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/kdf.html#c.PSA_KEY_DERIVATION_INPUT_SEED" title="PSA_KEY_DERIVATION_INPUT_SEED">PSA_KEY_DERIVATION_INPUT_SEED</a> <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/kdf.html#c.PSA_KEY_DERIVATION_OPERATION_INIT" title="PSA_KEY_DERIVATION_OPERATION_INIT">PSA_KEY_DERIVATION_OPERATION_INIT</a> <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/kdf.html#c.PSA_KEY_DERIVATION_UNLIMITED_CAPACITY" title="PSA_KEY_DERIVATION_UNLIMITED_CAPACITY">PSA_KEY_DERIVATION_UNLIMITED_CAPACITY</a> \
+    <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/keys/locations.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL">PSA_KEY_ID_NULL</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a>)0)
+#define <a class="reference internal" href="../api/keys/locations.html#c.PSA_KEY_ID_USER_MAX" title="PSA_KEY_ID_USER_MAX">PSA_KEY_ID_USER_MAX</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a>)0x3fffffff)
+#define <a class="reference internal" href="../api/keys/locations.html#c.PSA_KEY_ID_USER_MIN" title="PSA_KEY_ID_USER_MIN">PSA_KEY_ID_USER_MIN</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a>)0x00000001)
+#define <a class="reference internal" href="../api/keys/locations.html#c.PSA_KEY_ID_VENDOR_MAX" title="PSA_KEY_ID_VENDOR_MAX">PSA_KEY_ID_VENDOR_MAX</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a>)0x7fffffff)
+#define <a class="reference internal" href="../api/keys/locations.html#c.PSA_KEY_ID_VENDOR_MIN" title="PSA_KEY_ID_VENDOR_MIN">PSA_KEY_ID_VENDOR_MIN</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a>)0x40000000)
+#define <a class="reference internal" href="../api/keys/locations.html#c.PSA_KEY_LIFETIME_PERSISTENT" title="PSA_KEY_LIFETIME_PERSISTENT">PSA_KEY_LIFETIME_PERSISTENT</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_lifetime_t" title="psa_key_lifetime_t">psa_key_lifetime_t</a>)0x00000001)
+#define <a class="reference internal" href="../api/keys/locations.html#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE">PSA_KEY_LIFETIME_VOLATILE</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_lifetime_t" title="psa_key_lifetime_t">psa_key_lifetime_t</a>)0x00000000)
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_AES" title="PSA_KEY_TYPE_AES">PSA_KEY_TYPE_AES</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x2400)
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_ARC4" title="PSA_KEY_TYPE_ARC4">PSA_KEY_TYPE_ARC4</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x2002)
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_CAMELLIA" title="PSA_KEY_TYPE_CAMELLIA">PSA_KEY_TYPE_CAMELLIA</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x2403)
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_CHACHA20" title="PSA_KEY_TYPE_CHACHA20">PSA_KEY_TYPE_CHACHA20</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x2004)
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_DERIVE" title="PSA_KEY_TYPE_DERIVE">PSA_KEY_TYPE_DERIVE</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x1200)
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_DES" title="PSA_KEY_TYPE_DES">PSA_KEY_TYPE_DES</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x2301)
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_DH_GET_FAMILY" title="PSA_KEY_TYPE_DH_GET_FAMILY">PSA_KEY_TYPE_DH_GET_FAMILY</a>(type) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_DH_KEY_PAIR" title="PSA_KEY_TYPE_DH_KEY_PAIR">PSA_KEY_TYPE_DH_KEY_PAIR</a>(group) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_DH_PUBLIC_KEY" title="PSA_KEY_TYPE_DH_PUBLIC_KEY">PSA_KEY_TYPE_DH_PUBLIC_KEY</a>(group) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_ECC_GET_FAMILY" title="PSA_KEY_TYPE_ECC_GET_FAMILY">PSA_KEY_TYPE_ECC_GET_FAMILY</a>(type) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_ECC_KEY_PAIR" title="PSA_KEY_TYPE_ECC_KEY_PAIR">PSA_KEY_TYPE_ECC_KEY_PAIR</a>(curve) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_ECC_PUBLIC_KEY" title="PSA_KEY_TYPE_ECC_PUBLIC_KEY">PSA_KEY_TYPE_ECC_PUBLIC_KEY</a>(curve) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_HMAC" title="PSA_KEY_TYPE_HMAC">PSA_KEY_TYPE_HMAC</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x1100)
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_ASYMMETRIC" title="PSA_KEY_TYPE_IS_ASYMMETRIC">PSA_KEY_TYPE_IS_ASYMMETRIC</a>(type) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_DH" title="PSA_KEY_TYPE_IS_DH">PSA_KEY_TYPE_IS_DH</a>(type) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_DH_KEY_PAIR" title="PSA_KEY_TYPE_IS_DH_KEY_PAIR">PSA_KEY_TYPE_IS_DH_KEY_PAIR</a>(type) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_DH_PUBLIC_KEY" title="PSA_KEY_TYPE_IS_DH_PUBLIC_KEY">PSA_KEY_TYPE_IS_DH_PUBLIC_KEY</a>(type) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_ECC" title="PSA_KEY_TYPE_IS_ECC">PSA_KEY_TYPE_IS_ECC</a>(type) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_ECC_KEY_PAIR" title="PSA_KEY_TYPE_IS_ECC_KEY_PAIR">PSA_KEY_TYPE_IS_ECC_KEY_PAIR</a>(type) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY" title="PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY">PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY</a>(type) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_KEY_PAIR" title="PSA_KEY_TYPE_IS_KEY_PAIR">PSA_KEY_TYPE_IS_KEY_PAIR</a>(type) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_PUBLIC_KEY" title="PSA_KEY_TYPE_IS_PUBLIC_KEY">PSA_KEY_TYPE_IS_PUBLIC_KEY</a>(type) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_RSA" title="PSA_KEY_TYPE_IS_RSA">PSA_KEY_TYPE_IS_RSA</a>(type) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_UNSTRUCTURED" title="PSA_KEY_TYPE_IS_UNSTRUCTURED">PSA_KEY_TYPE_IS_UNSTRUCTURED</a>(type) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY" title="PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY">PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY</a>(type) \
+    <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_NONE" title="PSA_KEY_TYPE_NONE">PSA_KEY_TYPE_NONE</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x0000)
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR" title="PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR</a>(type) \
+    <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_RAW_DATA" title="PSA_KEY_TYPE_RAW_DATA">PSA_KEY_TYPE_RAW_DATA</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x1001)
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_RSA_KEY_PAIR" title="PSA_KEY_TYPE_RSA_KEY_PAIR">PSA_KEY_TYPE_RSA_KEY_PAIR</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x7001)
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_RSA_PUBLIC_KEY" title="PSA_KEY_TYPE_RSA_PUBLIC_KEY">PSA_KEY_TYPE_RSA_PUBLIC_KEY</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x4001)
+#define <a class="reference internal" href="../api/keys/usage.html#c.PSA_KEY_USAGE_CACHE" title="PSA_KEY_USAGE_CACHE">PSA_KEY_USAGE_CACHE</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000004)
+#define <a class="reference internal" href="../api/keys/usage.html#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY">PSA_KEY_USAGE_COPY</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000002)
+#define <a class="reference internal" href="../api/keys/usage.html#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT">PSA_KEY_USAGE_DECRYPT</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000200)
+#define <a class="reference internal" href="../api/keys/usage.html#c.PSA_KEY_USAGE_DERIVE" title="PSA_KEY_USAGE_DERIVE">PSA_KEY_USAGE_DERIVE</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00004000)
+#define <a class="reference internal" href="../api/keys/usage.html#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT">PSA_KEY_USAGE_ENCRYPT</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000100)
+#define <a class="reference internal" href="../api/keys/usage.html#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT">PSA_KEY_USAGE_EXPORT</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000001)
+#define <a class="reference internal" href="../api/keys/usage.html#c.PSA_KEY_USAGE_SIGN_HASH" title="PSA_KEY_USAGE_SIGN_HASH">PSA_KEY_USAGE_SIGN_HASH</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00001000)
+#define <a class="reference internal" href="../api/keys/usage.html#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE">PSA_KEY_USAGE_SIGN_MESSAGE</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000400)
+#define <a class="reference internal" href="../api/keys/usage.html#c.PSA_KEY_USAGE_VERIFY_HASH" title="PSA_KEY_USAGE_VERIFY_HASH">PSA_KEY_USAGE_VERIFY_HASH</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00002000)
+#define <a class="reference internal" href="../api/keys/usage.html#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE">PSA_KEY_USAGE_VERIFY_MESSAGE</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000800)
+#define <a class="reference internal" href="../api/ops/macs.html#c.PSA_MAC_LENGTH" title="PSA_MAC_LENGTH">PSA_MAC_LENGTH</a>(key_type, key_bits, alg) \
+    <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/macs.html#c.PSA_MAC_MAX_SIZE" title="PSA_MAC_MAX_SIZE">PSA_MAC_MAX_SIZE</a> <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/macs.html#c.PSA_MAC_OPERATION_INIT" title="PSA_MAC_OPERATION_INIT">PSA_MAC_OPERATION_INIT</a> <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/ka.html#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE" title="PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE">PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE</a> \
+    <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/ka.html#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE" title="PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE">PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE</a>(key_type, key_bits) \
+    <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_SIGNATURE_MAX_SIZE" title="PSA_SIGNATURE_MAX_SIZE">PSA_SIGNATURE_MAX_SIZE</a> <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_SIGN_OUTPUT_SIZE" title="PSA_SIGN_OUTPUT_SIZE">PSA_SIGN_OUTPUT_SIZE</a>(key_type, key_bits, alg) \
+    <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS">PSA_SUCCESS</a> ((<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a>)0)
+#define <a class="reference internal" href="../api/ops/kdf.html#c.PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE" title="PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE">PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE</a> <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/aead.html#c.psa_aead_abort" title="psa_aead_abort">psa_aead_abort</a>(<a class="reference internal" href="../api/ops/aead.html#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> * operation);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/aead.html#c.psa_aead_decrypt" title="psa_aead_decrypt">psa_aead_decrypt</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+                              <a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+                              const uint8_t * nonce,
+                              size_t nonce_length,
+                              const uint8_t * additional_data,
+                              size_t additional_data_length,
+                              const uint8_t * ciphertext,
+                              size_t ciphertext_length,
+                              uint8_t * plaintext,
+                              size_t plaintext_size,
+                              size_t * plaintext_length);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/aead.html#c.psa_aead_decrypt_setup" title="psa_aead_decrypt_setup">psa_aead_decrypt_setup</a>(<a class="reference internal" href="../api/ops/aead.html#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> * operation,
+                                    <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+                                    <a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/aead.html#c.psa_aead_encrypt" title="psa_aead_encrypt">psa_aead_encrypt</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+                              <a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+                              const uint8_t * nonce,
+                              size_t nonce_length,
+                              const uint8_t * additional_data,
+                              size_t additional_data_length,
+                              const uint8_t * plaintext,
+                              size_t plaintext_length,
+                              uint8_t * ciphertext,
+                              size_t ciphertext_size,
+                              size_t * ciphertext_length);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/aead.html#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup">psa_aead_encrypt_setup</a>(<a class="reference internal" href="../api/ops/aead.html#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> * operation,
+                                    <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+                                    <a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/aead.html#c.psa_aead_finish" title="psa_aead_finish">psa_aead_finish</a>(<a class="reference internal" href="../api/ops/aead.html#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> * operation,
+                             uint8_t * ciphertext,
+                             size_t ciphertext_size,
+                             size_t * ciphertext_length,
+                             uint8_t * tag,
+                             size_t tag_size,
+                             size_t * tag_length);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/aead.html#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce">psa_aead_generate_nonce</a>(<a class="reference internal" href="../api/ops/aead.html#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> * operation,
+                                     uint8_t * nonce,
+                                     size_t nonce_size,
+                                     size_t * nonce_length);
+<a class="reference internal" href="../api/ops/aead.html#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> <a class="reference internal" href="../api/ops/aead.html#c.psa_aead_operation_init" title="psa_aead_operation_init">psa_aead_operation_init</a>(void);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/aead.html#c.psa_aead_set_lengths" title="psa_aead_set_lengths">psa_aead_set_lengths</a>(<a class="reference internal" href="../api/ops/aead.html#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> * operation,
+                                  size_t ad_length,
+                                  size_t plaintext_length);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/aead.html#c.psa_aead_set_nonce" title="psa_aead_set_nonce">psa_aead_set_nonce</a>(<a class="reference internal" href="../api/ops/aead.html#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> * operation,
+                                const uint8_t * nonce,
+                                size_t nonce_length);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/aead.html#c.psa_aead_update" title="psa_aead_update">psa_aead_update</a>(<a class="reference internal" href="../api/ops/aead.html#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> * operation,
+                             const uint8_t * input,
+                             size_t input_length,
+                             uint8_t * output,
+                             size_t output_size,
+                             size_t * output_length);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/aead.html#c.psa_aead_update_ad" title="psa_aead_update_ad">psa_aead_update_ad</a>(<a class="reference internal" href="../api/ops/aead.html#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> * operation,
+                                const uint8_t * input,
+                                size_t input_length);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/aead.html#c.psa_aead_verify" title="psa_aead_verify">psa_aead_verify</a>(<a class="reference internal" href="../api/ops/aead.html#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> * operation,
+                             uint8_t * plaintext,
+                             size_t plaintext_size,
+                             size_t * plaintext_length,
+                             const uint8_t * tag,
+                             size_t tag_length);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/pke.html#c.psa_asymmetric_decrypt" title="psa_asymmetric_decrypt">psa_asymmetric_decrypt</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+                                    <a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+                                    const uint8_t * input,
+                                    size_t input_length,
+                                    const uint8_t * salt,
+                                    size_t salt_length,
+                                    uint8_t * output,
+                                    size_t output_size,
+                                    size_t * output_length);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/pke.html#c.psa_asymmetric_encrypt" title="psa_asymmetric_encrypt">psa_asymmetric_encrypt</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+                                    <a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+                                    const uint8_t * input,
+                                    size_t input_length,
+                                    const uint8_t * salt,
+                                    size_t salt_length,
+                                    uint8_t * output,
+                                    size_t output_size,
+                                    size_t * output_length);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_abort" title="psa_cipher_abort">psa_cipher_abort</a>(<a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_operation_t" title="psa_cipher_operation_t">psa_cipher_operation_t</a> * operation);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_decrypt" title="psa_cipher_decrypt">psa_cipher_decrypt</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+                                <a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+                                const uint8_t * input,
+                                size_t input_length,
+                                uint8_t * output,
+                                size_t output_size,
+                                size_t * output_length);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_decrypt_setup" title="psa_cipher_decrypt_setup">psa_cipher_decrypt_setup</a>(<a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_operation_t" title="psa_cipher_operation_t">psa_cipher_operation_t</a> * operation,
+                                      <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+                                      <a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_encrypt" title="psa_cipher_encrypt">psa_cipher_encrypt</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+                                <a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+                                const uint8_t * input,
+                                size_t input_length,
+                                uint8_t * output,
+                                size_t output_size,
+                                size_t * output_length);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_encrypt_setup" title="psa_cipher_encrypt_setup">psa_cipher_encrypt_setup</a>(<a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_operation_t" title="psa_cipher_operation_t">psa_cipher_operation_t</a> * operation,
+                                      <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+                                      <a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_finish" title="psa_cipher_finish">psa_cipher_finish</a>(<a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_operation_t" title="psa_cipher_operation_t">psa_cipher_operation_t</a> * operation,
+                               uint8_t * output,
+                               size_t output_size,
+                               size_t * output_length);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_generate_iv" title="psa_cipher_generate_iv">psa_cipher_generate_iv</a>(<a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_operation_t" title="psa_cipher_operation_t">psa_cipher_operation_t</a> * operation,
+                                    uint8_t * iv,
+                                    size_t iv_size,
+                                    size_t * iv_length);
+<a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_operation_t" title="psa_cipher_operation_t">psa_cipher_operation_t</a> <a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_operation_init" title="psa_cipher_operation_init">psa_cipher_operation_init</a>(void);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_set_iv" title="psa_cipher_set_iv">psa_cipher_set_iv</a>(<a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_operation_t" title="psa_cipher_operation_t">psa_cipher_operation_t</a> * operation,
+                               const uint8_t * iv,
+                               size_t iv_length);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_update" title="psa_cipher_update">psa_cipher_update</a>(<a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_operation_t" title="psa_cipher_operation_t">psa_cipher_operation_t</a> * operation,
+                               const uint8_t * input,
+                               size_t input_length,
+                               uint8_t * output,
+                               size_t output_size,
+                               size_t * output_length);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/keys/management.html#c.psa_copy_key" title="psa_copy_key">psa_copy_key</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> source_key,
+                          const <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
+                          <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> * target_key);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/library/library.html#c.psa_crypto_init" title="psa_crypto_init">psa_crypto_init</a>(void);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/keys/management.html#c.psa_destroy_key" title="psa_destroy_key">psa_destroy_key</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/keys/management.html#c.psa_export_key" title="psa_export_key">psa_export_key</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+                            uint8_t * data,
+                            size_t data_size,
+                            size_t * data_length);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/keys/management.html#c.psa_export_public_key" title="psa_export_public_key">psa_export_public_key</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+                                   uint8_t * data,
+                                   size_t data_size,
+                                   size_t * data_length);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/keys/management.html#c.psa_generate_key" title="psa_generate_key">psa_generate_key</a>(const <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
+                              <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> * key);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/rng.html#c.psa_generate_random" title="psa_generate_random">psa_generate_random</a>(uint8_t * output,
+                                 size_t output_size);
+<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> <a class="reference internal" href="../api/keys/algorithms.html#c.psa_get_key_algorithm" title="psa_get_key_algorithm">psa_get_key_algorithm</a>(const <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/keys/attributes.html#c.psa_get_key_attributes" title="psa_get_key_attributes">psa_get_key_attributes</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+                                    <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
+size_t <a class="reference internal" href="../api/keys/types.html#c.psa_get_key_bits" title="psa_get_key_bits">psa_get_key_bits</a>(const <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
+<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> <a class="reference internal" href="../api/keys/locations.html#c.psa_get_key_id" title="psa_get_key_id">psa_get_key_id</a>(const <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
+<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_lifetime_t" title="psa_key_lifetime_t">psa_key_lifetime_t</a> <a class="reference internal" href="../api/keys/locations.html#c.psa_get_key_lifetime" title="psa_get_key_lifetime">psa_get_key_lifetime</a>(const <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
+<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a> <a class="reference internal" href="../api/keys/types.html#c.psa_get_key_type" title="psa_get_key_type">psa_get_key_type</a>(const <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
+<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a> <a class="reference internal" href="../api/keys/usage.html#c.psa_get_key_usage_flags" title="psa_get_key_usage_flags">psa_get_key_usage_flags</a>(const <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_abort" title="psa_hash_abort">psa_hash_abort</a>(<a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a> * operation);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_clone" title="psa_hash_clone">psa_hash_clone</a>(const <a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a> * source_operation,
+                            <a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a> * target_operation);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_compare" title="psa_hash_compare">psa_hash_compare</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+                              const uint8_t * input,
+                              size_t input_length,
+                              const uint8_t * hash,
+                              size_t hash_length);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_compute" title="psa_hash_compute">psa_hash_compute</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+                              const uint8_t * input,
+                              size_t input_length,
+                              uint8_t * hash,
+                              size_t hash_size,
+                              size_t * hash_length);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_finish" title="psa_hash_finish">psa_hash_finish</a>(<a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a> * operation,
+                             uint8_t * hash,
+                             size_t hash_size,
+                             size_t * hash_length);
+<a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a> <a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_operation_init" title="psa_hash_operation_init">psa_hash_operation_init</a>(void);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_resume" title="psa_hash_resume">psa_hash_resume</a>(<a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a> * operation,
+                             const uint8_t * hash_state,
+                             size_t hash_state_length);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_setup" title="psa_hash_setup">psa_hash_setup</a>(<a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a> * operation,
+                            <a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_suspend" title="psa_hash_suspend">psa_hash_suspend</a>(<a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a> * operation,
+                              uint8_t * hash_state,
+                              size_t hash_state_size,
+                              size_t * hash_state_length);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_update" title="psa_hash_update">psa_hash_update</a>(<a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a> * operation,
+                             const uint8_t * input,
+                             size_t input_length);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_verify" title="psa_hash_verify">psa_hash_verify</a>(<a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a> * operation,
+                             const uint8_t * hash,
+                             size_t hash_length);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/keys/management.html#c.psa_import_key" title="psa_import_key">psa_import_key</a>(const <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
+                            const uint8_t * data,
+                            size_t data_length,
+                            <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> * key);
+<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_init" title="psa_key_attributes_init">psa_key_attributes_init</a>(void);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_abort" title="psa_key_derivation_abort">psa_key_derivation_abort</a>(<a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> * operation);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_get_capacity" title="psa_key_derivation_get_capacity">psa_key_derivation_get_capacity</a>(const <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> * operation,
+                                             size_t * capacity);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_input_bytes" title="psa_key_derivation_input_bytes">psa_key_derivation_input_bytes</a>(<a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> * operation,
+                                            <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_step_t" title="psa_key_derivation_step_t">psa_key_derivation_step_t</a> step,
+                                            const uint8_t * data,
+                                            size_t data_length);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_input_key" title="psa_key_derivation_input_key">psa_key_derivation_input_key</a>(<a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> * operation,
+                                          <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_step_t" title="psa_key_derivation_step_t">psa_key_derivation_step_t</a> step,
+                                          <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/ka.html#c.psa_key_derivation_key_agreement" title="psa_key_derivation_key_agreement">psa_key_derivation_key_agreement</a>(<a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> * operation,
+                                              <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_step_t" title="psa_key_derivation_step_t">psa_key_derivation_step_t</a> step,
+                                              <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> private_key,
+                                              const uint8_t * peer_key,
+                                              size_t peer_key_length);
+<a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_operation_init" title="psa_key_derivation_operation_init">psa_key_derivation_operation_init</a>(void);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_output_bytes" title="psa_key_derivation_output_bytes">psa_key_derivation_output_bytes</a>(<a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> * operation,
+                                             uint8_t * output,
+                                             size_t output_length);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key">psa_key_derivation_output_key</a>(const <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
+                                           <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> * operation,
+                                           <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> * key);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_set_capacity" title="psa_key_derivation_set_capacity">psa_key_derivation_set_capacity</a>(<a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> * operation,
+                                             size_t capacity);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_setup" title="psa_key_derivation_setup">psa_key_derivation_setup</a>(<a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> * operation,
+                                      <a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/macs.html#c.psa_mac_abort" title="psa_mac_abort">psa_mac_abort</a>(<a class="reference internal" href="../api/ops/macs.html#c.psa_mac_operation_t" title="psa_mac_operation_t">psa_mac_operation_t</a> * operation);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/macs.html#c.psa_mac_compute" title="psa_mac_compute">psa_mac_compute</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+                             <a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+                             const uint8_t * input,
+                             size_t input_length,
+                             uint8_t * mac,
+                             size_t mac_size,
+                             size_t * mac_length);
+<a class="reference internal" href="../api/ops/macs.html#c.psa_mac_operation_t" title="psa_mac_operation_t">psa_mac_operation_t</a> <a class="reference internal" href="../api/ops/macs.html#c.psa_mac_operation_init" title="psa_mac_operation_init">psa_mac_operation_init</a>(void);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/macs.html#c.psa_mac_sign_finish" title="psa_mac_sign_finish">psa_mac_sign_finish</a>(<a class="reference internal" href="../api/ops/macs.html#c.psa_mac_operation_t" title="psa_mac_operation_t">psa_mac_operation_t</a> * operation,
+                                 uint8_t * mac,
+                                 size_t mac_size,
+                                 size_t * mac_length);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/macs.html#c.psa_mac_sign_setup" title="psa_mac_sign_setup">psa_mac_sign_setup</a>(<a class="reference internal" href="../api/ops/macs.html#c.psa_mac_operation_t" title="psa_mac_operation_t">psa_mac_operation_t</a> * operation,
+                                <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+                                <a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/macs.html#c.psa_mac_update" title="psa_mac_update">psa_mac_update</a>(<a class="reference internal" href="../api/ops/macs.html#c.psa_mac_operation_t" title="psa_mac_operation_t">psa_mac_operation_t</a> * operation,
+                            const uint8_t * input,
+                            size_t input_length);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/macs.html#c.psa_mac_verify" title="psa_mac_verify">psa_mac_verify</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+                            <a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+                            const uint8_t * input,
+                            size_t input_length,
+                            const uint8_t * mac,
+                            size_t mac_length);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/macs.html#c.psa_mac_verify_finish" title="psa_mac_verify_finish">psa_mac_verify_finish</a>(<a class="reference internal" href="../api/ops/macs.html#c.psa_mac_operation_t" title="psa_mac_operation_t">psa_mac_operation_t</a> * operation,
+                                   const uint8_t * mac,
+                                   size_t mac_length);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/macs.html#c.psa_mac_verify_setup" title="psa_mac_verify_setup">psa_mac_verify_setup</a>(<a class="reference internal" href="../api/ops/macs.html#c.psa_mac_operation_t" title="psa_mac_operation_t">psa_mac_operation_t</a> * operation,
+                                  <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+                                  <a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/keys/management.html#c.psa_purge_key" title="psa_purge_key">psa_purge_key</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/ka.html#c.psa_raw_key_agreement" title="psa_raw_key_agreement">psa_raw_key_agreement</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+                                   <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> private_key,
+                                   const uint8_t * peer_key,
+                                   size_t peer_key_length,
+                                   uint8_t * output,
+                                   size_t output_size,
+                                   size_t * output_length);
+void <a class="reference internal" href="../api/keys/attributes.html#c.psa_reset_key_attributes" title="psa_reset_key_attributes">psa_reset_key_attributes</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
+void <a class="reference internal" href="../api/keys/algorithms.html#c.psa_set_key_algorithm" title="psa_set_key_algorithm">psa_set_key_algorithm</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
+                           <a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
+void <a class="reference internal" href="../api/keys/types.html#c.psa_set_key_bits" title="psa_set_key_bits">psa_set_key_bits</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
+                      size_t bits);
+void <a class="reference internal" href="../api/keys/locations.html#c.psa_set_key_id" title="psa_set_key_id">psa_set_key_id</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
+                    <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> id);
+void <a class="reference internal" href="../api/keys/locations.html#c.psa_set_key_lifetime" title="psa_set_key_lifetime">psa_set_key_lifetime</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
+                          <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_lifetime_t" title="psa_key_lifetime_t">psa_key_lifetime_t</a> lifetime);
+void <a class="reference internal" href="../api/keys/types.html#c.psa_set_key_type" title="psa_set_key_type">psa_set_key_type</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
+                      <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a> type);
+void <a class="reference internal" href="../api/keys/usage.html#c.psa_set_key_usage_flags" title="psa_set_key_usage_flags">psa_set_key_usage_flags</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
+                             <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a> usage_flags);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/sign.html#c.psa_sign_hash" title="psa_sign_hash">psa_sign_hash</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+                           <a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+                           const uint8_t * hash,
+                           size_t hash_length,
+                           uint8_t * signature,
+                           size_t signature_size,
+                           size_t * signature_length);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/sign.html#c.psa_sign_message" title="psa_sign_message">psa_sign_message</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+                              <a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+                              const uint8_t * input,
+                              size_t input_length,
+                              uint8_t * signature,
+                              size_t signature_size,
+                              size_t * signature_length);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/sign.html#c.psa_verify_hash" title="psa_verify_hash">psa_verify_hash</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+                             <a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+                             const uint8_t * hash,
+                             size_t hash_length,
+                             const uint8_t * signature,
+                             size_t signature_length);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/sign.html#c.psa_verify_message" title="psa_verify_message">psa_verify_message</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+                                <a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+                                const uint8_t * input,
+                                size_t input_length,
+                                const uint8_t * signature,
+                                size_t signature_length);
+
+</pre>
+</div>
+</div>
+
+
+          </div>
+        </div>
+      </div>
+      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
+        <div class="sphinxsidebarwrapper">
+  <h3><a href="../index.html">Table Of Contents</a></h3>
+  <ul>
+<li><a class="reference internal" href="#">Example header file</a><ul>
+<li><a class="reference internal" href="#psa-crypto-h">psa/crypto.h</a></li>
+</ul>
+</li>
+</ul>
+<div class="relations">
+<h3>Related Topics</h3>
+<ul>
+  <li><a href="../index.html">Documentation overview</a><ul>
+      <li>Previous: <a href="../api/ops/rng.html" title="previous chapter">Other cryptographic services</a></li>
+      <li>Next: <a href="specdef_values.html" title="next chapter">Example macro implementations</a></li>
+  </ul></li>
+</ul>
+</div>
+  <div role="note" aria-label="source link">
+    <h3>This Page</h3>
+    <ul class="this-page-menu">
+      <li><a href="../_sources/appendix/example_header.rst.txt"
+            rel="nofollow">Show Source</a></li>
+    </ul>
+   </div>
+<div id="searchbox" style="display: none" role="search">
+  <h3>Quick search</h3>
+    <form class="search" action="../search.html" method="get">
+      <div><input type="text" name="q" /></div>
+      <div><input type="submit" value="Go" /></div>
+      <input type="hidden" name="check_keywords" value="yes" />
+      <input type="hidden" name="area" value="default" />
+    </form>
+</div>
+<script type="text/javascript">$('#searchbox').show(0);</script>
+        </div>
+      </div>
+      <div class="clearer"></div>
+    </div>
+    <div class="footer">
+      &copy; 2019-2020, Arm Limited or its affiliates. All rights reserved.
+      
+      |
+      Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
+      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
+      
+      |
+      <a href="../_sources/appendix/example_header.rst.txt"
+          rel="nofollow">Page source</a>
+    </div>
+
+    
+
+    
+  </body>
+</html>
\ No newline at end of file
diff --git a/docs/html/appendix/history.html b/docs/html/appendix/history.html
new file mode 100644
index 0000000..8969d38
--- /dev/null
+++ b/docs/html/appendix/history.html
@@ -0,0 +1,732 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <title>Changes to the API &#8212; PSA Crypto API 1.0.0 documentation</title>
+    <link rel="stylesheet" href="../_static/alabaster.css" type="text/css" />
+    <link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
+    <script type="text/javascript">
+      var DOCUMENTATION_OPTIONS = {
+        URL_ROOT:    '../',
+        VERSION:     '1.0.0',
+        COLLAPSE_INDEX: false,
+        FILE_SUFFIX: '.html',
+        HAS_SOURCE:  true,
+        SOURCELINK_SUFFIX: '.txt'
+      };
+    </script>
+    <script type="text/javascript" src="../_static/jquery.js"></script>
+    <script type="text/javascript" src="../_static/underscore.js"></script>
+    <script type="text/javascript" src="../_static/doctools.js"></script>
+    <link rel="index" title="Index" href="../genindex.html" />
+    <link rel="search" title="Search" href="../search.html" />
+    <link rel="prev" title="Example macro implementations" href="specdef_values.html" />
+   
+  <link rel="stylesheet" href="../_static/custom.css" type="text/css" />
+  
+  <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
+
+  </head>
+  <body>
+  
+
+    <div class="document">
+      <div class="documentwrapper">
+        <div class="bodywrapper">
+          <div class="body" role="main">
+            
+  <div class="section" id="changes-to-the-api">
+<h1>Changes to the API</h1>
+<div class="section" id="release-information">
+<h2>Release information</h2>
+<p>All published versions of this document have been <strong>non-confidential</strong>.</p>
+<p>The change history table lists the changes that have been made to this document.</p>
+<table border="1" class="colwidths-given docutils">
+<colgroup>
+<col width="15%" />
+<col width="15%" />
+<col width="70%" />
+</colgroup>
+<thead valign="bottom">
+<tr class="row-odd"><th class="head"><strong>Date</strong></th>
+<th class="head"><strong>Version</strong></th>
+<th class="head"><strong>Comments</strong></th>
+</tr>
+</thead>
+<tbody valign="top">
+<tr class="row-even"><td><strong>Jan 2019</strong></td>
+<td>1.0 beta 1</td>
+<td>First public beta release.</td>
+</tr>
+<tr class="row-odd"><td><strong>Feb 2019</strong></td>
+<td>1.0 beta 2</td>
+<td>Update for release with other PSA Dev API specifications.</td>
+</tr>
+<tr class="row-even"><td><strong>May 2019</strong></td>
+<td>1.0 beta 3</td>
+<td><p class="first">Update for release with other PSA API specifications.</p>
+<ul class="last simple">
+<li>Alignment with PSA API specifications.</li>
+<li>Changes to the key creation API.</li>
+<li>Changes to the handling of key lifetimes.</li>
+<li>Replaced ‘generators’ with key derivation operations.</li>
+</ul>
+</td>
+</tr>
+<tr class="row-odd"><td><strong>Feb 2020</strong></td>
+<td>1.0.0</td>
+<td><p class="first">1.0 API finalized.</p>
+<ul class="last simple">
+<li>Removed implementation APIs and definitions.</li>
+<li>Merged key handles with key identifiers.</li>
+<li>Recoded algorithm identifiers.</li>
+<li>Restructured key types.</li>
+<li>Provide buffer size macros for all output buffers.</li>
+<li>Provide sign-message signature operations.</li>
+<li>Add functions to suspend and resume hash operations.</li>
+<li>Reallocated key types and algorithm identifiers.</li>
+<li>Many minor corrections and clarifications.</li>
+</ul>
+</td>
+</tr>
+</tbody>
+</table>
+<p>The detailed changes in each release are described in the following sections.</p>
+</div>
+<div class="section" id="document-change-history">
+<h2>Document change history</h2>
+<div class="section" id="changes-between-1-0-beta-1-and-1-0-beta-2">
+<h3>Changes between <em>1.0 beta 1</em> and <em>1.0 beta 2</em></h3>
+<p class="rubric">Changes to the API</p>
+<ul class="simple">
+<li>Remove obsolete definition <code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_SELECTION</span></code>.</li>
+<li><a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_FINISH_OUTPUT_SIZE" title="PSA_AEAD_FINISH_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_FINISH_OUTPUT_SIZE</span></code></a>: remove spurious parameter <code class="docutils literal"><span class="pre">plaintext_length</span></code>.</li>
+</ul>
+<p class="rubric">Clarifications</p>
+<ul class="simple">
+<li><code class="docutils literal"><span class="pre">psa_key_agreement()</span></code>: document <code class="docutils literal"><span class="pre">alg</span></code> parameter.</li>
+</ul>
+<p class="rubric">Other changes</p>
+<ul class="simple">
+<li>Document formatting improvements.</li>
+</ul>
+</div>
+<div class="section" id="changes-between-1-0-beta-2-and-1-0-beta-3">
+<h3>Changes between <em>1.0 beta 2</em> and <em>1.0 beta 3</em></h3>
+<p class="rubric">Changes to the API</p>
+<ul class="simple">
+<li>Change the value of error codes, and some names, to align
+with other PSA specifications. The name changes are:<ul>
+<li><code class="docutils literal"><span class="pre">PSA_ERROR_UNKNOWN_ERROR</span></code> → <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_GENERIC_ERROR" title="PSA_ERROR_GENERIC_ERROR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_GENERIC_ERROR</span></code></a></li>
+<li><code class="docutils literal"><span class="pre">PSA_ERROR_OCCUPIED_SLOT</span></code> → <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_ALREADY_EXISTS" title="PSA_ERROR_ALREADY_EXISTS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_ALREADY_EXISTS</span></code></a></li>
+<li><code class="docutils literal"><span class="pre">PSA_ERROR_EMPTY_SLOT</span></code> → <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_DOES_NOT_EXIST" title="PSA_ERROR_DOES_NOT_EXIST"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_DOES_NOT_EXIST</span></code></a></li>
+<li><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_CAPACITY</span></code> → <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_INSUFFICIENT_DATA" title="PSA_ERROR_INSUFFICIENT_DATA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_DATA</span></code></a></li>
+<li><code class="docutils literal"><span class="pre">PSA_ERROR_TAMPERING_DETECTED</span></code> → <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></li>
+</ul>
+</li>
+<li>Change the way keys are created to avoid “half-filled” handles
+that contained key metadata, but no key material.
+Now, to create a key, first fill in a data structure containing
+its attributes, then pass this structure to a function that
+both allocates resources for the key and fills in the key
+material. This affects the following functions:<ul>
+<li><a class="reference internal" href="../api/keys/management.html#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_import_key()</span></code></a>, <a class="reference internal" href="../api/keys/management.html#c.psa_generate_key" title="psa_generate_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_generate_key()</span></code></a>, <code class="docutils literal"><span class="pre">psa_generator_import_key()</span></code>
+and <a class="reference internal" href="../api/keys/management.html#c.psa_copy_key" title="psa_copy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_copy_key()</span></code></a> now take an attribute structure, as
+a pointer to <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_attributes_t</span></code></a>, to specify key metadata.
+This replaces the previous method of passing arguments to
+<code class="docutils literal"><span class="pre">psa_create_key()</span></code> or to the key material creation function
+or calling <code class="docutils literal"><span class="pre">psa_set_key_policy()</span></code>.</li>
+<li><code class="docutils literal"><span class="pre">psa_key_policy_t</span></code> and functions operating on that type
+no longer exist. A key’s policy is now accessible as part of
+its attributes.</li>
+<li><code class="docutils literal"><span class="pre">psa_get_key_information()</span></code> is also replaced by accessing the
+key’s attributes, retrieved with <a class="reference internal" href="../api/keys/attributes.html#c.psa_get_key_attributes" title="psa_get_key_attributes"><code class="xref any c c-func docutils literal"><span class="pre">psa_get_key_attributes()</span></code></a>.</li>
+<li><code class="docutils literal"><span class="pre">psa_create_key()</span></code> no longer exists. Instead, set the key id
+attribute and the lifetime attribute before creating the
+key material.</li>
+</ul>
+</li>
+<li>Allow <a class="reference internal" href="../api/ops/aead.html#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update()</span></code></a> to buffer data.</li>
+<li>New buffer size calculation macros.</li>
+<li>Key identifiers are no longer specific to a given lifetime value. <code class="docutils literal"><span class="pre">psa_open_key()</span></code> no longer takes a <code class="docutils literal"><span class="pre">lifetime</span></code> parameter.</li>
+<li>Define a range of key identifiers for use by applications and a separate range for use by implementations.</li>
+<li>Avoid the unusual terminology “generator”: call them
+“key derivation operations” instead. Rename a number of functions
+and other identifiers related to for clarity and consistency:<ul>
+<li><code class="docutils literal"><span class="pre">psa_crypto_generator_t</span></code> → <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_derivation_operation_t</span></code></a></li>
+<li><code class="docutils literal"><span class="pre">PSA_CRYPTO_GENERATOR_INIT</span></code> → <a class="reference internal" href="../api/ops/kdf.html#c.PSA_KEY_DERIVATION_OPERATION_INIT" title="PSA_KEY_DERIVATION_OPERATION_INIT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_OPERATION_INIT</span></code></a></li>
+<li><code class="docutils literal"><span class="pre">psa_crypto_generator_init()</span></code> → <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_operation_init" title="psa_key_derivation_operation_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_operation_init()</span></code></a></li>
+<li><code class="docutils literal"><span class="pre">PSA_GENERATOR_UNBRIDLED_CAPACITY</span></code> → <a class="reference internal" href="../api/ops/kdf.html#c.PSA_KEY_DERIVATION_UNLIMITED_CAPACITY" title="PSA_KEY_DERIVATION_UNLIMITED_CAPACITY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_UNLIMITED_CAPACITY</span></code></a></li>
+<li><code class="docutils literal"><span class="pre">psa_set_generator_capacity()</span></code> → <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_set_capacity" title="psa_key_derivation_set_capacity"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_set_capacity()</span></code></a></li>
+<li><code class="docutils literal"><span class="pre">psa_get_generator_capacity()</span></code> → <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_get_capacity" title="psa_key_derivation_get_capacity"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_get_capacity()</span></code></a></li>
+<li><code class="docutils literal"><span class="pre">psa_key_agreement()</span></code> → <a class="reference internal" href="../api/ops/ka.html#c.psa_key_derivation_key_agreement" title="psa_key_derivation_key_agreement"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_key_agreement()</span></code></a></li>
+<li><code class="docutils literal"><span class="pre">psa_generator_read()</span></code> → <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_output_bytes" title="psa_key_derivation_output_bytes"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_bytes()</span></code></a></li>
+<li><code class="docutils literal"><span class="pre">psa_generate_derived_key()</span></code> → <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_key()</span></code></a></li>
+<li><code class="docutils literal"><span class="pre">psa_generator_abort()</span></code> → <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_abort" title="psa_key_derivation_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_abort()</span></code></a></li>
+<li><code class="docutils literal"><span class="pre">psa_key_agreement_raw_shared_secret()</span></code> → <a class="reference internal" href="../api/ops/ka.html#c.psa_raw_key_agreement" title="psa_raw_key_agreement"><code class="xref any c c-func docutils literal"><span class="pre">psa_raw_key_agreement()</span></code></a></li>
+<li><code class="docutils literal"><span class="pre">PSA_KDF_STEP_xxx</span></code> → <code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_xxx</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_xxx_KEYPAIR</span></code> → <code class="docutils literal"><span class="pre">PSA_xxx_KEY_PAIR</span></code></li>
+</ul>
+</li>
+<li>Convert TLS1.2 KDF descriptions to multistep key derivation.</li>
+</ul>
+<p class="rubric">Clarifications</p>
+<ul class="simple">
+<li>Specify <code class="docutils literal"><span class="pre">psa_generator_import_key()</span></code> for most key types.</li>
+<li>Clarify the behavior in various corner cases.</li>
+<li>Document more error conditions.</li>
+</ul>
+</div>
+<div class="section" id="changes-between-1-0-beta-3-and-1-0-0">
+<h3>Changes between <em>1.0 beta 3</em> and <em>1.0.0</em></h3>
+<p class="rubric">Changes to the API</p>
+<ul>
+<li><p class="first">Added <a class="reference internal" href="../api/library/library.html#c.PSA_CRYPTO_API_VERSION_MAJOR" title="PSA_CRYPTO_API_VERSION_MAJOR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CRYPTO_API_VERSION_MAJOR</span></code></a> and <a class="reference internal" href="../api/library/library.html#c.PSA_CRYPTO_API_VERSION_MINOR" title="PSA_CRYPTO_API_VERSION_MINOR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CRYPTO_API_VERSION_MINOR</span></code></a> to report the PSA Cyrpto API version.</p>
+</li>
+<li><p class="first">Removed <code class="docutils literal"><span class="pre">PSA_ALG_GMAC</span></code> algorithm identifier.</p>
+</li>
+<li><p class="first">Removed internal implementation macros from the API specification:</p>
+<ul class="simple">
+<li><code class="docutils literal"><span class="pre">PSA_AEAD_TAG_LENGTH_OFFSET</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ALG_AEAD_FROM_BLOCK_FLAG</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ALG_AEAD_TAG_LENGTH_MASK</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ALG_CATEGORY_AEAD</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ALG_CATEGORY_CIPHER</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ALG_CATEGORY_HASH</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ALG_CATEGORY_KEY_AGREEMENT</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ALG_CATEGORY_KEY_DERIVATION</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ALG_CATEGORY_MAC</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ALG_CATEGORY_MASK</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ALG_CATEGORY_SIGN</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ALG_CIPHER_FROM_BLOCK_FLAG</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ALG_CIPHER_MAC_BASE</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ALG_CIPHER_STREAM_FLAG</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA_BASE</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ALG_ECDSA_BASE</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ALG_ECDSA_IS_DETERMINISTIC</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ALG_HASH_MASK</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ALG_HKDF_BASE</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ALG_HMAC_BASE</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_DERIVATION_OR_AGREEMENT</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ALG_IS_VENDOR_DEFINED</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT_MASK</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ALG_KEY_DERIVATION_MASK</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ALG_MAC_SUBCATEGORY_MASK</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ALG_MAC_TRUNCATION_MASK</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ALG_RSA_OAEP_BASE</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN_BASE</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PSS_BASE</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ALG_TLS12_PRF_BASE</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS_BASE</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ALG_VENDOR_FLAG</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_BITS_TO_BYTES</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_BYTES_TO_BITS</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ECDSA_SIGNATURE_SIZE</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_HMAC_MAX_HASH_BLOCK_SIZE</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_CATEGORY_FLAG_PAIR</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_CATEGORY_KEY_PAIR</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_CATEGORY_MASK</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_CATEGORY_RAW</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_CATEGORY_SYMMETRIC</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DH_GROUP_MASK</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DH_KEY_PAIR_BASE</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_CURVE_MASK</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR_BASE</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_VENDOR_DEFINED</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_VENDOR_FLAG</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_MAC_TRUNCATED_LENGTH</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_MAC_TRUNCATION_OFFSET</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ROUND_UP_TO_MULTIPLE</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_RSA_MINIMUM_PADDING_SIZE</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_VENDOR_ECC_MAX_CURVE_BITS</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_VENDOR_RSA_MAX_KEY_BITS</span></code></li>
+</ul>
+</li>
+<li><p class="first">Remove the definition of implementation-defined macros from the specification, and clarified the implementation requirements for these macros in <em><a class="reference internal" href="../overview/implementation.html#implementation-specific-macro"><span class="std std-ref">Implementation-specific macros</span></a></em>.</p>
+<ul class="simple">
+<li>Macros with implementation-defined values are indicated by <code class="docutils literal"><span class="pre">/*</span> <span class="pre">implementation-defined</span> <span class="pre">value</span> <span class="pre">*/</span></code> in the API prototype.
+The implementation must provide the implementation.</li>
+<li>Macros for algorithm and key type construction and inspection have specification-defined values.
+This is indicated by <code class="docutils literal"><span class="pre">/*</span> <span class="pre">specification-defined</span> <span class="pre">value</span> <span class="pre">*/</span></code> in the API prototype.
+Example definitions of these macros is provided in <em><a class="reference internal" href="specdef_values.html#appendix-specdef-values"><span class="std std-ref">Example macro implementations</span></a></em>.</li>
+</ul>
+</li>
+<li><p class="first">Changed the semantics of multi-part operations.</p>
+<ul class="simple">
+<li>Formalize the standard pattern for multi-part operations.</li>
+<li>Require all errors to result in an error state, requiring a call to <code class="docutils literal"><span class="pre">psa_xxx_abort()</span></code> to reset the object.</li>
+<li>Define behavior in illegal and impossible operation states, and for copying and reusing operation objects.</li>
+</ul>
+<p>Although the API signatures have not changed, this change requires modifications to application flows that handle error conditions in multi-part operations.</p>
+</li>
+<li><p class="first">Merge the key identifier and key handle concepts in the API.</p>
+<ul class="simple">
+<li>Replaced all references to key handles with key identifiers, or something similar.</li>
+<li>Replaced all uses of <code class="docutils literal"><span class="pre">psa_key_handle_t</span></code> with <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_id_t</span></code></a> in the API, and removes the <code class="docutils literal"><span class="pre">psa_key_handle_t</span></code> type.</li>
+<li>Removed <code class="docutils literal"><span class="pre">psa_open_key</span></code> and <code class="docutils literal"><span class="pre">psa_close_key</span></code>.</li>
+<li>Added <a class="reference internal" href="../api/keys/locations.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a> for the never valid zero key identifier.</li>
+<li>Document rules related to destroying keys whilst in use.</li>
+<li>Added the <a class="reference internal" href="../api/keys/usage.html#c.PSA_KEY_USAGE_CACHE" title="PSA_KEY_USAGE_CACHE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_CACHE</span></code></a> usage policy and the related <a class="reference internal" href="../api/keys/management.html#c.psa_purge_key" title="psa_purge_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_purge_key()</span></code></a> API.</li>
+<li>Added clarification about caching keys to non-volatile memory.</li>
+</ul>
+</li>
+<li><p class="first">Renamed <code class="docutils literal"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN</span></code> to <a class="reference internal" href="../api/ops/kdf.html#c.PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE" title="PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE</span></code></a>.</p>
+</li>
+<li><p class="first">Relax definition of implementation-defined types.</p>
+<ul class="simple">
+<li>This is indicated in the specification by <code class="docutils literal"><span class="pre">/*</span> <span class="pre">implementation-defined</span> <span class="pre">type</span> <span class="pre">*/</span></code> in the type definition.</li>
+<li>The specification only defines the name of implementation-defined types, and does not require that the implementation is a C struct.</li>
+</ul>
+</li>
+<li><p class="first">Zero-length keys are not permitted. Attempting to create one will now result in an error.</p>
+</li>
+<li><p class="first">Relax the constraints on inputs to key derivation:</p>
+<ul class="simple">
+<li><a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_input_bytes" title="psa_key_derivation_input_bytes"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_input_bytes()</span></code></a> can be used for secret input steps. This is necessary if a zero-length input is required by the application.</li>
+<li><a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_input_key" title="psa_key_derivation_input_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_input_key()</span></code></a> can be used for non-secret input steps.</li>
+</ul>
+</li>
+<li><p class="first">Multi-part cipher operations now require that the IV is passed using <a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_set_iv" title="psa_cipher_set_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_set_iv()</span></code></a>, the option to provide this as part of the input to <a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_update" title="psa_cipher_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_update()</span></code></a> has been removed.</p>
+<p>The format of the output from <a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_encrypt" title="psa_cipher_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_encrypt()</span></code></a>, and input to <a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_decrypt" title="psa_cipher_decrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_decrypt()</span></code></a>, is documented.</p>
+</li>
+<li><p class="first">Support macros to calculate the size of output buffers, IVs and nonces.</p>
+<ul class="simple">
+<li>Macros to calculate a key and/or algorithm specific result are provided for all output buffers. The new macros are:<ul>
+<li><a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_NONCE_LENGTH" title="PSA_AEAD_NONCE_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_NONCE_LENGTH()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/ciphers.html#c.PSA_CIPHER_ENCRYPT_OUTPUT_SIZE" title="PSA_CIPHER_ENCRYPT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_ENCRYPT_OUTPUT_SIZE()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/ciphers.html#c.PSA_CIPHER_DECRYPT_OUTPUT_SIZE" title="PSA_CIPHER_DECRYPT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_DECRYPT_OUTPUT_SIZE()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/ciphers.html#c.PSA_CIPHER_UPDATE_OUTPUT_SIZE" title="PSA_CIPHER_UPDATE_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_UPDATE_OUTPUT_SIZE()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/ciphers.html#c.PSA_CIPHER_FINISH_OUTPUT_SIZE" title="PSA_CIPHER_FINISH_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_FINISH_OUTPUT_SIZE()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/ciphers.html#c.PSA_CIPHER_IV_LENGTH" title="PSA_CIPHER_IV_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_IV_LENGTH()</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/management.html#c.PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE" title="PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/ka.html#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE" title="PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE()</span></code></a></li>
+</ul>
+</li>
+<li>Macros that evaluate to a maximum type-independent buffer size are provided. The new macros are:<ul>
+<li><a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE" title="PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE" title="PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE" title="PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_FINISH_OUTPUT_MAX_SIZE" title="PSA_AEAD_FINISH_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_FINISH_OUTPUT_MAX_SIZE</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE" title="PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_NONCE_MAX_SIZE" title="PSA_AEAD_NONCE_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_NONCE_MAX_SIZE</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_TAG_MAX_SIZE" title="PSA_AEAD_TAG_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_TAG_MAX_SIZE</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/pke.html#c.PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE" title="PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/pke.html#c.PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE" title="PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/ciphers.html#c.PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE" title="PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/ciphers.html#c.PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE" title="PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/ciphers.html#c.PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE" title="PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/ciphers.html#c.PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE" title="PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/ciphers.html#c.PSA_CIPHER_IV_MAX_SIZE" title="PSA_CIPHER_IV_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_IV_MAX_SIZE</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/management.html#c.PSA_EXPORT_KEY_PAIR_MAX_SIZE" title="PSA_EXPORT_KEY_PAIR_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_EXPORT_KEY_PAIR_MAX_SIZE</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/management.html#c.PSA_EXPORT_PUBLIC_KEY_MAX_SIZE" title="PSA_EXPORT_PUBLIC_KEY_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_EXPORT_PUBLIC_KEY_MAX_SIZE</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/ka.html#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE" title="PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE</span></code></a></li>
+</ul>
+</li>
+<li>AEAD output buffer size macros are now parameterized on the key type as well as the algorithm:<ul>
+<li><a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_ENCRYPT_OUTPUT_SIZE" title="PSA_AEAD_ENCRYPT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_ENCRYPT_OUTPUT_SIZE()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_DECRYPT_OUTPUT_SIZE" title="PSA_AEAD_DECRYPT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_DECRYPT_OUTPUT_SIZE()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_UPDATE_OUTPUT_SIZE" title="PSA_AEAD_UPDATE_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_UPDATE_OUTPUT_SIZE()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_FINISH_OUTPUT_SIZE" title="PSA_AEAD_FINISH_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_FINISH_OUTPUT_SIZE()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_TAG_LENGTH" title="PSA_AEAD_TAG_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_TAG_LENGTH()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_VERIFY_OUTPUT_SIZE" title="PSA_AEAD_VERIFY_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_VERIFY_OUTPUT_SIZE()</span></code></a></li>
+</ul>
+</li>
+<li>Some existing macros have been renamed to ensure that the name of the support macros are consistent. The following macros have been renamed:<ul>
+<li><code class="docutils literal"><span class="pre">PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH()</span></code> → <a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG" title="PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG()</span></code></a></li>
+<li><code class="docutils literal"><span class="pre">PSA_ALG_AEAD_WITH_TAG_LENGTH()</span></code> → <a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_AEAD_WITH_SHORTENED_TAG" title="PSA_ALG_AEAD_WITH_SHORTENED_TAG"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_AEAD_WITH_SHORTENED_TAG()</span></code></a></li>
+<li><code class="docutils literal"><span class="pre">PSA_KEY_EXPORT_MAX_SIZE()</span></code> → <a class="reference internal" href="../api/keys/management.html#c.PSA_EXPORT_KEY_OUTPUT_SIZE" title="PSA_EXPORT_KEY_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_EXPORT_KEY_OUTPUT_SIZE()</span></code></a></li>
+<li><code class="docutils literal"><span class="pre">PSA_HASH_SIZE()</span></code> → <a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_LENGTH" title="PSA_HASH_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_HASH_LENGTH()</span></code></a></li>
+<li><code class="docutils literal"><span class="pre">PSA_MAC_FINAL_SIZE()</span></code> → <a class="reference internal" href="../api/ops/macs.html#c.PSA_MAC_LENGTH" title="PSA_MAC_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_MAC_LENGTH()</span></code></a></li>
+<li><code class="docutils literal"><span class="pre">PSA_BLOCK_CIPHER_BLOCK_SIZE()</span></code> → <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_BLOCK_CIPHER_BLOCK_LENGTH" title="PSA_BLOCK_CIPHER_BLOCK_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_BLOCK_CIPHER_BLOCK_LENGTH()</span></code></a></li>
+<li><code class="docutils literal"><span class="pre">PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE</span></code> → <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE" title="PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE</span></code></a></li>
+</ul>
+</li>
+<li>Documentation of the macros and of related APIs has been updated to reference the related API elements.</li>
+</ul>
+</li>
+<li><p class="first">Provide hash-and-sign operations as well as sign-the-hash operations. The API for asymmetric signature has been changed to clarify the use of the new functions.</p>
+<ul class="simple">
+<li>The existing asymmetric signature API has been renamed to clarify that this is for signing a hash that is already computed:<ul>
+<li><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN</span></code> → <a class="reference internal" href="../api/keys/usage.html#c.PSA_KEY_USAGE_SIGN_HASH" title="PSA_KEY_USAGE_SIGN_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_HASH</span></code></a></li>
+<li><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY</span></code> → <a class="reference internal" href="../api/keys/usage.html#c.PSA_KEY_USAGE_VERIFY_HASH" title="PSA_KEY_USAGE_VERIFY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_HASH</span></code></a></li>
+<li><code class="docutils literal"><span class="pre">psa_asymmetric_sign()</span></code> → <a class="reference internal" href="../api/ops/sign.html#c.psa_sign_hash" title="psa_sign_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_hash()</span></code></a></li>
+<li><code class="docutils literal"><span class="pre">psa_asymmetric_verify()</span></code> → <a class="reference internal" href="../api/ops/sign.html#c.psa_verify_hash" title="psa_verify_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_hash()</span></code></a></li>
+</ul>
+</li>
+<li>New APIs added to provide the complete message signing operation:<ul>
+<li><a class="reference internal" href="../api/keys/usage.html#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/usage.html#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/sign.html#c.psa_sign_message" title="psa_sign_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_message()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/sign.html#c.psa_verify_message" title="psa_verify_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_message()</span></code></a></li>
+</ul>
+</li>
+<li>New Support macros to identify which algorithms can be used in which signing API:<ul>
+<li><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_SIGN_HASH" title="PSA_ALG_IS_SIGN_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_SIGN_HASH()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_SIGN_MESSAGE" title="PSA_ALG_IS_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_SIGN_MESSAGE()</span></code></a></li>
+</ul>
+</li>
+<li>Renamed support macros that apply to both signing APIs:<ul>
+<li><code class="docutils literal"><span class="pre">PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE()</span></code> → <a class="reference internal" href="../api/ops/sign.html#c.PSA_SIGN_OUTPUT_SIZE" title="PSA_SIGN_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SIGN_OUTPUT_SIZE()</span></code></a></li>
+<li><code class="docutils literal"><span class="pre">PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE</span></code> → <a class="reference internal" href="../api/ops/sign.html#c.PSA_SIGNATURE_MAX_SIZE" title="PSA_SIGNATURE_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SIGNATURE_MAX_SIZE</span></code></a></li>
+</ul>
+</li>
+<li>The usage policy values have been changed, including for <a class="reference internal" href="../api/keys/usage.html#c.PSA_KEY_USAGE_DERIVE" title="PSA_KEY_USAGE_DERIVE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code></a>.</li>
+</ul>
+</li>
+<li><p class="first">Restructure <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a> and reassign all key type values.</p>
+<ul class="simple">
+<li><a class="reference internal" href="../api/keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a> changes from 32-bit to 16-bit integer.</li>
+<li>Reassigned the key type categories.</li>
+<li>Add a parity bit to the key type to ensure that valid key type values differ by at least 2 bits.</li>
+<li>16-bit elliptic curve ids (<code class="docutils literal"><span class="pre">psa_ecc_curve_t</span></code>) replaced by 8-bit ECC curve family ids (<a class="reference internal" href="../api/keys/types.html#c.psa_ecc_family_t" title="psa_ecc_family_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_ecc_family_t</span></code></a>).
+16-bit  Diffie-Hellman group ids (<code class="docutils literal"><span class="pre">psa_dh_group_t</span></code>) replaced by 8-bit DH group family ids (<a class="reference internal" href="../api/keys/types.html#c.psa_dh_family_t" title="psa_dh_family_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_dh_family_t</span></code></a>).<ul>
+<li>These ids are no longer related to the IANA Group Registry specification.</li>
+<li>The new key type values do not encode the key size for ECC curves or DH groups. The key bit size from the key attributes identify a specific ECC curve or DH group within the family.</li>
+</ul>
+</li>
+<li>The following macros have been removed:<ul>
+<li><code class="docutils literal"><span class="pre">PSA_DH_GROUP_FFDHE2048</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_DH_GROUP_FFDHE3072</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_DH_GROUP_FFDHE4096</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_DH_GROUP_FFDHE6144</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_DH_GROUP_FFDHE8192</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ECC_CURVE_BITS</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ECC_CURVE_BRAINPOOL_P256R1</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ECC_CURVE_BRAINPOOL_P384R1</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ECC_CURVE_BRAINPOOL_P512R1</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ECC_CURVE_CURVE25519</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ECC_CURVE_CURVE448</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ECC_CURVE_SECP160K1</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ECC_CURVE_SECP160R1</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ECC_CURVE_SECP160R2</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ECC_CURVE_SECP192K1</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ECC_CURVE_SECP192R1</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ECC_CURVE_SECP224K1</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ECC_CURVE_SECP224R1</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ECC_CURVE_SECP256K1</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ECC_CURVE_SECP256R1</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ECC_CURVE_SECP384R1</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ECC_CURVE_SECP521R1</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ECC_CURVE_SECT163K1</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ECC_CURVE_SECT163R1</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ECC_CURVE_SECT163R2</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ECC_CURVE_SECT193R1</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ECC_CURVE_SECT193R2</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ECC_CURVE_SECT233K1</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ECC_CURVE_SECT233R1</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ECC_CURVE_SECT239K1</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ECC_CURVE_SECT283K1</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ECC_CURVE_SECT283R1</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ECC_CURVE_SECT409K1</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ECC_CURVE_SECT409R1</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ECC_CURVE_SECT571K1</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ECC_CURVE_SECT571R1</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_GET_CURVE</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_GET_GROUP</span></code></li>
+</ul>
+</li>
+<li>The following macros have been added:<ul>
+<li><a class="reference internal" href="../api/keys/types.html#c.PSA_DH_FAMILY_RFC7919" title="PSA_DH_FAMILY_RFC7919"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_DH_FAMILY_RFC7919</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/types.html#c.PSA_ECC_FAMILY_BRAINPOOL_P_R1" title="PSA_ECC_FAMILY_BRAINPOOL_P_R1"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_BRAINPOOL_P_R1</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/types.html#c.PSA_ECC_FAMILY_SECP_K1" title="PSA_ECC_FAMILY_SECP_K1"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_SECP_K1</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/types.html#c.PSA_ECC_FAMILY_SECP_R1" title="PSA_ECC_FAMILY_SECP_R1"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_SECP_R1</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/types.html#c.PSA_ECC_FAMILY_SECP_R2" title="PSA_ECC_FAMILY_SECP_R2"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_SECP_R2</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/types.html#c.PSA_ECC_FAMILY_SECT_K1" title="PSA_ECC_FAMILY_SECT_K1"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_SECT_K1</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/types.html#c.PSA_ECC_FAMILY_SECT_R1" title="PSA_ECC_FAMILY_SECT_R1"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_SECT_R1</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/types.html#c.PSA_ECC_FAMILY_SECT_R2" title="PSA_ECC_FAMILY_SECT_R2"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_SECT_R2</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/types.html#c.PSA_ECC_FAMILY_MONTGOMERY" title="PSA_ECC_FAMILY_MONTGOMERY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_MONTGOMERY</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_DH_GET_FAMILY" title="PSA_KEY_TYPE_DH_GET_FAMILY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_DH_GET_FAMILY</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_ECC_GET_FAMILY" title="PSA_KEY_TYPE_ECC_GET_FAMILY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_GET_FAMILY</span></code></a></li>
+</ul>
+</li>
+<li>The following macros have new values:<ul>
+<li><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_AES" title="PSA_KEY_TYPE_AES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_AES</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_ARC4" title="PSA_KEY_TYPE_ARC4"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_ARC4</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_CAMELLIA" title="PSA_KEY_TYPE_CAMELLIA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_CAMELLIA</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_CHACHA20" title="PSA_KEY_TYPE_CHACHA20"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_CHACHA20</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_DERIVE" title="PSA_KEY_TYPE_DERIVE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_DERIVE</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_DES" title="PSA_KEY_TYPE_DES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_DES</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_HMAC" title="PSA_KEY_TYPE_HMAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_HMAC</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_NONE" title="PSA_KEY_TYPE_NONE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_NONE</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_RAW_DATA" title="PSA_KEY_TYPE_RAW_DATA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_RAW_DATA</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_RSA_KEY_PAIR" title="PSA_KEY_TYPE_RSA_KEY_PAIR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_RSA_KEY_PAIR</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_RSA_PUBLIC_KEY" title="PSA_KEY_TYPE_RSA_PUBLIC_KEY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_RSA_PUBLIC_KEY</span></code></a></li>
+</ul>
+</li>
+<li>The following macros with specification-defined values have new example implementations:<ul>
+<li><a class="reference internal" href="../api/ops/ciphers.html#c.PSA_BLOCK_CIPHER_BLOCK_LENGTH" title="PSA_BLOCK_CIPHER_BLOCK_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_BLOCK_CIPHER_BLOCK_LENGTH</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_DH_KEY_PAIR" title="PSA_KEY_TYPE_DH_KEY_PAIR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_DH_KEY_PAIR</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_DH_PUBLIC_KEY" title="PSA_KEY_TYPE_DH_PUBLIC_KEY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_DH_PUBLIC_KEY</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_ECC_KEY_PAIR" title="PSA_KEY_TYPE_ECC_KEY_PAIR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_ECC_PUBLIC_KEY" title="PSA_KEY_TYPE_ECC_PUBLIC_KEY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_PUBLIC_KEY</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_ASYMMETRIC" title="PSA_KEY_TYPE_IS_ASYMMETRIC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ASYMMETRIC</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_DH" title="PSA_KEY_TYPE_IS_DH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_IS_DH</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_DH_KEY_PAIR" title="PSA_KEY_TYPE_IS_DH_KEY_PAIR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_IS_DH_KEY_PAIR</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_DH_PUBLIC_KEY" title="PSA_KEY_TYPE_IS_DH_PUBLIC_KEY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_IS_DH_PUBLIC_KEY</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_ECC" title="PSA_KEY_TYPE_IS_ECC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ECC</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_ECC_KEY_PAIR" title="PSA_KEY_TYPE_IS_ECC_KEY_PAIR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ECC_KEY_PAIR</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY" title="PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_KEY_PAIR" title="PSA_KEY_TYPE_IS_KEY_PAIR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_IS_KEY_PAIR</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_PUBLIC_KEY" title="PSA_KEY_TYPE_IS_PUBLIC_KEY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_IS_PUBLIC_KEY</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_RSA" title="PSA_KEY_TYPE_IS_RSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_IS_RSA</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_UNSTRUCTURED" title="PSA_KEY_TYPE_IS_UNSTRUCTURED"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_IS_UNSTRUCTURED</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY" title="PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR" title="PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR</span></code></a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li><p class="first">Add ECC family <a class="reference internal" href="../api/keys/types.html#c.PSA_ECC_FAMILY_FRP" title="PSA_ECC_FAMILY_FRP"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_FRP</span></code></a> for the FRP256v1 curve.</p>
+</li>
+<li><p class="first">Restructure <a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> encoding, to increase consistency across algorithm categories.</p>
+<ul class="simple">
+<li>Algorithms that include a hash operation all use the same structure to encode the hash algorithm. The following <code class="docutils literal"><span class="pre">PSA_ALG_XXXX_GET_HASH()</span></code> macros have all been replaced by a single macro <a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_GET_HASH" title="PSA_ALG_GET_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_GET_HASH()</span></code></a>:<ul>
+<li><code class="docutils literal"><span class="pre">PSA_ALG_HKDF_GET_HASH()</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ALG_HMAC_GET_HASH()</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ALG_RSA_OAEP_GET_HASH()</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ALG_SIGN_GET_HASH()</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ALG_TLS12_PRF_GET_HASH()</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS_GET_HASH()</span></code></li>
+</ul>
+</li>
+<li>Stream cipher algorithm macros have been removed; the key type indicates which cipher to use. Instead of <code class="docutils literal"><span class="pre">PSA_ALG_ARC4</span></code> and <code class="docutils literal"><span class="pre">PSA_ALG_CHACHA20</span></code>, use <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_STREAM_CIPHER" title="PSA_ALG_STREAM_CIPHER"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_STREAM_CIPHER</span></code></a>.</li>
+</ul>
+<p>All of the other <code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> macros have updated values or updated example implementations.</p>
+<ul class="simple">
+<li>The following macros have new values:<ul>
+<li><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_CBC_MAC" title="PSA_ALG_CBC_MAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CBC_MAC</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_CBC_NO_PADDING" title="PSA_ALG_CBC_NO_PADDING"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CBC_NO_PADDING</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_CBC_PKCS7" title="PSA_ALG_CBC_PKCS7"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CBC_PKCS7</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_CCM" title="PSA_ALG_CCM"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CCM</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_CFB" title="PSA_ALG_CFB"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CFB</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_CHACHA20_POLY1305" title="PSA_ALG_CHACHA20_POLY1305"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CHACHA20_POLY1305</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_CMAC" title="PSA_ALG_CMAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CMAC</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_CTR" title="PSA_ALG_CTR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CTR</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_ECDH" title="PSA_ALG_ECDH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDH</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_ECDSA_ANY" title="PSA_ALG_ECDSA_ANY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA_ANY</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_FFDH" title="PSA_ALG_FFDH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_FFDH</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_GCM" title="PSA_ALG_GCM"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_GCM</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_MD2" title="PSA_ALG_MD2"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_MD2</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_MD4" title="PSA_ALG_MD4"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_MD4</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_MD5" title="PSA_ALG_MD5"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_MD5</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_OFB" title="PSA_ALG_OFB"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_OFB</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_RIPEMD160" title="PSA_ALG_RIPEMD160"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RIPEMD160</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/pke.html#c.PSA_ALG_RSA_PKCS1V15_CRYPT" title="PSA_ALG_RSA_PKCS1V15_CRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_CRYPT</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_RSA_PKCS1V15_SIGN_RAW" title="PSA_ALG_RSA_PKCS1V15_SIGN_RAW"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_1" title="PSA_ALG_SHA_1"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_SHA_1</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_224" title="PSA_ALG_SHA_224"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_SHA_224</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_256" title="PSA_ALG_SHA_256"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_SHA_256</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_384" title="PSA_ALG_SHA_384"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_SHA_384</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_512" title="PSA_ALG_SHA_512"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_SHA_512</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_512_224" title="PSA_ALG_SHA_512_224"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_SHA_512_224</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_512_256" title="PSA_ALG_SHA_512_256"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_SHA_512_256</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA3_224" title="PSA_ALG_SHA3_224"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_SHA3_224</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA3_256" title="PSA_ALG_SHA3_256"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_SHA3_256</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA3_384" title="PSA_ALG_SHA3_384"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_SHA3_384</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA3_512" title="PSA_ALG_SHA3_512"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_SHA3_512</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_XTS" title="PSA_ALG_XTS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_XTS</span></code></a></li>
+</ul>
+</li>
+<li>The following macros with specification-defined values have new example implementations:<ul>
+<li><a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG" title="PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_AEAD_WITH_SHORTENED_TAG" title="PSA_ALG_AEAD_WITH_SHORTENED_TAG"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_AEAD_WITH_SHORTENED_TAG()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_DETERMINISTIC_ECDSA" title="PSA_ALG_DETERMINISTIC_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_FULL_LENGTH_MAC" title="PSA_ALG_FULL_LENGTH_MAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_FULL_LENGTH_MAC()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_HKDF" title="PSA_ALG_HKDF"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_HKDF()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_HMAC" title="PSA_ALG_HMAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_HMAC()</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_AEAD()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER" title="PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER()</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_ASYMMETRIC_ENCRYPTION" title="PSA_ALG_IS_ASYMMETRIC_ENCRYPTION"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_ASYMMETRIC_ENCRYPTION()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_IS_BLOCK_CIPHER_MAC" title="PSA_ALG_IS_BLOCK_CIPHER_MAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_BLOCK_CIPHER_MAC()</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_CIPHER()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_DETERMINISTIC_ECDSA" title="PSA_ALG_IS_DETERMINISTIC_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_DETERMINISTIC_ECDSA()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_IS_ECDH" title="PSA_ALG_IS_ECDH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_ECDH()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_ECDSA" title="PSA_ALG_IS_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_ECDSA()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_IS_FFDH" title="PSA_ALG_IS_FFDH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_FFDH()</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_HASH()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_HASH_AND_SIGN" title="PSA_ALG_IS_HASH_AND_SIGN"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_HASH_AND_SIGN()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_IS_HKDF" title="PSA_ALG_IS_HKDF"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_HKDF()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_IS_HMAC" title="PSA_ALG_IS_HMAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_HMAC()</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_KEY_AGREEMENT" title="PSA_ALG_IS_KEY_AGREEMENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_KEY_AGREEMENT()</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_KEY_DERIVATION" title="PSA_ALG_IS_KEY_DERIVATION"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_KEY_DERIVATION()</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_MAC()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_RANDOMIZED_ECDSA" title="PSA_ALG_IS_RANDOMIZED_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_RANDOMIZED_ECDSA()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_IS_RAW_KEY_AGREEMENT" title="PSA_ALG_IS_RAW_KEY_AGREEMENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_RAW_KEY_AGREEMENT()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/pke.html#c.PSA_ALG_IS_RSA_OAEP" title="PSA_ALG_IS_RSA_OAEP"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_RSA_OAEP()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_RSA_PKCS1V15_SIGN" title="PSA_ALG_IS_RSA_PKCS1V15_SIGN"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_RSA_PKCS1V15_SIGN()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_RSA_PSS" title="PSA_ALG_IS_RSA_PSS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_RSA_PSS()</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_SIGN" title="PSA_ALG_IS_SIGN"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_SIGN()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_SIGN_MESSAGE" title="PSA_ALG_IS_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_SIGN_MESSAGE()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_IS_STREAM_CIPHER" title="PSA_ALG_IS_STREAM_CIPHER"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_STREAM_CIPHER()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_IS_TLS12_PRF" title="PSA_ALG_IS_TLS12_PRF"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_TLS12_PRF()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_IS_TLS12_PSK_TO_MS" title="PSA_ALG_IS_TLS12_PSK_TO_MS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_TLS12_PSK_TO_MS()</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_WILDCARD" title="PSA_ALG_IS_WILDCARD"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_WILDCARD()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_KEY_AGREEMENT" title="PSA_ALG_KEY_AGREEMENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_KEY_AGREEMENT_GET_BASE" title="PSA_ALG_KEY_AGREEMENT_GET_BASE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_BASE()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_KEY_AGREEMENT_GET_KDF" title="PSA_ALG_KEY_AGREEMENT_GET_KDF"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_KDF()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/pke.html#c.PSA_ALG_RSA_OAEP" title="PSA_ALG_RSA_OAEP"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_OAEP()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_RSA_PKCS1V15_SIGN" title="PSA_ALG_RSA_PKCS1V15_SIGN"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_RSA_PSS" title="PSA_ALG_RSA_PSS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PSS()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_TLS12_PRF" title="PSA_ALG_TLS12_PRF"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_TLS12_PRF()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_TLS12_PSK_TO_MS" title="PSA_ALG_TLS12_PSK_TO_MS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_TRUNCATED_MAC" title="PSA_ALG_TRUNCATED_MAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_TRUNCATED_MAC()</span></code></a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li><p class="first">Added ECB block cipher mode, with no padding, as <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_ECB_NO_PADDING" title="PSA_ALG_ECB_NO_PADDING"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECB_NO_PADDING</span></code></a>.</p>
+</li>
+<li><p class="first">Add functions to suspend and resume hash operations:</p>
+<ul class="simple">
+<li><a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a> halts the current operation and outputs a hash suspend state.</li>
+<li><a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_resume" title="psa_hash_resume"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_resume()</span></code></a> continues a previously suspended hash operation.</li>
+</ul>
+<p>The format of the hash suspend state is documented in <em><a class="reference internal" href="../api/ops/hashes.html#hash-suspend-state"><span class="std std-ref">Hash suspend state</span></a></em>, and supporting macros are provided for using this API:</p>
+<ul class="simple">
+<li><a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_SUSPEND_OUTPUT_SIZE" title="PSA_HASH_SUSPEND_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_HASH_SUSPEND_OUTPUT_SIZE()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE" title="PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH" title="PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH" title="PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH" title="PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_BLOCK_LENGTH" title="PSA_HASH_BLOCK_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_HASH_BLOCK_LENGTH()</span></code></a></li>
+</ul>
+</li>
+<li><p class="first">Complement <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a> with new error codes <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a> and <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a>. These permit an implementation to distinguish different causes of failure when reading from key storage.</p>
+</li>
+<li><p class="first">Added input step <a class="reference internal" href="../api/ops/kdf.html#c.PSA_KEY_DERIVATION_INPUT_CONTEXT" title="PSA_KEY_DERIVATION_INPUT_CONTEXT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_CONTEXT</span></code></a> for key derivation, supporting obvious mapping from the step identifiers to common KDF constructions.</p>
+</li>
+</ul>
+<p class="rubric">Clarifications</p>
+<ul class="simple">
+<li>Clarified rules regarding modification of parameters in concurrent environments.</li>
+<li>Guarantee that <a class="reference internal" href="../api/keys/management.html#c.psa_destroy_key" title="psa_destroy_key"><code class="docutils literal"><span class="pre">psa_destroy_key</span></code></a><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="../api/keys/locations.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a><code class="docutils literal"><span class="pre">)</span></code> always returns <a class="reference internal" href="../api/library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SUCCESS</span></code></a>.</li>
+<li>Clarified the TLS PSK to MS key agreement algorithm.</li>
+<li>Document the key policy requirements for all APIs that accept a key parameter.</li>
+<li>Document more of the error codes for each function.</li>
+</ul>
+<p class="rubric">Other changes</p>
+<ul class="simple">
+<li>Require C99 for this specification instead of C89.</li>
+<li>Removed references to non-standard mbed-crypto header files. The only header file that applications need to include is <strong>psa/crypto.h</strong>.</li>
+<li>Reorganized the API reference, grouping the elements in a more natural way.</li>
+<li>Improved the cross referencing between all of the document sections, and from code snippets to API element descriptions.</li>
+</ul>
+</div>
+</div>
+<div class="section" id="planned-changes-for-version-1-0-x">
+<h2>Planned changes for version 1.0.x</h2>
+<p>Future versions of this specification that use a 1.0.x version will describe the same API as this specification. Any changes will not affect application compatibility and will not introduce major features. These updates are intended to add minor requirements on implementations, introduce optional definitions, make corrections, clarify potential or actual ambiguities, or improve the documentation.</p>
+<p>These are the changes that we are currently planning to make for version 1.0.x:</p>
+<ul class="simple">
+<li>Declare identifiers for additional cryptographic algorithms.</li>
+<li>Mandate certain checks when importing some types of asymmetric keys.</li>
+<li>Specify the computation of algorithm and key type values.</li>
+<li>Further clarifications on API usage and implementation.</li>
+</ul>
+</div>
+<div class="section" id="future-additions">
+<span id="future"></span><h2>Future additions</h2>
+<p>Major additions to the API will be defined in future drafts and editions of a 1.x or 2.x version of this specification. Features that are being considered include:</p>
+<ul class="simple">
+<li>Multi-part operations for hybrid cryptography. For example, this includes
+hash-and-sign for EdDSA, and hybrid encryption for ECIES.</li>
+<li>A more general interface to key derivation and key exchange. This would
+enable an application to derive a non-extractable session key from
+non-extractable secrets, without leaking the intermediate material.</li>
+<li>Key wrapping mechanisms to extract and import keys in an encrypted and authenticated form.</li>
+<li>Key discovery mechanisms. This would enable an application to locate a key by
+its name or attributes.</li>
+<li>Implementation capability description. This would enable an application to
+determine the algorithms, key types and storage lifetimes that the
+implementation provides.</li>
+<li>An ownership and access control mechanism allowing a multi-client
+implementation to have privileged clients that are able to manage keys of
+other clients.</li>
+</ul>
+</div>
+</div>
+
+
+          </div>
+        </div>
+      </div>
+      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
+        <div class="sphinxsidebarwrapper">
+  <h3><a href="../index.html">Table Of Contents</a></h3>
+  <ul>
+<li><a class="reference internal" href="#">Changes to the API</a><ul>
+<li><a class="reference internal" href="#release-information">Release information</a></li>
+<li><a class="reference internal" href="#document-change-history">Document change history</a><ul>
+<li><a class="reference internal" href="#changes-between-1-0-beta-1-and-1-0-beta-2">Changes between <em>1.0 beta 1</em> and <em>1.0 beta 2</em></a></li>
+<li><a class="reference internal" href="#changes-between-1-0-beta-2-and-1-0-beta-3">Changes between <em>1.0 beta 2</em> and <em>1.0 beta 3</em></a></li>
+<li><a class="reference internal" href="#changes-between-1-0-beta-3-and-1-0-0">Changes between <em>1.0 beta 3</em> and <em>1.0.0</em></a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#planned-changes-for-version-1-0-x">Planned changes for version 1.0.x</a></li>
+<li><a class="reference internal" href="#future-additions">Future additions</a></li>
+</ul>
+</li>
+</ul>
+<div class="relations">
+<h3>Related Topics</h3>
+<ul>
+  <li><a href="../index.html">Documentation overview</a><ul>
+      <li>Previous: <a href="specdef_values.html" title="previous chapter">Example macro implementations</a></li>
+  </ul></li>
+</ul>
+</div>
+  <div role="note" aria-label="source link">
+    <h3>This Page</h3>
+    <ul class="this-page-menu">
+      <li><a href="../_sources/appendix/history.rst.txt"
+            rel="nofollow">Show Source</a></li>
+    </ul>
+   </div>
+<div id="searchbox" style="display: none" role="search">
+  <h3>Quick search</h3>
+    <form class="search" action="../search.html" method="get">
+      <div><input type="text" name="q" /></div>
+      <div><input type="submit" value="Go" /></div>
+      <input type="hidden" name="check_keywords" value="yes" />
+      <input type="hidden" name="area" value="default" />
+    </form>
+</div>
+<script type="text/javascript">$('#searchbox').show(0);</script>
+        </div>
+      </div>
+      <div class="clearer"></div>
+    </div>
+    <div class="footer">
+      &copy; 2019-2020, Arm Limited or its affiliates. All rights reserved.
+      
+      |
+      Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
+      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
+      
+      |
+      <a href="../_sources/appendix/history.rst.txt"
+          rel="nofollow">Page source</a>
+    </div>
+
+    
+
+    
+  </body>
+</html>
\ No newline at end of file
diff --git a/docs/html/appendix/specdef_values.html b/docs/html/appendix/specdef_values.html
new file mode 100644
index 0000000..ed094c5
--- /dev/null
+++ b/docs/html/appendix/specdef_values.html
@@ -0,0 +1,268 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <title>Example macro implementations &#8212; PSA Crypto API 1.0.0 documentation</title>
+    <link rel="stylesheet" href="../_static/alabaster.css" type="text/css" />
+    <link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
+    <script type="text/javascript">
+      var DOCUMENTATION_OPTIONS = {
+        URL_ROOT:    '../',
+        VERSION:     '1.0.0',
+        COLLAPSE_INDEX: false,
+        FILE_SUFFIX: '.html',
+        HAS_SOURCE:  true,
+        SOURCELINK_SUFFIX: '.txt'
+      };
+    </script>
+    <script type="text/javascript" src="../_static/jquery.js"></script>
+    <script type="text/javascript" src="../_static/underscore.js"></script>
+    <script type="text/javascript" src="../_static/doctools.js"></script>
+    <link rel="index" title="Index" href="../genindex.html" />
+    <link rel="search" title="Search" href="../search.html" />
+    <link rel="next" title="Changes to the API" href="history.html" />
+    <link rel="prev" title="Example header file" href="example_header.html" />
+   
+  <link rel="stylesheet" href="../_static/custom.css" type="text/css" />
+  
+  <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
+
+  </head>
+  <body>
+  
+
+    <div class="document">
+      <div class="documentwrapper">
+        <div class="bodywrapper">
+          <div class="body" role="main">
+            
+  <div class="section" id="example-macro-implementations">
+<span id="appendix-specdef-values"></span><h1>Example macro implementations</h1>
+<p>This appendix provides example implementations of the function-like macros that have specification-defined values.</p>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">In a future version of this specification, these example implementations will be replaced with a pseudo-code representation of the macro’s computation in the macro description.</p>
+</div>
+<p>The examples here provide correct results for the valid inputs defined by each API, for an implementation that supports all of the defined algorithms and key types. An implementation can provide alternative definitions of these macros:</p>
+<ul class="simple">
+<li>If the implementation does not support all of the algorithms or key types, it can provide a simpler definition of applicable macros.</li>
+<li>If the implementation provides vendor-specific algorithms or key types, it needs to extend the definitions of applicable macros.</li>
+</ul>
+<div class="section" id="algorithm-macros">
+<h2>Algorithm macros</h2>
+<dl class="docutils">
+<dt><a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG" title="PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG"><code class="docutils literal"><span class="pre">PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">aead_alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">((((</span></code><code class="docutils literal"><span class="pre">aead_alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">~0</span></code><code class="docutils literal"><span class="pre">x003f0000</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x05400100</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">?</span> </code><a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_CCM" title="PSA_ALG_CCM"><code class="docutils literal"><span class="pre">PSA_ALG_CCM</span></code></a><code class="docutils literal"> <span class="pre">:</span> <span class="pre">(((</span></code><code class="docutils literal"><span class="pre">aead_alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">~0</span></code><code class="docutils literal"><span class="pre">x003f0000</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x05400200</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">?</span> </code><a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_GCM" title="PSA_ALG_GCM"><code class="docutils literal"><span class="pre">PSA_ALG_GCM</span></code></a><code class="docutils literal"> <span class="pre">:</span> <span class="pre">(((</span></code><code class="docutils literal"><span class="pre">aead_alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">~0</span></code><code class="docutils literal"><span class="pre">x003f0000</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x05000500</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">?</span> </code><a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_CHACHA20_POLY1305" title="PSA_ALG_CHACHA20_POLY1305"><code class="docutils literal"><span class="pre">PSA_ALG_CHACHA20_POLY1305</span></code></a><code class="docutils literal"> <span class="pre">:</span> </code><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_NONE" title="PSA_ALG_NONE"><code class="docutils literal"><span class="pre">PSA_ALG_NONE</span></code></a><code class="docutils literal"><span class="pre">)</span></code></dd>
+<dt><a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_AEAD_WITH_SHORTENED_TAG" title="PSA_ALG_AEAD_WITH_SHORTENED_TAG"><code class="docutils literal"><span class="pre">PSA_ALG_AEAD_WITH_SHORTENED_TAG</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">aead_alg</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">tag_length</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="docutils literal"><span class="pre">psa_algorithm_t</span></code></a><code class="docutils literal"><span class="pre">)</span> <span class="pre">(((</span></code><code class="docutils literal"><span class="pre">aead_alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">~0</span></code><code class="docutils literal"><span class="pre">x003f0000</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">|</span> <span class="pre">(((</span></code><code class="docutils literal"><span class="pre">tag_length</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x3f</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&lt;&lt;</span> <span class="pre">16)))</span></code></dd>
+<dt><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_DETERMINISTIC_ECDSA" title="PSA_ALG_DETERMINISTIC_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="docutils literal"><span class="pre">psa_algorithm_t</span></code></a><code class="docutils literal"><span class="pre">)</span> <span class="pre">(0</span></code><code class="docutils literal"><span class="pre">x06000700</span></code><code class="docutils literal"> <span class="pre">|</span> <span class="pre">((</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x000000ff</span></code><code class="docutils literal"><span class="pre">)))</span></code></dd>
+<dt><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_ECDSA</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="docutils literal"><span class="pre">psa_algorithm_t</span></code></a><code class="docutils literal"><span class="pre">)</span> <span class="pre">(0</span></code><code class="docutils literal"><span class="pre">x06000600</span></code><code class="docutils literal"> <span class="pre">|</span> <span class="pre">((</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x000000ff</span></code><code class="docutils literal"><span class="pre">)))</span></code></dd>
+<dt><a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_FULL_LENGTH_MAC" title="PSA_ALG_FULL_LENGTH_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_FULL_LENGTH_MAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">mac_alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="docutils literal"><span class="pre">psa_algorithm_t</span></code></a><code class="docutils literal"><span class="pre">)</span> <span class="pre">((</span></code><code class="docutils literal"><span class="pre">mac_alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">~0</span></code><code class="docutils literal"><span class="pre">x003f0000</span></code><code class="docutils literal"><span class="pre">))</span></code></dd>
+<dt><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_GET_HASH" title="PSA_ALG_GET_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_GET_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x000000ff</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span> <span class="pre">?</span> </code><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_NONE" title="PSA_ALG_NONE"><code class="docutils literal"><span class="pre">PSA_ALG_NONE</span></code></a><code class="docutils literal"> <span class="pre">:</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x02000000</span></code><code class="docutils literal"> <span class="pre">|</span> <span class="pre">((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x000000ff</span></code><code class="docutils literal"><span class="pre">))</span></code></dd>
+<dt><a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_HKDF" title="PSA_ALG_HKDF"><code class="docutils literal"><span class="pre">PSA_ALG_HKDF</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="docutils literal"><span class="pre">psa_algorithm_t</span></code></a><code class="docutils literal"><span class="pre">)</span> <span class="pre">(0</span></code><code class="docutils literal"><span class="pre">x08000100</span></code><code class="docutils literal"> <span class="pre">|</span> <span class="pre">((</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x000000ff</span></code><code class="docutils literal"><span class="pre">)))</span></code></dd>
+<dt><a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_HMAC" title="PSA_ALG_HMAC"><code class="docutils literal"><span class="pre">PSA_ALG_HMAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="docutils literal"><span class="pre">psa_algorithm_t</span></code></a><code class="docutils literal"><span class="pre">)</span> <span class="pre">(0</span></code><code class="docutils literal"><span class="pre">x03800000</span></code><code class="docutils literal"> <span class="pre">|</span> <span class="pre">((</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x000000ff</span></code><code class="docutils literal"><span class="pre">)))</span></code></dd>
+<dt><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7f000000</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x05000000</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
+<dt><a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER" title="PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7f400000</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x05400000</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
+<dt><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_ASYMMETRIC_ENCRYPTION" title="PSA_ALG_IS_ASYMMETRIC_ENCRYPTION"><code class="docutils literal"><span class="pre">PSA_ALG_IS_ASYMMETRIC_ENCRYPTION</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7f000000</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x07000000</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
+<dt><a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_IS_BLOCK_CIPHER_MAC" title="PSA_ALG_IS_BLOCK_CIPHER_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_BLOCK_CIPHER_MAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7fc00000</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x03c00000</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
+<dt><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7f000000</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x03000000</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
+<dt><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_DETERMINISTIC_ECDSA" title="PSA_ALG_IS_DETERMINISTIC_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_IS_DETERMINISTIC_ECDSA</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">~0</span></code><code class="docutils literal"><span class="pre">x000000ff</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x06000700</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
+<dt><a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_IS_ECDH" title="PSA_ALG_IS_ECDH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_ECDH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7fff0000</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x09020000</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
+<dt><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_ECDSA" title="PSA_ALG_IS_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_IS_ECDSA</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">~0</span></code><code class="docutils literal"><span class="pre">x000001ff</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x06000600</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
+<dt><a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_IS_FFDH" title="PSA_ALG_IS_FFDH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_FFDH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7fff0000</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x09010000</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
+<dt><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7f000000</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x02000000</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
+<dt><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_HASH_AND_SIGN" title="PSA_ALG_IS_HASH_AND_SIGN"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH_AND_SIGN</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_RSA_PSS" title="PSA_ALG_IS_RSA_PSS"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RSA_PSS</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">||</span> </code><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_RSA_PKCS1V15_SIGN" title="PSA_ALG_IS_RSA_PKCS1V15_SIGN"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RSA_PKCS1V15_SIGN</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">||</span> </code><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_ECDSA" title="PSA_ALG_IS_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_IS_ECDSA</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">))</span></code></dd>
+<dt><a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_IS_HKDF" title="PSA_ALG_IS_HKDF"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HKDF</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">~0</span></code><code class="docutils literal"><span class="pre">x000000ff</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x08000100</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
+<dt><a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_IS_HMAC" title="PSA_ALG_IS_HMAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HMAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7fc0ff00</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x03800000</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
+<dt><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_KEY_AGREEMENT" title="PSA_ALG_IS_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_AGREEMENT</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7f000000</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x09000000</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
+<dt><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_KEY_DERIVATION" title="PSA_ALG_IS_KEY_DERIVATION"><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_DERIVATION</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7f000000</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x08000000</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
+<dt><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_MAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7f000000</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x03000000</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
+<dt><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_RANDOMIZED_ECDSA" title="PSA_ALG_IS_RANDOMIZED_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RANDOMIZED_ECDSA</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">~0</span></code><code class="docutils literal"><span class="pre">x000000ff</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x06000600</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
+<dt><a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_IS_RAW_KEY_AGREEMENT" title="PSA_ALG_IS_RAW_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RAW_KEY_AGREEMENT</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7f00ffff</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x09000000</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
+<dt><a class="reference internal" href="../api/ops/pke.html#c.PSA_ALG_IS_RSA_OAEP" title="PSA_ALG_IS_RSA_OAEP"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RSA_OAEP</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">~0</span></code><code class="docutils literal"><span class="pre">x000000ff</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x07000300</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
+<dt><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_RSA_PKCS1V15_SIGN" title="PSA_ALG_IS_RSA_PKCS1V15_SIGN"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RSA_PKCS1V15_SIGN</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">~0</span></code><code class="docutils literal"><span class="pre">x000000ff</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x06000200</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
+<dt><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_RSA_PSS" title="PSA_ALG_IS_RSA_PSS"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RSA_PSS</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">~0</span></code><code class="docutils literal"><span class="pre">x000000ff</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x06000300</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
+<dt><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_SIGN" title="PSA_ALG_IS_SIGN"><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7f000000</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x06000000</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
+<dt><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_SIGN_HASH" title="PSA_ALG_IS_SIGN_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_SIGN" title="PSA_ALG_IS_SIGN"><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
+<dt><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_SIGN_MESSAGE" title="PSA_ALG_IS_SIGN_MESSAGE"><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN_MESSAGE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_SIGN" title="PSA_ALG_IS_SIGN"><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;&amp;</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">!=</span> </code><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_ECDSA_ANY" title="PSA_ALG_ECDSA_ANY"><code class="docutils literal"><span class="pre">PSA_ALG_ECDSA_ANY</span></code></a><code class="docutils literal"> <span class="pre">&amp;&amp;</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">!=</span> </code><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_RSA_PKCS1V15_SIGN_RAW" title="PSA_ALG_RSA_PKCS1V15_SIGN_RAW"><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</span></code></a><code class="docutils literal"><span class="pre">)</span></code></dd>
+<dt><a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_IS_STREAM_CIPHER" title="PSA_ALG_IS_STREAM_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_STREAM_CIPHER</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7f800000</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x04800000</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
+<dt><a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_IS_TLS12_PRF" title="PSA_ALG_IS_TLS12_PRF"><code class="docutils literal"><span class="pre">PSA_ALG_IS_TLS12_PRF</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">~0</span></code><code class="docutils literal"><span class="pre">x000000ff</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x08000200</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
+<dt><a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_IS_TLS12_PSK_TO_MS" title="PSA_ALG_IS_TLS12_PSK_TO_MS"><code class="docutils literal"><span class="pre">PSA_ALG_IS_TLS12_PSK_TO_MS</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">~0</span></code><code class="docutils literal"><span class="pre">x000000ff</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x08000300</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
+<dt><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_WILDCARD" title="PSA_ALG_IS_WILDCARD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_WILDCARD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_GET_HASH" title="PSA_ALG_GET_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_GET_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> </code><code class="docutils literal"><span class="pre">PSA_ALG_HASH_ANY</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
+<dt><a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_KEY_AGREEMENT" title="PSA_ALG_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">ka_alg</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">kdf_alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">((</span></code><code class="docutils literal"><span class="pre">ka_alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">|</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">kdf_alg</span></code><code class="docutils literal"><span class="pre">))</span></code></dd>
+<dt><a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_KEY_AGREEMENT_GET_BASE" title="PSA_ALG_KEY_AGREEMENT_GET_BASE"><code class="docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_BASE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="docutils literal"><span class="pre">psa_algorithm_t</span></code></a><code class="docutils literal"><span class="pre">)((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">xffff0000</span></code><code class="docutils literal"><span class="pre">))</span></code></dd>
+<dt><a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_KEY_AGREEMENT_GET_KDF" title="PSA_ALG_KEY_AGREEMENT_GET_KDF"><code class="docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_KDF</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="docutils literal"><span class="pre">psa_algorithm_t</span></code></a><code class="docutils literal"><span class="pre">)((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">xfe00ffff</span></code><code class="docutils literal"><span class="pre">))</span></code></dd>
+<dt><a class="reference internal" href="../api/ops/pke.html#c.PSA_ALG_RSA_OAEP" title="PSA_ALG_RSA_OAEP"><code class="docutils literal"><span class="pre">PSA_ALG_RSA_OAEP</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="docutils literal"><span class="pre">psa_algorithm_t</span></code></a><code class="docutils literal"><span class="pre">)(0</span></code><code class="docutils literal"><span class="pre">x07000300</span></code><code class="docutils literal"> <span class="pre">|</span> <span class="pre">((</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x000000ff</span></code><code class="docutils literal"><span class="pre">)))</span></code></dd>
+<dt><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_RSA_PKCS1V15_SIGN" title="PSA_ALG_RSA_PKCS1V15_SIGN"><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="docutils literal"><span class="pre">psa_algorithm_t</span></code></a><code class="docutils literal"><span class="pre">)(0</span></code><code class="docutils literal"><span class="pre">x06000200</span></code><code class="docutils literal"> <span class="pre">|</span> <span class="pre">((</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x000000ff</span></code><code class="docutils literal"><span class="pre">)))</span></code></dd>
+<dt><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_RSA_PSS" title="PSA_ALG_RSA_PSS"><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PSS</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="docutils literal"><span class="pre">psa_algorithm_t</span></code></a><code class="docutils literal"><span class="pre">)(0</span></code><code class="docutils literal"><span class="pre">x06000300</span></code><code class="docutils literal"> <span class="pre">|</span> <span class="pre">((</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x000000ff</span></code><code class="docutils literal"><span class="pre">)))</span></code></dd>
+<dt><a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_TLS12_PRF" title="PSA_ALG_TLS12_PRF"><code class="docutils literal"><span class="pre">PSA_ALG_TLS12_PRF</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="docutils literal"><span class="pre">psa_algorithm_t</span></code></a><code class="docutils literal"><span class="pre">)</span> <span class="pre">(0</span></code><code class="docutils literal"><span class="pre">x08000200</span></code><code class="docutils literal"> <span class="pre">|</span> <span class="pre">((</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x000000ff</span></code><code class="docutils literal"><span class="pre">)))</span></code></dd>
+<dt><a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_TLS12_PSK_TO_MS" title="PSA_ALG_TLS12_PSK_TO_MS"><code class="docutils literal"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="docutils literal"><span class="pre">psa_algorithm_t</span></code></a><code class="docutils literal"><span class="pre">)</span> <span class="pre">(0</span></code><code class="docutils literal"><span class="pre">x08000300</span></code><code class="docutils literal"> <span class="pre">|</span> <span class="pre">((</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x000000ff</span></code><code class="docutils literal"><span class="pre">)))</span></code></dd>
+<dt><a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_TRUNCATED_MAC" title="PSA_ALG_TRUNCATED_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_TRUNCATED_MAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">mac_alg</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">mac_length</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="docutils literal"><span class="pre">psa_algorithm_t</span></code></a><code class="docutils literal"><span class="pre">)</span> <span class="pre">(((</span></code><code class="docutils literal"><span class="pre">mac_alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">~0</span></code><code class="docutils literal"><span class="pre">x003f0000</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">|</span> <span class="pre">(((</span></code><code class="docutils literal"><span class="pre">mac_length</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x3f</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&lt;&lt;</span> <span class="pre">16)))</span></code></dd>
+</dl>
+</div>
+<div class="section" id="key-type-macros">
+<h2>Key type macros</h2>
+<dl class="docutils">
+<dt><a class="reference internal" href="../api/ops/ciphers.html#c.PSA_BLOCK_CIPHER_BLOCK_LENGTH" title="PSA_BLOCK_CIPHER_BLOCK_LENGTH"><code class="docutils literal"><span class="pre">PSA_BLOCK_CIPHER_BLOCK_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">(1</span></code><code class="docutils literal"><span class="pre">u</span></code><code class="docutils literal"> <span class="pre">&lt;&lt;</span> <span class="pre">(((</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&gt;&gt;</span> <span class="pre">8)</span> <span class="pre">&amp;</span> <span class="pre">7))</span></code></dd>
+<dt><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_DH_GET_FAMILY" title="PSA_KEY_TYPE_DH_GET_FAMILY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DH_GET_FAMILY</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/types.html#c.psa_dh_family_t" title="psa_dh_family_t"><code class="docutils literal"><span class="pre">psa_dh_family_t</span></code></a><code class="docutils literal"><span class="pre">)</span> <span class="pre">((</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x00ff</span></code><code class="docutils literal"><span class="pre">))</span></code></dd>
+<dt><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_DH_KEY_PAIR" title="PSA_KEY_TYPE_DH_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DH_KEY_PAIR</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">group</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="docutils literal"><span class="pre">psa_key_type_t</span></code></a><code class="docutils literal"><span class="pre">)</span> <span class="pre">(0</span></code><code class="docutils literal"><span class="pre">x7200</span></code><code class="docutils literal"> <span class="pre">|</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">group</span></code><code class="docutils literal"><span class="pre">)))</span></code></dd>
+<dt><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_DH_PUBLIC_KEY" title="PSA_KEY_TYPE_DH_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DH_PUBLIC_KEY</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">group</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="docutils literal"><span class="pre">psa_key_type_t</span></code></a><code class="docutils literal"><span class="pre">)</span> <span class="pre">(0</span></code><code class="docutils literal"><span class="pre">x4200</span></code><code class="docutils literal"> <span class="pre">|</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">group</span></code><code class="docutils literal"><span class="pre">)))</span></code></dd>
+<dt><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_ECC_GET_FAMILY" title="PSA_KEY_TYPE_ECC_GET_FAMILY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_GET_FAMILY</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/types.html#c.psa_ecc_family_t" title="psa_ecc_family_t"><code class="docutils literal"><span class="pre">psa_ecc_family_t</span></code></a><code class="docutils literal"><span class="pre">)</span> <span class="pre">((</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x00ff</span></code><code class="docutils literal"><span class="pre">))</span></code></dd>
+<dt><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_ECC_KEY_PAIR" title="PSA_KEY_TYPE_ECC_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">curve</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="docutils literal"><span class="pre">psa_key_type_t</span></code></a><code class="docutils literal"><span class="pre">)</span> <span class="pre">(0</span></code><code class="docutils literal"><span class="pre">x7100</span></code><code class="docutils literal"> <span class="pre">|</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">curve</span></code><code class="docutils literal"><span class="pre">)))</span></code></dd>
+<dt><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_ECC_PUBLIC_KEY" title="PSA_KEY_TYPE_ECC_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_PUBLIC_KEY</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">curve</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="docutils literal"><span class="pre">psa_key_type_t</span></code></a><code class="docutils literal"><span class="pre">)</span> <span class="pre">(0</span></code><code class="docutils literal"><span class="pre">x4100</span></code><code class="docutils literal"> <span class="pre">|</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">curve</span></code><code class="docutils literal"><span class="pre">)))</span></code></dd>
+<dt><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_ASYMMETRIC" title="PSA_KEY_TYPE_IS_ASYMMETRIC"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ASYMMETRIC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x4000</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x4000</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
+<dt><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_DH" title="PSA_KEY_TYPE_IS_DH"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_DH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR" title="PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">xff00</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x4200</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
+<dt><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_DH_KEY_PAIR" title="PSA_KEY_TYPE_IS_DH_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_DH_KEY_PAIR</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">xff00</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7200</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
+<dt><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_DH_PUBLIC_KEY" title="PSA_KEY_TYPE_IS_DH_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_DH_PUBLIC_KEY</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">xff00</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x4200</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
+<dt><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_ECC" title="PSA_KEY_TYPE_IS_ECC"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ECC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR" title="PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">xff00</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x4100</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
+<dt><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_ECC_KEY_PAIR" title="PSA_KEY_TYPE_IS_ECC_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ECC_KEY_PAIR</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">xff00</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7100</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
+<dt><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY" title="PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">xff00</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x4100</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
+<dt><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_KEY_PAIR" title="PSA_KEY_TYPE_IS_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_KEY_PAIR</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7000</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7000</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
+<dt><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_PUBLIC_KEY" title="PSA_KEY_TYPE_IS_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_PUBLIC_KEY</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7000</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x4000</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
+<dt><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_RSA" title="PSA_KEY_TYPE_IS_RSA"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_RSA</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR" title="PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x4001</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
+<dt><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_UNSTRUCTURED" title="PSA_KEY_TYPE_IS_UNSTRUCTURED"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_UNSTRUCTURED</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7000</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x1000</span></code><code class="docutils literal"> <span class="pre">||</span> <span class="pre">((</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7000</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x2000</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
+<dt><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY" title="PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="docutils literal"><span class="pre">psa_key_type_t</span></code></a><code class="docutils literal"><span class="pre">)</span> <span class="pre">((</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">|</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x3000</span></code><code class="docutils literal"><span class="pre">))</span></code></dd>
+<dt><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR" title="PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="docutils literal"><span class="pre">psa_key_type_t</span></code></a><code class="docutils literal"><span class="pre">)</span> <span class="pre">((</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&amp;</span> <span class="pre">~0</span></code><code class="docutils literal"><span class="pre">x3000</span></code><code class="docutils literal"><span class="pre">))</span></code></dd>
+</dl>
+</div>
+<div class="section" id="hash-suspend-state-macros">
+<h2>Hash suspend state macros</h2>
+<dl class="docutils">
+<dt><a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH" title="PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)==</span></code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_MD2" title="PSA_ALG_MD2"><code class="docutils literal"><span class="pre">PSA_ALG_MD2</span></code></a><code class="docutils literal"> <span class="pre">?</span> <span class="pre">64</span> <span class="pre">:</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)==</span></code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_MD4" title="PSA_ALG_MD4"><code class="docutils literal"><span class="pre">PSA_ALG_MD4</span></code></a><code class="docutils literal"> <span class="pre">||</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)==</span></code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_MD5" title="PSA_ALG_MD5"><code class="docutils literal"><span class="pre">PSA_ALG_MD5</span></code></a><code class="docutils literal"> <span class="pre">?</span> <span class="pre">16</span> <span class="pre">:</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)==</span></code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_RIPEMD160" title="PSA_ALG_RIPEMD160"><code class="docutils literal"><span class="pre">PSA_ALG_RIPEMD160</span></code></a><code class="docutils literal"> <span class="pre">||</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)==</span></code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_1" title="PSA_ALG_SHA_1"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_1</span></code></a><code class="docutils literal"> <span class="pre">?</span> <span class="pre">20</span> <span class="pre">:</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)==</span></code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_224" title="PSA_ALG_SHA_224"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_224</span></code></a><code class="docutils literal"> <span class="pre">||</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)==</span></code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_256" title="PSA_ALG_SHA_256"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_256</span></code></a><code class="docutils literal"> <span class="pre">?</span> <span class="pre">32</span> <span class="pre">:</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)==</span></code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_512" title="PSA_ALG_SHA_512"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_512</span></code></a><code class="docutils literal"> <span class="pre">||</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)==</span></code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_384" title="PSA_ALG_SHA_384"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_384</span></code></a><code class="docutils literal"> <span class="pre">||</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)==</span></code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_512_256" title="PSA_ALG_SHA_512_256"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_512_256</span></code></a><code class="docutils literal"> <span class="pre">?</span> <span class="pre">64</span> <span class="pre">:</span> <span class="pre">0)</span></code></dd>
+<dt><a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH" title="PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)==</span></code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_MD2" title="PSA_ALG_MD2"><code class="docutils literal"><span class="pre">PSA_ALG_MD2</span></code></a><code class="docutils literal"> <span class="pre">?</span> <span class="pre">1</span> <span class="pre">:</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)==</span></code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_MD4" title="PSA_ALG_MD4"><code class="docutils literal"><span class="pre">PSA_ALG_MD4</span></code></a><code class="docutils literal"> <span class="pre">||</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)==</span></code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_MD5" title="PSA_ALG_MD5"><code class="docutils literal"><span class="pre">PSA_ALG_MD5</span></code></a><code class="docutils literal"> <span class="pre">||</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)==</span></code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_RIPEMD160" title="PSA_ALG_RIPEMD160"><code class="docutils literal"><span class="pre">PSA_ALG_RIPEMD160</span></code></a><code class="docutils literal"> <span class="pre">||</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)==</span></code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_1" title="PSA_ALG_SHA_1"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_1</span></code></a><code class="docutils literal"> <span class="pre">||</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)==</span></code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_224" title="PSA_ALG_SHA_224"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_224</span></code></a><code class="docutils literal"> <span class="pre">||</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)==</span></code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_256" title="PSA_ALG_SHA_256"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_256</span></code></a><code class="docutils literal"> <span class="pre">?</span> <span class="pre">8</span> <span class="pre">:</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)==</span></code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_512" title="PSA_ALG_SHA_512"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_512</span></code></a><code class="docutils literal"> <span class="pre">||</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)==</span></code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_384" title="PSA_ALG_SHA_384"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_384</span></code></a><code class="docutils literal"> <span class="pre">||</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)==</span></code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_512_256" title="PSA_ALG_SHA_512_256"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_512_256</span></code></a><code class="docutils literal"> <span class="pre">?</span> <span class="pre">16</span> <span class="pre">:</span> <span class="pre">0)</span></code></dd>
+<dt><a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_SUSPEND_OUTPUT_SIZE" title="PSA_HASH_SUSPEND_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_OUTPUT_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
+<dd><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH" title="PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH</span></code></a><code class="docutils literal"> <span class="pre">+</span> </code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH" title="PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">+</span> </code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH" title="PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">+</span> </code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_BLOCK_LENGTH" title="PSA_HASH_BLOCK_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_BLOCK_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">-</span> <span class="pre">1)</span></code></dd>
+</dl>
+</div>
+</div>
+
+
+          </div>
+        </div>
+      </div>
+      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
+        <div class="sphinxsidebarwrapper">
+  <h3><a href="../index.html">Table Of Contents</a></h3>
+  <ul>
+<li><a class="reference internal" href="#">Example macro implementations</a><ul>
+<li><a class="reference internal" href="#algorithm-macros">Algorithm macros</a></li>
+<li><a class="reference internal" href="#key-type-macros">Key type macros</a></li>
+<li><a class="reference internal" href="#hash-suspend-state-macros">Hash suspend state macros</a></li>
+</ul>
+</li>
+</ul>
+<div class="relations">
+<h3>Related Topics</h3>
+<ul>
+  <li><a href="../index.html">Documentation overview</a><ul>
+      <li>Previous: <a href="example_header.html" title="previous chapter">Example header file</a></li>
+      <li>Next: <a href="history.html" title="next chapter">Changes to the API</a></li>
+  </ul></li>
+</ul>
+</div>
+  <div role="note" aria-label="source link">
+    <h3>This Page</h3>
+    <ul class="this-page-menu">
+      <li><a href="../_sources/appendix/specdef_values.rst.txt"
+            rel="nofollow">Show Source</a></li>
+    </ul>
+   </div>
+<div id="searchbox" style="display: none" role="search">
+  <h3>Quick search</h3>
+    <form class="search" action="../search.html" method="get">
+      <div><input type="text" name="q" /></div>
+      <div><input type="submit" value="Go" /></div>
+      <input type="hidden" name="check_keywords" value="yes" />
+      <input type="hidden" name="area" value="default" />
+    </form>
+</div>
+<script type="text/javascript">$('#searchbox').show(0);</script>
+        </div>
+      </div>
+      <div class="clearer"></div>
+    </div>
+    <div class="footer">
+      &copy; 2019-2020, Arm Limited or its affiliates. All rights reserved.
+      
+      |
+      Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
+      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
+      
+      |
+      <a href="../_sources/appendix/specdef_values.rst.txt"
+          rel="nofollow">Page source</a>
+    </div>
+
+    
+
+    
+  </body>
+</html>
\ No newline at end of file
diff --git a/docs/html/from_doxygen.html b/docs/html/from_doxygen.html
deleted file mode 100644
index 15487a0..0000000
--- a/docs/html/from_doxygen.html
+++ /dev/null
@@ -1,7097 +0,0 @@
-
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta http-equiv="X-UA-Compatible" content="IE=Edge" />
-    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-    <title>Implementation-specific definitions &#8212; psa_crypto_api 1.0 beta3 documentation</title>
-    <link rel="stylesheet" href="_static/alabaster.css" type="text/css" />
-    <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
-    <script type="text/javascript" id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
-    <script type="text/javascript" src="_static/jquery.js"></script>
-    <script type="text/javascript" src="_static/underscore.js"></script>
-    <script type="text/javascript" src="_static/doctools.js"></script>
-    <script type="text/javascript" src="_static/language_data.js"></script>
-    <link rel="index" title="Index" href="genindex.html" />
-    <link rel="search" title="Search" href="search.html" />
-    <link rel="prev" title="Introduction" href="general.html" />
-   
-  <link rel="stylesheet" href="_static/custom.css" type="text/css" />
-  
-  
-  <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
-
-  </head><body>
-  
-
-    <div class="document">
-      <div class="documentwrapper">
-        <div class="bodywrapper">
-          
-
-          <div class="body" role="main">
-            
-  <div class="section" id="implementation-specific-definitions">
-<h1>Implementation-specific definitions</h1>
-<div class="section" id="psa_key_handle_t">
-<span id="c.psa_key_handle_t"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_key_handle_t</span></code> (type)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="k">typedef</span> <span class="n">_unsigned_integral_type_</span> <span class="n">psa_key_handle_t</span><span class="p">;</span>
-</pre></div>
-</div>
-<p>Key handle.</p>
-<p>This type represents open handles to keys. It must be an unsigned integral type. The choice of type is implementation-dependent.</p>
-<p>0 is not a valid key handle. How other handle values are assigned is implementation-dependent.</p>
-</div>
-</div>
-<div class="section" id="library-initialization">
-<h1>Library initialization</h1>
-<div class="section" id="psa_crypto_init">
-<span id="c.psa_crypto_init"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_crypto_init</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_crypto_init</span><span class="p">(</span><span class="kt">void</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_ENTROPY" title="PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Library initialization.</p>
-<p>Applications must call this function before calling any other function in this module.</p>
-<p>Applications may call this function more than once. Once a call succeeds, subsequent calls are guaranteed to succeed.</p>
-<p>If the application calls other functions before calling <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>, the behavior is undefined. Implementations are encouraged to either perform the operation as if the library had been initialized or to return <a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a> or some other applicable error. In particular, implementations should not return a success status if the lack of initialization may have security implications, for example due to improper seeding of the random number generator.</p>
-</div>
-</div>
-<div class="section" id="key-attributes">
-<h1>Key attributes</h1>
-<div class="section" id="psa_key_attributes_t">
-<span id="c.psa_key_attributes_t"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_key_attributes_t</span></code> (type)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="k">typedef</span> <span class="k">struct</span> <span class="n">psa_key_attributes_s</span> <span class="n">psa_key_attributes_t</span><span class="p">;</span>
-</pre></div>
-</div>
-<p>The type of a structure containing key attributes.</p>
-<p>This is an opaque structure that can represent the metadata of a key object. Metadata that can be stored in attributes includes:</p>
-<ul class="simple">
-<li>The location of the key in storage, indicated by its key identifier and its lifetime.</li>
-<li>The key’s policy, comprising usage flags and a specification of the permitted algorithm(s).</li>
-<li>Information about the key itself: the key type and its size.</li>
-<li>Implementations may define additional attributes.</li>
-</ul>
-<p>The actual key material is not considered an attribute of a key. Key attributes do not contain information that is generally considered highly confidential.</p>
-<p>An attribute structure can be a simple data structure where each function <code class="docutils literal notranslate"><span class="pre">psa_set_key_xxx</span></code> sets a field and the corresponding function <code class="docutils literal notranslate"><span class="pre">psa_get_key_xxx</span></code> retrieves the value of the corresponding field. However, implementations may report values that are equivalent to the original one, but have a different encoding. For example, an implementation may use a more compact representation for types where many bit-patterns are invalid or not supported, and store all values that it does not support as a special marker value. In such an implementation, after setting an invalid value, the corresponding get function returns an invalid value which may not be the one that was originally stored.</p>
-<p>An attribute structure may contain references to auxiliary resources, for example pointers to allocated memory or indirect references to pre-calculated values. In order to free such resources, the application must call <a class="reference internal" href="#c.psa_reset_key_attributes" title="psa_reset_key_attributes"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_reset_key_attributes()</span></code></a>. As an exception, calling <a class="reference internal" href="#c.psa_reset_key_attributes" title="psa_reset_key_attributes"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_reset_key_attributes()</span></code></a> on an attribute structure is optional if the structure has only been modified by the following functions since it was initialized or last reset with <a class="reference internal" href="#c.psa_reset_key_attributes" title="psa_reset_key_attributes"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_reset_key_attributes()</span></code></a>:</p>
-<ul class="simple">
-<li><a class="reference internal" href="#c.psa_set_key_id" title="psa_set_key_id"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_set_key_id()</span></code></a></li>
-<li><a class="reference internal" href="#c.psa_set_key_lifetime" title="psa_set_key_lifetime"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_set_key_lifetime()</span></code></a></li>
-<li><a class="reference internal" href="#c.psa_set_key_type" title="psa_set_key_type"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_set_key_type()</span></code></a></li>
-<li><a class="reference internal" href="#c.psa_set_key_bits" title="psa_set_key_bits"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_set_key_bits()</span></code></a></li>
-<li><a class="reference internal" href="#c.psa_set_key_usage_flags" title="psa_set_key_usage_flags"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_set_key_usage_flags()</span></code></a></li>
-<li><a class="reference internal" href="#c.psa_set_key_algorithm" title="psa_set_key_algorithm"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_set_key_algorithm()</span></code></a></li>
-</ul>
-<p>Before calling any function on a key attribute structure, the application must initialize it by any of the following means:</p>
-<ul>
-<li><p class="first">Set the structure to all-bits-zero, for example:</p>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_key_attributes_t</span> <span class="n">attributes</span><span class="p">;</span>
-<span class="n">memset</span><span class="p">(</span><span class="o">&amp;</span><span class="n">attributes</span><span class="p">,</span> <span class="mi">0</span><span class="p">,</span> <span class="k">sizeof</span><span class="p">(</span><span class="n">attributes</span><span class="p">));</span>
-</pre></div>
-</div>
-</li>
-<li><p class="first">Initialize the structure to logical zero values, for example:</p>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_key_attributes_t</span> <span class="n">attributes</span> <span class="o">=</span> <span class="p">{</span><span class="mi">0</span><span class="p">};</span>
-</pre></div>
-</div>
-</li>
-<li><p class="first">Initialize the structure to the initializer <a class="reference internal" href="#c.PSA_KEY_ATTRIBUTES_INIT" title="PSA_KEY_ATTRIBUTES_INIT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_ATTRIBUTES_INIT</span></code></a>, for example:</p>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_key_attributes_t</span> <span class="n">attributes</span> <span class="o">=</span> <span class="n">PSA_KEY_ATTRIBUTES_INIT</span><span class="p">;</span>
-</pre></div>
-</div>
-</li>
-<li><p class="first">Assign the result of the function <a class="reference internal" href="#c.psa_key_attributes_init" title="psa_key_attributes_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_attributes_init()</span></code></a> to the structure, for example:</p>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_key_attributes_t</span> <span class="n">attributes</span><span class="p">;</span>
-<span class="n">attributes</span> <span class="o">=</span> <span class="n">psa_key_attributes_init</span><span class="p">();</span>
-</pre></div>
-</div>
-</li>
-</ul>
-<p>A freshly initialized attribute structure contains the following values:</p>
-<ul class="simple">
-<li>lifetime: <a class="reference internal" href="#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code></a>.</li>
-<li>key identifier: unspecified.</li>
-<li>type: <code class="docutils literal notranslate"><span class="pre">0</span></code>.</li>
-<li>key size: <code class="docutils literal notranslate"><span class="pre">0</span></code>.</li>
-<li>usage flags: <code class="docutils literal notranslate"><span class="pre">0</span></code>.</li>
-<li>algorithm: <code class="docutils literal notranslate"><span class="pre">0</span></code>.</li>
-</ul>
-<p>A typical sequence to create a key is as follows:</p>
-<ol class="arabic simple">
-<li>Create and initialize an attribute structure.</li>
-<li>If the key is persistent, call <a class="reference internal" href="#c.psa_set_key_id" title="psa_set_key_id"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_set_key_id()</span></code></a>. Also call <a class="reference internal" href="#c.psa_set_key_lifetime" title="psa_set_key_lifetime"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_set_key_lifetime()</span></code></a> to place the key in a non-default location.</li>
-<li>Set the key policy with <a class="reference internal" href="#c.psa_set_key_usage_flags" title="psa_set_key_usage_flags"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_set_key_usage_flags()</span></code></a> and <a class="reference internal" href="#c.psa_set_key_algorithm" title="psa_set_key_algorithm"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_set_key_algorithm()</span></code></a>.</li>
-<li>Set the key type with <a class="reference internal" href="#c.psa_set_key_type" title="psa_set_key_type"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_set_key_type()</span></code></a>. Skip this step if copying an existing key with <a class="reference internal" href="#c.psa_copy_key" title="psa_copy_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_copy_key()</span></code></a>.</li>
-<li>When generating a random key with <a class="reference internal" href="#c.psa_generate_key" title="psa_generate_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_generate_key()</span></code></a> or deriving a key with <a class="reference internal" href="#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_output_key()</span></code></a>, set the desired key size with <a class="reference internal" href="#c.psa_set_key_bits" title="psa_set_key_bits"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_set_key_bits()</span></code></a>.</li>
-<li>Call a key creation function: <a class="reference internal" href="#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_import_key()</span></code></a>, <a class="reference internal" href="#c.psa_generate_key" title="psa_generate_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_generate_key()</span></code></a>, <a class="reference internal" href="#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_output_key()</span></code></a> or <a class="reference internal" href="#c.psa_copy_key" title="psa_copy_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_copy_key()</span></code></a>. This function reads the attribute structure, creates a key with these attributes, and outputs a handle to the newly created key.</li>
-<li>The attribute structure is now no longer necessary. You may call <a class="reference internal" href="#c.psa_reset_key_attributes" title="psa_reset_key_attributes"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_reset_key_attributes()</span></code></a>, although this is optional with the workflow presented here because the attributes currently defined in this specification do not require any additional resources beyond the structure itself.</li>
-</ol>
-<p>A typical sequence to query a key’s attributes is as follows:</p>
-<ol class="arabic simple">
-<li>Call <a class="reference internal" href="#c.psa_get_key_attributes" title="psa_get_key_attributes"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_get_key_attributes()</span></code></a>.</li>
-<li>Call <code class="docutils literal notranslate"><span class="pre">psa_get_key_xxx</span></code> functions to retrieve the attribute(s) that you are interested in.</li>
-<li>Call <a class="reference internal" href="#c.psa_reset_key_attributes" title="psa_reset_key_attributes"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_reset_key_attributes()</span></code></a> to free any resources that may be used by the attribute structure.</li>
-</ol>
-<p>Once a key has been created, it is impossible to change its attributes.</p>
-</div>
-<div class="section" id="PSA_KEY_ATTRIBUTES_INIT">
-<span id="c.PSA_KEY_ATTRIBUTES_INIT"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_ATTRIBUTES_INIT</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_ATTRIBUTES_INIT  {0}</span>
-</pre></div>
-</div>
-<p>This macro returns a suitable initializer for a key attribute structure of type <a class="reference internal" href="#c.psa_key_attributes_t" title="psa_key_attributes_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_key_attributes_t</span></code></a>.</p>
-</div>
-<div class="section" id="psa_key_attributes_init">
-<span id="c.psa_key_attributes_init"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_key_attributes_init</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_key_attributes_t</span> <span class="nf">psa_key_attributes_init</span><span class="p">(</span><span class="kt">void</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_key_attributes_t" title="psa_key_attributes_t"><code class="docutils literal notranslate"><span class="pre">psa_key_attributes_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Return an initial value for a key attributes structure.</p>
-</div>
-<div class="section" id="psa_set_key_id">
-<span id="c.psa_set_key_id"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_set_key_id</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="kt">void</span> <span class="nf">psa_set_key_id</span><span class="p">(</span><span class="n">psa_key_attributes_t</span> <span class="o">*</span> <span class="n">attributes</span><span class="p">,</span>
-                    <span class="n">psa_key_id_t</span> <span class="n">id</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">attributes</span></code></dt>
-<dd>The attribute structure to write to.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">id</span></code></dt>
-<dd>The persistent identifier for the key.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><code class="docutils literal notranslate"><span class="pre">void</span></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Declare a key as persistent and set its key identifier.</p>
-<p>If the attribute structure currently declares the key as volatile (which is the default content of an attribute structure), this function sets the lifetime attribute to <a class="reference internal" href="#c.PSA_KEY_LIFETIME_PERSISTENT" title="PSA_KEY_LIFETIME_PERSISTENT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code></a>.</p>
-<p>This function does not access storage, it merely stores the given value in the structure. The persistent key will be written to storage when the attribute structure is passed to a key creation function such as <a class="reference internal" href="#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_import_key()</span></code></a>, <a class="reference internal" href="#c.psa_generate_key" title="psa_generate_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_generate_key()</span></code></a>, <a class="reference internal" href="#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_output_key()</span></code></a> or <a class="reference internal" href="#c.psa_copy_key" title="psa_copy_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_copy_key()</span></code></a>.</p>
-<p>This function may be declared as <code class="docutils literal notranslate"><span class="pre">static</span></code> (i.e. without external linkage). This function may be provided as a function-like macro, but in this case it must evaluate each of its arguments exactly once.</p>
-</div>
-<div class="section" id="psa_set_key_lifetime">
-<span id="c.psa_set_key_lifetime"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_set_key_lifetime</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="kt">void</span> <span class="nf">psa_set_key_lifetime</span><span class="p">(</span><span class="n">psa_key_attributes_t</span> <span class="o">*</span> <span class="n">attributes</span><span class="p">,</span>
-                          <span class="n">psa_key_lifetime_t</span> <span class="n">lifetime</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">attributes</span></code></dt>
-<dd>The attribute structure to write to.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">lifetime</span></code></dt>
-<dd>The lifetime for the key. If this is <a class="reference internal" href="#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code></a>, the key will be volatile, and the key identifier attribute is reset to 0.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><code class="docutils literal notranslate"><span class="pre">void</span></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Set the location of a persistent key.</p>
-<p>To make a key persistent, you must give it a persistent key identifier with <a class="reference internal" href="#c.psa_set_key_id" title="psa_set_key_id"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_set_key_id()</span></code></a>. By default, a key that has a persistent identifier is stored in the default storage area identifier by <a class="reference internal" href="#c.PSA_KEY_LIFETIME_PERSISTENT" title="PSA_KEY_LIFETIME_PERSISTENT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code></a>. Call this function to choose a storage area, or to explicitly declare the key as volatile.</p>
-<p>This function does not access storage, it merely stores the given value in the structure. The persistent key will be written to storage when the attribute structure is passed to a key creation function such as <a class="reference internal" href="#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_import_key()</span></code></a>, <a class="reference internal" href="#c.psa_generate_key" title="psa_generate_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_generate_key()</span></code></a>, <a class="reference internal" href="#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_output_key()</span></code></a> or <a class="reference internal" href="#c.psa_copy_key" title="psa_copy_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_copy_key()</span></code></a>.</p>
-<p>This function may be declared as <code class="docutils literal notranslate"><span class="pre">static</span></code> (i.e. without external linkage). This function may be provided as a function-like macro, but in this case it must evaluate each of its arguments exactly once.</p>
-</div>
-<div class="section" id="psa_get_key_id">
-<span id="c.psa_get_key_id"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_get_key_id</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_key_id_t</span> <span class="nf">psa_get_key_id</span><span class="p">(</span><span class="k">const</span> <span class="n">psa_key_attributes_t</span> <span class="o">*</span> <span class="n">attributes</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">attributes</span></code></dt>
-<dd>The key attribute structure to query.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_key_id_t" title="psa_key_id_t"><code class="docutils literal notranslate"><span class="pre">psa_key_id_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<p>The persistent identifier stored in the attribute structure. This value is unspecified if the attribute structure declares the key as volatile.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Retrieve the key identifier from key attributes.</p>
-<p>This function may be declared as <code class="docutils literal notranslate"><span class="pre">static</span></code> (i.e. without external linkage). This function may be provided as a function-like macro, but in this case it must evaluate its argument exactly once.</p>
-</div>
-<div class="section" id="psa_get_key_lifetime">
-<span id="c.psa_get_key_lifetime"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_get_key_lifetime</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_key_lifetime_t</span> <span class="nf">psa_get_key_lifetime</span><span class="p">(</span><span class="k">const</span> <span class="n">psa_key_attributes_t</span> <span class="o">*</span> <span class="n">attributes</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">attributes</span></code></dt>
-<dd>The key attribute structure to query.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_key_lifetime_t" title="psa_key_lifetime_t"><code class="docutils literal notranslate"><span class="pre">psa_key_lifetime_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<p>The lifetime value stored in the attribute structure.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Retrieve the lifetime from key attributes.</p>
-<p>This function may be declared as <code class="docutils literal notranslate"><span class="pre">static</span></code> (i.e. without external linkage). This function may be provided as a function-like macro, but in this case it must evaluate its argument exactly once.</p>
-</div>
-<div class="section" id="psa_set_key_usage_flags">
-<span id="c.psa_set_key_usage_flags"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_set_key_usage_flags</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="kt">void</span> <span class="nf">psa_set_key_usage_flags</span><span class="p">(</span><span class="n">psa_key_attributes_t</span> <span class="o">*</span> <span class="n">attributes</span><span class="p">,</span>
-                             <span class="n">psa_key_usage_t</span> <span class="n">usage_flags</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">attributes</span></code></dt>
-<dd>The attribute structure to write to.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">usage_flags</span></code></dt>
-<dd>The usage flags to write.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><code class="docutils literal notranslate"><span class="pre">void</span></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Declare usage flags for a key.</p>
-<p>Usage flags are part of a key’s usage policy. They encode what kind of operations are permitted on the key. For more details, refer to the documentation of the type <a class="reference internal" href="#c.psa_key_usage_t" title="psa_key_usage_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_key_usage_t</span></code></a>.</p>
-<p>This function overwrites any usage flags previously set in <code class="docutils literal notranslate"><span class="pre">attributes</span></code>.</p>
-<p>This function may be declared as <code class="docutils literal notranslate"><span class="pre">static</span></code> (i.e. without external linkage). This function may be provided as a function-like macro, but in this case it must evaluate each of its arguments exactly once.</p>
-</div>
-<div class="section" id="psa_get_key_usage_flags">
-<span id="c.psa_get_key_usage_flags"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_get_key_usage_flags</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_key_usage_t</span> <span class="nf">psa_get_key_usage_flags</span><span class="p">(</span><span class="k">const</span> <span class="n">psa_key_attributes_t</span> <span class="o">*</span> <span class="n">attributes</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">attributes</span></code></dt>
-<dd>The key attribute structure to query.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_key_usage_t" title="psa_key_usage_t"><code class="docutils literal notranslate"><span class="pre">psa_key_usage_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<p>The usage flags stored in the attribute structure.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Retrieve the usage flags from key attributes.</p>
-<p>This function may be declared as <code class="docutils literal notranslate"><span class="pre">static</span></code> (i.e. without external linkage). This function may be provided as a function-like macro, but in this case it must evaluate its argument exactly once.</p>
-</div>
-<div class="section" id="psa_set_key_algorithm">
-<span id="c.psa_set_key_algorithm"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_set_key_algorithm</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="kt">void</span> <span class="nf">psa_set_key_algorithm</span><span class="p">(</span><span class="n">psa_key_attributes_t</span> <span class="o">*</span> <span class="n">attributes</span><span class="p">,</span>
-                           <span class="n">psa_algorithm_t</span> <span class="n">alg</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">attributes</span></code></dt>
-<dd>The attribute structure to write to.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>The permitted algorithm policy to write.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><code class="docutils literal notranslate"><span class="pre">void</span></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Declare the permitted algorithm policy for a key.</p>
-<p>The permitted algorithm policy of a key encodes which algorithm or algorithms are permitted to be used with this key.</p>
-<p>This function overwrites any algorithm policy previously set in <code class="docutils literal notranslate"><span class="pre">attributes</span></code>.</p>
-<p>This function may be declared as <code class="docutils literal notranslate"><span class="pre">static</span></code> (i.e. without external linkage). This function may be provided as a function-like macro, but in this case it must evaluate each of its arguments exactly once.</p>
-</div>
-<div class="section" id="psa_get_key_algorithm">
-<span id="c.psa_get_key_algorithm"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_get_key_algorithm</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_algorithm_t</span> <span class="nf">psa_get_key_algorithm</span><span class="p">(</span><span class="k">const</span> <span class="n">psa_key_attributes_t</span> <span class="o">*</span> <span class="n">attributes</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">attributes</span></code></dt>
-<dd>The key attribute structure to query.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<p>The algorithm stored in the attribute structure.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Retrieve the algorithm policy from key attributes.</p>
-<p>This function may be declared as <code class="docutils literal notranslate"><span class="pre">static</span></code> (i.e. without external linkage). This function may be provided as a function-like macro, but in this case it must evaluate its argument exactly once.</p>
-</div>
-<div class="section" id="psa_set_key_type">
-<span id="c.psa_set_key_type"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_set_key_type</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="kt">void</span> <span class="nf">psa_set_key_type</span><span class="p">(</span><span class="n">psa_key_attributes_t</span> <span class="o">*</span> <span class="n">attributes</span><span class="p">,</span>
-                      <span class="n">psa_key_type_t</span> <span class="n">type</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">attributes</span></code></dt>
-<dd>The attribute structure to write to.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">type</span></code></dt>
-<dd>The key type to write.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><code class="docutils literal notranslate"><span class="pre">void</span></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Declare the type of a key.</p>
-<p>This function overwrites any key type previously set in <code class="docutils literal notranslate"><span class="pre">attributes</span></code>.</p>
-<p>This function may be declared as <code class="docutils literal notranslate"><span class="pre">static</span></code> (i.e. without external linkage). This function may be provided as a function-like macro, but in this case it must evaluate each of its arguments exactly once.</p>
-</div>
-<div class="section" id="psa_set_key_bits">
-<span id="c.psa_set_key_bits"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_set_key_bits</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="kt">void</span> <span class="nf">psa_set_key_bits</span><span class="p">(</span><span class="n">psa_key_attributes_t</span> <span class="o">*</span> <span class="n">attributes</span><span class="p">,</span>
-                      <span class="kt">size_t</span> <span class="n">bits</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">attributes</span></code></dt>
-<dd>The attribute structure to write to.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">bits</span></code></dt>
-<dd>The key size in bits.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><code class="docutils literal notranslate"><span class="pre">void</span></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Declare the size of a key.</p>
-<p>This function overwrites any key size previously set in <code class="docutils literal notranslate"><span class="pre">attributes</span></code>.</p>
-<p>This function may be declared as <code class="docutils literal notranslate"><span class="pre">static</span></code> (i.e. without external linkage). This function may be provided as a function-like macro, but in this case it must evaluate each of its arguments exactly once.</p>
-</div>
-<div class="section" id="psa_get_key_type">
-<span id="c.psa_get_key_type"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_get_key_type</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_key_type_t</span> <span class="nf">psa_get_key_type</span><span class="p">(</span><span class="k">const</span> <span class="n">psa_key_attributes_t</span> <span class="o">*</span> <span class="n">attributes</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">attributes</span></code></dt>
-<dd>The key attribute structure to query.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t"><code class="docutils literal notranslate"><span class="pre">psa_key_type_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<p>The key type stored in the attribute structure.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Retrieve the key type from key attributes.</p>
-<p>This function may be declared as <code class="docutils literal notranslate"><span class="pre">static</span></code> (i.e. without external linkage). This function may be provided as a function-like macro, but in this case it must evaluate its argument exactly once.</p>
-</div>
-<div class="section" id="psa_get_key_bits">
-<span id="c.psa_get_key_bits"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_get_key_bits</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="kt">size_t</span> <span class="nf">psa_get_key_bits</span><span class="p">(</span><span class="k">const</span> <span class="n">psa_key_attributes_t</span> <span class="o">*</span> <span class="n">attributes</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">attributes</span></code></dt>
-<dd>The key attribute structure to query.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><code class="docutils literal notranslate"><span class="pre">size_t</span></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<p>The key size stored in the attribute structure, in bits.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Retrieve the key size from key attributes.</p>
-<p>This function may be declared as <code class="docutils literal notranslate"><span class="pre">static</span></code> (i.e. without external linkage). This function may be provided as a function-like macro, but in this case it must evaluate its argument exactly once.</p>
-</div>
-<div class="section" id="psa_get_key_attributes">
-<span id="c.psa_get_key_attributes"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_get_key_attributes</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_get_key_attributes</span><span class="p">(</span><span class="n">psa_key_handle_t</span> <span class="n">handle</span><span class="p">,</span>
-                                    <span class="n">psa_key_attributes_t</span> <span class="o">*</span> <span class="n">attributes</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
-<dd>Handle to the key to query.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">attributes</span></code></dt>
-<dd>On success, the attributes of the key. On failure, equivalent to a freshly-initialized structure.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Retrieve the attributes of a key.</p>
-<p>This function first resets the attribute structure as with <a class="reference internal" href="#c.psa_reset_key_attributes" title="psa_reset_key_attributes"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_reset_key_attributes()</span></code></a>. It then copies the attributes of the given key into the given attribute structure.</p>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">This function may allocate memory or other resources. Once you have called this function on an attribute structure, you must call <a class="reference internal" href="#c.psa_reset_key_attributes" title="psa_reset_key_attributes"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_reset_key_attributes()</span></code></a> to free these resources.</p>
-</div>
-</div>
-<div class="section" id="psa_reset_key_attributes">
-<span id="c.psa_reset_key_attributes"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_reset_key_attributes</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="kt">void</span> <span class="nf">psa_reset_key_attributes</span><span class="p">(</span><span class="n">psa_key_attributes_t</span> <span class="o">*</span> <span class="n">attributes</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">attributes</span></code></dt>
-<dd>The attribute structure to reset.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><code class="docutils literal notranslate"><span class="pre">void</span></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Reset a key attribute structure to a freshly initialized state.</p>
-<p>You must initialize the attribute structure as described in the documentation of the type <a class="reference internal" href="#c.psa_key_attributes_t" title="psa_key_attributes_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_key_attributes_t</span></code></a> before calling this function. Once the structure has been initialized, you may call this function at any time.</p>
-<p>This function frees any auxiliary resources that the structure may contain.</p>
-</div>
-</div>
-<div class="section" id="key-management">
-<h1>Key management</h1>
-<div class="section" id="psa_open_key">
-<span id="c.psa_open_key"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_open_key</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_open_key</span><span class="p">(</span><span class="n">psa_key_id_t</span> <span class="n">id</span><span class="p">,</span>
-                          <span class="n">psa_key_handle_t</span> <span class="o">*</span> <span class="n">handle</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">id</span></code></dt>
-<dd>The persistent identifier of the key.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
-<dd>On success, a handle to the key.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>Success. The application can now use the value of <code class="docutils literal notranslate"><span class="pre">*handle</span></code> to access the key.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_DOES_NOT_EXIST" title="PSA_ERROR_DOES_NOT_EXIST"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_DOES_NOT_EXIST</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">id</span></code> is invalid.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The specified key exists, but the application does not have the permission to access it. Note that this specification does not define any way to create such a key, but it may be possible through implementation-specific means.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Open a handle to an existing persistent key.</p>
-<p>Open a handle to a persistent key. A key is persistent if it was created with a lifetime other than <a class="reference internal" href="#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code></a>. A persistent key always has a nonzero key identifier, set with <a class="reference internal" href="#c.psa_set_key_id" title="psa_set_key_id"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_set_key_id()</span></code></a> when creating the key. Implementations may provide additional pre-provisioned keys with identifiers in the range <a class="reference internal" href="#c.PSA_KEY_ID_VENDOR_MIN" title="PSA_KEY_ID_VENDOR_MIN"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_ID_VENDOR_MIN</span></code></a>–<a class="reference internal" href="#c.PSA_KEY_ID_VENDOR_MAX" title="PSA_KEY_ID_VENDOR_MAX"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_ID_VENDOR_MAX</span></code></a>.</p>
-<p>The application must eventually close the handle with <a class="reference internal" href="#c.psa_close_key" title="psa_close_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_close_key()</span></code></a> to release associated resources. If the application dies without calling <a class="reference internal" href="#c.psa_close_key" title="psa_close_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_close_key()</span></code></a>, the implementation should perform the equivalent of a call to <a class="reference internal" href="#c.psa_close_key" title="psa_close_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_close_key()</span></code></a>.</p>
-<p>Implementations may provide additional keys that can be opened with <a class="reference internal" href="#c.psa_open_key" title="psa_open_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_open_key()</span></code></a>. Such keys have a key identifier in the vendor range, as documented in the description of <a class="reference internal" href="#c.psa_key_id_t" title="psa_key_id_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_key_id_t</span></code></a>.</p>
-</div>
-<div class="section" id="psa_close_key">
-<span id="c.psa_close_key"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_close_key</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_close_key</span><span class="p">(</span><span class="n">psa_key_handle_t</span> <span class="n">handle</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
-<dd>The key handle to close.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Close a key handle.</p>
-<p>If the handle designates a volatile key, destroy the key material and free all associated resources, just like <a class="reference internal" href="#c.psa_destroy_key" title="psa_destroy_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_destroy_key()</span></code></a>.</p>
-<p>If the handle designates a persistent key, free all resources associated with the key in volatile memory. The key in persistent storage is not affected and can be opened again later with <a class="reference internal" href="#c.psa_open_key" title="psa_open_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_open_key()</span></code></a>.</p>
-<p>If the key is currently in use in a multipart operation, the multipart operation is aborted.</p>
-</div>
-</div>
-<div class="section" id="key-import-and-export">
-<h1>Key import and export</h1>
-<div class="section" id="psa_import_key">
-<span id="c.psa_import_key"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_import_key</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_import_key</span><span class="p">(</span><span class="k">const</span> <span class="n">psa_key_attributes_t</span> <span class="o">*</span> <span class="n">attributes</span><span class="p">,</span>
-                            <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">data</span><span class="p">,</span>
-                            <span class="kt">size_t</span> <span class="n">data_length</span><span class="p">,</span>
-                            <span class="n">psa_key_handle_t</span> <span class="o">*</span> <span class="n">handle</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">attributes</span></code></dt>
-<dd>The attributes for the new key. The key size is always determined from the <code class="docutils literal notranslate"><span class="pre">data</span></code> buffer. If the key size in <code class="docutils literal notranslate"><span class="pre">attributes</span></code> is nonzero, it must be equal to the size from <code class="docutils literal notranslate"><span class="pre">data</span></code>.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">data</span></code></dt>
-<dd>Buffer containing the key data. The content of this buffer is interpreted according to the type declared in <code class="docutils literal notranslate"><span class="pre">attributes</span></code>. All implementations must support at least the format described in the documentation of <a class="reference internal" href="#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_export_key()</span></code></a> or <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_export_public_key()</span></code></a> for the chosen type. Implementations may allow other formats, but should be conservative: implementations should err on the side of rejecting content if it may be erroneous (e.g. wrong type or truncated data).</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">data_length</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">data</span></code> buffer in bytes.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
-<dd>On success, a handle to the newly created key. <code class="docutils literal notranslate"><span class="pre">0</span></code> on failure.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>Success. If the key is persistent, the key material and the key’s metadata have been saved to persistent storage.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_ALREADY_EXISTS" title="PSA_ERROR_ALREADY_EXISTS"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_ALREADY_EXISTS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>This is an attempt to create a persistent key, and there is already a persistent key with the given identifier.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The key type or key size is not supported, either by the implementation in general or in this particular persistent location.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The key attributes, as a whole, are invalid.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The key data is not correctly formatted.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The size in <code class="docutils literal notranslate"><span class="pre">attributes</span></code> is nonzero and does not match the size of the key data.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_STORAGE" title="PSA_ERROR_INSUFFICIENT_STORAGE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_STORAGE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The library has not been previously initialized by <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Import a key in binary format.</p>
-<p>This function supports any output from <a class="reference internal" href="#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_export_key()</span></code></a>. Refer to the documentation of <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_export_public_key()</span></code></a> for the format of public keys and to the documentation of <a class="reference internal" href="#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_export_key()</span></code></a> for the format for other key types.</p>
-<p>This specification supports a single format for each key type. Implementations may support other formats as long as the standard format is supported. Implementations that support other formats should ensure that the formats are clearly unambiguous so as to minimize the risk that an invalid input is accidentally interpreted according to a different format.</p>
-</div>
-<div class="section" id="psa_destroy_key">
-<span id="c.psa_destroy_key"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_destroy_key</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_destroy_key</span><span class="p">(</span><span class="n">psa_key_handle_t</span> <span class="n">handle</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
-<dd>Handle to the key to erase.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The key material has been erased.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The key cannot be erased because it is read-only, either due to a policy or due to physical restrictions.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>There was an failure in communication with the cryptoprocessor. The key material may still be present in the cryptoprocessor.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The storage is corrupted. Implementations shall make a best effort to erase key material even in this stage, however applications should be aware that it may be impossible to guarantee that the key material is not recoverable in such cases.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>An unexpected condition which is not a storage corruption or a communication failure occurred. The cryptoprocessor may have been compromised.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The library has not been previously initialized by <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Destroy a key.</p>
-<p>This function destroys a key from both volatile memory and, if applicable, non-volatile storage. Implementations shall make a best effort to ensure that that the key material cannot be recovered.</p>
-<p>This function also erases any metadata such as policies and frees all resources associated with the key.</p>
-</div>
-<div class="section" id="psa_export_key">
-<span id="c.psa_export_key"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_export_key</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_export_key</span><span class="p">(</span><span class="n">psa_key_handle_t</span> <span class="n">handle</span><span class="p">,</span>
-                            <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">data</span><span class="p">,</span>
-                            <span class="kt">size_t</span> <span class="n">data_size</span><span class="p">,</span>
-                            <span class="kt">size_t</span> <span class="o">*</span> <span class="n">data_length</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
-<dd>Handle to the key to export.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">data</span></code></dt>
-<dd>Buffer where the key data is to be written.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">data_size</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">data</span></code> buffer in bytes.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">data_length</span></code></dt>
-<dd>On success, the number of bytes that make up the key data.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_DOES_NOT_EXIST" title="PSA_ERROR_DOES_NOT_EXIST"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_DOES_NOT_EXIST</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The key does not have the <a class="reference internal" href="#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code></a> flag.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The size of the <code class="docutils literal notranslate"><span class="pre">data</span></code> buffer is too small. You can determine a sufficient buffer size by calling <a class="reference internal" href="#c.PSA_KEY_EXPORT_MAX_SIZE" title="PSA_KEY_EXPORT_MAX_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_MAX_SIZE</span></code></a>(<code class="docutils literal notranslate"><span class="pre">type</span></code>, <code class="docutils literal notranslate"><span class="pre">bits</span></code>) where <code class="docutils literal notranslate"><span class="pre">type</span></code> is the key type and <code class="docutils literal notranslate"><span class="pre">bits</span></code> is the key size in bits.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The library has not been previously initialized by <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Export a key in binary format.</p>
-<p>The output of this function can be passed to <a class="reference internal" href="#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_import_key()</span></code></a> to create an equivalent object.</p>
-<p>If the implementation of <a class="reference internal" href="#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_import_key()</span></code></a> supports other formats beyond the format specified here, the output from <a class="reference internal" href="#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_export_key()</span></code></a> must use the representation specified here, not the original representation.</p>
-<p>For standard key types, the output format is as follows:</p>
-<ul>
-<li><p class="first">For symmetric keys (including MAC keys), the format is the raw bytes of the key.</p>
-</li>
-<li><p class="first">For DES, the key data consists of 8 bytes. The parity bits must be correct.</p>
-</li>
-<li><p class="first">For Triple-DES, the format is the concatenation of the two or three DES keys.</p>
-</li>
-<li><p class="first">For RSA key pairs (<a class="reference internal" href="#c.PSA_KEY_TYPE_RSA_KEY_PAIR" title="PSA_KEY_TYPE_RSA_KEY_PAIR"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_RSA_KEY_PAIR</span></code></a>), the format is the non-encrypted DER encoding of the representation defined by PKCS#1 (RFC 8017) as <code class="docutils literal notranslate"><span class="pre">RSAPrivateKey</span></code>, version 0.</p>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">RSAPrivateKey</span> <span class="o">::=</span> <span class="n">SEQUENCE</span> <span class="p">{</span>
-    <span class="n">version</span>             <span class="n">INTEGER</span><span class="p">,</span>  <span class="o">--</span> <span class="n">must</span> <span class="n">be</span> <span class="mi">0</span>
-    <span class="n">modulus</span>             <span class="n">INTEGER</span><span class="p">,</span>  <span class="o">--</span> <span class="n">n</span>
-    <span class="n">publicExponent</span>      <span class="n">INTEGER</span><span class="p">,</span>  <span class="o">--</span> <span class="n">e</span>
-    <span class="n">privateExponent</span>     <span class="n">INTEGER</span><span class="p">,</span>  <span class="o">--</span> <span class="n">d</span>
-    <span class="n">prime1</span>              <span class="n">INTEGER</span><span class="p">,</span>  <span class="o">--</span> <span class="n">p</span>
-    <span class="n">prime2</span>              <span class="n">INTEGER</span><span class="p">,</span>  <span class="o">--</span> <span class="n">q</span>
-    <span class="n">exponent1</span>           <span class="n">INTEGER</span><span class="p">,</span>  <span class="o">--</span> <span class="n">d</span> <span class="n">mod</span> <span class="p">(</span><span class="n">p</span><span class="o">-</span><span class="mi">1</span><span class="p">)</span>
-    <span class="n">exponent2</span>           <span class="n">INTEGER</span><span class="p">,</span>  <span class="o">--</span> <span class="n">d</span> <span class="n">mod</span> <span class="p">(</span><span class="n">q</span><span class="o">-</span><span class="mi">1</span><span class="p">)</span>
-    <span class="n">coefficient</span>         <span class="n">INTEGER</span><span class="p">,</span>  <span class="o">--</span> <span class="p">(</span><span class="n">inverse</span> <span class="n">of</span> <span class="n">q</span><span class="p">)</span> <span class="n">mod</span> <span class="n">p</span>
-<span class="p">}</span>
-</pre></div>
-</div>
-</li>
-<li><p class="first">For elliptic curve key pairs (key types for which <a class="reference internal" href="#c.PSA_KEY_TYPE_IS_ECC_KEY_PAIR" title="PSA_KEY_TYPE_IS_ECC_KEY_PAIR"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_ECC_KEY_PAIR</span></code></a> is true), the format is a representation of the private value as a <code class="docutils literal notranslate"><span class="pre">ceiling(m/8)</span></code>-byte string where <code class="docutils literal notranslate"><span class="pre">m</span></code> is the bit size associated with the curve, i.e. the bit size of the order of the curve’s coordinate field. This byte string is in little-endian order for Montgomery curves (curve types <code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_CURVEXXX</span></code>), and in big-endian order for Weierstrass curves (curve types <code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECTXXX</span></code>, <code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECPXXX</span></code> and <code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_BRAINPOOL_PXXX</span></code>). This is the content of the <code class="docutils literal notranslate"><span class="pre">privateKey</span></code> field of the <code class="docutils literal notranslate"><span class="pre">ECPrivateKey</span></code> format defined by RFC 5915.</p>
-</li>
-<li><p class="first">For Diffie-Hellman key exchange key pairs (key types for which <a class="reference internal" href="#c.PSA_KEY_TYPE_IS_DH_KEY_PAIR" title="PSA_KEY_TYPE_IS_DH_KEY_PAIR"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_DH_KEY_PAIR</span></code></a> is true), the format is the representation of the private key <code class="docutils literal notranslate"><span class="pre">x</span></code> as a big-endian byte string. The length of the byte string is the private key size in bytes (leading zeroes are not stripped).</p>
-</li>
-<li><p class="first">For public keys (key types for which <a class="reference internal" href="#c.PSA_KEY_TYPE_IS_PUBLIC_KEY" title="PSA_KEY_TYPE_IS_PUBLIC_KEY"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_PUBLIC_KEY</span></code></a> is true), the format is the same as for <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_export_public_key()</span></code></a>.</p>
-</li>
-</ul>
-<p>The policy on the key must have the usage flag <a class="reference internal" href="#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code></a> set.</p>
-</div>
-<div class="section" id="psa_export_public_key">
-<span id="c.psa_export_public_key"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_export_public_key</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_export_public_key</span><span class="p">(</span><span class="n">psa_key_handle_t</span> <span class="n">handle</span><span class="p">,</span>
-                                   <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">data</span><span class="p">,</span>
-                                   <span class="kt">size_t</span> <span class="n">data_size</span><span class="p">,</span>
-                                   <span class="kt">size_t</span> <span class="o">*</span> <span class="n">data_length</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
-<dd>Handle to the key to export.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">data</span></code></dt>
-<dd>Buffer where the key data is to be written.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">data_size</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">data</span></code> buffer in bytes.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">data_length</span></code></dt>
-<dd>On success, the number of bytes that make up the key data.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_DOES_NOT_EXIST" title="PSA_ERROR_DOES_NOT_EXIST"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_DOES_NOT_EXIST</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The key is neither a public key nor a key pair.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The size of the <code class="docutils literal notranslate"><span class="pre">data</span></code> buffer is too small. You can determine a sufficient buffer size by calling <a class="reference internal" href="#c.PSA_KEY_EXPORT_MAX_SIZE" title="PSA_KEY_EXPORT_MAX_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_MAX_SIZE</span></code></a>(<a class="reference internal" href="#c.PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR" title="PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR</span></code></a>(<code class="docutils literal notranslate"><span class="pre">type</span></code>), <code class="docutils literal notranslate"><span class="pre">bits</span></code>) where <code class="docutils literal notranslate"><span class="pre">type</span></code> is the key type and <code class="docutils literal notranslate"><span class="pre">bits</span></code> is the key size in bits.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The library has not been previously initialized by <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Export a public key or the public part of a key pair in binary format.</p>
-<p>The output of this function can be passed to <a class="reference internal" href="#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_import_key()</span></code></a> to create an object that is equivalent to the public key.</p>
-<p>This specification supports a single format for each key type. Implementations may support other formats as long as the standard format is supported. Implementations that support other formats should ensure that the formats are clearly unambiguous so as to minimize the risk that an invalid input is accidentally interpreted according to a different format.</p>
-<p>For standard key types, the output format is as follows:</p>
-<ul>
-<li><p class="first">For RSA public keys (<a class="reference internal" href="#c.PSA_KEY_TYPE_RSA_PUBLIC_KEY" title="PSA_KEY_TYPE_RSA_PUBLIC_KEY"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_RSA_PUBLIC_KEY</span></code></a>), the DER encoding of the representation defined by RFC 3279 §2.3.1 as <code class="docutils literal notranslate"><span class="pre">RSAPublicKey</span></code>.</p>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">RSAPublicKey</span> <span class="o">::=</span> <span class="n">SEQUENCE</span> <span class="p">{</span>
-   <span class="n">modulus</span>            <span class="n">INTEGER</span><span class="p">,</span>    <span class="o">--</span> <span class="n">n</span>
-   <span class="n">publicExponent</span>     <span class="n">INTEGER</span>  <span class="p">}</span>  <span class="o">--</span> <span class="n">e</span>
-</pre></div>
-</div>
-</li>
-<li><p class="first">For elliptic curve public keys (key types for which <a class="reference internal" href="#c.PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY" title="PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY</span></code></a> is true), the format is the uncompressed representation defined by SEC1 §2.3.3 as the content of an ECPoint. Let <code class="docutils literal notranslate"><span class="pre">m</span></code> be the bit size associated with the curve, i.e. the bit size of <code class="docutils literal notranslate"><span class="pre">q</span></code> for a curve over <code class="docutils literal notranslate"><span class="pre">F_q</span></code>. The representation consists of:</p>
-<ul class="simple">
-<li>The byte 0x04;</li>
-<li><code class="docutils literal notranslate"><span class="pre">x_P</span></code> as a <code class="docutils literal notranslate"><span class="pre">ceiling(m/8)</span></code>-byte string, big-endian;</li>
-<li><code class="docutils literal notranslate"><span class="pre">y_P</span></code> as a <code class="docutils literal notranslate"><span class="pre">ceiling(m/8)</span></code>-byte string, big-endian.</li>
-</ul>
-</li>
-<li><p class="first">For Diffie-Hellman key exchange public keys (key types for which <a class="reference internal" href="#c.PSA_KEY_TYPE_IS_DH_PUBLIC_KEY" title="PSA_KEY_TYPE_IS_DH_PUBLIC_KEY"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_DH_PUBLIC_KEY</span></code></a> is true), the format is the representation of the public key <code class="docutils literal notranslate"><span class="pre">y</span> <span class="pre">=</span> <span class="pre">g^x</span> <span class="pre">mod</span> <span class="pre">p</span></code> as a big-endian byte string. The length of the byte string is the length of the base prime <code class="docutils literal notranslate"><span class="pre">p</span></code> in bytes.</p>
-</li>
-</ul>
-<p>Exporting a public key object or the public part of a key pair is always permitted, regardless of the key’s usage flags.</p>
-</div>
-<div class="section" id="psa_copy_key">
-<span id="c.psa_copy_key"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_copy_key</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_copy_key</span><span class="p">(</span><span class="n">psa_key_handle_t</span> <span class="n">source_handle</span><span class="p">,</span>
-                          <span class="k">const</span> <span class="n">psa_key_attributes_t</span> <span class="o">*</span> <span class="n">attributes</span><span class="p">,</span>
-                          <span class="n">psa_key_handle_t</span> <span class="o">*</span> <span class="n">target_handle</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">source_handle</span></code></dt>
-<dd>The key to copy. It must be a valid key handle.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">attributes</span></code></dt>
-<dd><p class="first">The attributes for the new key. They are used as follows:</p>
-<ul class="last simple">
-<li>The key type and size may be 0. If either is nonzero, it must match the corresponding attribute of the source key.</li>
-<li>The key location (the lifetime and, for persistent keys, the key identifier) is used directly.</li>
-<li>The policy constraints (usage flags and algorithm policy) are combined from the source key and <code class="docutils literal notranslate"><span class="pre">attributes</span></code> so that both sets of restrictions apply, as described in the documentation of this function.</li>
-</ul>
-</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">target_handle</span></code></dt>
-<dd>On success, a handle to the newly created key. <code class="docutils literal notranslate"><span class="pre">0</span></code> on failure.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">source_handle</span></code> is invalid.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_ALREADY_EXISTS" title="PSA_ERROR_ALREADY_EXISTS"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_ALREADY_EXISTS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>This is an attempt to create a persistent key, and there is already a persistent key with the given identifier.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The lifetime or identifier in <code class="docutils literal notranslate"><span class="pre">attributes</span></code> are invalid.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The policy constraints on the source and specified in <code class="docutils literal notranslate"><span class="pre">attributes</span></code> are incompatible.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">attributes</span></code> specifies a key type or key size which does not match the attributes of the source key.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The source key does not have the <a class="reference internal" href="#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_COPY</span></code></a> usage flag.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The source key is not exportable and its lifetime does not allow copying it to the target’s lifetime.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_STORAGE" title="PSA_ERROR_INSUFFICIENT_STORAGE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_STORAGE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Make a copy of a key.</p>
-<p>Copy key material from one location to another.</p>
-<p>This function is primarily useful to copy a key from one location to another, since it populates a key using the material from another key which may have a different lifetime.</p>
-<p>This function may be used to share a key with a different party, subject to implementation-defined restrictions on key sharing.</p>
-<p>The policy on the source key must have the usage flag <a class="reference internal" href="#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_COPY</span></code></a> set. This flag is sufficient to permit the copy if the key has the lifetime <a class="reference internal" href="#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code></a> or <a class="reference internal" href="#c.PSA_KEY_LIFETIME_PERSISTENT" title="PSA_KEY_LIFETIME_PERSISTENT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code></a>. Some secure elements do not provide a way to copy a key without making it extractable from the secure element. If a key is located in such a secure element, then the key must have both usage flags <a class="reference internal" href="#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_COPY</span></code></a> and <a class="reference internal" href="#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code></a> in order to make a copy of the key outside the secure element.</p>
-<p>The resulting key may only be used in a way that conforms to both the policy of the original key and the policy specified in the <code class="docutils literal notranslate"><span class="pre">attributes</span></code> parameter:</p>
-<ul class="simple">
-<li>The usage flags on the resulting key are the bitwise-and of the usage flags on the source policy and the usage flags in <code class="docutils literal notranslate"><span class="pre">attributes</span></code>.</li>
-<li>If both allow the same algorithm or wildcard-based algorithm policy, the resulting key has the same algorithm policy.</li>
-<li>If either of the policies allows an algorithm and the other policy allows a wildcard-based algorithm policy that includes this algorithm, the resulting key allows the same algorithm.</li>
-<li>If the policies do not allow any algorithm in common, this function fails with the status <a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a>.</li>
-</ul>
-<p>The effect of this function on implementation-defined attributes is implementation-defined.</p>
-</div>
-</div>
-<div class="section" id="message-digests">
-<h1>Message digests</h1>
-<div class="section" id="psa_hash_operation_t">
-<span id="c.psa_hash_operation_t"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_hash_operation_t</span></code> (type)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="k">typedef</span> <span class="k">struct</span> <span class="n">psa_hash_operation_s</span> <span class="n">psa_hash_operation_t</span><span class="p">;</span>
-</pre></div>
-</div>
-<p>The type of the state data structure for multipart hash operations.</p>
-<p>Before calling any function on a hash operation object, the application must initialize it by any of the following means:</p>
-<ul>
-<li><p class="first">Set the structure to all-bits-zero, for example:</p>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_hash_operation_t</span> <span class="n">operation</span><span class="p">;</span>
-<span class="n">memset</span><span class="p">(</span><span class="o">&amp;</span><span class="n">operation</span><span class="p">,</span> <span class="mi">0</span><span class="p">,</span> <span class="k">sizeof</span><span class="p">(</span><span class="n">operation</span><span class="p">));</span>
-</pre></div>
-</div>
-</li>
-<li><p class="first">Initialize the structure to logical zero values, for example:</p>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_hash_operation_t</span> <span class="n">operation</span> <span class="o">=</span> <span class="p">{</span><span class="mi">0</span><span class="p">};</span>
-</pre></div>
-</div>
-</li>
-<li><p class="first">Initialize the structure to the initializer <a class="reference internal" href="#c.PSA_HASH_OPERATION_INIT" title="PSA_HASH_OPERATION_INIT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_HASH_OPERATION_INIT</span></code></a>, for example:</p>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_hash_operation_t</span> <span class="n">operation</span> <span class="o">=</span> <span class="n">PSA_HASH_OPERATION_INIT</span><span class="p">;</span>
-</pre></div>
-</div>
-</li>
-<li><p class="first">Assign the result of the function <a class="reference internal" href="#c.psa_hash_operation_init" title="psa_hash_operation_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_operation_init()</span></code></a> to the structure, for example:</p>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_hash_operation_t</span> <span class="n">operation</span><span class="p">;</span>
-<span class="n">operation</span> <span class="o">=</span> <span class="n">psa_hash_operation_init</span><span class="p">();</span>
-</pre></div>
-</div>
-</li>
-</ul>
-<p>This is an implementation-defined <code class="docutils literal notranslate"><span class="pre">struct</span></code>. Applications should not make any assumptions about the content of this structure except as directed by the documentation of a specific implementation.</p>
-</div>
-<div class="section" id="PSA_HASH_OPERATION_INIT">
-<span id="c.PSA_HASH_OPERATION_INIT"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_HASH_OPERATION_INIT</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_HASH_OPERATION_INIT  {0}</span>
-</pre></div>
-</div>
-<p>This macro returns a suitable initializer for a hash operation object of type <a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_hash_operation_t</span></code></a>.</p>
-</div>
-<div class="section" id="psa_hash_compute">
-<span id="c.psa_hash_compute"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_hash_compute</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_hash_compute</span><span class="p">(</span><span class="n">psa_algorithm_t</span> <span class="n">alg</span><span class="p">,</span>
-                              <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">input</span><span class="p">,</span>
-                              <span class="kt">size_t</span> <span class="n">input_length</span><span class="p">,</span>
-                              <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">hash</span><span class="p">,</span>
-                              <span class="kt">size_t</span> <span class="n">hash_size</span><span class="p">,</span>
-                              <span class="kt">size_t</span> <span class="o">*</span> <span class="n">hash_length</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>The hash algorithm to compute (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_HASH</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">input</span></code></dt>
-<dd>Buffer containing the message to hash.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">input_length</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">input</span></code> buffer in bytes.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">hash</span></code></dt>
-<dd>Buffer where the hash is to be written.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">hash_size</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">hash</span></code> buffer in bytes.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">hash_length</span></code></dt>
-<dd>On success, the number of bytes that make up the hash value. This is always <a class="reference internal" href="#c.PSA_HASH_SIZE" title="PSA_HASH_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_HASH_SIZE</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>).</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>Success.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">alg</span></code> is not supported or is not a hash algorithm.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Calculate the hash (digest) of a message.</p>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">To verify the hash of a message against an expected value, use <a class="reference internal" href="#c.psa_hash_compare" title="psa_hash_compare"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_compare()</span></code></a> instead.</p>
-</div>
-</div>
-<div class="section" id="psa_hash_compare">
-<span id="c.psa_hash_compare"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_hash_compare</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_hash_compare</span><span class="p">(</span><span class="n">psa_algorithm_t</span> <span class="n">alg</span><span class="p">,</span>
-                              <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">input</span><span class="p">,</span>
-                              <span class="kt">size_t</span> <span class="n">input_length</span><span class="p">,</span>
-                              <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">hash</span><span class="p">,</span>
-                              <span class="k">const</span> <span class="kt">size_t</span> <span class="n">hash_length</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>The hash algorithm to compute (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_HASH</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">input</span></code></dt>
-<dd>Buffer containing the message to hash.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">input_length</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">input</span></code> buffer in bytes.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">hash</span></code></dt>
-<dd>Buffer containing the expected hash value.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">hash_length</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">hash</span></code> buffer in bytes.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The expected hash is identical to the actual hash of the input.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The hash of the message was calculated successfully, but it differs from the expected hash.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">alg</span></code> is not supported or is not a hash algorithm.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Calculate the hash (digest) of a message and compare it with a reference value.</p>
-</div>
-<div class="section" id="psa_hash_operation_init">
-<span id="c.psa_hash_operation_init"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_hash_operation_init</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_hash_operation_t</span> <span class="nf">psa_hash_operation_init</span><span class="p">(</span><span class="kt">void</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t"><code class="docutils literal notranslate"><span class="pre">psa_hash_operation_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Return an initial value for a hash operation object.</p>
-</div>
-<div class="section" id="psa_hash_setup">
-<span id="c.psa_hash_setup"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_hash_setup</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_hash_setup</span><span class="p">(</span><span class="n">psa_hash_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
-                            <span class="n">psa_algorithm_t</span> <span class="n">alg</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
-<dd>The operation object to set up. It must have been initialized as per the documentation for <a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_hash_operation_t</span></code></a> and not yet in use.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>The hash algorithm to compute (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_HASH</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>Success.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">alg</span></code> is not supported or is not a hash algorithm.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The operation state is not valid (already set up and not subsequently completed).</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Set up a multipart hash operation.</p>
-<p>The sequence of operations to calculate a hash (message digest) is as follows:</p>
-<ol class="arabic simple">
-<li>Allocate an operation object which will be passed to all the functions listed here.</li>
-<li>Initialize the operation object with one of the methods described in the documentation for <a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_hash_operation_t</span></code></a>, e.g. PSA_HASH_OPERATION_INIT.</li>
-<li>Call <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_setup()</span></code></a> to specify the algorithm.</li>
-<li>Call <a class="reference internal" href="#c.psa_hash_update" title="psa_hash_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_update()</span></code></a> zero, one or more times, passing a fragment of the message each time. The hash that is calculated is the hash of the concatenation of these messages in order.</li>
-<li>To calculate the hash, call <a class="reference internal" href="#c.psa_hash_finish" title="psa_hash_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_finish()</span></code></a>. To compare the hash with an expected value, call <a class="reference internal" href="#c.psa_hash_verify" title="psa_hash_verify"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_verify()</span></code></a>.</li>
-</ol>
-<p>The application may call <a class="reference internal" href="#c.psa_hash_abort" title="psa_hash_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_abort()</span></code></a> at any time after the operation has been initialized.</p>
-<p>After a successful call to <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_setup()</span></code></a>, the application must eventually terminate the operation. The following events terminate an operation:</p>
-<ul class="simple">
-<li>A failed call to <a class="reference internal" href="#c.psa_hash_update" title="psa_hash_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_update()</span></code></a>.</li>
-<li>A call to <a class="reference internal" href="#c.psa_hash_finish" title="psa_hash_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_finish()</span></code></a>, <a class="reference internal" href="#c.psa_hash_verify" title="psa_hash_verify"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_verify()</span></code></a> or <a class="reference internal" href="#c.psa_hash_abort" title="psa_hash_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_abort()</span></code></a>.</li>
-</ul>
-</div>
-<div class="section" id="psa_hash_update">
-<span id="c.psa_hash_update"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_hash_update</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_hash_update</span><span class="p">(</span><span class="n">psa_hash_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
-                             <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">input</span><span class="p">,</span>
-                             <span class="kt">size_t</span> <span class="n">input_length</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
-<dd>Active hash operation.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">input</span></code></dt>
-<dd>Buffer containing the message fragment to hash.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">input_length</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">input</span></code> buffer in bytes.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>Success.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The operation state is not valid (not set up, or already completed).</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Add a message fragment to a multipart hash operation.</p>
-<p>The application must call <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_setup()</span></code></a> before calling this function.</p>
-<p>If this function returns an error status, the operation becomes inactive.</p>
-</div>
-<div class="section" id="psa_hash_finish">
-<span id="c.psa_hash_finish"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_hash_finish</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_hash_finish</span><span class="p">(</span><span class="n">psa_hash_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
-                             <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">hash</span><span class="p">,</span>
-                             <span class="kt">size_t</span> <span class="n">hash_size</span><span class="p">,</span>
-                             <span class="kt">size_t</span> <span class="o">*</span> <span class="n">hash_length</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
-<dd>Active hash operation.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">hash</span></code></dt>
-<dd>Buffer where the hash is to be written.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">hash_size</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">hash</span></code> buffer in bytes.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">hash_length</span></code></dt>
-<dd>On success, the number of bytes that make up the hash value. This is always <a class="reference internal" href="#c.PSA_HASH_SIZE" title="PSA_HASH_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_HASH_SIZE</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) where <code class="docutils literal notranslate"><span class="pre">alg</span></code> is the hash algorithm that is calculated.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>Success.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The operation state is not valid (not set up, or already completed).</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The size of the <code class="docutils literal notranslate"><span class="pre">hash</span></code> buffer is too small. You can determine a sufficient buffer size by calling <a class="reference internal" href="#c.PSA_HASH_SIZE" title="PSA_HASH_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_HASH_SIZE</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) where <code class="docutils literal notranslate"><span class="pre">alg</span></code> is the hash algorithm that is calculated.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Finish the calculation of the hash of a message.</p>
-<p>The application must call <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_setup()</span></code></a> before calling this function. This function calculates the hash of the message formed by concatenating the inputs passed to preceding calls to <a class="reference internal" href="#c.psa_hash_update" title="psa_hash_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_update()</span></code></a>.</p>
-<p>When this function returns, the operation becomes inactive.</p>
-<div class="admonition warning">
-<p class="first admonition-title">Warning</p>
-<p class="last">Applications should not call this function if they expect a specific value for the hash. Call <a class="reference internal" href="#c.psa_hash_verify" title="psa_hash_verify"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_verify()</span></code></a> instead. Beware that comparing integrity or authenticity data such as hash values with a function such as <code class="docutils literal notranslate"><span class="pre">memcmp</span></code> is risky because the time taken by the comparison may leak information about the hashed data which could allow an attacker to guess a valid hash and thereby bypass security controls.</p>
-</div>
-</div>
-<div class="section" id="psa_hash_verify">
-<span id="c.psa_hash_verify"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_hash_verify</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_hash_verify</span><span class="p">(</span><span class="n">psa_hash_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
-                             <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">hash</span><span class="p">,</span>
-                             <span class="kt">size_t</span> <span class="n">hash_length</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
-<dd>Active hash operation.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">hash</span></code></dt>
-<dd>Buffer containing the expected hash value.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">hash_length</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">hash</span></code> buffer in bytes.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The expected hash is identical to the actual hash of the message.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The hash of the message was calculated successfully, but it differs from the expected hash.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The operation state is not valid (not set up, or already completed).</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Finish the calculation of the hash of a message and compare it with an expected value.</p>
-<p>The application must call <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_setup()</span></code></a> before calling this function. This function calculates the hash of the message formed by concatenating the inputs passed to preceding calls to <a class="reference internal" href="#c.psa_hash_update" title="psa_hash_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_update()</span></code></a>. It then compares the calculated hash with the expected hash passed as a parameter to this function.</p>
-<p>When this function returns, the operation becomes inactive.</p>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">Implementations shall make the best effort to ensure that the comparison between the actual hash and the expected hash is performed in constant time.</p>
-</div>
-</div>
-<div class="section" id="psa_hash_abort">
-<span id="c.psa_hash_abort"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_hash_abort</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_hash_abort</span><span class="p">(</span><span class="n">psa_hash_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
-<dd>Initialized hash operation.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">operation</span></code> is not an active hash operation.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Abort a hash operation.</p>
-<p>Aborting an operation frees all associated resources except for the <code class="docutils literal notranslate"><span class="pre">operation</span></code> structure itself. Once aborted, the operation object can be reused for another operation by calling <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_setup()</span></code></a> again.</p>
-<p>You may call this function any time after the operation object has been initialized by any of the following methods:</p>
-<ul class="simple">
-<li>A call to <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_setup()</span></code></a>, whether it succeeds or not.</li>
-<li>Initializing the <code class="docutils literal notranslate"><span class="pre">struct</span></code> to all-bits-zero.</li>
-<li>Initializing the <code class="docutils literal notranslate"><span class="pre">struct</span></code> to logical zeros, e.g. <code class="docutils literal notranslate"><span class="pre">psa_hash_operation_t</span> <span class="pre">operation</span> <span class="pre">=</span> <span class="pre">{0}</span></code>.</li>
-</ul>
-<p>In particular, calling <a class="reference internal" href="#c.psa_hash_abort" title="psa_hash_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_abort()</span></code></a> after the operation has been terminated by a call to <a class="reference internal" href="#c.psa_hash_abort" title="psa_hash_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_abort()</span></code></a>, <a class="reference internal" href="#c.psa_hash_finish" title="psa_hash_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_finish()</span></code></a> or <a class="reference internal" href="#c.psa_hash_verify" title="psa_hash_verify"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_verify()</span></code></a> is safe and has no effect.</p>
-</div>
-<div class="section" id="psa_hash_clone">
-<span id="c.psa_hash_clone"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_hash_clone</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_hash_clone</span><span class="p">(</span><span class="k">const</span> <span class="n">psa_hash_operation_t</span> <span class="o">*</span> <span class="n">source_operation</span><span class="p">,</span>
-                            <span class="n">psa_hash_operation_t</span> <span class="o">*</span> <span class="n">target_operation</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">source_operation</span></code></dt>
-<dd>The active hash operation to clone.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">target_operation</span></code></dt>
-<dd>The operation object to set up. It must be initialized but not active.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">source_operation</span></code> is not an active hash operation.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">target_operation</span></code> is active.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Clone a hash operation.</p>
-<p>This function copies the state of an ongoing hash operation to a new operation object. In other words, this function is equivalent to calling <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_setup()</span></code></a> on <code class="docutils literal notranslate"><span class="pre">target_operation</span></code> with the same algorithm that <code class="docutils literal notranslate"><span class="pre">source_operation</span></code> was set up for, then <a class="reference internal" href="#c.psa_hash_update" title="psa_hash_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_update()</span></code></a> on <code class="docutils literal notranslate"><span class="pre">target_operation</span></code> with the same input that that was passed to <code class="docutils literal notranslate"><span class="pre">source_operation</span></code>. After this function returns, the two objects are independent, i.e. subsequent calls involving one of the objects do not affect the other object.</p>
-</div>
-</div>
-<div class="section" id="message-authentication-codes">
-<h1>Message authentication codes</h1>
-<div class="section" id="psa_mac_operation_t">
-<span id="c.psa_mac_operation_t"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_mac_operation_t</span></code> (type)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="k">typedef</span> <span class="k">struct</span> <span class="n">psa_mac_operation_s</span> <span class="n">psa_mac_operation_t</span><span class="p">;</span>
-</pre></div>
-</div>
-<p>The type of the state data structure for multipart MAC operations.</p>
-<p>Before calling any function on a MAC operation object, the application must initialize it by any of the following means:</p>
-<ul>
-<li><p class="first">Set the structure to all-bits-zero, for example:</p>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_mac_operation_t</span> <span class="n">operation</span><span class="p">;</span>
-<span class="n">memset</span><span class="p">(</span><span class="o">&amp;</span><span class="n">operation</span><span class="p">,</span> <span class="mi">0</span><span class="p">,</span> <span class="k">sizeof</span><span class="p">(</span><span class="n">operation</span><span class="p">));</span>
-</pre></div>
-</div>
-</li>
-<li><p class="first">Initialize the structure to logical zero values, for example:</p>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_mac_operation_t</span> <span class="n">operation</span> <span class="o">=</span> <span class="p">{</span><span class="mi">0</span><span class="p">};</span>
-</pre></div>
-</div>
-</li>
-<li><p class="first">Initialize the structure to the initializer <a class="reference internal" href="#c.PSA_MAC_OPERATION_INIT" title="PSA_MAC_OPERATION_INIT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_MAC_OPERATION_INIT</span></code></a>, for example:</p>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_mac_operation_t</span> <span class="n">operation</span> <span class="o">=</span> <span class="n">PSA_MAC_OPERATION_INIT</span><span class="p">;</span>
-</pre></div>
-</div>
-</li>
-<li><p class="first">Assign the result of the function <a class="reference internal" href="#c.psa_mac_operation_init" title="psa_mac_operation_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_operation_init()</span></code></a> to the structure, for example:</p>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_mac_operation_t</span> <span class="n">operation</span><span class="p">;</span>
-<span class="n">operation</span> <span class="o">=</span> <span class="n">psa_mac_operation_init</span><span class="p">();</span>
-</pre></div>
-</div>
-</li>
-</ul>
-<p>This is an implementation-defined <code class="docutils literal notranslate"><span class="pre">struct</span></code>. Applications should not make any assumptions about the content of this structure except as directed by the documentation of a specific implementation.</p>
-</div>
-<div class="section" id="PSA_MAC_OPERATION_INIT">
-<span id="c.PSA_MAC_OPERATION_INIT"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_MAC_OPERATION_INIT</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_MAC_OPERATION_INIT  {0}</span>
-</pre></div>
-</div>
-<p>This macro returns a suitable initializer for a MAC operation object of type <a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_mac_operation_t</span></code></a>.</p>
-</div>
-<div class="section" id="psa_mac_compute">
-<span id="c.psa_mac_compute"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_mac_compute</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_mac_compute</span><span class="p">(</span><span class="n">psa_key_handle_t</span> <span class="n">handle</span><span class="p">,</span>
-                             <span class="n">psa_algorithm_t</span> <span class="n">alg</span><span class="p">,</span>
-                             <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">input</span><span class="p">,</span>
-                             <span class="kt">size_t</span> <span class="n">input_length</span><span class="p">,</span>
-                             <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">mac</span><span class="p">,</span>
-                             <span class="kt">size_t</span> <span class="n">mac_size</span><span class="p">,</span>
-                             <span class="kt">size_t</span> <span class="o">*</span> <span class="n">mac_length</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
-<dd>Handle to the key to use for the operation.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>The MAC algorithm to compute (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_MAC</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">input</span></code></dt>
-<dd>Buffer containing the input message.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">input_length</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">input</span></code> buffer in bytes.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">mac</span></code></dt>
-<dd>Buffer where the MAC value is to be written.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">mac_size</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">mac</span></code> buffer in bytes.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">mac_length</span></code></dt>
-<dd>On success, the number of bytes that make up the MAC value.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>Success.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">handle</span></code> is not compatible with <code class="docutils literal notranslate"><span class="pre">alg</span></code>.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">alg</span></code> is not supported or is not a MAC algorithm.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The library has not been previously initialized by <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Calculate the MAC (message authentication code) of a message.</p>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">To verify the MAC of a message against an expected value, use <a class="reference internal" href="#c.psa_mac_verify" title="psa_mac_verify"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_verify()</span></code></a> instead. Beware that comparing integrity or authenticity data such as MAC values with a function such as <code class="docutils literal notranslate"><span class="pre">memcmp</span></code> is risky because the time taken by the comparison may leak information about the MAC value which could allow an attacker to guess a valid MAC and thereby bypass security controls.</p>
-</div>
-</div>
-<div class="section" id="psa_mac_verify">
-<span id="c.psa_mac_verify"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_mac_verify</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_mac_verify</span><span class="p">(</span><span class="n">psa_key_handle_t</span> <span class="n">handle</span><span class="p">,</span>
-                            <span class="n">psa_algorithm_t</span> <span class="n">alg</span><span class="p">,</span>
-                            <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">input</span><span class="p">,</span>
-                            <span class="kt">size_t</span> <span class="n">input_length</span><span class="p">,</span>
-                            <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">mac</span><span class="p">,</span>
-                            <span class="k">const</span> <span class="kt">size_t</span> <span class="n">mac_length</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
-<dd>Handle to the key to use for the operation.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>The MAC algorithm to compute (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_MAC</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">input</span></code></dt>
-<dd>Buffer containing the input message.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">input_length</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">input</span></code> buffer in bytes.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">mac</span></code></dt>
-<dd>Buffer containing the expected MAC value.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">mac_length</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">mac</span></code> buffer in bytes.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The expected MAC is identical to the actual MAC of the input.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The MAC of the message was calculated successfully, but it differs from the expected value.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">handle</span></code> is not compatible with <code class="docutils literal notranslate"><span class="pre">alg</span></code>.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">alg</span></code> is not supported or is not a MAC algorithm.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Calculate the MAC of a message and compare it with a reference value.</p>
-</div>
-<div class="section" id="psa_mac_operation_init">
-<span id="c.psa_mac_operation_init"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_mac_operation_init</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_mac_operation_t</span> <span class="nf">psa_mac_operation_init</span><span class="p">(</span><span class="kt">void</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t"><code class="docutils literal notranslate"><span class="pre">psa_mac_operation_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Return an initial value for a MAC operation object.</p>
-</div>
-<div class="section" id="psa_mac_sign_setup">
-<span id="c.psa_mac_sign_setup"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_mac_sign_setup</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_mac_sign_setup</span><span class="p">(</span><span class="n">psa_mac_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
-                                <span class="n">psa_key_handle_t</span> <span class="n">handle</span><span class="p">,</span>
-                                <span class="n">psa_algorithm_t</span> <span class="n">alg</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
-<dd>The operation object to set up. It must have been initialized as per the documentation for <a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_mac_operation_t</span></code></a> and not yet in use.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
-<dd>Handle to the key to use for the operation. It must remain valid until the operation terminates.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>The MAC algorithm to compute (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_MAC</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>Success.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_DOES_NOT_EXIST" title="PSA_ERROR_DOES_NOT_EXIST"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_DOES_NOT_EXIST</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">handle</span></code> is not compatible with <code class="docutils literal notranslate"><span class="pre">alg</span></code>.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">alg</span></code> is not supported or is not a MAC algorithm.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The operation state is not valid (already set up and not subsequently completed).</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The library has not been previously initialized by <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Set up a multipart MAC calculation operation.</p>
-<p>This function sets up the calculation of the MAC (message authentication code) of a byte string. To verify the MAC of a message against an expected value, use <a class="reference internal" href="#c.psa_mac_verify_setup" title="psa_mac_verify_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_verify_setup()</span></code></a> instead.</p>
-<p>The sequence of operations to calculate a MAC is as follows:</p>
-<ol class="arabic simple">
-<li>Allocate an operation object which will be passed to all the functions listed here.</li>
-<li>Initialize the operation object with one of the methods described in the documentation for <a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_mac_operation_t</span></code></a>, e.g. PSA_MAC_OPERATION_INIT.</li>
-<li>Call <a class="reference internal" href="#c.psa_mac_sign_setup" title="psa_mac_sign_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_sign_setup()</span></code></a> to specify the algorithm and key.</li>
-<li>Call <a class="reference internal" href="#c.psa_mac_update" title="psa_mac_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_update()</span></code></a> zero, one or more times, passing a fragment of the message each time. The MAC that is calculated is the MAC of the concatenation of these messages in order.</li>
-<li>At the end of the message, call <a class="reference internal" href="#c.psa_mac_sign_finish" title="psa_mac_sign_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_sign_finish()</span></code></a> to finish calculating the MAC value and retrieve it.</li>
-</ol>
-<p>The application may call <a class="reference internal" href="#c.psa_mac_abort" title="psa_mac_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_abort()</span></code></a> at any time after the operation has been initialized.</p>
-<p>After a successful call to <a class="reference internal" href="#c.psa_mac_sign_setup" title="psa_mac_sign_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_sign_setup()</span></code></a>, the application must eventually terminate the operation through one of the following methods:</p>
-<ul class="simple">
-<li>A failed call to <a class="reference internal" href="#c.psa_mac_update" title="psa_mac_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_update()</span></code></a>.</li>
-<li>A call to <a class="reference internal" href="#c.psa_mac_sign_finish" title="psa_mac_sign_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_sign_finish()</span></code></a> or <a class="reference internal" href="#c.psa_mac_abort" title="psa_mac_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_abort()</span></code></a>.</li>
-</ul>
-</div>
-<div class="section" id="psa_mac_verify_setup">
-<span id="c.psa_mac_verify_setup"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_mac_verify_setup</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_mac_verify_setup</span><span class="p">(</span><span class="n">psa_mac_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
-                                  <span class="n">psa_key_handle_t</span> <span class="n">handle</span><span class="p">,</span>
-                                  <span class="n">psa_algorithm_t</span> <span class="n">alg</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
-<dd>The operation object to set up. It must have been initialized as per the documentation for <a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_mac_operation_t</span></code></a> and not yet in use.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
-<dd>Handle to the key to use for the operation. It must remain valid until the operation terminates.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>The MAC algorithm to compute (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_MAC</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>Success.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_DOES_NOT_EXIST" title="PSA_ERROR_DOES_NOT_EXIST"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_DOES_NOT_EXIST</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">key</span></code> is not compatible with <code class="docutils literal notranslate"><span class="pre">alg</span></code>.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">alg</span></code> is not supported or is not a MAC algorithm.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The operation state is not valid (already set up and not subsequently completed).</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The library has not been previously initialized by <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Set up a multipart MAC verification operation.</p>
-<p>This function sets up the verification of the MAC (message authentication code) of a byte string against an expected value.</p>
-<p>The sequence of operations to verify a MAC is as follows:</p>
-<ol class="arabic simple">
-<li>Allocate an operation object which will be passed to all the functions listed here.</li>
-<li>Initialize the operation object with one of the methods described in the documentation for <a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_mac_operation_t</span></code></a>, e.g. PSA_MAC_OPERATION_INIT.</li>
-<li>Call <a class="reference internal" href="#c.psa_mac_verify_setup" title="psa_mac_verify_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_verify_setup()</span></code></a> to specify the algorithm and key.</li>
-<li>Call <a class="reference internal" href="#c.psa_mac_update" title="psa_mac_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_update()</span></code></a> zero, one or more times, passing a fragment of the message each time. The MAC that is calculated is the MAC of the concatenation of these messages in order.</li>
-<li>At the end of the message, call <a class="reference internal" href="#c.psa_mac_verify_finish" title="psa_mac_verify_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_verify_finish()</span></code></a> to finish calculating the actual MAC of the message and verify it against the expected value.</li>
-</ol>
-<p>The application may call <a class="reference internal" href="#c.psa_mac_abort" title="psa_mac_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_abort()</span></code></a> at any time after the operation has been initialized.</p>
-<p>After a successful call to <a class="reference internal" href="#c.psa_mac_verify_setup" title="psa_mac_verify_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_verify_setup()</span></code></a>, the application must eventually terminate the operation through one of the following methods:</p>
-<ul class="simple">
-<li>A failed call to <a class="reference internal" href="#c.psa_mac_update" title="psa_mac_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_update()</span></code></a>.</li>
-<li>A call to <a class="reference internal" href="#c.psa_mac_verify_finish" title="psa_mac_verify_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_verify_finish()</span></code></a> or <a class="reference internal" href="#c.psa_mac_abort" title="psa_mac_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_abort()</span></code></a>.</li>
-</ul>
-</div>
-<div class="section" id="psa_mac_update">
-<span id="c.psa_mac_update"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_mac_update</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_mac_update</span><span class="p">(</span><span class="n">psa_mac_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
-                            <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">input</span><span class="p">,</span>
-                            <span class="kt">size_t</span> <span class="n">input_length</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
-<dd>Active MAC operation.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">input</span></code></dt>
-<dd>Buffer containing the message fragment to add to the MAC calculation.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">input_length</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">input</span></code> buffer in bytes.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>Success.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The operation state is not valid (not set up, or already completed).</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Add a message fragment to a multipart MAC operation.</p>
-<p>The application must call <a class="reference internal" href="#c.psa_mac_sign_setup" title="psa_mac_sign_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_sign_setup()</span></code></a> or <a class="reference internal" href="#c.psa_mac_verify_setup" title="psa_mac_verify_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_verify_setup()</span></code></a> before calling this function.</p>
-<p>If this function returns an error status, the operation becomes inactive.</p>
-</div>
-<div class="section" id="psa_mac_sign_finish">
-<span id="c.psa_mac_sign_finish"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_mac_sign_finish</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_mac_sign_finish</span><span class="p">(</span><span class="n">psa_mac_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
-                                 <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">mac</span><span class="p">,</span>
-                                 <span class="kt">size_t</span> <span class="n">mac_size</span><span class="p">,</span>
-                                 <span class="kt">size_t</span> <span class="o">*</span> <span class="n">mac_length</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
-<dd>Active MAC operation.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">mac</span></code></dt>
-<dd>Buffer where the MAC value is to be written.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">mac_size</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">mac</span></code> buffer in bytes.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">mac_length</span></code></dt>
-<dd>On success, the number of bytes that make up the MAC value. This is always <a class="reference internal" href="#c.PSA_MAC_FINAL_SIZE" title="PSA_MAC_FINAL_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_MAC_FINAL_SIZE</span></code></a>(<code class="docutils literal notranslate"><span class="pre">key_type</span></code>, <code class="docutils literal notranslate"><span class="pre">key_bits</span></code>, <code class="docutils literal notranslate"><span class="pre">alg</span></code>) where <code class="docutils literal notranslate"><span class="pre">key_type</span></code> and <code class="docutils literal notranslate"><span class="pre">key_bits</span></code> are the type and bit-size respectively of the key and <code class="docutils literal notranslate"><span class="pre">alg</span></code> is the MAC algorithm that is calculated.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>Success.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The operation state is not valid (not set up, or already completed).</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The size of the <code class="docutils literal notranslate"><span class="pre">mac</span></code> buffer is too small. You can determine a sufficient buffer size by calling <a class="reference internal" href="#c.PSA_MAC_FINAL_SIZE" title="PSA_MAC_FINAL_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_MAC_FINAL_SIZE()</span></code></a>.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Finish the calculation of the MAC of a message.</p>
-<p>The application must call <a class="reference internal" href="#c.psa_mac_sign_setup" title="psa_mac_sign_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_sign_setup()</span></code></a> before calling this function. This function calculates the MAC of the message formed by concatenating the inputs passed to preceding calls to <a class="reference internal" href="#c.psa_mac_update" title="psa_mac_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_update()</span></code></a>.</p>
-<p>When this function returns, the operation becomes inactive.</p>
-<div class="admonition warning">
-<p class="first admonition-title">Warning</p>
-<p class="last">Applications should not call this function if they expect a specific value for the MAC. Call <a class="reference internal" href="#c.psa_mac_verify_finish" title="psa_mac_verify_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_verify_finish()</span></code></a> instead. Beware that comparing integrity or authenticity data such as MAC values with a function such as <code class="docutils literal notranslate"><span class="pre">memcmp</span></code> is risky because the time taken by the comparison may leak information about the MAC value which could allow an attacker to guess a valid MAC and thereby bypass security controls.</p>
-</div>
-</div>
-<div class="section" id="psa_mac_verify_finish">
-<span id="c.psa_mac_verify_finish"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_mac_verify_finish</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_mac_verify_finish</span><span class="p">(</span><span class="n">psa_mac_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
-                                   <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">mac</span><span class="p">,</span>
-                                   <span class="kt">size_t</span> <span class="n">mac_length</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
-<dd>Active MAC operation.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">mac</span></code></dt>
-<dd>Buffer containing the expected MAC value.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">mac_length</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">mac</span></code> buffer in bytes.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The expected MAC is identical to the actual MAC of the message.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The MAC of the message was calculated successfully, but it differs from the expected MAC.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The operation state is not valid (not set up, or already completed).</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Finish the calculation of the MAC of a message and compare it with an expected value.</p>
-<p>The application must call <a class="reference internal" href="#c.psa_mac_verify_setup" title="psa_mac_verify_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_verify_setup()</span></code></a> before calling this function. This function calculates the MAC of the message formed by concatenating the inputs passed to preceding calls to <a class="reference internal" href="#c.psa_mac_update" title="psa_mac_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_update()</span></code></a>. It then compares the calculated MAC with the expected MAC passed as a parameter to this function.</p>
-<p>When this function returns, the operation becomes inactive.</p>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">Implementations shall make the best effort to ensure that the comparison between the actual MAC and the expected MAC is performed in constant time.</p>
-</div>
-</div>
-<div class="section" id="psa_mac_abort">
-<span id="c.psa_mac_abort"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_mac_abort</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_mac_abort</span><span class="p">(</span><span class="n">psa_mac_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
-<dd>Initialized MAC operation.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">operation</span></code> is not an active MAC operation.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Abort a MAC operation.</p>
-<p>Aborting an operation frees all associated resources except for the <code class="docutils literal notranslate"><span class="pre">operation</span></code> structure itself. Once aborted, the operation object can be reused for another operation by calling <a class="reference internal" href="#c.psa_mac_sign_setup" title="psa_mac_sign_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_sign_setup()</span></code></a> or <a class="reference internal" href="#c.psa_mac_verify_setup" title="psa_mac_verify_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_verify_setup()</span></code></a> again.</p>
-<p>You may call this function any time after the operation object has been initialized by any of the following methods:</p>
-<ul class="simple">
-<li>A call to <a class="reference internal" href="#c.psa_mac_sign_setup" title="psa_mac_sign_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_sign_setup()</span></code></a> or <a class="reference internal" href="#c.psa_mac_verify_setup" title="psa_mac_verify_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_verify_setup()</span></code></a>, whether it succeeds or not.</li>
-<li>Initializing the <code class="docutils literal notranslate"><span class="pre">struct</span></code> to all-bits-zero.</li>
-<li>Initializing the <code class="docutils literal notranslate"><span class="pre">struct</span></code> to logical zeros, e.g. <code class="docutils literal notranslate"><span class="pre">psa_mac_operation_t</span> <span class="pre">operation</span> <span class="pre">=</span> <span class="pre">{0}</span></code>.</li>
-</ul>
-<p>In particular, calling <a class="reference internal" href="#c.psa_mac_abort" title="psa_mac_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_abort()</span></code></a> after the operation has been terminated by a call to <a class="reference internal" href="#c.psa_mac_abort" title="psa_mac_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_abort()</span></code></a>, <a class="reference internal" href="#c.psa_mac_sign_finish" title="psa_mac_sign_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_sign_finish()</span></code></a> or <a class="reference internal" href="#c.psa_mac_verify_finish" title="psa_mac_verify_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_verify_finish()</span></code></a> is safe and has no effect.</p>
-</div>
-</div>
-<div class="section" id="symmetric-ciphers">
-<h1>Symmetric ciphers</h1>
-<div class="section" id="psa_cipher_operation_t">
-<span id="c.psa_cipher_operation_t"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_cipher_operation_t</span></code> (type)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="k">typedef</span> <span class="k">struct</span> <span class="n">psa_cipher_operation_s</span> <span class="n">psa_cipher_operation_t</span><span class="p">;</span>
-</pre></div>
-</div>
-<p>The type of the state data structure for multipart cipher operations.</p>
-<p>Before calling any function on a cipher operation object, the application must initialize it by any of the following means:</p>
-<ul>
-<li><p class="first">Set the structure to all-bits-zero, for example:</p>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_cipher_operation_t</span> <span class="n">operation</span><span class="p">;</span>
-<span class="n">memset</span><span class="p">(</span><span class="o">&amp;</span><span class="n">operation</span><span class="p">,</span> <span class="mi">0</span><span class="p">,</span> <span class="k">sizeof</span><span class="p">(</span><span class="n">operation</span><span class="p">));</span>
-</pre></div>
-</div>
-</li>
-<li><p class="first">Initialize the structure to logical zero values, for example:</p>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_cipher_operation_t</span> <span class="n">operation</span> <span class="o">=</span> <span class="p">{</span><span class="mi">0</span><span class="p">};</span>
-</pre></div>
-</div>
-</li>
-<li><p class="first">Initialize the structure to the initializer <a class="reference internal" href="#c.PSA_CIPHER_OPERATION_INIT" title="PSA_CIPHER_OPERATION_INIT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_CIPHER_OPERATION_INIT</span></code></a>, for example:</p>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_cipher_operation_t</span> <span class="n">operation</span> <span class="o">=</span> <span class="n">PSA_CIPHER_OPERATION_INIT</span><span class="p">;</span>
-</pre></div>
-</div>
-</li>
-<li><p class="first">Assign the result of the function <a class="reference internal" href="#c.psa_cipher_operation_init" title="psa_cipher_operation_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_operation_init()</span></code></a> to the structure, for example:</p>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_cipher_operation_t</span> <span class="n">operation</span><span class="p">;</span>
-<span class="n">operation</span> <span class="o">=</span> <span class="n">psa_cipher_operation_init</span><span class="p">();</span>
-</pre></div>
-</div>
-</li>
-</ul>
-<p>This is an implementation-defined <code class="docutils literal notranslate"><span class="pre">struct</span></code>. Applications should not make any assumptions about the content of this structure except as directed by the documentation of a specific implementation.</p>
-</div>
-<div class="section" id="PSA_CIPHER_OPERATION_INIT">
-<span id="c.PSA_CIPHER_OPERATION_INIT"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_CIPHER_OPERATION_INIT</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_CIPHER_OPERATION_INIT  {0}</span>
-</pre></div>
-</div>
-<p>This macro returns a suitable initializer for a cipher operation object of type <a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_cipher_operation_t</span></code></a>.</p>
-</div>
-<div class="section" id="psa_cipher_encrypt">
-<span id="c.psa_cipher_encrypt"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_cipher_encrypt</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_cipher_encrypt</span><span class="p">(</span><span class="n">psa_key_handle_t</span> <span class="n">handle</span><span class="p">,</span>
-                                <span class="n">psa_algorithm_t</span> <span class="n">alg</span><span class="p">,</span>
-                                <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">input</span><span class="p">,</span>
-                                <span class="kt">size_t</span> <span class="n">input_length</span><span class="p">,</span>
-                                <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">output</span><span class="p">,</span>
-                                <span class="kt">size_t</span> <span class="n">output_size</span><span class="p">,</span>
-                                <span class="kt">size_t</span> <span class="o">*</span> <span class="n">output_length</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
-<dd>Handle to the key to use for the operation. It must remain valid until the operation terminates.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>The cipher algorithm to compute (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_CIPHER</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">input</span></code></dt>
-<dd>Buffer containing the message to encrypt.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">input_length</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">input</span></code> buffer in bytes.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">output</span></code></dt>
-<dd>Buffer where the output is to be written. The output contains the IV followed by the ciphertext proper.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">output_size</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">output</span></code> buffer in bytes.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">output_length</span></code></dt>
-<dd>On success, the number of bytes that make up the output.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>Success.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">handle</span></code> is not compatible with <code class="docutils literal notranslate"><span class="pre">alg</span></code>.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">alg</span></code> is not supported or is not a cipher algorithm.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Encrypt a message using a symmetric cipher.</p>
-<p>This function encrypts a message with a random IV (initialization vector).</p>
-</div>
-<div class="section" id="psa_cipher_decrypt">
-<span id="c.psa_cipher_decrypt"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_cipher_decrypt</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_cipher_decrypt</span><span class="p">(</span><span class="n">psa_key_handle_t</span> <span class="n">handle</span><span class="p">,</span>
-                                <span class="n">psa_algorithm_t</span> <span class="n">alg</span><span class="p">,</span>
-                                <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">input</span><span class="p">,</span>
-                                <span class="kt">size_t</span> <span class="n">input_length</span><span class="p">,</span>
-                                <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">output</span><span class="p">,</span>
-                                <span class="kt">size_t</span> <span class="n">output_size</span><span class="p">,</span>
-                                <span class="kt">size_t</span> <span class="o">*</span> <span class="n">output_length</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
-<dd>Handle to the key to use for the operation. It must remain valid until the operation terminates.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>The cipher algorithm to compute (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_CIPHER</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">input</span></code></dt>
-<dd>Buffer containing the message to decrypt. This consists of the IV followed by the ciphertext proper.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">input_length</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">input</span></code> buffer in bytes.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">output</span></code></dt>
-<dd>Buffer where the plaintext is to be written.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">output_size</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">output</span></code> buffer in bytes.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">output_length</span></code></dt>
-<dd>On success, the number of bytes that make up the output.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>Success.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">handle</span></code> is not compatible with <code class="docutils literal notranslate"><span class="pre">alg</span></code>.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">alg</span></code> is not supported or is not a cipher algorithm.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Decrypt a message using a symmetric cipher.</p>
-<p>This function decrypts a message encrypted with a symmetric cipher.</p>
-</div>
-<div class="section" id="psa_cipher_operation_init">
-<span id="c.psa_cipher_operation_init"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_cipher_operation_init</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_cipher_operation_t</span> <span class="nf">psa_cipher_operation_init</span><span class="p">(</span><span class="kt">void</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t"><code class="docutils literal notranslate"><span class="pre">psa_cipher_operation_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Return an initial value for a cipher operation object.</p>
-</div>
-<div class="section" id="psa_cipher_encrypt_setup">
-<span id="c.psa_cipher_encrypt_setup"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_cipher_encrypt_setup</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_cipher_encrypt_setup</span><span class="p">(</span><span class="n">psa_cipher_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
-                                      <span class="n">psa_key_handle_t</span> <span class="n">handle</span><span class="p">,</span>
-                                      <span class="n">psa_algorithm_t</span> <span class="n">alg</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
-<dd>The operation object to set up. It must have been initialized as per the documentation for <a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_cipher_operation_t</span></code></a> and not yet in use.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
-<dd>Handle to the key to use for the operation. It must remain valid until the operation terminates.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>The cipher algorithm to compute (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_CIPHER</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>Success.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_DOES_NOT_EXIST" title="PSA_ERROR_DOES_NOT_EXIST"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_DOES_NOT_EXIST</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">handle</span></code> is not compatible with <code class="docutils literal notranslate"><span class="pre">alg</span></code>.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">alg</span></code> is not supported or is not a cipher algorithm.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The operation state is not valid (already set up and not subsequently completed).</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The library has not been previously initialized by <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Set the key for a multipart symmetric encryption operation.</p>
-<p>The sequence of operations to encrypt a message with a symmetric cipher is as follows:</p>
-<ol class="arabic simple">
-<li>Allocate an operation object which will be passed to all the functions listed here.</li>
-<li>Initialize the operation object with one of the methods described in the documentation for <a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_cipher_operation_t</span></code></a>, e.g. PSA_CIPHER_OPERATION_INIT.</li>
-<li>Call <a class="reference internal" href="#c.psa_cipher_encrypt_setup" title="psa_cipher_encrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_encrypt_setup()</span></code></a> to specify the algorithm and key.</li>
-<li>Call either <a class="reference internal" href="#c.psa_cipher_generate_iv" title="psa_cipher_generate_iv"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_generate_iv()</span></code></a> or <a class="reference internal" href="#c.psa_cipher_set_iv" title="psa_cipher_set_iv"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_set_iv()</span></code></a> to generate or set the IV (initialization vector). You should use <a class="reference internal" href="#c.psa_cipher_generate_iv" title="psa_cipher_generate_iv"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_generate_iv()</span></code></a> unless the protocol you are implementing requires a specific IV value.</li>
-<li>Call <a class="reference internal" href="#c.psa_cipher_update" title="psa_cipher_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_update()</span></code></a> zero, one or more times, passing a fragment of the message each time.</li>
-<li>Call <a class="reference internal" href="#c.psa_cipher_finish" title="psa_cipher_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_finish()</span></code></a>.</li>
-</ol>
-<p>The application may call <a class="reference internal" href="#c.psa_cipher_abort" title="psa_cipher_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_abort()</span></code></a> at any time after the operation has been initialized.</p>
-<p>After a successful call to <a class="reference internal" href="#c.psa_cipher_encrypt_setup" title="psa_cipher_encrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_encrypt_setup()</span></code></a>, the application must eventually terminate the operation. The following events terminate an operation:</p>
-<ul class="simple">
-<li>A failed call to any of the <code class="docutils literal notranslate"><span class="pre">psa_cipher_xxx</span></code> functions.</li>
-<li>A call to <a class="reference internal" href="#c.psa_cipher_finish" title="psa_cipher_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_finish()</span></code></a> or <a class="reference internal" href="#c.psa_cipher_abort" title="psa_cipher_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_abort()</span></code></a>.</li>
-</ul>
-</div>
-<div class="section" id="psa_cipher_decrypt_setup">
-<span id="c.psa_cipher_decrypt_setup"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_cipher_decrypt_setup</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_cipher_decrypt_setup</span><span class="p">(</span><span class="n">psa_cipher_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
-                                      <span class="n">psa_key_handle_t</span> <span class="n">handle</span><span class="p">,</span>
-                                      <span class="n">psa_algorithm_t</span> <span class="n">alg</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
-<dd>The operation object to set up. It must have been initialized as per the documentation for <a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_cipher_operation_t</span></code></a> and not yet in use.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
-<dd>Handle to the key to use for the operation. It must remain valid until the operation terminates.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>The cipher algorithm to compute (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_CIPHER</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>Success.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_DOES_NOT_EXIST" title="PSA_ERROR_DOES_NOT_EXIST"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_DOES_NOT_EXIST</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">handle</span></code> is not compatible with <code class="docutils literal notranslate"><span class="pre">alg</span></code>.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">alg</span></code> is not supported or is not a cipher algorithm.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The operation state is not valid (already set up and not subsequently completed).</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The library has not been previously initialized by <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Set the key for a multipart symmetric decryption operation.</p>
-<p>The sequence of operations to decrypt a message with a symmetric cipher is as follows:</p>
-<ol class="arabic simple">
-<li>Allocate an operation object which will be passed to all the functions listed here.</li>
-<li>Initialize the operation object with one of the methods described in the documentation for <a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_cipher_operation_t</span></code></a>, e.g. PSA_CIPHER_OPERATION_INIT.</li>
-<li>Call <a class="reference internal" href="#c.psa_cipher_decrypt_setup" title="psa_cipher_decrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_decrypt_setup()</span></code></a> to specify the algorithm and key.</li>
-<li>Call <a class="reference internal" href="#c.psa_cipher_set_iv" title="psa_cipher_set_iv"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_set_iv()</span></code></a> with the IV (initialization vector) for the decryption. If the IV is prepended to the ciphertext, you can call <a class="reference internal" href="#c.psa_cipher_update" title="psa_cipher_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_update()</span></code></a> on a buffer containing the IV followed by the beginning of the message.</li>
-<li>Call <a class="reference internal" href="#c.psa_cipher_update" title="psa_cipher_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_update()</span></code></a> zero, one or more times, passing a fragment of the message each time.</li>
-<li>Call <a class="reference internal" href="#c.psa_cipher_finish" title="psa_cipher_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_finish()</span></code></a>.</li>
-</ol>
-<p>The application may call <a class="reference internal" href="#c.psa_cipher_abort" title="psa_cipher_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_abort()</span></code></a> at any time after the operation has been initialized.</p>
-<p>After a successful call to <a class="reference internal" href="#c.psa_cipher_decrypt_setup" title="psa_cipher_decrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_decrypt_setup()</span></code></a>, the application must eventually terminate the operation. The following events terminate an operation:</p>
-<ul class="simple">
-<li>A failed call to any of the <code class="docutils literal notranslate"><span class="pre">psa_cipher_xxx</span></code> functions.</li>
-<li>A call to <a class="reference internal" href="#c.psa_cipher_finish" title="psa_cipher_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_finish()</span></code></a> or <a class="reference internal" href="#c.psa_cipher_abort" title="psa_cipher_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_abort()</span></code></a>.</li>
-</ul>
-</div>
-<div class="section" id="psa_cipher_generate_iv">
-<span id="c.psa_cipher_generate_iv"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_cipher_generate_iv</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_cipher_generate_iv</span><span class="p">(</span><span class="n">psa_cipher_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
-                                    <span class="kt">unsigned</span> <span class="kt">char</span> <span class="o">*</span> <span class="n">iv</span><span class="p">,</span>
-                                    <span class="kt">size_t</span> <span class="n">iv_size</span><span class="p">,</span>
-                                    <span class="kt">size_t</span> <span class="o">*</span> <span class="n">iv_length</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
-<dd>Active cipher operation.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">iv</span></code></dt>
-<dd>Buffer where the generated IV is to be written.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">iv_size</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">iv</span></code> buffer in bytes.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">iv_length</span></code></dt>
-<dd>On success, the number of bytes of the generated IV.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>Success.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The operation state is not valid (not set up, or IV already set).</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The size of the <code class="docutils literal notranslate"><span class="pre">iv</span></code> buffer is too small.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Generate an IV for a symmetric encryption operation.</p>
-<p>This function generates a random IV (initialization vector), nonce or initial counter value for the encryption operation as appropriate for the chosen algorithm, key type and key size.</p>
-<p>The application must call <a class="reference internal" href="#c.psa_cipher_encrypt_setup" title="psa_cipher_encrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_encrypt_setup()</span></code></a> before calling this function.</p>
-<p>If this function returns an error status, the operation becomes inactive.</p>
-</div>
-<div class="section" id="psa_cipher_set_iv">
-<span id="c.psa_cipher_set_iv"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_cipher_set_iv</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_cipher_set_iv</span><span class="p">(</span><span class="n">psa_cipher_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
-                               <span class="k">const</span> <span class="kt">unsigned</span> <span class="kt">char</span> <span class="o">*</span> <span class="n">iv</span><span class="p">,</span>
-                               <span class="kt">size_t</span> <span class="n">iv_length</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
-<dd>Active cipher operation.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">iv</span></code></dt>
-<dd>Buffer containing the IV to use.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">iv_length</span></code></dt>
-<dd>Size of the IV in bytes.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>Success.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The operation state is not valid (not set up, or IV already set).</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The size of <code class="docutils literal notranslate"><span class="pre">iv</span></code> is not acceptable for the chosen algorithm, or the chosen algorithm does not use an IV.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Set the IV for a symmetric encryption or decryption operation.</p>
-<p>This function sets the IV (initialization vector), nonce or initial counter value for the encryption or decryption operation.</p>
-<p>The application must call <a class="reference internal" href="#c.psa_cipher_encrypt_setup" title="psa_cipher_encrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_encrypt_setup()</span></code></a> before calling this function.</p>
-<p>If this function returns an error status, the operation becomes inactive.</p>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">When encrypting, applications should use <a class="reference internal" href="#c.psa_cipher_generate_iv" title="psa_cipher_generate_iv"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_generate_iv()</span></code></a> instead of this function, unless implementing a protocol that requires a non-random IV.</p>
-</div>
-</div>
-<div class="section" id="psa_cipher_update">
-<span id="c.psa_cipher_update"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_cipher_update</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_cipher_update</span><span class="p">(</span><span class="n">psa_cipher_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
-                               <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">input</span><span class="p">,</span>
-                               <span class="kt">size_t</span> <span class="n">input_length</span><span class="p">,</span>
-                               <span class="kt">unsigned</span> <span class="kt">char</span> <span class="o">*</span> <span class="n">output</span><span class="p">,</span>
-                               <span class="kt">size_t</span> <span class="n">output_size</span><span class="p">,</span>
-                               <span class="kt">size_t</span> <span class="o">*</span> <span class="n">output_length</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
-<dd>Active cipher operation.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">input</span></code></dt>
-<dd>Buffer containing the message fragment to encrypt or decrypt.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">input_length</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">input</span></code> buffer in bytes.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">output</span></code></dt>
-<dd>Buffer where the output is to be written.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">output_size</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">output</span></code> buffer in bytes.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">output_length</span></code></dt>
-<dd>On success, the number of bytes that make up the returned output.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>Success.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The operation state is not valid (not set up, IV required but not set, or already completed).</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The size of the <code class="docutils literal notranslate"><span class="pre">output</span></code> buffer is too small.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Encrypt or decrypt a message fragment in an active cipher operation.</p>
-<p>Before calling this function, you must:</p>
-<ol class="arabic simple">
-<li>Call either <a class="reference internal" href="#c.psa_cipher_encrypt_setup" title="psa_cipher_encrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_encrypt_setup()</span></code></a> or <a class="reference internal" href="#c.psa_cipher_decrypt_setup" title="psa_cipher_decrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_decrypt_setup()</span></code></a>. The choice of setup function determines whether this function encrypts or decrypts its input.</li>
-<li>If the algorithm requires an IV, call <a class="reference internal" href="#c.psa_cipher_generate_iv" title="psa_cipher_generate_iv"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_generate_iv()</span></code></a> (recommended when encrypting) or <a class="reference internal" href="#c.psa_cipher_set_iv" title="psa_cipher_set_iv"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_set_iv()</span></code></a>.</li>
-</ol>
-<p>If this function returns an error status, the operation becomes inactive.</p>
-</div>
-<div class="section" id="psa_cipher_finish">
-<span id="c.psa_cipher_finish"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_cipher_finish</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_cipher_finish</span><span class="p">(</span><span class="n">psa_cipher_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
-                               <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">output</span><span class="p">,</span>
-                               <span class="kt">size_t</span> <span class="n">output_size</span><span class="p">,</span>
-                               <span class="kt">size_t</span> <span class="o">*</span> <span class="n">output_length</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
-<dd>Active cipher operation.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">output</span></code></dt>
-<dd>Buffer where the output is to be written.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">output_size</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">output</span></code> buffer in bytes.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">output_length</span></code></dt>
-<dd>On success, the number of bytes that make up the returned output.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>Success.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The operation state is not valid (not set up, IV required but not set, or already completed).</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The size of the <code class="docutils literal notranslate"><span class="pre">output</span></code> buffer is too small.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Finish encrypting or decrypting a message in a cipher operation.</p>
-<p>The application must call <a class="reference internal" href="#c.psa_cipher_encrypt_setup" title="psa_cipher_encrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_encrypt_setup()</span></code></a> or <a class="reference internal" href="#c.psa_cipher_decrypt_setup" title="psa_cipher_decrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_decrypt_setup()</span></code></a> before calling this function. The choice of setup function determines whether this function encrypts or decrypts its input.</p>
-<p>This function finishes the encryption or decryption of the message formed by concatenating the inputs passed to preceding calls to <a class="reference internal" href="#c.psa_cipher_update" title="psa_cipher_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_update()</span></code></a>.</p>
-<p>When this function returns, the operation becomes inactive.</p>
-</div>
-<div class="section" id="psa_cipher_abort">
-<span id="c.psa_cipher_abort"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_cipher_abort</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_cipher_abort</span><span class="p">(</span><span class="n">psa_cipher_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
-<dd>Initialized cipher operation.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">operation</span></code> is not an active cipher operation.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Abort a cipher operation.</p>
-<p>Aborting an operation frees all associated resources except for the <code class="docutils literal notranslate"><span class="pre">operation</span></code> structure itself. Once aborted, the operation object can be reused for another operation by calling <a class="reference internal" href="#c.psa_cipher_encrypt_setup" title="psa_cipher_encrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_encrypt_setup()</span></code></a> or <a class="reference internal" href="#c.psa_cipher_decrypt_setup" title="psa_cipher_decrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_decrypt_setup()</span></code></a> again.</p>
-<p>You may call this function any time after the operation object has been initialized by any of the following methods:</p>
-<ul class="simple">
-<li>A call to <a class="reference internal" href="#c.psa_cipher_encrypt_setup" title="psa_cipher_encrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_encrypt_setup()</span></code></a> or <a class="reference internal" href="#c.psa_cipher_decrypt_setup" title="psa_cipher_decrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_decrypt_setup()</span></code></a>, whether it succeeds or not.</li>
-<li>Initializing the <code class="docutils literal notranslate"><span class="pre">struct</span></code> to all-bits-zero.</li>
-<li>Initializing the <code class="docutils literal notranslate"><span class="pre">struct</span></code> to logical zeros, e.g. <code class="docutils literal notranslate"><span class="pre">psa_cipher_operation_t</span> <span class="pre">operation</span> <span class="pre">=</span> <span class="pre">{0}</span></code>.</li>
-</ul>
-<p>In particular, calling <a class="reference internal" href="#c.psa_cipher_abort" title="psa_cipher_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_abort()</span></code></a> after the operation has been terminated by a call to <a class="reference internal" href="#c.psa_cipher_abort" title="psa_cipher_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_abort()</span></code></a> or <a class="reference internal" href="#c.psa_cipher_finish" title="psa_cipher_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_finish()</span></code></a> is safe and has no effect.</p>
-</div>
-</div>
-<div class="section" id="authenticated-encryption-with-associated-data-aead">
-<h1>Authenticated encryption with associated data (AEAD)</h1>
-<div class="section" id="psa_aead_operation_t">
-<span id="c.psa_aead_operation_t"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_aead_operation_t</span></code> (type)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="k">typedef</span> <span class="k">struct</span> <span class="n">psa_aead_operation_s</span> <span class="n">psa_aead_operation_t</span><span class="p">;</span>
-</pre></div>
-</div>
-<p>The type of the state data structure for multipart AEAD operations.</p>
-<p>Before calling any function on an AEAD operation object, the application must initialize it by any of the following means:</p>
-<ul>
-<li><p class="first">Set the structure to all-bits-zero, for example:</p>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_aead_operation_t</span> <span class="n">operation</span><span class="p">;</span>
-<span class="n">memset</span><span class="p">(</span><span class="o">&amp;</span><span class="n">operation</span><span class="p">,</span> <span class="mi">0</span><span class="p">,</span> <span class="k">sizeof</span><span class="p">(</span><span class="n">operation</span><span class="p">));</span>
-</pre></div>
-</div>
-</li>
-<li><p class="first">Initialize the structure to logical zero values, for example:</p>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_aead_operation_t</span> <span class="n">operation</span> <span class="o">=</span> <span class="p">{</span><span class="mi">0</span><span class="p">};</span>
-</pre></div>
-</div>
-</li>
-<li><p class="first">Initialize the structure to the initializer <a class="reference internal" href="#c.PSA_AEAD_OPERATION_INIT" title="PSA_AEAD_OPERATION_INIT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_AEAD_OPERATION_INIT</span></code></a>, for example:</p>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_aead_operation_t</span> <span class="n">operation</span> <span class="o">=</span> <span class="n">PSA_AEAD_OPERATION_INIT</span><span class="p">;</span>
-</pre></div>
-</div>
-</li>
-<li><p class="first">Assign the result of the function <a class="reference internal" href="#c.psa_aead_operation_init" title="psa_aead_operation_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_operation_init()</span></code></a> to the structure, for example:</p>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_aead_operation_t</span> <span class="n">operation</span><span class="p">;</span>
-<span class="n">operation</span> <span class="o">=</span> <span class="n">psa_aead_operation_init</span><span class="p">();</span>
-</pre></div>
-</div>
-</li>
-</ul>
-<p>This is an implementation-defined <code class="docutils literal notranslate"><span class="pre">struct</span></code>. Applications should not make any assumptions about the content of this structure except as directed by the documentation of a specific implementation.</p>
-</div>
-<div class="section" id="PSA_AEAD_OPERATION_INIT">
-<span id="c.PSA_AEAD_OPERATION_INIT"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_OPERATION_INIT</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_AEAD_OPERATION_INIT  {0}</span>
-</pre></div>
-</div>
-<p>This macro returns a suitable initializer for an AEAD operation object of type <a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_aead_operation_t</span></code></a>.</p>
-</div>
-<div class="section" id="psa_aead_encrypt">
-<span id="c.psa_aead_encrypt"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_aead_encrypt</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_aead_encrypt</span><span class="p">(</span><span class="n">psa_key_handle_t</span> <span class="n">handle</span><span class="p">,</span>
-                              <span class="n">psa_algorithm_t</span> <span class="n">alg</span><span class="p">,</span>
-                              <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">nonce</span><span class="p">,</span>
-                              <span class="kt">size_t</span> <span class="n">nonce_length</span><span class="p">,</span>
-                              <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">additional_data</span><span class="p">,</span>
-                              <span class="kt">size_t</span> <span class="n">additional_data_length</span><span class="p">,</span>
-                              <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">plaintext</span><span class="p">,</span>
-                              <span class="kt">size_t</span> <span class="n">plaintext_length</span><span class="p">,</span>
-                              <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">ciphertext</span><span class="p">,</span>
-                              <span class="kt">size_t</span> <span class="n">ciphertext_size</span><span class="p">,</span>
-                              <span class="kt">size_t</span> <span class="o">*</span> <span class="n">ciphertext_length</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
-<dd>Handle to the key to use for the operation.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>The AEAD algorithm to compute (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_AEAD</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">nonce</span></code></dt>
-<dd>Nonce or IV to use.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">nonce_length</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">nonce</span></code> buffer in bytes.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">additional_data</span></code></dt>
-<dd>Additional data that will be authenticated but not encrypted.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">additional_data_length</span></code></dt>
-<dd>Size of <code class="docutils literal notranslate"><span class="pre">additional_data</span></code> in bytes.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">plaintext</span></code></dt>
-<dd>Data that will be authenticated and encrypted.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">plaintext_length</span></code></dt>
-<dd>Size of <code class="docutils literal notranslate"><span class="pre">plaintext</span></code> in bytes.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">ciphertext</span></code></dt>
-<dd>Output buffer for the authenticated and encrypted data. The additional data is not part of this output. For algorithms where the encrypted data and the authentication tag are defined as separate outputs, the authentication tag is appended to the encrypted data.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">ciphertext_size</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">ciphertext</span></code> buffer in bytes. This must be at least <a class="reference internal" href="#c.PSA_AEAD_ENCRYPT_OUTPUT_SIZE" title="PSA_AEAD_ENCRYPT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_AEAD_ENCRYPT_OUTPUT_SIZE</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>, <code class="docutils literal notranslate"><span class="pre">plaintext_length</span></code>).</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">ciphertext_length</span></code></dt>
-<dd>On success, the size of the output in the <code class="docutils literal notranslate"><span class="pre">ciphertext</span></code> buffer.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>Success.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_DOES_NOT_EXIST" title="PSA_ERROR_DOES_NOT_EXIST"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_DOES_NOT_EXIST</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">handle</span></code> is not compatible with <code class="docutils literal notranslate"><span class="pre">alg</span></code>.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">alg</span></code> is not supported or is not an AEAD algorithm.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The library has not been previously initialized by <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Process an authenticated encryption operation.</p>
-</div>
-<div class="section" id="psa_aead_decrypt">
-<span id="c.psa_aead_decrypt"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_aead_decrypt</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_aead_decrypt</span><span class="p">(</span><span class="n">psa_key_handle_t</span> <span class="n">handle</span><span class="p">,</span>
-                              <span class="n">psa_algorithm_t</span> <span class="n">alg</span><span class="p">,</span>
-                              <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">nonce</span><span class="p">,</span>
-                              <span class="kt">size_t</span> <span class="n">nonce_length</span><span class="p">,</span>
-                              <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">additional_data</span><span class="p">,</span>
-                              <span class="kt">size_t</span> <span class="n">additional_data_length</span><span class="p">,</span>
-                              <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">ciphertext</span><span class="p">,</span>
-                              <span class="kt">size_t</span> <span class="n">ciphertext_length</span><span class="p">,</span>
-                              <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">plaintext</span><span class="p">,</span>
-                              <span class="kt">size_t</span> <span class="n">plaintext_size</span><span class="p">,</span>
-                              <span class="kt">size_t</span> <span class="o">*</span> <span class="n">plaintext_length</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
-<dd>Handle to the key to use for the operation.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>The AEAD algorithm to compute (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_AEAD</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">nonce</span></code></dt>
-<dd>Nonce or IV to use.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">nonce_length</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">nonce</span></code> buffer in bytes.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">additional_data</span></code></dt>
-<dd>Additional data that has been authenticated but not encrypted.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">additional_data_length</span></code></dt>
-<dd>Size of <code class="docutils literal notranslate"><span class="pre">additional_data</span></code> in bytes.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">ciphertext</span></code></dt>
-<dd>Data that has been authenticated and encrypted. For algorithms where the encrypted data and the authentication tag are defined as separate inputs, the buffer must contain the encrypted data followed by the authentication tag.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">ciphertext_length</span></code></dt>
-<dd>Size of <code class="docutils literal notranslate"><span class="pre">ciphertext</span></code> in bytes.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">plaintext</span></code></dt>
-<dd>Output buffer for the decrypted data.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">plaintext_size</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">plaintext</span></code> buffer in bytes. This must be at least <a class="reference internal" href="#c.PSA_AEAD_DECRYPT_OUTPUT_SIZE" title="PSA_AEAD_DECRYPT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_AEAD_DECRYPT_OUTPUT_SIZE</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>, <code class="docutils literal notranslate"><span class="pre">ciphertext_length</span></code>).</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">plaintext_length</span></code></dt>
-<dd>On success, the size of the output in the <code class="docutils literal notranslate"><span class="pre">plaintext</span></code> buffer.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>Success.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_DOES_NOT_EXIST" title="PSA_ERROR_DOES_NOT_EXIST"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_DOES_NOT_EXIST</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The ciphertext is not authentic.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">handle</span></code> is not compatible with <code class="docutils literal notranslate"><span class="pre">alg</span></code>.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">alg</span></code> is not supported or is not an AEAD algorithm.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The library has not been previously initialized by <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Process an authenticated decryption operation.</p>
-</div>
-<div class="section" id="psa_aead_operation_init">
-<span id="c.psa_aead_operation_init"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_aead_operation_init</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_aead_operation_t</span> <span class="nf">psa_aead_operation_init</span><span class="p">(</span><span class="kt">void</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t"><code class="docutils literal notranslate"><span class="pre">psa_aead_operation_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Return an initial value for an AEAD operation object.</p>
-</div>
-<div class="section" id="psa_aead_encrypt_setup">
-<span id="c.psa_aead_encrypt_setup"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_aead_encrypt_setup</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_aead_encrypt_setup</span><span class="p">(</span><span class="n">psa_aead_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
-                                    <span class="n">psa_key_handle_t</span> <span class="n">handle</span><span class="p">,</span>
-                                    <span class="n">psa_algorithm_t</span> <span class="n">alg</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
-<dd>The operation object to set up. It must have been initialized as per the documentation for <a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_aead_operation_t</span></code></a> and not yet in use.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
-<dd>Handle to the key to use for the operation. It must remain valid until the operation terminates.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>The AEAD algorithm to compute (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_AEAD</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>Success.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">handle</span></code> is not compatible with <code class="docutils literal notranslate"><span class="pre">alg</span></code>.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">alg</span></code> is not supported or is not an AEAD algorithm.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The library has not been previously initialized by <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Set the key for a multipart authenticated encryption operation.</p>
-<p>The sequence of operations to encrypt a message with authentication is as follows:</p>
-<ol class="arabic simple">
-<li>Allocate an operation object which will be passed to all the functions listed here.</li>
-<li>Initialize the operation object with one of the methods described in the documentation for <a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_aead_operation_t</span></code></a>, e.g. PSA_AEAD_OPERATION_INIT.</li>
-<li>Call <a class="reference internal" href="#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_encrypt_setup()</span></code></a> to specify the algorithm and key.</li>
-<li>If needed, call <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_set_lengths()</span></code></a> to specify the length of the inputs to the subsequent calls to <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update_ad()</span></code></a> and <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update()</span></code></a>. See the documentation of <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_set_lengths()</span></code></a> for details.</li>
-<li>Call either <a class="reference internal" href="#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_generate_nonce()</span></code></a> or <a class="reference internal" href="#c.psa_aead_set_nonce" title="psa_aead_set_nonce"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_set_nonce()</span></code></a> to generate or set the nonce. You should use <a class="reference internal" href="#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_generate_nonce()</span></code></a> unless the protocol you are implementing requires a specific nonce value.</li>
-<li>Call <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update_ad()</span></code></a> zero, one or more times, passing a fragment of the non-encrypted additional authenticated data each time.</li>
-<li>Call <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update()</span></code></a> zero, one or more times, passing a fragment of the message to encrypt each time.</li>
-<li>Call <a class="reference internal" href="#c.psa_aead_finish" title="psa_aead_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_finish()</span></code></a>.</li>
-</ol>
-<p>The application may call <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_abort()</span></code></a> at any time after the operation has been initialized.</p>
-<p>After a successful call to <a class="reference internal" href="#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_encrypt_setup()</span></code></a>, the application must eventually terminate the operation. The following events terminate an operation:</p>
-<ul class="simple">
-<li>A failed call to any of the <code class="docutils literal notranslate"><span class="pre">psa_aead_xxx</span></code> functions.</li>
-<li>A call to <a class="reference internal" href="#c.psa_aead_finish" title="psa_aead_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_finish()</span></code></a>, <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_verify()</span></code></a> or <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_abort()</span></code></a>.</li>
-</ul>
-</div>
-<div class="section" id="psa_aead_decrypt_setup">
-<span id="c.psa_aead_decrypt_setup"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_aead_decrypt_setup</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_aead_decrypt_setup</span><span class="p">(</span><span class="n">psa_aead_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
-                                    <span class="n">psa_key_handle_t</span> <span class="n">handle</span><span class="p">,</span>
-                                    <span class="n">psa_algorithm_t</span> <span class="n">alg</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
-<dd>The operation object to set up. It must have been initialized as per the documentation for <a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_aead_operation_t</span></code></a> and not yet in use.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
-<dd>Handle to the key to use for the operation. It must remain valid until the operation terminates.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>The AEAD algorithm to compute (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_AEAD</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>Success.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">handle</span></code> is not compatible with <code class="docutils literal notranslate"><span class="pre">alg</span></code>.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">alg</span></code> is not supported or is not an AEAD algorithm.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The library has not been previously initialized by <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Set the key for a multipart authenticated decryption operation.</p>
-<p>The sequence of operations to decrypt a message with authentication is as follows:</p>
-<ol class="arabic simple">
-<li>Allocate an operation object which will be passed to all the functions listed here.</li>
-<li>Initialize the operation object with one of the methods described in the documentation for <a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_aead_operation_t</span></code></a>, e.g. PSA_AEAD_OPERATION_INIT.</li>
-<li>Call <a class="reference internal" href="#c.psa_aead_decrypt_setup" title="psa_aead_decrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_decrypt_setup()</span></code></a> to specify the algorithm and key.</li>
-<li>If needed, call <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_set_lengths()</span></code></a> to specify the length of the inputs to the subsequent calls to <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update_ad()</span></code></a> and <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update()</span></code></a>. See the documentation of <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_set_lengths()</span></code></a> for details.</li>
-<li>Call <a class="reference internal" href="#c.psa_aead_set_nonce" title="psa_aead_set_nonce"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_set_nonce()</span></code></a> with the nonce for the decryption.</li>
-<li>Call <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update_ad()</span></code></a> zero, one or more times, passing a fragment of the non-encrypted additional authenticated data each time.</li>
-<li>Call <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update()</span></code></a> zero, one or more times, passing a fragment of the ciphertext to decrypt each time.</li>
-<li>Call <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_verify()</span></code></a>.</li>
-</ol>
-<p>The application may call <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_abort()</span></code></a> at any time after the operation has been initialized.</p>
-<p>After a successful call to <a class="reference internal" href="#c.psa_aead_decrypt_setup" title="psa_aead_decrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_decrypt_setup()</span></code></a>, the application must eventually terminate the operation. The following events terminate an operation:</p>
-<ul class="simple">
-<li>A failed call to any of the <code class="docutils literal notranslate"><span class="pre">psa_aead_xxx</span></code> functions.</li>
-<li>A call to <a class="reference internal" href="#c.psa_aead_finish" title="psa_aead_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_finish()</span></code></a>, <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_verify()</span></code></a> or <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_abort()</span></code></a>.</li>
-</ul>
-</div>
-<div class="section" id="psa_aead_generate_nonce">
-<span id="c.psa_aead_generate_nonce"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_aead_generate_nonce</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_aead_generate_nonce</span><span class="p">(</span><span class="n">psa_aead_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
-                                     <span class="kt">unsigned</span> <span class="kt">char</span> <span class="o">*</span> <span class="n">nonce</span><span class="p">,</span>
-                                     <span class="kt">size_t</span> <span class="n">nonce_size</span><span class="p">,</span>
-                                     <span class="kt">size_t</span> <span class="o">*</span> <span class="n">nonce_length</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
-<dd>Active AEAD operation.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">nonce</span></code></dt>
-<dd>Buffer where the generated nonce is to be written.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">nonce_size</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">nonce</span></code> buffer in bytes.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">nonce_length</span></code></dt>
-<dd>On success, the number of bytes of the generated nonce.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>Success.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The operation state is not valid (not set up, or nonce already set).</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The size of the <code class="docutils literal notranslate"><span class="pre">nonce</span></code> buffer is too small.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Generate a random nonce for an authenticated encryption operation.</p>
-<p>This function generates a random nonce for the authenticated encryption operation with an appropriate size for the chosen algorithm, key type and key size.</p>
-<p>The application must call <a class="reference internal" href="#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_encrypt_setup()</span></code></a> before calling this function.</p>
-<p>If this function returns an error status, the operation becomes inactive.</p>
-</div>
-<div class="section" id="psa_aead_set_nonce">
-<span id="c.psa_aead_set_nonce"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_aead_set_nonce</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_aead_set_nonce</span><span class="p">(</span><span class="n">psa_aead_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
-                                <span class="k">const</span> <span class="kt">unsigned</span> <span class="kt">char</span> <span class="o">*</span> <span class="n">nonce</span><span class="p">,</span>
-                                <span class="kt">size_t</span> <span class="n">nonce_length</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
-<dd>Active AEAD operation.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">nonce</span></code></dt>
-<dd>Buffer containing the nonce to use.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">nonce_length</span></code></dt>
-<dd>Size of the nonce in bytes.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>Success.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The operation state is not valid (not set up, or nonce already set).</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The size of <code class="docutils literal notranslate"><span class="pre">nonce</span></code> is not acceptable for the chosen algorithm.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Set the nonce for an authenticated encryption or decryption operation.</p>
-<p>This function sets the nonce for the authenticated encryption or decryption operation.</p>
-<p>The application must call <a class="reference internal" href="#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_encrypt_setup()</span></code></a> before calling this function.</p>
-<p>If this function returns an error status, the operation becomes inactive.</p>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">When encrypting, applications should use <a class="reference internal" href="#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_generate_nonce()</span></code></a> instead of this function, unless implementing a protocol that requires a non-random IV.</p>
-</div>
-</div>
-<div class="section" id="psa_aead_set_lengths">
-<span id="c.psa_aead_set_lengths"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_aead_set_lengths</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_aead_set_lengths</span><span class="p">(</span><span class="n">psa_aead_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
-                                  <span class="kt">size_t</span> <span class="n">ad_length</span><span class="p">,</span>
-                                  <span class="kt">size_t</span> <span class="n">plaintext_length</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
-<dd>Active AEAD operation.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">ad_length</span></code></dt>
-<dd>Size of the non-encrypted additional authenticated data in bytes.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">plaintext_length</span></code></dt>
-<dd>Size of the plaintext to encrypt in bytes.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>Success.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The operation state is not valid (not set up, already completed, or <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update_ad()</span></code></a> or <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update()</span></code></a> already called).</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>At least one of the lengths is not acceptable for the chosen algorithm.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Declare the lengths of the message and additional data for AEAD.</p>
-<p>The application must call this function before calling <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update_ad()</span></code></a> or <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update()</span></code></a> if the algorithm for the operation requires it. If the algorithm does not require it, calling this function is optional, but if this function is called then the implementation must enforce the lengths.</p>
-<p>You may call this function before or after setting the nonce with <a class="reference internal" href="#c.psa_aead_set_nonce" title="psa_aead_set_nonce"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_set_nonce()</span></code></a> or <a class="reference internal" href="#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_generate_nonce()</span></code></a>.</p>
-<ul class="simple">
-<li>For <a class="reference internal" href="#c.PSA_ALG_CCM" title="PSA_ALG_CCM"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_CCM</span></code></a>, calling this function is required.</li>
-<li>For the other AEAD algorithms defined in this specification, calling this function is not required.</li>
-<li>For vendor-defined algorithm, refer to the vendor documentation.</li>
-</ul>
-</div>
-<div class="section" id="psa_aead_update_ad">
-<span id="c.psa_aead_update_ad"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_aead_update_ad</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_aead_update_ad</span><span class="p">(</span><span class="n">psa_aead_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
-                                <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">input</span><span class="p">,</span>
-                                <span class="kt">size_t</span> <span class="n">input_length</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
-<dd>Active AEAD operation.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">input</span></code></dt>
-<dd>Buffer containing the fragment of additional data.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">input_length</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">input</span></code> buffer in bytes.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>Success.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The operation state is not valid (not set up, nonce not set, <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update()</span></code></a> already called, or operation already completed).</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The total input length overflows the additional data length that was previously specified with <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_set_lengths()</span></code></a>.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Pass additional data to an active AEAD operation.</p>
-<p>Additional data is authenticated, but not encrypted.</p>
-<p>You may call this function multiple times to pass successive fragments of the additional data. You may not call this function after passing data to encrypt or decrypt with <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update()</span></code></a>.</p>
-<p>Before calling this function, you must:</p>
-<ol class="arabic simple">
-<li>Call either <a class="reference internal" href="#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_encrypt_setup()</span></code></a> or <a class="reference internal" href="#c.psa_aead_decrypt_setup" title="psa_aead_decrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_decrypt_setup()</span></code></a>.</li>
-<li>Set the nonce with <a class="reference internal" href="#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_generate_nonce()</span></code></a> or <a class="reference internal" href="#c.psa_aead_set_nonce" title="psa_aead_set_nonce"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_set_nonce()</span></code></a>.</li>
-</ol>
-<p>If this function returns an error status, the operation becomes inactive.</p>
-<div class="admonition warning">
-<p class="first admonition-title">Warning</p>
-<p class="last">When decrypting, until <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_verify()</span></code></a> has returned <a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a>, there is no guarantee that the input is valid. Therefore, until you have called <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_verify()</span></code></a> and it has returned <a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a>, treat the input as untrusted and prepare to undo any action that depends on the input if <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_verify()</span></code></a> returns an error status.</p>
-</div>
-</div>
-<div class="section" id="psa_aead_update">
-<span id="c.psa_aead_update"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_aead_update</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_aead_update</span><span class="p">(</span><span class="n">psa_aead_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
-                             <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">input</span><span class="p">,</span>
-                             <span class="kt">size_t</span> <span class="n">input_length</span><span class="p">,</span>
-                             <span class="kt">unsigned</span> <span class="kt">char</span> <span class="o">*</span> <span class="n">output</span><span class="p">,</span>
-                             <span class="kt">size_t</span> <span class="n">output_size</span><span class="p">,</span>
-                             <span class="kt">size_t</span> <span class="o">*</span> <span class="n">output_length</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
-<dd>Active AEAD operation.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">input</span></code></dt>
-<dd>Buffer containing the message fragment to encrypt or decrypt.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">input_length</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">input</span></code> buffer in bytes.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">output</span></code></dt>
-<dd>Buffer where the output is to be written.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">output_size</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">output</span></code> buffer in bytes. This must be at least <a class="reference internal" href="#c.PSA_AEAD_UPDATE_OUTPUT_SIZE" title="PSA_AEAD_UPDATE_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_AEAD_UPDATE_OUTPUT_SIZE</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>, <code class="docutils literal notranslate"><span class="pre">input_length</span></code>) where <code class="docutils literal notranslate"><span class="pre">alg</span></code> is the algorithm that is being calculated.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">output_length</span></code></dt>
-<dd>On success, the number of bytes that make up the returned output.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>Success.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The operation state is not valid (not set up, nonce not set or already completed).</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The size of the <code class="docutils literal notranslate"><span class="pre">output</span></code> buffer is too small. You can determine a sufficient buffer size by calling <a class="reference internal" href="#c.PSA_AEAD_UPDATE_OUTPUT_SIZE" title="PSA_AEAD_UPDATE_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_AEAD_UPDATE_OUTPUT_SIZE</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>, <code class="docutils literal notranslate"><span class="pre">input_length</span></code>) where <code class="docutils literal notranslate"><span class="pre">alg</span></code> is the algorithm that is being calculated.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The total length of input to <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update_ad()</span></code></a> so far is less than the additional data length that was previously specified with <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_set_lengths()</span></code></a>.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The total input length overflows the plaintext length that was previously specified with <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_set_lengths()</span></code></a>.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Encrypt or decrypt a message fragment in an active AEAD operation.</p>
-<p>Before calling this function, you must:</p>
-<ol class="arabic simple">
-<li>Call either <a class="reference internal" href="#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_encrypt_setup()</span></code></a> or <a class="reference internal" href="#c.psa_aead_decrypt_setup" title="psa_aead_decrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_decrypt_setup()</span></code></a>. The choice of setup function determines whether this function encrypts or decrypts its input.</li>
-<li>Set the nonce with <a class="reference internal" href="#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_generate_nonce()</span></code></a> or <a class="reference internal" href="#c.psa_aead_set_nonce" title="psa_aead_set_nonce"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_set_nonce()</span></code></a>.</li>
-<li>Call <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update_ad()</span></code></a> to pass all the additional data.</li>
-</ol>
-<p>If this function returns an error status, the operation becomes inactive.</p>
-<div class="admonition warning">
-<p class="first admonition-title">Warning</p>
-<p>When decrypting, until <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_verify()</span></code></a> has returned <a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a>, there is no guarantee that the input is valid. Therefore, until you have called <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_verify()</span></code></a> and it has returned <a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a>:</p>
-<ul class="last simple">
-<li>Do not use the output in any way other than storing it in a confidential location. If you take any action that depends on the tentative decrypted data, this action will need to be undone if the input turns out not to be valid. Furthermore, if an adversary can observe that this action took place (for example through timing), they may be able to use this fact as an oracle to decrypt any message encrypted with the same key.</li>
-<li>In particular, do not copy the output anywhere but to a memory or storage space that you have exclusive access to.</li>
-</ul>
-</div>
-<p>This function does not require the input to be aligned to any particular block boundary. If the implementation can only process a whole block at a time, it must consume all the input provided, but it may delay the end of the corresponding output until a subsequent call to <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update()</span></code></a>, <a class="reference internal" href="#c.psa_aead_finish" title="psa_aead_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_finish()</span></code></a> or <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_verify()</span></code></a> provides sufficient input. The amount of data that can be delayed in this way is bounded by <a class="reference internal" href="#c.PSA_AEAD_UPDATE_OUTPUT_SIZE" title="PSA_AEAD_UPDATE_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_AEAD_UPDATE_OUTPUT_SIZE</span></code></a>.</p>
-</div>
-<div class="section" id="psa_aead_finish">
-<span id="c.psa_aead_finish"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_aead_finish</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_aead_finish</span><span class="p">(</span><span class="n">psa_aead_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
-                             <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">ciphertext</span><span class="p">,</span>
-                             <span class="kt">size_t</span> <span class="n">ciphertext_size</span><span class="p">,</span>
-                             <span class="kt">size_t</span> <span class="o">*</span> <span class="n">ciphertext_length</span><span class="p">,</span>
-                             <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">tag</span><span class="p">,</span>
-                             <span class="kt">size_t</span> <span class="n">tag_size</span><span class="p">,</span>
-                             <span class="kt">size_t</span> <span class="o">*</span> <span class="n">tag_length</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
-<dd>Active AEAD operation.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">ciphertext</span></code></dt>
-<dd>Buffer where the last part of the ciphertext is to be written.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">ciphertext_size</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">ciphertext</span></code> buffer in bytes. This must be at least <a class="reference internal" href="#c.PSA_AEAD_FINISH_OUTPUT_SIZE" title="PSA_AEAD_FINISH_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_AEAD_FINISH_OUTPUT_SIZE</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) where <code class="docutils literal notranslate"><span class="pre">alg</span></code> is the algorithm that is being calculated.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">ciphertext_length</span></code></dt>
-<dd>On success, the number of bytes of returned ciphertext.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">tag</span></code></dt>
-<dd>Buffer where the authentication tag is to be written.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">tag_size</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">tag</span></code> buffer in bytes. This must be at least <a class="reference internal" href="#c.PSA_AEAD_TAG_LENGTH" title="PSA_AEAD_TAG_LENGTH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_AEAD_TAG_LENGTH</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) where <code class="docutils literal notranslate"><span class="pre">alg</span></code> is the algorithm that is being calculated.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">tag_length</span></code></dt>
-<dd>On success, the number of bytes that make up the returned tag.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>Success.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The operation state is not valid (not set up, nonce not set, decryption, or already completed).</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The size of the <code class="docutils literal notranslate"><span class="pre">ciphertext</span></code> or <code class="docutils literal notranslate"><span class="pre">tag</span></code> buffer is too small. You can determine a sufficient buffer size for <code class="docutils literal notranslate"><span class="pre">ciphertext</span></code> by calling <a class="reference internal" href="#c.PSA_AEAD_FINISH_OUTPUT_SIZE" title="PSA_AEAD_FINISH_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_AEAD_FINISH_OUTPUT_SIZE</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) where <code class="docutils literal notranslate"><span class="pre">alg</span></code> is the algorithm that is being calculated. You can determine a sufficient buffer size for <code class="docutils literal notranslate"><span class="pre">tag</span></code> by calling <a class="reference internal" href="#c.PSA_AEAD_TAG_LENGTH" title="PSA_AEAD_TAG_LENGTH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_AEAD_TAG_LENGTH</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>).</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The total length of input to <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update_ad()</span></code></a> so far is less than the additional data length that was previously specified with <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_set_lengths()</span></code></a>.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The total length of input to <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update()</span></code></a> so far is less than the plaintext length that was previously specified with <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_set_lengths()</span></code></a>.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Finish encrypting a message in an AEAD operation.</p>
-<p>The operation must have been set up with <a class="reference internal" href="#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_encrypt_setup()</span></code></a>.</p>
-<p>This function finishes the authentication of the additional data formed by concatenating the inputs passed to preceding calls to <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update_ad()</span></code></a> with the plaintext formed by concatenating the inputs passed to preceding calls to <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update()</span></code></a>.</p>
-<p>This function has two output buffers:</p>
-<ul class="simple">
-<li><code class="docutils literal notranslate"><span class="pre">ciphertext</span></code> contains trailing ciphertext that was buffered from preceding calls to <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update()</span></code></a>.</li>
-<li><code class="docutils literal notranslate"><span class="pre">tag</span></code> contains the authentication tag. Its length is always <a class="reference internal" href="#c.PSA_AEAD_TAG_LENGTH" title="PSA_AEAD_TAG_LENGTH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_AEAD_TAG_LENGTH</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) where <code class="docutils literal notranslate"><span class="pre">alg</span></code> is the AEAD algorithm that the operation performs.</li>
-</ul>
-<p>When this function returns, the operation becomes inactive.</p>
-</div>
-<div class="section" id="psa_aead_verify">
-<span id="c.psa_aead_verify"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_aead_verify</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_aead_verify</span><span class="p">(</span><span class="n">psa_aead_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
-                             <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">plaintext</span><span class="p">,</span>
-                             <span class="kt">size_t</span> <span class="n">plaintext_size</span><span class="p">,</span>
-                             <span class="kt">size_t</span> <span class="o">*</span> <span class="n">plaintext_length</span><span class="p">,</span>
-                             <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">tag</span><span class="p">,</span>
-                             <span class="kt">size_t</span> <span class="n">tag_length</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
-<dd>Active AEAD operation.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">plaintext</span></code></dt>
-<dd>Buffer where the last part of the plaintext is to be written. This is the remaining data from previous calls to <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update()</span></code></a> that could not be processed until the end of the input.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">plaintext_size</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">plaintext</span></code> buffer in bytes. This must be at least <a class="reference internal" href="#c.PSA_AEAD_VERIFY_OUTPUT_SIZE" title="PSA_AEAD_VERIFY_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_AEAD_VERIFY_OUTPUT_SIZE</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) where <code class="docutils literal notranslate"><span class="pre">alg</span></code> is the algorithm that is being calculated.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">plaintext_length</span></code></dt>
-<dd>On success, the number of bytes of returned plaintext.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">tag</span></code></dt>
-<dd>Buffer containing the authentication tag.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">tag_length</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">tag</span></code> buffer in bytes.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>Success.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The operation state is not valid (not set up, nonce not set, encryption, or already completed).</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The size of the <code class="docutils literal notranslate"><span class="pre">plaintext</span></code> buffer is too small. You can determine a sufficient buffer size for <code class="docutils literal notranslate"><span class="pre">plaintext</span></code> by calling <a class="reference internal" href="#c.PSA_AEAD_VERIFY_OUTPUT_SIZE" title="PSA_AEAD_VERIFY_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_AEAD_VERIFY_OUTPUT_SIZE</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) where <code class="docutils literal notranslate"><span class="pre">alg</span></code> is the algorithm that is being calculated.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The total length of input to <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update_ad()</span></code></a> so far is less than the additional data length that was previously specified with <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_set_lengths()</span></code></a>.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The total length of input to <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update()</span></code></a> so far is less than the plaintext length that was previously specified with <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_set_lengths()</span></code></a>.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Finish authenticating and decrypting a message in an AEAD operation.</p>
-<p>The operation must have been set up with <a class="reference internal" href="#c.psa_aead_decrypt_setup" title="psa_aead_decrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_decrypt_setup()</span></code></a>.</p>
-<p>This function finishes the authentication of the additional data formed by concatenating the inputs passed to preceding calls to <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update_ad()</span></code></a> with the ciphertext formed by concatenating the inputs passed to preceding calls to <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update()</span></code></a>.</p>
-<p>When this function returns, the operation becomes inactive.</p>
-</div>
-<div class="section" id="psa_aead_abort">
-<span id="c.psa_aead_abort"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_aead_abort</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_aead_abort</span><span class="p">(</span><span class="n">psa_aead_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
-<dd>Initialized AEAD operation.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">operation</span></code> is not an active AEAD operation.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Abort an AEAD operation.</p>
-<p>Aborting an operation frees all associated resources except for the <code class="docutils literal notranslate"><span class="pre">operation</span></code> structure itself. Once aborted, the operation object can be reused for another operation by calling <a class="reference internal" href="#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_encrypt_setup()</span></code></a> or <a class="reference internal" href="#c.psa_aead_decrypt_setup" title="psa_aead_decrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_decrypt_setup()</span></code></a> again.</p>
-<p>You may call this function any time after the operation object has been initialized by any of the following methods:</p>
-<ul class="simple">
-<li>A call to <a class="reference internal" href="#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_encrypt_setup()</span></code></a> or <a class="reference internal" href="#c.psa_aead_decrypt_setup" title="psa_aead_decrypt_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_decrypt_setup()</span></code></a>, whether it succeeds or not.</li>
-<li>Initializing the <code class="docutils literal notranslate"><span class="pre">struct</span></code> to all-bits-zero.</li>
-<li>Initializing the <code class="docutils literal notranslate"><span class="pre">struct</span></code> to logical zeros, e.g. <code class="docutils literal notranslate"><span class="pre">psa_aead_operation_t</span> <span class="pre">operation</span> <span class="pre">=</span> <span class="pre">{0}</span></code>.</li>
-</ul>
-<p>In particular, calling <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_abort()</span></code></a> after the operation has been terminated by a call to <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_abort()</span></code></a> or <a class="reference internal" href="#c.psa_aead_finish" title="psa_aead_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_finish()</span></code></a> is safe and has no effect.</p>
-</div>
-</div>
-<div class="section" id="asymmetric-cryptography">
-<h1>Asymmetric cryptography</h1>
-<div class="section" id="psa_asymmetric_sign">
-<span id="c.psa_asymmetric_sign"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_asymmetric_sign</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_asymmetric_sign</span><span class="p">(</span><span class="n">psa_key_handle_t</span> <span class="n">handle</span><span class="p">,</span>
-                                 <span class="n">psa_algorithm_t</span> <span class="n">alg</span><span class="p">,</span>
-                                 <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">hash</span><span class="p">,</span>
-                                 <span class="kt">size_t</span> <span class="n">hash_length</span><span class="p">,</span>
-                                 <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">signature</span><span class="p">,</span>
-                                 <span class="kt">size_t</span> <span class="n">signature_size</span><span class="p">,</span>
-                                 <span class="kt">size_t</span> <span class="o">*</span> <span class="n">signature_length</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
-<dd>Handle to the key to use for the operation. It must be an asymmetric key pair.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>A signature algorithm that is compatible with the type of <code class="docutils literal notranslate"><span class="pre">handle</span></code>.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">hash</span></code></dt>
-<dd>The hash or message to sign.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">hash_length</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">hash</span></code> buffer in bytes.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">signature</span></code></dt>
-<dd>Buffer where the signature is to be written.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">signature_size</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">signature</span></code> buffer in bytes.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">signature_length</span></code></dt>
-<dd>On success, the number of bytes that make up the returned signature value.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The size of the <code class="docutils literal notranslate"><span class="pre">signature</span></code> buffer is too small. You can determine a sufficient buffer size by calling <a class="reference internal" href="#c.PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE" title="PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE</span></code></a>(<code class="docutils literal notranslate"><span class="pre">key_type</span></code>, <code class="docutils literal notranslate"><span class="pre">key_bits</span></code>, <code class="docutils literal notranslate"><span class="pre">alg</span></code>) where <code class="docutils literal notranslate"><span class="pre">key_type</span></code> and <code class="docutils literal notranslate"><span class="pre">key_bits</span></code> are the type and bit-size respectively of <code class="docutils literal notranslate"><span class="pre">handle</span></code>.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_ENTROPY" title="PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The library has not been previously initialized by <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Sign a hash or short message with a private key.</p>
-<p>Note that to perform a hash-and-sign signature algorithm, you must first calculate the hash by calling <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_setup()</span></code></a>, <a class="reference internal" href="#c.psa_hash_update" title="psa_hash_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_update()</span></code></a> and <a class="reference internal" href="#c.psa_hash_finish" title="psa_hash_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_finish()</span></code></a>. Then pass the resulting hash as the <code class="docutils literal notranslate"><span class="pre">hash</span></code> parameter to this function. You can use <a class="reference internal" href="#c.PSA_ALG_SIGN_GET_HASH" title="PSA_ALG_SIGN_GET_HASH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_SIGN_GET_HASH</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) to determine the hash algorithm to use.</p>
-</div>
-<div class="section" id="psa_asymmetric_verify">
-<span id="c.psa_asymmetric_verify"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_asymmetric_verify</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_asymmetric_verify</span><span class="p">(</span><span class="n">psa_key_handle_t</span> <span class="n">handle</span><span class="p">,</span>
-                                   <span class="n">psa_algorithm_t</span> <span class="n">alg</span><span class="p">,</span>
-                                   <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">hash</span><span class="p">,</span>
-                                   <span class="kt">size_t</span> <span class="n">hash_length</span><span class="p">,</span>
-                                   <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">signature</span><span class="p">,</span>
-                                   <span class="kt">size_t</span> <span class="n">signature_length</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
-<dd>Handle to the key to use for the operation. It must be a public key or an asymmetric key pair.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>A signature algorithm that is compatible with the type of <code class="docutils literal notranslate"><span class="pre">handle</span></code>.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">hash</span></code></dt>
-<dd>The hash or message whose signature is to be verified.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">hash_length</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">hash</span></code> buffer in bytes.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">signature</span></code></dt>
-<dd>Buffer containing the signature to verify.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">signature_length</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">signature</span></code> buffer in bytes.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The signature is valid.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The calculation was perfomed successfully, but the passed signature is not a valid signature.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The library has not been previously initialized by <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Verify the signature a hash or short message using a public key.</p>
-<p>Note that to perform a hash-and-sign signature algorithm, you must first calculate the hash by calling <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_setup()</span></code></a>, <a class="reference internal" href="#c.psa_hash_update" title="psa_hash_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_update()</span></code></a> and <a class="reference internal" href="#c.psa_hash_finish" title="psa_hash_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_finish()</span></code></a>. Then pass the resulting hash as the <code class="docutils literal notranslate"><span class="pre">hash</span></code> parameter to this function. You can use <a class="reference internal" href="#c.PSA_ALG_SIGN_GET_HASH" title="PSA_ALG_SIGN_GET_HASH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_SIGN_GET_HASH</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) to determine the hash algorithm to use.</p>
-</div>
-<div class="section" id="psa_asymmetric_encrypt">
-<span id="c.psa_asymmetric_encrypt"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_asymmetric_encrypt</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_asymmetric_encrypt</span><span class="p">(</span><span class="n">psa_key_handle_t</span> <span class="n">handle</span><span class="p">,</span>
-                                    <span class="n">psa_algorithm_t</span> <span class="n">alg</span><span class="p">,</span>
-                                    <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">input</span><span class="p">,</span>
-                                    <span class="kt">size_t</span> <span class="n">input_length</span><span class="p">,</span>
-                                    <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">salt</span><span class="p">,</span>
-                                    <span class="kt">size_t</span> <span class="n">salt_length</span><span class="p">,</span>
-                                    <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">output</span><span class="p">,</span>
-                                    <span class="kt">size_t</span> <span class="n">output_size</span><span class="p">,</span>
-                                    <span class="kt">size_t</span> <span class="o">*</span> <span class="n">output_length</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
-<dd>Handle to the key to use for the operation. It must be a public key or an asymmetric key pair.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>An asymmetric encryption algorithm that is compatible with the type of <code class="docutils literal notranslate"><span class="pre">handle</span></code>.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">input</span></code></dt>
-<dd>The message to encrypt.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">input_length</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">input</span></code> buffer in bytes.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">salt</span></code></dt>
-<dd>A salt or label, if supported by the encryption algorithm. If the algorithm does not support a salt, pass <code class="docutils literal notranslate"><span class="pre">NULL</span></code>. If the algorithm supports an optional salt and you do not want to pass a salt, pass <code class="docutils literal notranslate"><span class="pre">NULL</span></code>.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">salt_length</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">salt</span></code> buffer in bytes. If <code class="docutils literal notranslate"><span class="pre">salt</span></code> is <code class="docutils literal notranslate"><span class="pre">NULL</span></code>, pass 0.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">output</span></code></dt>
-<dd>Buffer where the encrypted message is to be written.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">output_size</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">output</span></code> buffer in bytes.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">output_length</span></code></dt>
-<dd>On success, the number of bytes that make up the returned output.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The size of the <code class="docutils literal notranslate"><span class="pre">output</span></code> buffer is too small. You can determine a sufficient buffer size by calling <a class="reference internal" href="#c.PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE" title="PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE</span></code></a>(<code class="docutils literal notranslate"><span class="pre">key_type</span></code>, <code class="docutils literal notranslate"><span class="pre">key_bits</span></code>, <code class="docutils literal notranslate"><span class="pre">alg</span></code>) where <code class="docutils literal notranslate"><span class="pre">key_type</span></code> and <code class="docutils literal notranslate"><span class="pre">key_bits</span></code> are the type and bit-size respectively of <code class="docutils literal notranslate"><span class="pre">handle</span></code>.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_ENTROPY" title="PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The library has not been previously initialized by <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Encrypt a short message with a public key.</p>
-<ul class="simple">
-<li>For <a class="reference internal" href="#c.PSA_ALG_RSA_PKCS1V15_CRYPT" title="PSA_ALG_RSA_PKCS1V15_CRYPT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PKCS1V15_CRYPT</span></code></a>, no salt is supported.</li>
-</ul>
-</div>
-<div class="section" id="psa_asymmetric_decrypt">
-<span id="c.psa_asymmetric_decrypt"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_asymmetric_decrypt</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_asymmetric_decrypt</span><span class="p">(</span><span class="n">psa_key_handle_t</span> <span class="n">handle</span><span class="p">,</span>
-                                    <span class="n">psa_algorithm_t</span> <span class="n">alg</span><span class="p">,</span>
-                                    <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">input</span><span class="p">,</span>
-                                    <span class="kt">size_t</span> <span class="n">input_length</span><span class="p">,</span>
-                                    <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">salt</span><span class="p">,</span>
-                                    <span class="kt">size_t</span> <span class="n">salt_length</span><span class="p">,</span>
-                                    <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">output</span><span class="p">,</span>
-                                    <span class="kt">size_t</span> <span class="n">output_size</span><span class="p">,</span>
-                                    <span class="kt">size_t</span> <span class="o">*</span> <span class="n">output_length</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
-<dd>Handle to the key to use for the operation. It must be an asymmetric key pair.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>An asymmetric encryption algorithm that is compatible with the type of <code class="docutils literal notranslate"><span class="pre">handle</span></code>.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">input</span></code></dt>
-<dd>The message to decrypt.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">input_length</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">input</span></code> buffer in bytes.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">salt</span></code></dt>
-<dd>A salt or label, if supported by the encryption algorithm. If the algorithm does not support a salt, pass <code class="docutils literal notranslate"><span class="pre">NULL</span></code>. If the algorithm supports an optional salt and you do not want to pass a salt, pass <code class="docutils literal notranslate"><span class="pre">NULL</span></code>.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">salt_length</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">salt</span></code> buffer in bytes. If <code class="docutils literal notranslate"><span class="pre">salt</span></code> is <code class="docutils literal notranslate"><span class="pre">NULL</span></code>, pass 0.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">output</span></code></dt>
-<dd>Buffer where the decrypted message is to be written.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">output_size</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">output</span></code> buffer in bytes.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">output_length</span></code></dt>
-<dd>On success, the number of bytes that make up the returned output.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The size of the <code class="docutils literal notranslate"><span class="pre">output</span></code> buffer is too small. You can determine a sufficient buffer size by calling <a class="reference internal" href="#c.PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE" title="PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE</span></code></a>(<code class="docutils literal notranslate"><span class="pre">key_type</span></code>, <code class="docutils literal notranslate"><span class="pre">key_bits</span></code>, <code class="docutils literal notranslate"><span class="pre">alg</span></code>) where <code class="docutils literal notranslate"><span class="pre">key_type</span></code> and <code class="docutils literal notranslate"><span class="pre">key_bits</span></code> are the type and bit-size respectively of <code class="docutils literal notranslate"><span class="pre">handle</span></code>.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_ENTROPY" title="PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_PADDING" title="PSA_ERROR_INVALID_PADDING"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_PADDING</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The library has not been previously initialized by <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Decrypt a short message with a private key.</p>
-<ul class="simple">
-<li>For <a class="reference internal" href="#c.PSA_ALG_RSA_PKCS1V15_CRYPT" title="PSA_ALG_RSA_PKCS1V15_CRYPT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PKCS1V15_CRYPT</span></code></a>, no salt is supported.</li>
-</ul>
-</div>
-</div>
-<div class="section" id="key-derivation-and-pseudorandom-generation">
-<h1>Key derivation and pseudorandom generation</h1>
-<div class="section" id="psa_key_derivation_operation_t">
-<span id="c.psa_key_derivation_operation_t"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_operation_t</span></code> (type)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="k">typedef</span> <span class="k">struct</span> <span class="n">psa_key_derivation_s</span> <span class="n">psa_key_derivation_operation_t</span><span class="p">;</span>
-</pre></div>
-</div>
-<p>The type of the state data structure for key derivation operations.</p>
-<p>Before calling any function on a key derivation operation object, the application must initialize it by any of the following means:</p>
-<ul>
-<li><p class="first">Set the structure to all-bits-zero, for example:</p>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_key_derivation_operation_t</span> <span class="n">operation</span><span class="p">;</span>
-<span class="n">memset</span><span class="p">(</span><span class="o">&amp;</span><span class="n">operation</span><span class="p">,</span> <span class="mi">0</span><span class="p">,</span> <span class="k">sizeof</span><span class="p">(</span><span class="n">operation</span><span class="p">));</span>
-</pre></div>
-</div>
-</li>
-<li><p class="first">Initialize the structure to logical zero values, for example:</p>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_key_derivation_operation_t</span> <span class="n">operation</span> <span class="o">=</span> <span class="p">{</span><span class="mi">0</span><span class="p">};</span>
-</pre></div>
-</div>
-</li>
-<li><p class="first">Initialize the structure to the initializer <a class="reference internal" href="#c.PSA_KEY_DERIVATION_OPERATION_INIT" title="PSA_KEY_DERIVATION_OPERATION_INIT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_OPERATION_INIT</span></code></a>, for example:</p>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_key_derivation_operation_t</span> <span class="n">operation</span> <span class="o">=</span> <span class="n">PSA_KEY_DERIVATION_OPERATION_INIT</span><span class="p">;</span>
-</pre></div>
-</div>
-</li>
-<li><p class="first">Assign the result of the function <a class="reference internal" href="#c.psa_key_derivation_operation_init" title="psa_key_derivation_operation_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_operation_init()</span></code></a> to the structure, for example:</p>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_key_derivation_operation_t</span> <span class="n">operation</span><span class="p">;</span>
-<span class="n">operation</span> <span class="o">=</span> <span class="n">psa_key_derivation_operation_init</span><span class="p">();</span>
-</pre></div>
-</div>
-</li>
-</ul>
-<p>This is an implementation-defined <code class="docutils literal notranslate"><span class="pre">struct</span></code>. Applications should not make any assumptions about the content of this structure except as directed by the documentation of a specific implementation.</p>
-</div>
-<div class="section" id="PSA_KEY_DERIVATION_OPERATION_INIT">
-<span id="c.PSA_KEY_DERIVATION_OPERATION_INIT"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_OPERATION_INIT</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_DERIVATION_OPERATION_INIT  {0}</span>
-</pre></div>
-</div>
-<p>This macro returns a suitable initializer for a key derivation operation object of type <a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_key_derivation_operation_t</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_KEY_DERIVATION_UNLIMITED_CAPACITY">
-<span id="c.PSA_KEY_DERIVATION_UNLIMITED_CAPACITY"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_UNLIMITED_CAPACITY</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_DERIVATION_UNLIMITED_CAPACITY  ((size_t)(-1))</span>
-</pre></div>
-</div>
-<p>Use the maximum possible capacity for a key derivation operation.</p>
-<p>Use this value as the capacity argument when setting up a key derivation to indicate that the operation should have the maximum possible capacity. The value of the maximum possible capacity depends on the key derivation algorithm.</p>
-</div>
-<div class="section" id="psa_key_derivation_operation_init">
-<span id="c.psa_key_derivation_operation_init"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_operation_init</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_key_derivation_operation_t</span> <span class="nf">psa_key_derivation_operation_init</span><span class="p">(</span><span class="kt">void</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_operation_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Return an initial value for a key derivation operation object.</p>
-</div>
-<div class="section" id="psa_key_derivation_setup">
-<span id="c.psa_key_derivation_setup"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_setup</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_key_derivation_setup</span><span class="p">(</span><span class="n">psa_key_derivation_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
-                                      <span class="n">psa_algorithm_t</span> <span class="n">alg</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
-<dd>The key derivation operation object to set up. It must have been initialized but not set up yet.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>The key derivation algorithm to compute (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_KEY_DERIVATION" title="PSA_ALG_IS_KEY_DERIVATION"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_KEY_DERIVATION</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>Success.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a key derivation algorithm.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">alg</span></code> is not supported or is not a key derivation algorithm.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Set up a key derivation operation.</p>
-<p>A key derivation algorithm takes some inputs and uses them to generate a byte stream in a deterministic way. This byte stream can be used to produce keys and other cryptographic material.</p>
-<p>To derive a key:</p>
-<ul class="simple">
-<li>Start with an initialized object of type <a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_key_derivation_operation_t</span></code></a>.</li>
-<li>Call <a class="reference internal" href="#c.psa_key_derivation_setup" title="psa_key_derivation_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_setup()</span></code></a> to select the algorithm.</li>
-<li>Provide the inputs for the key derivation by calling <a class="reference internal" href="#c.psa_key_derivation_input_bytes" title="psa_key_derivation_input_bytes"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_input_bytes()</span></code></a> or <a class="reference internal" href="#c.psa_key_derivation_input_key" title="psa_key_derivation_input_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_input_key()</span></code></a> as appropriate. Which inputs are needed, in what order, and whether they may be keys and if so of what type depends on the algorithm.</li>
-<li>Optionally set the operation’s maximum capacity with <a class="reference internal" href="#c.psa_key_derivation_set_capacity" title="psa_key_derivation_set_capacity"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_set_capacity()</span></code></a>. You may do this before, in the middle of or after providing inputs. For some algorithms, this step is mandatory because the output depends on the maximum capacity.</li>
-<li>To derive a key, call <a class="reference internal" href="#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_output_key()</span></code></a>. To derive a byte string for a different purpose, call</li>
-<li><a class="reference internal" href="#c.psa_key_derivation_output_bytes" title="psa_key_derivation_output_bytes"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_output_bytes()</span></code></a>. Successive calls to these functions use successive output bytes calculated by the key derivation algorithm.</li>
-<li>Clean up the key derivation operation object with <a class="reference internal" href="#c.psa_key_derivation_abort" title="psa_key_derivation_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_abort()</span></code></a>.</li>
-</ul>
-</div>
-<div class="section" id="psa_key_derivation_get_capacity">
-<span id="c.psa_key_derivation_get_capacity"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_get_capacity</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_key_derivation_get_capacity</span><span class="p">(</span><span class="k">const</span> <span class="n">psa_key_derivation_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
-                                             <span class="kt">size_t</span> <span class="o">*</span> <span class="n">capacity</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
-<dd>The operation to query.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">capacity</span></code></dt>
-<dd>On success, the capacity of the operation.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Retrieve the current capacity of a key derivation operation.</p>
-<p>The capacity of a key derivation is the maximum number of bytes that it can return. When you get <em>N</em> bytes of output from a key derivation operation, this reduces its capacity by <em>N</em>.</p>
-</div>
-<div class="section" id="psa_key_derivation_set_capacity">
-<span id="c.psa_key_derivation_set_capacity"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_set_capacity</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_key_derivation_set_capacity</span><span class="p">(</span><span class="n">psa_key_derivation_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
-                                             <span class="kt">size_t</span> <span class="n">capacity</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
-<dd>The key derivation operation object to modify.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">capacity</span></code></dt>
-<dd>The new capacity of the operation. It must be less or equal to the operation’s current capacity.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">capacity</span></code> is larger than the operation’s current capacity. In this case, the operation object remains valid and its capacity remains unchanged.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Set the maximum capacity of a key derivation operation.</p>
-<p>The capacity of a key derivation operation is the maximum number of bytes that the key derivation operation can return from this point onwards.</p>
-</div>
-<div class="section" id="psa_key_derivation_input_bytes">
-<span id="c.psa_key_derivation_input_bytes"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_input_bytes</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_key_derivation_input_bytes</span><span class="p">(</span><span class="n">psa_key_derivation_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
-                                            <span class="n">psa_key_derivation_step_t</span> <span class="n">step</span><span class="p">,</span>
-                                            <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">data</span><span class="p">,</span>
-                                            <span class="kt">size_t</span> <span class="n">data_length</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
-<dd>The key derivation operation object to use. It must have been set up with <a class="reference internal" href="#c.psa_key_derivation_setup" title="psa_key_derivation_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_setup()</span></code></a> and must not have produced any output yet.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">step</span></code></dt>
-<dd>Which step the input data is for.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">data</span></code></dt>
-<dd>Input data to use.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">data_length</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">data</span></code> buffer in bytes.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>Success.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">step</span></code> is not compatible with the operation’s algorithm.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">step</span></code> does not allow direct inputs.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The value of <code class="docutils literal notranslate"><span class="pre">step</span></code> is not valid given the state of <code class="docutils literal notranslate"><span class="pre">operation</span></code>.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The library has not been previously initialized by <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Provide an input for key derivation or key agreement.</p>
-<p>Which inputs are required and in what order depends on the algorithm. Refer to the documentation of each key derivation or key agreement algorithm for information.</p>
-<p>This function passes direct inputs. Some inputs must be passed as keys using <a class="reference internal" href="#c.psa_key_derivation_input_key" title="psa_key_derivation_input_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_input_key()</span></code></a> instead of this function. Refer to the documentation of individual step types for information.</p>
-</div>
-<div class="section" id="psa_key_derivation_input_key">
-<span id="c.psa_key_derivation_input_key"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_input_key</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_key_derivation_input_key</span><span class="p">(</span><span class="n">psa_key_derivation_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
-                                          <span class="n">psa_key_derivation_step_t</span> <span class="n">step</span><span class="p">,</span>
-                                          <span class="n">psa_key_handle_t</span> <span class="n">handle</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
-<dd>The key derivation operation object to use. It must have been set up with <a class="reference internal" href="#c.psa_key_derivation_setup" title="psa_key_derivation_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_setup()</span></code></a> and must not have produced any output yet.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">step</span></code></dt>
-<dd>Which step the input data is for.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
-<dd>Handle to the key. It must have an appropriate type for <code class="docutils literal notranslate"><span class="pre">step</span></code> and must allow the usage <a class="reference internal" href="#c.PSA_KEY_USAGE_DERIVE" title="PSA_KEY_USAGE_DERIVE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code></a>.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>Success.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_DOES_NOT_EXIST" title="PSA_ERROR_DOES_NOT_EXIST"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_DOES_NOT_EXIST</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">step</span></code> is not compatible with the operation’s algorithm.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">step</span></code> does not allow key inputs.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The value of <code class="docutils literal notranslate"><span class="pre">step</span></code> is not valid given the state of <code class="docutils literal notranslate"><span class="pre">operation</span></code>.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The library has not been previously initialized by <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Provide an input for key derivation in the form of a key.</p>
-<p>Which inputs are required and in what order depends on the algorithm. Refer to the documentation of each key derivation or key agreement algorithm for information.</p>
-<p>This function passes key inputs. Some inputs must be passed as keys of the appropriate type using this function, while others must be passed as direct inputs using <a class="reference internal" href="#c.psa_key_derivation_input_bytes" title="psa_key_derivation_input_bytes"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_input_bytes()</span></code></a>. Refer to the documentation of individual step types for information.</p>
-</div>
-<div class="section" id="psa_key_derivation_key_agreement">
-<span id="c.psa_key_derivation_key_agreement"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_key_agreement</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_key_derivation_key_agreement</span><span class="p">(</span><span class="n">psa_key_derivation_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
-                                              <span class="n">psa_key_derivation_step_t</span> <span class="n">step</span><span class="p">,</span>
-                                              <span class="n">psa_key_handle_t</span> <span class="n">private_key</span><span class="p">,</span>
-                                              <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">peer_key</span><span class="p">,</span>
-                                              <span class="kt">size_t</span> <span class="n">peer_key_length</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
-<dd>The key derivation operation object to use. It must have been set up with <a class="reference internal" href="#c.psa_key_derivation_setup" title="psa_key_derivation_setup"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_setup()</span></code></a> with a key agreement and derivation algorithm <code class="docutils literal notranslate"><span class="pre">alg</span></code> (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_KEY_AGREEMENT" title="PSA_ALG_IS_KEY_AGREEMENT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_KEY_AGREEMENT</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true and <a class="reference internal" href="#c.PSA_ALG_IS_RAW_KEY_AGREEMENT" title="PSA_ALG_IS_RAW_KEY_AGREEMENT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_RAW_KEY_AGREEMENT</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is false). The operation must be ready for an input of the type given by <code class="docutils literal notranslate"><span class="pre">step</span></code>.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">step</span></code></dt>
-<dd>Which step the input data is for.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">private_key</span></code></dt>
-<dd>Handle to the private key to use.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">peer_key</span></code></dt>
-<dd>Public key of the peer. The peer key must be in the same format that <a class="reference internal" href="#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_import_key()</span></code></a> accepts for the public key type corresponding to the type of private_key. That is, this function performs the equivalent of <a class="reference internal" href="#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_import_key</span></code></a>(…, <code class="docutils literal notranslate"><span class="pre">peer_key</span></code>, <code class="docutils literal notranslate"><span class="pre">peer_key_length</span></code>) where with key attributes indicating the public key type corresponding to the type of <code class="docutils literal notranslate"><span class="pre">private_key</span></code>. For example, for EC keys, this means that peer_key is interpreted as a point on the curve that the private key is on. The standard formats for public keys are documented in the documentation of <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_export_public_key()</span></code></a>.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">peer_key_length</span></code></dt>
-<dd>Size of <code class="docutils literal notranslate"><span class="pre">peer_key</span></code> in bytes.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>Success.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_DOES_NOT_EXIST" title="PSA_ERROR_DOES_NOT_EXIST"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_DOES_NOT_EXIST</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">private_key</span></code> is not compatible with <code class="docutils literal notranslate"><span class="pre">alg</span></code>, or <code class="docutils literal notranslate"><span class="pre">peer_key</span></code> is not valid for <code class="docutils literal notranslate"><span class="pre">alg</span></code> or not compatible with <code class="docutils literal notranslate"><span class="pre">private_key</span></code>.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">alg</span></code> is not supported or is not a key derivation algorithm.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Perform a key agreement and use the shared secret as input to a key derivation.</p>
-<p>A key agreement algorithm takes two inputs: a private key <code class="docutils literal notranslate"><span class="pre">private_key</span></code> a public key <code class="docutils literal notranslate"><span class="pre">peer_key</span></code>. The result of this function is passed as input to a key derivation. The output of this key derivation can be extracted by reading from the resulting operation to produce keys and other cryptographic material.</p>
-</div>
-<div class="section" id="psa_key_derivation_output_bytes">
-<span id="c.psa_key_derivation_output_bytes"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_output_bytes</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_key_derivation_output_bytes</span><span class="p">(</span><span class="n">psa_key_derivation_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
-                                             <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">output</span><span class="p">,</span>
-                                             <span class="kt">size_t</span> <span class="n">output_length</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
-<dd>The key derivation operation object to read from.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">output</span></code></dt>
-<dd>Buffer where the output will be written.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">output_length</span></code></dt>
-<dd>Number of bytes to output.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_DATA" title="PSA_ERROR_INSUFFICIENT_DATA"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_DATA</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The operation’s capacity was less than <code class="docutils literal notranslate"><span class="pre">output_length</span></code> bytes. Note that in this case, no output is written to the output buffer. The operation’s capacity is set to 0, thus subsequent calls to this function will not succeed, even with a smaller output buffer.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Read some data from a key derivation operation.</p>
-<p>This function calculates output bytes from a key derivation algorithm and return those bytes. If you view the key derivation’s output as a stream of bytes, this function destructively reads the requested number of bytes from the stream. The operation’s capacity decreases by the number of bytes read.</p>
-</div>
-<div class="section" id="psa_key_derivation_output_key">
-<span id="c.psa_key_derivation_output_key"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_output_key</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_key_derivation_output_key</span><span class="p">(</span><span class="k">const</span> <span class="n">psa_key_attributes_t</span> <span class="o">*</span> <span class="n">attributes</span><span class="p">,</span>
-                                           <span class="n">psa_key_derivation_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">,</span>
-                                           <span class="n">psa_key_handle_t</span> <span class="o">*</span> <span class="n">handle</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">attributes</span></code></dt>
-<dd>The attributes for the new key.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
-<dd>The key derivation operation object to read from.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
-<dd>On success, a handle to the newly created key. <code class="docutils literal notranslate"><span class="pre">0</span></code> on failure.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>Success. If the key is persistent, the key material and the key’s metadata have been saved to persistent storage.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_ALREADY_EXISTS" title="PSA_ERROR_ALREADY_EXISTS"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_ALREADY_EXISTS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>This is an attempt to create a persistent key, and there is already a persistent key with the given identifier.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_DATA" title="PSA_ERROR_INSUFFICIENT_DATA"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_DATA</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>There was not enough data to create the desired key. Note that in this case, no output is written to the output buffer. The operation’s capacity is set to 0, thus subsequent calls to this function will not succeed, even with a smaller output buffer.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The key type or key size is not supported, either by the implementation in general or in this particular location.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_STORAGE" title="PSA_ERROR_INSUFFICIENT_STORAGE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_STORAGE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The library has not been previously initialized by <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Derive a key from an ongoing key derivation operation.</p>
-<p>This function calculates output bytes from a key derivation algorithm and uses those bytes to generate a key deterministically. If you view the key derivation’s output as a stream of bytes, this function destructively reads as many bytes as required from the stream. The operation’s capacity decreases by the number of bytes read.</p>
-<p>How much output is produced and consumed from the operation, and how the key is derived, depends on the key type:</p>
-<ul class="simple">
-<li>For key types for which the key is an arbitrary sequence of bytes of a given size, this function is functionally equivalent to calling <a class="reference internal" href="#c.psa_key_derivation_output_bytes" title="psa_key_derivation_output_bytes"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_output_bytes</span></code></a> and passing the resulting output to <a class="reference internal" href="#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_import_key</span></code></a>. However, this function has a security benefit: if the implementation provides an isolation boundary then the key material is not exposed outside the isolation boundary. As a consequence, for these key types, this function always consumes exactly (<code class="docutils literal notranslate"><span class="pre">bits</span></code> / 8) bytes from the operation. The following key types defined in this specification follow this scheme:<ul>
-<li><a class="reference internal" href="#c.PSA_KEY_TYPE_AES" title="PSA_KEY_TYPE_AES"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_AES</span></code></a>;</li>
-<li><a class="reference internal" href="#c.PSA_KEY_TYPE_ARC4" title="PSA_KEY_TYPE_ARC4"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ARC4</span></code></a>;</li>
-<li><a class="reference internal" href="#c.PSA_KEY_TYPE_CAMELLIA" title="PSA_KEY_TYPE_CAMELLIA"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CAMELLIA</span></code></a>;</li>
-<li><a class="reference internal" href="#c.PSA_KEY_TYPE_DERIVE" title="PSA_KEY_TYPE_DERIVE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DERIVE</span></code></a>;</li>
-<li><a class="reference internal" href="#c.PSA_KEY_TYPE_HMAC" title="PSA_KEY_TYPE_HMAC"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_HMAC</span></code></a>.</li>
-</ul>
-</li>
-<li>For ECC keys on a Montgomery elliptic curve (<a class="reference internal" href="#c.PSA_KEY_TYPE_ECC_KEY_PAIR" title="PSA_KEY_TYPE_ECC_KEY_PAIR"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR</span></code></a>(<code class="docutils literal notranslate"><span class="pre">curve</span></code>) where <code class="docutils literal notranslate"><span class="pre">curve</span></code> designates a Montgomery curve), this function always draws a byte string whose length is determined by the curve, and sets the mandatory bits accordingly. That is:<ul>
-<li><a class="reference internal" href="#c.PSA_ECC_CURVE_CURVE25519" title="PSA_ECC_CURVE_CURVE25519"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_CURVE25519</span></code></a>: draw a 32-byte string and process it as specified in RFC 7748 §5.</li>
-<li><a class="reference internal" href="#c.PSA_ECC_CURVE_CURVE448" title="PSA_ECC_CURVE_CURVE448"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_CURVE448</span></code></a>: draw a 56-byte string and process it as specified in RFC 7748 §5.</li>
-</ul>
-</li>
-<li>For key types for which the key is represented by a single sequence of <code class="docutils literal notranslate"><span class="pre">bits</span></code> bits with constraints as to which bit sequences are acceptable, this function draws a byte string of length (<code class="docutils literal notranslate"><span class="pre">bits</span></code> / 8) bytes rounded up to the nearest whole number of bytes. If the resulting byte string is acceptable, it becomes the key, otherwise the drawn bytes are discarded. This process is repeated until an acceptable byte string is drawn. The byte string drawn from the operation is interpreted as specified for the output produced by <a class="reference internal" href="#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_export_key()</span></code></a>. The following key types defined in this specification follow this scheme:<ul>
-<li><a class="reference internal" href="#c.PSA_KEY_TYPE_DES" title="PSA_KEY_TYPE_DES"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DES</span></code></a>. Force-set the parity bits, but discard forbidden weak keys. For 2-key and 3-key triple-DES, the three keys are generated successively (for example, for 3-key triple-DES, if the first 8 bytes specify a weak key and the next 8 bytes do not, discard the first 8 bytes, use the next 8 bytes as the first key, and continue reading output from the operation to derive the other two keys).</li>
-<li>Finite-field Diffie-Hellman keys (<a class="reference internal" href="#c.PSA_KEY_TYPE_DH_KEY_PAIR" title="PSA_KEY_TYPE_DH_KEY_PAIR"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DH_KEY_PAIR</span></code></a>(<code class="docutils literal notranslate"><span class="pre">group</span></code>) where <code class="docutils literal notranslate"><span class="pre">group</span></code> designates any Diffie-Hellman group) and ECC keys on a Weierstrass elliptic curve (<a class="reference internal" href="#c.PSA_KEY_TYPE_ECC_KEY_PAIR" title="PSA_KEY_TYPE_ECC_KEY_PAIR"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR</span></code></a>(<code class="docutils literal notranslate"><span class="pre">curve</span></code>) where <code class="docutils literal notranslate"><span class="pre">curve</span></code> designates a Weierstrass curve). For these key types, interpret the byte string as integer in big-endian order. Discard it if it is not in the range [0, <em>N</em> - 2] where <em>N</em> is the boundary of the private key domain (the prime <em>p</em> for Diffie-Hellman, the subprime <em>q</em> for DSA, or the order of the curve’s base point for ECC). Add 1 to the resulting integer and use this as the private key <em>x</em>. This method allows compliance to NIST standards, specifically the methods titled “key-pair generation by testing candidates” in NIST SP 800-56A §5.6.1.1.4 for Diffie-Hellman, in FIPS 186-4 §B.1.2 for DSA, and in NIST SP 800-56A §5.6.1.2.2 or FIPS 186-4 §B.4.2 for elliptic curve keys.</li>
-</ul>
-</li>
-<li>For other key types, including <a class="reference internal" href="#c.PSA_KEY_TYPE_RSA_KEY_PAIR" title="PSA_KEY_TYPE_RSA_KEY_PAIR"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_RSA_KEY_PAIR</span></code></a>, the way in which the operation output is consumed is implementation-defined.</li>
-</ul>
-<p>In all cases, the data that is read is discarded from the operation. The operation’s capacity is decreased by the number of bytes read.</p>
-</div>
-<div class="section" id="psa_key_derivation_abort">
-<span id="c.psa_key_derivation_abort"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_abort</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_key_derivation_abort</span><span class="p">(</span><span class="n">psa_key_derivation_operation_t</span> <span class="o">*</span> <span class="n">operation</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">operation</span></code></dt>
-<dd>The operation to abort.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Abort a key derivation operation.</p>
-<p>Once a key derivation operation has been aborted, its capacity is zero. Aborting an operation frees all associated resources except for the <code class="docutils literal notranslate"><span class="pre">operation</span></code> structure itself.</p>
-<p>This function may be called at any time as long as the operation object has been initialized to <a class="reference internal" href="#c.PSA_KEY_DERIVATION_OPERATION_INIT" title="PSA_KEY_DERIVATION_OPERATION_INIT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_OPERATION_INIT</span></code></a>, to <a class="reference internal" href="#c.psa_key_derivation_operation_init" title="psa_key_derivation_operation_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_operation_init()</span></code></a> or a zero value. In particular, it is valid to call <a class="reference internal" href="#c.psa_key_derivation_abort" title="psa_key_derivation_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_abort()</span></code></a> twice, or to call <a class="reference internal" href="#c.psa_key_derivation_abort" title="psa_key_derivation_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_abort()</span></code></a> on an operation that has not been set up.</p>
-<p>Once aborted, the key derivation operation object may be called.</p>
-</div>
-<div class="section" id="psa_raw_key_agreement">
-<span id="c.psa_raw_key_agreement"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_raw_key_agreement</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_raw_key_agreement</span><span class="p">(</span><span class="n">psa_algorithm_t</span> <span class="n">alg</span><span class="p">,</span>
-                                   <span class="n">psa_key_handle_t</span> <span class="n">private_key</span><span class="p">,</span>
-                                   <span class="k">const</span> <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">peer_key</span><span class="p">,</span>
-                                   <span class="kt">size_t</span> <span class="n">peer_key_length</span><span class="p">,</span>
-                                   <span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">output</span><span class="p">,</span>
-                                   <span class="kt">size_t</span> <span class="n">output_size</span><span class="p">,</span>
-                                   <span class="kt">size_t</span> <span class="o">*</span> <span class="n">output_length</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>The key agreement algorithm to compute (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_RAW_KEY_AGREEMENT" title="PSA_ALG_IS_RAW_KEY_AGREEMENT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_RAW_KEY_AGREEMENT</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">private_key</span></code></dt>
-<dd>Handle to the private key to use.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">peer_key</span></code></dt>
-<dd>Public key of the peer. It must be in the same format that <a class="reference internal" href="#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_import_key()</span></code></a> accepts. The standard formats for public keys are documented in the documentation of <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_export_public_key()</span></code></a>.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">peer_key_length</span></code></dt>
-<dd>Size of <code class="docutils literal notranslate"><span class="pre">peer_key</span></code> in bytes.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">output</span></code></dt>
-<dd>Buffer where the decrypted message is to be written.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">output_size</span></code></dt>
-<dd>Size of the <code class="docutils literal notranslate"><span class="pre">output</span></code> buffer in bytes.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">output_length</span></code></dt>
-<dd>On success, the number of bytes that make up the returned output.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>Success.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a key agreement algorithm</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">private_key</span></code> is not compatible with <code class="docutils literal notranslate"><span class="pre">alg</span></code>, or <code class="docutils literal notranslate"><span class="pre">peer_key</span></code> is not valid for <code class="docutils literal notranslate"><span class="pre">alg</span></code> or not compatible with <code class="docutils literal notranslate"><span class="pre">private_key</span></code>.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd><code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported key agreement algorithm.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Perform a key agreement and return the raw shared secret.</p>
-<div class="admonition warning">
-<p class="first admonition-title">Warning</p>
-<p class="last">The raw result of a key agreement algorithm such as finite-field Diffie-Hellman or elliptic curve Diffie-Hellman has biases and should not be used directly as key material. It should instead be passed as input to a key derivation algorithm. To chain a key agreement with a key derivation, use <a class="reference internal" href="#c.psa_key_derivation_key_agreement" title="psa_key_derivation_key_agreement"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_key_agreement()</span></code></a> and other functions from the key derivation interface.</p>
-</div>
-</div>
-</div>
-<div class="section" id="random-generation">
-<h1>Random generation</h1>
-<div class="section" id="psa_generate_random">
-<span id="c.psa_generate_random"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_generate_random</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_generate_random</span><span class="p">(</span><span class="kt">uint8_t</span> <span class="o">*</span> <span class="n">output</span><span class="p">,</span>
-                                 <span class="kt">size_t</span> <span class="n">output_size</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">output</span></code></dt>
-<dd>Output buffer for the generated data.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">output_size</span></code></dt>
-<dd>Number of bytes to generate and output.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_ENTROPY" title="PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The library has not been previously initialized by <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Generate random bytes.</p>
-<div class="admonition warning">
-<p class="first admonition-title">Warning</p>
-<p class="last">This function <strong>can</strong> fail! Callers MUST check the return status and MUST NOT use the content of the output buffer if the return status is not <a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a>.</p>
-</div>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">To generate a key, use <a class="reference internal" href="#c.psa_generate_key" title="psa_generate_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_generate_key()</span></code></a> instead.</p>
-</div>
-</div>
-<div class="section" id="psa_generate_key">
-<span id="c.psa_generate_key"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_generate_key</span></code> (function)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_status_t</span> <span class="nf">psa_generate_key</span><span class="p">(</span><span class="k">const</span> <span class="n">psa_key_attributes_t</span> <span class="o">*</span> <span class="n">attributes</span><span class="p">,</span>
-                              <span class="n">psa_key_handle_t</span> <span class="o">*</span> <span class="n">handle</span><span class="p">);</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">attributes</span></code></dt>
-<dd>The attributes for the new key.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">handle</span></code></dt>
-<dd>On success, a handle to the newly created key. <code class="docutils literal notranslate"><span class="pre">0</span></code> on failure.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.psa_status_t" title="psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>Success. If the key is persistent, the key material and the key’s metadata have been saved to persistent storage.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_ALREADY_EXISTS" title="PSA_ERROR_ALREADY_EXISTS"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_ALREADY_EXISTS</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>This is an attempt to create a persistent key, and there is already a persistent key with the given identifier.</dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_ENTROPY" title="PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"></code><a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code><code class="docutils literal notranslate"></code></dt>
-<dd>The library has not been previously initialized by <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Generate a key or key pair.</p>
-<p>The key is generated randomly. Its location, policy, type and size are taken from <code class="docutils literal notranslate"><span class="pre">attributes</span></code>.</p>
-<p>The following type-specific considerations apply:</p>
-<ul class="simple">
-<li>For RSA keys (<a class="reference internal" href="#c.PSA_KEY_TYPE_RSA_KEY_PAIR" title="PSA_KEY_TYPE_RSA_KEY_PAIR"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_RSA_KEY_PAIR</span></code></a>), the public exponent is 65537. The modulus is a product of two probabilistic primes between 2^{n-1} and 2^n where n is the bit size specified in the attributes.</li>
-</ul>
-</div>
-</div>
-<div class="section" id="error-codes">
-<h1>Error codes</h1>
-<div class="section" id="psa_status_t">
-<span id="c.psa_status_t"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code> (type)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="k">typedef</span> <span class="kt">int32_t</span> <span class="n">psa_status_t</span><span class="p">;</span>
-</pre></div>
-</div>
-<p>Function return status.</p>
-<p>This is either <a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a> (which is zero), indicating success, or a small negative value indicating that an error occurred. Errors are encoded as one of the <code class="docutils literal notranslate"><span class="pre">PSA_ERROR_xxx</span></code> values defined here.</p>
-</div>
-<div class="section" id="PSA_SUCCESS">
-<span id="c.PSA_SUCCESS"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_SUCCESS  ((psa_status_t)0)</span>
-</pre></div>
-</div>
-<p>The action was completed successfully.</p>
-</div>
-<div class="section" id="PSA_ERROR_GENERIC_ERROR">
-<span id="c.PSA_ERROR_GENERIC_ERROR"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_GENERIC_ERROR</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ERROR_GENERIC_ERROR  ((psa_status_t)-132)</span>
-</pre></div>
-</div>
-<p>An error occurred that does not correspond to any defined failure cause.</p>
-<p>Implementations may use this error code if none of the other standard error codes are applicable.</p>
-</div>
-<div class="section" id="PSA_ERROR_NOT_SUPPORTED">
-<span id="c.PSA_ERROR_NOT_SUPPORTED"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ERROR_NOT_SUPPORTED  ((psa_status_t)-134)</span>
-</pre></div>
-</div>
-<p>The requested operation or a parameter is not supported by this implementation.</p>
-<p>Implementations should return this error code when an enumeration parameter such as a key type, algorithm, etc. is not recognized. If a combination of parameters is recognized and identified as not valid, return <a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a> instead.</p>
-</div>
-<div class="section" id="PSA_ERROR_NOT_PERMITTED">
-<span id="c.PSA_ERROR_NOT_PERMITTED"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ERROR_NOT_PERMITTED  ((psa_status_t)-133)</span>
-</pre></div>
-</div>
-<p>The requested action is denied by a policy.</p>
-<p>Implementations should return this error code when the parameters are recognized as valid and supported, and a policy explicitly denies the requested operation.</p>
-<p>If a subset of the parameters of a function call identify a forbidden operation, and another subset of the parameters are not valid or not supported, it is unspecified whether the function returns <a class="reference internal" href="#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a>, <a class="reference internal" href="#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a> or <a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_ERROR_BUFFER_TOO_SMALL">
-<span id="c.PSA_ERROR_BUFFER_TOO_SMALL"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ERROR_BUFFER_TOO_SMALL  ((psa_status_t)-138)</span>
-</pre></div>
-</div>
-<p>An output buffer is too small.</p>
-<p>Applications can call the <code class="docutils literal notranslate"><span class="pre">PSA_xxx_SIZE</span></code> macro listed in the function description to determine a sufficient buffer size.</p>
-<p>Implementations should preferably return this error code only in cases when performing the operation with a larger output buffer would succeed. However implementations may return this error if a function has invalid or unsupported parameters in addition to the parameters that determine the necessary output buffer size.</p>
-</div>
-<div class="section" id="PSA_ERROR_ALREADY_EXISTS">
-<span id="c.PSA_ERROR_ALREADY_EXISTS"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_ALREADY_EXISTS</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ERROR_ALREADY_EXISTS  ((psa_status_t)-139)</span>
-</pre></div>
-</div>
-<p>Asking for an item that already exists.</p>
-<p>Implementations should return this error, when attempting to write an item (like a key) that already exists.</p>
-</div>
-<div class="section" id="PSA_ERROR_DOES_NOT_EXIST">
-<span id="c.PSA_ERROR_DOES_NOT_EXIST"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_DOES_NOT_EXIST</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ERROR_DOES_NOT_EXIST  ((psa_status_t)-140)</span>
-</pre></div>
-</div>
-<p>Asking for an item that doesn’t exist.</p>
-<p>Implementations should return this error, if a requested item (like a key) does not exist.</p>
-</div>
-<div class="section" id="PSA_ERROR_BAD_STATE">
-<span id="c.PSA_ERROR_BAD_STATE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ERROR_BAD_STATE  ((psa_status_t)-137)</span>
-</pre></div>
-</div>
-<p>The requested action cannot be performed in the current state.</p>
-<p>Multipart operations return this error when one of the functions is called out of sequence. Refer to the function descriptions for permitted sequencing of functions.</p>
-<p>Implementations shall not return this error code to indicate that a key either exists or not, but shall instead return <a class="reference internal" href="#c.PSA_ERROR_ALREADY_EXISTS" title="PSA_ERROR_ALREADY_EXISTS"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_ALREADY_EXISTS</span></code></a> or <a class="reference internal" href="#c.PSA_ERROR_DOES_NOT_EXIST" title="PSA_ERROR_DOES_NOT_EXIST"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_DOES_NOT_EXIST</span></code></a> as applicable.</p>
-<p>Implementations shall not return this error code to indicate that a key handle is invalid, but shall return <a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a> instead.</p>
-</div>
-<div class="section" id="PSA_ERROR_INVALID_ARGUMENT">
-<span id="c.PSA_ERROR_INVALID_ARGUMENT"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ERROR_INVALID_ARGUMENT  ((psa_status_t)-135)</span>
-</pre></div>
-</div>
-<p>The parameters passed to the function are invalid.</p>
-<p>Implementations may return this error any time a parameter or combination of parameters are recognized as invalid.</p>
-<p>Implementations shall not return this error code to indicate that a key handle is invalid, but shall return <a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a> instead.</p>
-</div>
-<div class="section" id="PSA_ERROR_INSUFFICIENT_MEMORY">
-<span id="c.PSA_ERROR_INSUFFICIENT_MEMORY"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ERROR_INSUFFICIENT_MEMORY  ((psa_status_t)-141)</span>
-</pre></div>
-</div>
-<p>There is not enough runtime memory.</p>
-<p>If the action is carried out across multiple security realms, this error can refer to available memory in any of the security realms.</p>
-</div>
-<div class="section" id="PSA_ERROR_INSUFFICIENT_STORAGE">
-<span id="c.PSA_ERROR_INSUFFICIENT_STORAGE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_STORAGE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ERROR_INSUFFICIENT_STORAGE  ((psa_status_t)-142)</span>
-</pre></div>
-</div>
-<p>There is not enough persistent storage.</p>
-<p>Functions that modify the key storage return this error code if there is insufficient storage space on the host media. In addition, many functions that do not otherwise access storage may return this error code if the implementation requires a mandatory log entry for the requested action and the log storage space is full.</p>
-</div>
-<div class="section" id="PSA_ERROR_COMMUNICATION_FAILURE">
-<span id="c.PSA_ERROR_COMMUNICATION_FAILURE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ERROR_COMMUNICATION_FAILURE  ((psa_status_t)-145)</span>
-</pre></div>
-</div>
-<p>There was a communication failure inside the implementation.</p>
-<p>This can indicate a communication failure between the application and an external cryptoprocessor or between the cryptoprocessor and an external volatile or persistent memory. A communication failure may be transient or permanent depending on the cause.</p>
-<div class="admonition warning">
-<p class="first admonition-title">Warning</p>
-<p class="last">If a function returns this error, it is undetermined whether the requested action has completed or not. Implementations should return <a class="reference internal" href="#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code></a> on successful completion whenver possible, however functions may return <a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a> if the requested action was completed successfully in an external cryptoprocessor but there was a breakdown of communication before the cryptoprocessor could report the status to the application.</p>
-</div>
-</div>
-<div class="section" id="PSA_ERROR_STORAGE_FAILURE">
-<span id="c.PSA_ERROR_STORAGE_FAILURE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ERROR_STORAGE_FAILURE  ((psa_status_t)-146)</span>
-</pre></div>
-</div>
-<p>There was a storage failure that may have led to data loss.</p>
-<p>This error indicates that some persistent storage is corrupted. It should not be used for a corruption of volatile memory (use <a class="reference internal" href="#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a>), for a communication error between the cryptoprocessor and its external storage (use <a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a>), or when the storage is in a valid state but is full (use <a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_STORAGE" title="PSA_ERROR_INSUFFICIENT_STORAGE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_STORAGE</span></code></a>).</p>
-<p>Note that a storage failure does not indicate that any data that was previously read is invalid. However this previously read data may no longer be readable from storage.</p>
-<p>When a storage failure occurs, it is no longer possible to ensure the global integrity of the keystore. Depending on the global integrity guarantees offered by the implementation, access to other data may or may not fail even if the data is still readable but its integrity cannot be guaranteed.</p>
-<p>Implementations should only use this error code to report a permanent storage corruption. However application writers should keep in mind that transient errors while reading the storage may be reported using this error code.</p>
-</div>
-<div class="section" id="PSA_ERROR_HARDWARE_FAILURE">
-<span id="c.PSA_ERROR_HARDWARE_FAILURE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ERROR_HARDWARE_FAILURE  ((psa_status_t)-147)</span>
-</pre></div>
-</div>
-<p>A hardware failure was detected.</p>
-<p>A hardware failure may be transient or permanent depending on the cause.</p>
-</div>
-<div class="section" id="PSA_ERROR_CORRUPTION_DETECTED">
-<span id="c.PSA_ERROR_CORRUPTION_DETECTED"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ERROR_CORRUPTION_DETECTED  ((psa_status_t)-151)</span>
-</pre></div>
-</div>
-<p>A tampering attempt was detected.</p>
-<p>If an application receives this error code, there is no guarantee that previously accessed or computed data was correct and remains confidential. Applications should not perform any security function and should enter a safe failure state.</p>
-<p>Implementations may return this error code if they detect an invalid state that cannot happen during normal operation and that indicates that the implementation’s security guarantees no longer hold. Depending on the implementation architecture and on its security and safety goals, the implementation may forcibly terminate the application.</p>
-<p>This error code is intended as a last resort when a security breach is detected and it is unsure whether the keystore data is still protected. Implementations shall only return this error code to report an alarm from a tampering detector, to indicate that the confidentiality of stored data can no longer be guaranteed, or to indicate that the integrity of previously returned data is now considered compromised. Implementations shall not use this error code to indicate a hardware failure that merely makes it impossible to perform the requested operation (use <a class="reference internal" href="#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a>, <a class="reference internal" href="#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a>, <a class="reference internal" href="#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a>, <a class="reference internal" href="#c.PSA_ERROR_INSUFFICIENT_ENTROPY" title="PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code></a> or other applicable error code instead).</p>
-<p>This error indicates an attack against the application. Implementations shall not return this error code as a consequence of the behavior of the application itself.</p>
-</div>
-<div class="section" id="PSA_ERROR_INSUFFICIENT_ENTROPY">
-<span id="c.PSA_ERROR_INSUFFICIENT_ENTROPY"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ERROR_INSUFFICIENT_ENTROPY  ((psa_status_t)-148)</span>
-</pre></div>
-</div>
-<p>There is not enough entropy to generate random data needed for the requested action.</p>
-<p>This error indicates a failure of a hardware random generator. Application writers should note that this error can be returned not only by functions whose purpose is to generate random data, such as key, IV or nonce generation, but also by functions that execute an algorithm with a randomized result, as well as functions that use randomization of intermediate computations as a countermeasure to certain attacks.</p>
-<p>Implementations should avoid returning this error after <a class="reference internal" href="#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_crypto_init()</span></code></a> has succeeded. Implementations should generate sufficient entropy during initialization and subsequently use a cryptographically secure pseudorandom generator (PRNG). However implementations may return this error at any time if a policy requires the PRNG to be reseeded during normal operation.</p>
-</div>
-<div class="section" id="PSA_ERROR_INVALID_SIGNATURE">
-<span id="c.PSA_ERROR_INVALID_SIGNATURE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ERROR_INVALID_SIGNATURE  ((psa_status_t)-149)</span>
-</pre></div>
-</div>
-<p>The signature, MAC or hash is incorrect.</p>
-<p>Verification functions return this error if the verification calculations completed successfully, and the value to be verified was determined to be incorrect.</p>
-<p>If the value to verify has an invalid size, implementations may return either <a class="reference internal" href="#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a> or <a class="reference internal" href="#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_ERROR_INVALID_PADDING">
-<span id="c.PSA_ERROR_INVALID_PADDING"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_PADDING</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ERROR_INVALID_PADDING  ((psa_status_t)-150)</span>
-</pre></div>
-</div>
-<p>The decrypted padding is incorrect.</p>
-<div class="admonition warning">
-<p class="first admonition-title">Warning</p>
-<p class="last">In some protocols, when decrypting data, it is essential that the behavior of the application does not depend on whether the padding is correct, down to precise timing. Applications should prefer protocols that use authenticated encryption rather than plain encryption. If the application must perform a decryption of unauthenticated data, the application writer should take care not to reveal whether the padding is invalid.</p>
-</div>
-<p>Implementations should strive to make valid and invalid padding as close as possible to indistinguishable to an external observer. In particular, the timing of a decryption operation should not depend on the validity of the padding.</p>
-</div>
-<div class="section" id="PSA_ERROR_INSUFFICIENT_DATA">
-<span id="c.PSA_ERROR_INSUFFICIENT_DATA"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_DATA</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ERROR_INSUFFICIENT_DATA  ((psa_status_t)-143)</span>
-</pre></div>
-</div>
-<p>Return this error when there’s insufficient data when attempting to read from a resource.</p>
-</div>
-<div class="section" id="PSA_ERROR_INVALID_HANDLE">
-<span id="c.PSA_ERROR_INVALID_HANDLE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ERROR_INVALID_HANDLE  ((psa_status_t)-136)</span>
-</pre></div>
-</div>
-<p>The key handle is not valid.</p>
-</div>
-</div>
-<div class="section" id="key-and-algorithm-types">
-<h1>Key and algorithm types</h1>
-<div class="section" id="psa_key_type_t">
-<span id="c.psa_key_type_t"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_key_type_t</span></code> (type)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="k">typedef</span> <span class="kt">uint32_t</span> <span class="n">psa_key_type_t</span><span class="p">;</span>
-</pre></div>
-</div>
-<p>Encoding of a key type.</p>
-</div>
-<div class="section" id="psa_ecc_curve_t">
-<span id="c.psa_ecc_curve_t"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_ecc_curve_t</span></code> (type)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="k">typedef</span> <span class="kt">uint16_t</span> <span class="n">psa_ecc_curve_t</span><span class="p">;</span>
-</pre></div>
-</div>
-<p>The type of PSA elliptic curve identifiers.</p>
-</div>
-<div class="section" id="psa_dh_group_t">
-<span id="c.psa_dh_group_t"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_dh_group_t</span></code> (type)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="k">typedef</span> <span class="kt">uint16_t</span> <span class="n">psa_dh_group_t</span><span class="p">;</span>
-</pre></div>
-</div>
-<p>The type of PSA Diffie-Hellman group identifiers.</p>
-</div>
-<div class="section" id="psa_algorithm_t">
-<span id="c.psa_algorithm_t"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code> (type)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="k">typedef</span> <span class="kt">uint32_t</span> <span class="n">psa_algorithm_t</span><span class="p">;</span>
-</pre></div>
-</div>
-<p>Encoding of a cryptographic algorithm.</p>
-<p>For algorithms that can be applied to multiple key types, this type does not encode the key type. For example, for symmetric ciphers based on a block cipher, <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a> encodes the block cipher mode and the padding mode while the block cipher itself is encoded via <a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_key_type_t</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_KEY_TYPE_NONE">
-<span id="c.PSA_KEY_TYPE_NONE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_NONE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_NONE  ((psa_key_type_t)0x00000000)</span>
-</pre></div>
-</div>
-<p>An invalid key type value.</p>
-<p>Zero is not the encoding of any key type.</p>
-</div>
-<div class="section" id="PSA_KEY_TYPE_VENDOR_FLAG">
-<span id="c.PSA_KEY_TYPE_VENDOR_FLAG"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_VENDOR_FLAG</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_VENDOR_FLAG  ((psa_key_type_t)0x80000000)</span>
-</pre></div>
-</div>
-<p>Vendor-defined flag.</p>
-<p>Key types defined by this standard will never have the <a class="reference internal" href="#c.PSA_KEY_TYPE_VENDOR_FLAG" title="PSA_KEY_TYPE_VENDOR_FLAG"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_VENDOR_FLAG</span></code></a> bit set. Vendors who define additional key types must use an encoding with the <a class="reference internal" href="#c.PSA_KEY_TYPE_VENDOR_FLAG" title="PSA_KEY_TYPE_VENDOR_FLAG"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_VENDOR_FLAG</span></code></a> bit set and should respect the bitwise structure used by standard encodings whenever practical.</p>
-</div>
-<div class="section" id="PSA_KEY_TYPE_CATEGORY_MASK">
-<span id="c.PSA_KEY_TYPE_CATEGORY_MASK"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CATEGORY_MASK</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_CATEGORY_MASK  ((psa_key_type_t)0x70000000)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_KEY_TYPE_CATEGORY_SYMMETRIC">
-<span id="c.PSA_KEY_TYPE_CATEGORY_SYMMETRIC"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CATEGORY_SYMMETRIC</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_CATEGORY_SYMMETRIC  ((psa_key_type_t)0x40000000)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_KEY_TYPE_CATEGORY_RAW">
-<span id="c.PSA_KEY_TYPE_CATEGORY_RAW"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CATEGORY_RAW</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_CATEGORY_RAW  ((psa_key_type_t)0x50000000)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY">
-<span id="c.PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY  ((psa_key_type_t)0x60000000)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_KEY_TYPE_CATEGORY_KEY_PAIR">
-<span id="c.PSA_KEY_TYPE_CATEGORY_KEY_PAIR"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CATEGORY_KEY_PAIR</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_CATEGORY_KEY_PAIR  ((psa_key_type_t)0x70000000)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_KEY_TYPE_CATEGORY_FLAG_PAIR">
-<span id="c.PSA_KEY_TYPE_CATEGORY_FLAG_PAIR"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CATEGORY_FLAG_PAIR</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_CATEGORY_FLAG_PAIR  ((psa_key_type_t)0x10000000)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_KEY_TYPE_IS_VENDOR_DEFINED">
-<span id="c.PSA_KEY_TYPE_IS_VENDOR_DEFINED"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_VENDOR_DEFINED</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_IS_VENDOR_DEFINED(type) \</span>
-<span class="cp">    (((type) &amp; PSA_KEY_TYPE_VENDOR_FLAG) != 0)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">type</span></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Whether a key type is vendor-defined.</p>
-</div>
-<div class="section" id="PSA_KEY_TYPE_IS_UNSTRUCTURED">
-<span id="c.PSA_KEY_TYPE_IS_UNSTRUCTURED"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_UNSTRUCTURED</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_IS_UNSTRUCTURED(type) \</span>
-<span class="cp">    (((type) &amp; PSA_KEY_TYPE_CATEGORY_MASK &amp; ~(psa_key_type_t)0x10000000) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">type</span></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Whether a key type is an unstructured array of bytes.</p>
-<p>This encompasses both symmetric keys and non-key data.</p>
-</div>
-<div class="section" id="PSA_KEY_TYPE_IS_ASYMMETRIC">
-<span id="c.PSA_KEY_TYPE_IS_ASYMMETRIC"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_ASYMMETRIC</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_IS_ASYMMETRIC(type) \</span>
-<span class="cp">    (((type) &amp; PSA_KEY_TYPE_CATEGORY_MASK &amp; ~PSA_KEY_TYPE_CATEGORY_FLAG_PAIR) == PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">type</span></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Whether a key type is asymmetric: either a key pair or a public key.</p>
-</div>
-<div class="section" id="PSA_KEY_TYPE_IS_PUBLIC_KEY">
-<span id="c.PSA_KEY_TYPE_IS_PUBLIC_KEY"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_PUBLIC_KEY</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_IS_PUBLIC_KEY(type) \</span>
-<span class="cp">    (((type) &amp; PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">type</span></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Whether a key type is the public part of a key pair.</p>
-</div>
-<div class="section" id="PSA_KEY_TYPE_IS_KEY_PAIR">
-<span id="c.PSA_KEY_TYPE_IS_KEY_PAIR"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_KEY_PAIR</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_IS_KEY_PAIR(type) \</span>
-<span class="cp">    (((type) &amp; PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_KEY_PAIR)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">type</span></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Whether a key type is a key pair containing a private part and a public part.</p>
-</div>
-<div class="section" id="PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY">
-<span id="c.PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY(type) \</span>
-<span class="cp">    ((type) | PSA_KEY_TYPE_CATEGORY_FLAG_PAIR)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">type</span></code></dt>
-<dd>A public key type or key pair type.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>The corresponding key pair type. If <code class="docutils literal notranslate"><span class="pre">type</span></code> is not a public key or a key pair, the return value is undefined.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>The key pair type corresponding to a public key type.</p>
-<p>You may also pass a key pair type as <code class="docutils literal notranslate"><span class="pre">type</span></code>, it will be left unchanged.</p>
-</div>
-<div class="section" id="PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR">
-<span id="c.PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) \</span>
-<span class="cp">    ((type) &amp; ~PSA_KEY_TYPE_CATEGORY_FLAG_PAIR)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">type</span></code></dt>
-<dd>A public key type or key pair type.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>The corresponding public key type. If <code class="docutils literal notranslate"><span class="pre">type</span></code> is not a public key or a key pair, the return value is undefined.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>The public key type corresponding to a key pair type.</p>
-<p>You may also pass a key pair type as <code class="docutils literal notranslate"><span class="pre">type</span></code>, it will be left unchanged.</p>
-</div>
-<div class="section" id="PSA_KEY_TYPE_RAW_DATA">
-<span id="c.PSA_KEY_TYPE_RAW_DATA"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_RAW_DATA</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_RAW_DATA  ((psa_key_type_t)0x50000001)</span>
-</pre></div>
-</div>
-<p>Raw data.</p>
-<p>A “key” of this type cannot be used for any cryptographic operation. Applications may use this type to store arbitrary data in the keystore.</p>
-</div>
-<div class="section" id="PSA_KEY_TYPE_HMAC">
-<span id="c.PSA_KEY_TYPE_HMAC"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_HMAC</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_HMAC  ((psa_key_type_t)0x51000000)</span>
-</pre></div>
-</div>
-<p>HMAC key.</p>
-<p>The key policy determines which underlying hash algorithm the key can be used for.</p>
-<p>HMAC keys should generally have the same size as the underlying hash. This size can be calculated with <a class="reference internal" href="#c.PSA_HASH_SIZE" title="PSA_HASH_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_HASH_SIZE</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) where <code class="docutils literal notranslate"><span class="pre">alg</span></code> is the HMAC algorithm or the underlying hash algorithm.</p>
-</div>
-<div class="section" id="PSA_KEY_TYPE_DERIVE">
-<span id="c.PSA_KEY_TYPE_DERIVE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DERIVE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_DERIVE  ((psa_key_type_t)0x52000000)</span>
-</pre></div>
-</div>
-<p>A secret for key derivation.</p>
-<p>The key policy determines which key derivation algorithm the key can be used for.</p>
-</div>
-<div class="section" id="PSA_KEY_TYPE_AES">
-<span id="c.PSA_KEY_TYPE_AES"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_AES</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_AES  ((psa_key_type_t)0x40000001)</span>
-</pre></div>
-</div>
-<p>Key for a cipher, AEAD or MAC algorithm based on the AES block cipher.</p>
-<p>The size of the key can be 16 bytes (AES-128), 24 bytes (AES-192) or 32 bytes (AES-256).</p>
-</div>
-<div class="section" id="PSA_KEY_TYPE_DES">
-<span id="c.PSA_KEY_TYPE_DES"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DES</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_DES  ((psa_key_type_t)0x40000002)</span>
-</pre></div>
-</div>
-<p>Key for a cipher or MAC algorithm based on DES or 3DES (Triple-DES).</p>
-<p>The size of the key can be 8 bytes (single DES), 16 bytes (2-key 3DES) or 24 bytes (3-key 3DES).</p>
-<p>Note that single DES and 2-key 3DES are weak and strongly deprecated and should only be used to decrypt legacy data. 3-key 3DES is weak and deprecated and should only be used in legacy protocols.</p>
-</div>
-<div class="section" id="PSA_KEY_TYPE_CAMELLIA">
-<span id="c.PSA_KEY_TYPE_CAMELLIA"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CAMELLIA</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_CAMELLIA  ((psa_key_type_t)0x40000003)</span>
-</pre></div>
-</div>
-<p>Key for a cipher, AEAD or MAC algorithm based on the Camellia block cipher.</p>
-</div>
-<div class="section" id="PSA_KEY_TYPE_ARC4">
-<span id="c.PSA_KEY_TYPE_ARC4"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ARC4</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_ARC4  ((psa_key_type_t)0x40000004)</span>
-</pre></div>
-</div>
-<p>Key for the RC4 stream cipher.</p>
-<p>Note that RC4 is weak and deprecated and should only be used in legacy protocols.</p>
-</div>
-<div class="section" id="PSA_KEY_TYPE_CHACHA20">
-<span id="c.PSA_KEY_TYPE_CHACHA20"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CHACHA20</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_CHACHA20  ((psa_key_type_t)0x40000005)</span>
-</pre></div>
-</div>
-<p>Key for the ChaCha20 stream cipher or the Chacha20-Poly1305 AEAD algorithm.</p>
-<p>ChaCha20 and the ChaCha20_Poly1305 construction are defined in RFC 7539.</p>
-<p>Implementations must support 12-byte nonces, may support 8-byte nonces, and should reject other sizes.</p>
-</div>
-<div class="section" id="PSA_KEY_TYPE_RSA_PUBLIC_KEY">
-<span id="c.PSA_KEY_TYPE_RSA_PUBLIC_KEY"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_RSA_PUBLIC_KEY</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_RSA_PUBLIC_KEY  ((psa_key_type_t)0x60010000)</span>
-</pre></div>
-</div>
-<p>RSA public key.</p>
-</div>
-<div class="section" id="PSA_KEY_TYPE_RSA_KEY_PAIR">
-<span id="c.PSA_KEY_TYPE_RSA_KEY_PAIR"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_RSA_KEY_PAIR</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_RSA_KEY_PAIR  ((psa_key_type_t)0x70010000)</span>
-</pre></div>
-</div>
-<p>RSA key pair (private and public key).</p>
-</div>
-<div class="section" id="PSA_KEY_TYPE_IS_RSA">
-<span id="c.PSA_KEY_TYPE_IS_RSA"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_RSA</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_IS_RSA(type) \</span>
-<span class="cp">    (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">type</span></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Whether a key type is an RSA key (pair or public-only).</p>
-</div>
-<div class="section" id="PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE">
-<span id="c.PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE  ((psa_key_type_t)0x60030000)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_KEY_TYPE_ECC_KEY_PAIR_BASE">
-<span id="c.PSA_KEY_TYPE_ECC_KEY_PAIR_BASE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR_BASE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_ECC_KEY_PAIR_BASE  ((psa_key_type_t)0x70030000)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_KEY_TYPE_ECC_CURVE_MASK">
-<span id="c.PSA_KEY_TYPE_ECC_CURVE_MASK"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ECC_CURVE_MASK</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_ECC_CURVE_MASK  ((psa_key_type_t)0x0000ffff)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_KEY_TYPE_ECC_KEY_PAIR">
-<span id="c.PSA_KEY_TYPE_ECC_KEY_PAIR"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_ECC_KEY_PAIR(curve) \</span>
-<span class="cp">    (PSA_KEY_TYPE_ECC_KEY_PAIR_BASE | (curve))</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">curve</span></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Elliptic curve key pair.</p>
-</div>
-<div class="section" id="PSA_KEY_TYPE_ECC_PUBLIC_KEY">
-<span id="c.PSA_KEY_TYPE_ECC_PUBLIC_KEY"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ECC_PUBLIC_KEY</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve) \</span>
-<span class="cp">    (PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE | (curve))</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">curve</span></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Elliptic curve public key.</p>
-</div>
-<div class="section" id="PSA_KEY_TYPE_IS_ECC">
-<span id="c.PSA_KEY_TYPE_IS_ECC"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_ECC</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_IS_ECC(type) \</span>
-<span class="cp">    ((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) &amp; ~PSA_KEY_TYPE_ECC_CURVE_MASK) == PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">type</span></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Whether a key type is an elliptic curve key (pair or public-only).</p>
-</div>
-<div class="section" id="PSA_KEY_TYPE_IS_ECC_KEY_PAIR">
-<span id="c.PSA_KEY_TYPE_IS_ECC_KEY_PAIR"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_ECC_KEY_PAIR</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type) \</span>
-<span class="cp">    (((type) &amp; ~PSA_KEY_TYPE_ECC_CURVE_MASK) == PSA_KEY_TYPE_ECC_KEY_PAIR_BASE)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">type</span></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Whether a key type is an elliptic curve key pair.</p>
-</div>
-<div class="section" id="PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY">
-<span id="c.PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type) \</span>
-<span class="cp">    (((type) &amp; ~PSA_KEY_TYPE_ECC_CURVE_MASK) == PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">type</span></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Whether a key type is an elliptic curve public key.</p>
-</div>
-<div class="section" id="PSA_KEY_TYPE_GET_CURVE">
-<span id="c.PSA_KEY_TYPE_GET_CURVE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_GET_CURVE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_GET_CURVE(type) \</span>
-<span class="cp">    ((psa_ecc_curve_t) (PSA_KEY_TYPE_IS_ECC(type) ? ((type) &amp; PSA_KEY_TYPE_ECC_CURVE_MASK) : 0))</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">type</span></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Extract the curve from an elliptic curve key type.</p>
-</div>
-<div class="section" id="PSA_ECC_CURVE_SECT163K1">
-<span id="c.PSA_ECC_CURVE_SECT163K1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT163K1</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECT163K1  ((psa_ecc_curve_t) 0x0001)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ECC_CURVE_SECT163R1">
-<span id="c.PSA_ECC_CURVE_SECT163R1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT163R1</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECT163R1  ((psa_ecc_curve_t) 0x0002)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ECC_CURVE_SECT163R2">
-<span id="c.PSA_ECC_CURVE_SECT163R2"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT163R2</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECT163R2  ((psa_ecc_curve_t) 0x0003)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ECC_CURVE_SECT193R1">
-<span id="c.PSA_ECC_CURVE_SECT193R1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT193R1</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECT193R1  ((psa_ecc_curve_t) 0x0004)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ECC_CURVE_SECT193R2">
-<span id="c.PSA_ECC_CURVE_SECT193R2"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT193R2</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECT193R2  ((psa_ecc_curve_t) 0x0005)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ECC_CURVE_SECT233K1">
-<span id="c.PSA_ECC_CURVE_SECT233K1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT233K1</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECT233K1  ((psa_ecc_curve_t) 0x0006)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ECC_CURVE_SECT233R1">
-<span id="c.PSA_ECC_CURVE_SECT233R1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT233R1</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECT233R1  ((psa_ecc_curve_t) 0x0007)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ECC_CURVE_SECT239K1">
-<span id="c.PSA_ECC_CURVE_SECT239K1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT239K1</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECT239K1  ((psa_ecc_curve_t) 0x0008)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ECC_CURVE_SECT283K1">
-<span id="c.PSA_ECC_CURVE_SECT283K1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT283K1</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECT283K1  ((psa_ecc_curve_t) 0x0009)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ECC_CURVE_SECT283R1">
-<span id="c.PSA_ECC_CURVE_SECT283R1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT283R1</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECT283R1  ((psa_ecc_curve_t) 0x000a)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ECC_CURVE_SECT409K1">
-<span id="c.PSA_ECC_CURVE_SECT409K1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT409K1</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECT409K1  ((psa_ecc_curve_t) 0x000b)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ECC_CURVE_SECT409R1">
-<span id="c.PSA_ECC_CURVE_SECT409R1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT409R1</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECT409R1  ((psa_ecc_curve_t) 0x000c)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ECC_CURVE_SECT571K1">
-<span id="c.PSA_ECC_CURVE_SECT571K1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT571K1</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECT571K1  ((psa_ecc_curve_t) 0x000d)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ECC_CURVE_SECT571R1">
-<span id="c.PSA_ECC_CURVE_SECT571R1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT571R1</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECT571R1  ((psa_ecc_curve_t) 0x000e)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ECC_CURVE_SECP160K1">
-<span id="c.PSA_ECC_CURVE_SECP160K1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP160K1</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECP160K1  ((psa_ecc_curve_t) 0x000f)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ECC_CURVE_SECP160R1">
-<span id="c.PSA_ECC_CURVE_SECP160R1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP160R1</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECP160R1  ((psa_ecc_curve_t) 0x0010)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ECC_CURVE_SECP160R2">
-<span id="c.PSA_ECC_CURVE_SECP160R2"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP160R2</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECP160R2  ((psa_ecc_curve_t) 0x0011)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ECC_CURVE_SECP192K1">
-<span id="c.PSA_ECC_CURVE_SECP192K1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP192K1</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECP192K1  ((psa_ecc_curve_t) 0x0012)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ECC_CURVE_SECP192R1">
-<span id="c.PSA_ECC_CURVE_SECP192R1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP192R1</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECP192R1  ((psa_ecc_curve_t) 0x0013)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ECC_CURVE_SECP224K1">
-<span id="c.PSA_ECC_CURVE_SECP224K1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP224K1</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECP224K1  ((psa_ecc_curve_t) 0x0014)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ECC_CURVE_SECP224R1">
-<span id="c.PSA_ECC_CURVE_SECP224R1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP224R1</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECP224R1  ((psa_ecc_curve_t) 0x0015)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ECC_CURVE_SECP256K1">
-<span id="c.PSA_ECC_CURVE_SECP256K1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP256K1</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECP256K1  ((psa_ecc_curve_t) 0x0016)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ECC_CURVE_SECP256R1">
-<span id="c.PSA_ECC_CURVE_SECP256R1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP256R1</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECP256R1  ((psa_ecc_curve_t) 0x0017)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ECC_CURVE_SECP384R1">
-<span id="c.PSA_ECC_CURVE_SECP384R1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP384R1</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECP384R1  ((psa_ecc_curve_t) 0x0018)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ECC_CURVE_SECP521R1">
-<span id="c.PSA_ECC_CURVE_SECP521R1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP521R1</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_SECP521R1  ((psa_ecc_curve_t) 0x0019)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ECC_CURVE_BRAINPOOL_P256R1">
-<span id="c.PSA_ECC_CURVE_BRAINPOOL_P256R1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_BRAINPOOL_P256R1</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_BRAINPOOL_P256R1  ((psa_ecc_curve_t) 0x001a)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ECC_CURVE_BRAINPOOL_P384R1">
-<span id="c.PSA_ECC_CURVE_BRAINPOOL_P384R1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_BRAINPOOL_P384R1</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_BRAINPOOL_P384R1  ((psa_ecc_curve_t) 0x001b)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ECC_CURVE_BRAINPOOL_P512R1">
-<span id="c.PSA_ECC_CURVE_BRAINPOOL_P512R1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_BRAINPOOL_P512R1</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_BRAINPOOL_P512R1  ((psa_ecc_curve_t) 0x001c)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ECC_CURVE_CURVE25519">
-<span id="c.PSA_ECC_CURVE_CURVE25519"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_CURVE25519</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_CURVE25519  ((psa_ecc_curve_t) 0x001d)</span>
-</pre></div>
-</div>
-<p>Curve25519.</p>
-<p>This is the curve defined in Bernstein et al., <em>Curve25519: new Diffie-Hellman speed records</em>, LNCS 3958, 2006. The algorithm <a class="reference internal" href="#c.PSA_ALG_ECDH" title="PSA_ALG_ECDH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_ECDH</span></code></a> performs X25519 when used with this curve.</p>
-</div>
-<div class="section" id="PSA_ECC_CURVE_CURVE448">
-<span id="c.PSA_ECC_CURVE_CURVE448"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_CURVE448</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_CURVE448  ((psa_ecc_curve_t) 0x001e)</span>
-</pre></div>
-</div>
-<p>Curve448.</p>
-<p>This is the curve defined in Hamburg, <em>Ed448-Goldilocks, a new elliptic curve</em>, NIST ECC Workshop, 2015. The algorithm <a class="reference internal" href="#c.PSA_ALG_ECDH" title="PSA_ALG_ECDH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_ECDH</span></code></a> performs X448 when used with this curve.</p>
-</div>
-<div class="section" id="PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE">
-<span id="c.PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE  ((psa_key_type_t)0x60040000)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_KEY_TYPE_DH_KEY_PAIR_BASE">
-<span id="c.PSA_KEY_TYPE_DH_KEY_PAIR_BASE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DH_KEY_PAIR_BASE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_DH_KEY_PAIR_BASE  ((psa_key_type_t)0x70040000)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_KEY_TYPE_DH_GROUP_MASK">
-<span id="c.PSA_KEY_TYPE_DH_GROUP_MASK"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DH_GROUP_MASK</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_DH_GROUP_MASK  ((psa_key_type_t)0x0000ffff)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_KEY_TYPE_DH_KEY_PAIR">
-<span id="c.PSA_KEY_TYPE_DH_KEY_PAIR"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DH_KEY_PAIR</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_DH_KEY_PAIR(group) \</span>
-<span class="cp">    (PSA_KEY_TYPE_DH_KEY_PAIR_BASE | (group))</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">group</span></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Diffie-Hellman key pair.</p>
-</div>
-<div class="section" id="PSA_KEY_TYPE_DH_PUBLIC_KEY">
-<span id="c.PSA_KEY_TYPE_DH_PUBLIC_KEY"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DH_PUBLIC_KEY</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_DH_PUBLIC_KEY(group) \</span>
-<span class="cp">    (PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE | (group))</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">group</span></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Diffie-Hellman public key.</p>
-</div>
-<div class="section" id="PSA_KEY_TYPE_IS_DH">
-<span id="c.PSA_KEY_TYPE_IS_DH"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_DH</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_IS_DH(type) \</span>
-<span class="cp">    ((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) &amp; ~PSA_KEY_TYPE_DH_GROUP_MASK) == PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">type</span></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Whether a key type is a Diffie-Hellman key (pair or public-only).</p>
-</div>
-<div class="section" id="PSA_KEY_TYPE_IS_DH_KEY_PAIR">
-<span id="c.PSA_KEY_TYPE_IS_DH_KEY_PAIR"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_DH_KEY_PAIR</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_IS_DH_KEY_PAIR(type) \</span>
-<span class="cp">    (((type) &amp; ~PSA_KEY_TYPE_DH_GROUP_MASK) == PSA_KEY_TYPE_DH_KEY_PAIR_BASE)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">type</span></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Whether a key type is a Diffie-Hellman key pair.</p>
-</div>
-<div class="section" id="PSA_KEY_TYPE_IS_DH_PUBLIC_KEY">
-<span id="c.PSA_KEY_TYPE_IS_DH_PUBLIC_KEY"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_DH_PUBLIC_KEY</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_IS_DH_PUBLIC_KEY(type) \</span>
-<span class="cp">    (((type) &amp; ~PSA_KEY_TYPE_DH_GROUP_MASK) == PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">type</span></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Whether a key type is a Diffie-Hellman public key.</p>
-</div>
-<div class="section" id="PSA_KEY_TYPE_GET_GROUP">
-<span id="c.PSA_KEY_TYPE_GET_GROUP"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_GET_GROUP</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_TYPE_GET_GROUP(type) \</span>
-<span class="cp">    ((psa_dh_group_t) (PSA_KEY_TYPE_IS_DH(type) ? ((type) &amp; PSA_KEY_TYPE_DH_GROUP_MASK) : 0))</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">type</span></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Extract the group from a Diffie-Hellman key type.</p>
-</div>
-<div class="section" id="PSA_DH_GROUP_FFDHE2048">
-<span id="c.PSA_DH_GROUP_FFDHE2048"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_DH_GROUP_FFDHE2048</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_DH_GROUP_FFDHE2048  ((psa_dh_group_t) 0x0100)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_DH_GROUP_FFDHE3072">
-<span id="c.PSA_DH_GROUP_FFDHE3072"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_DH_GROUP_FFDHE3072</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_DH_GROUP_FFDHE3072  ((psa_dh_group_t) 0x0101)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_DH_GROUP_FFDHE4096">
-<span id="c.PSA_DH_GROUP_FFDHE4096"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_DH_GROUP_FFDHE4096</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_DH_GROUP_FFDHE4096  ((psa_dh_group_t) 0x0102)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_DH_GROUP_FFDHE6144">
-<span id="c.PSA_DH_GROUP_FFDHE6144"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_DH_GROUP_FFDHE6144</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_DH_GROUP_FFDHE6144  ((psa_dh_group_t) 0x0103)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_DH_GROUP_FFDHE8192">
-<span id="c.PSA_DH_GROUP_FFDHE8192"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_DH_GROUP_FFDHE8192</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_DH_GROUP_FFDHE8192  ((psa_dh_group_t) 0x0104)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_BLOCK_CIPHER_BLOCK_SIZE">
-<span id="c.PSA_BLOCK_CIPHER_BLOCK_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_BLOCK_CIPHER_BLOCK_SIZE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_BLOCK_CIPHER_BLOCK_SIZE(type) \</span>
-<span class="cp">    ( (type) == PSA_KEY_TYPE_AES ? 16 : (type) == PSA_KEY_TYPE_DES ? 8 : (type) == PSA_KEY_TYPE_CAMELLIA ? 16 : (type) == PSA_KEY_TYPE_ARC4 ? 1 : 0)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">type</span></code></dt>
-<dd>A cipher key type (value of type <a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_key_type_t</span></code></a>).</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>The block size for a block cipher, or 1 for a stream cipher. The return value is undefined if <code class="docutils literal notranslate"><span class="pre">type</span></code> is not a supported cipher key type.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>The block size of a block cipher.</p>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">It is possible to build stream cipher algorithms on top of a block cipher, for example CTR mode (<a class="reference internal" href="#c.PSA_ALG_CTR" title="PSA_ALG_CTR"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_CTR</span></code></a>). This macro only takes the key type into account, so it cannot be used to determine the size of the data that <a class="reference internal" href="#c.psa_cipher_update" title="psa_cipher_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_update()</span></code></a> might buffer for future processing in general.</p>
-</div>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">This macro returns a compile-time constant if its argument is one.</p>
-</div>
-<div class="admonition warning">
-<p class="first admonition-title">Warning</p>
-<p class="last">This macro may evaluate its argument multiple times.</p>
-</div>
-</div>
-<div class="section" id="PSA_ALG_VENDOR_FLAG">
-<span id="c.PSA_ALG_VENDOR_FLAG"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_VENDOR_FLAG</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_VENDOR_FLAG  ((psa_algorithm_t)0x80000000)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_CATEGORY_MASK">
-<span id="c.PSA_ALG_CATEGORY_MASK"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_MASK</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_CATEGORY_MASK  ((psa_algorithm_t)0x7f000000)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_CATEGORY_HASH">
-<span id="c.PSA_ALG_CATEGORY_HASH"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_HASH</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_CATEGORY_HASH  ((psa_algorithm_t)0x01000000)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_CATEGORY_MAC">
-<span id="c.PSA_ALG_CATEGORY_MAC"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_MAC</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_CATEGORY_MAC  ((psa_algorithm_t)0x02000000)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_CATEGORY_CIPHER">
-<span id="c.PSA_ALG_CATEGORY_CIPHER"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_CIPHER</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_CATEGORY_CIPHER  ((psa_algorithm_t)0x04000000)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_CATEGORY_AEAD">
-<span id="c.PSA_ALG_CATEGORY_AEAD"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_AEAD</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_CATEGORY_AEAD  ((psa_algorithm_t)0x06000000)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_CATEGORY_SIGN">
-<span id="c.PSA_ALG_CATEGORY_SIGN"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_SIGN</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_CATEGORY_SIGN  ((psa_algorithm_t)0x10000000)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION">
-<span id="c.PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION  ((psa_algorithm_t)0x12000000)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_CATEGORY_KEY_DERIVATION">
-<span id="c.PSA_ALG_CATEGORY_KEY_DERIVATION"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_KEY_DERIVATION</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_CATEGORY_KEY_DERIVATION  ((psa_algorithm_t)0x20000000)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_CATEGORY_KEY_AGREEMENT">
-<span id="c.PSA_ALG_CATEGORY_KEY_AGREEMENT"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_KEY_AGREEMENT</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_CATEGORY_KEY_AGREEMENT  ((psa_algorithm_t)0x30000000)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_IS_VENDOR_DEFINED">
-<span id="c.PSA_ALG_IS_VENDOR_DEFINED"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_VENDOR_DEFINED</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_VENDOR_DEFINED(alg)  (((alg) &amp; PSA_ALG_VENDOR_FLAG) != 0)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-</div>
-<div class="section" id="PSA_ALG_IS_HASH">
-<span id="c.PSA_ALG_IS_HASH"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_HASH</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_HASH(alg) \</span>
-<span class="cp">    (((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_HASH)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is a hash algorithm, 0 otherwise. This macro may return either 0 or 1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Whether the specified algorithm is a hash algorithm.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_MAC">
-<span id="c.PSA_ALG_IS_MAC"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_MAC</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_MAC(alg) \</span>
-<span class="cp">    (((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_MAC)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is a MAC algorithm, 0 otherwise. This macro may return either 0 or 1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Whether the specified algorithm is a MAC algorithm.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_CIPHER">
-<span id="c.PSA_ALG_IS_CIPHER"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_CIPHER</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_CIPHER(alg) \</span>
-<span class="cp">    (((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_CIPHER)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is a symmetric cipher algorithm, 0 otherwise. This macro may return either 0 or 1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Whether the specified algorithm is a symmetric cipher algorithm.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_AEAD">
-<span id="c.PSA_ALG_IS_AEAD"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_AEAD</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_AEAD(alg) \</span>
-<span class="cp">    (((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_AEAD)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is an AEAD algorithm, 0 otherwise. This macro may return either 0 or 1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Whether the specified algorithm is an authenticated encryption with associated data (AEAD) algorithm.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_SIGN">
-<span id="c.PSA_ALG_IS_SIGN"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_SIGN</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_SIGN(alg) \</span>
-<span class="cp">    (((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_SIGN)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is a public-key signature algorithm, 0 otherwise. This macro may return either 0 or 1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Whether the specified algorithm is a public-key signature algorithm.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_ASYMMETRIC_ENCRYPTION">
-<span id="c.PSA_ALG_IS_ASYMMETRIC_ENCRYPTION"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_ASYMMETRIC_ENCRYPTION</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg) \</span>
-<span class="cp">    (((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is a public-key encryption algorithm, 0 otherwise. This macro may return either 0 or 1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Whether the specified algorithm is a public-key encryption algorithm.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_KEY_AGREEMENT">
-<span id="c.PSA_ALG_IS_KEY_AGREEMENT"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_KEY_AGREEMENT</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_KEY_AGREEMENT(alg) \</span>
-<span class="cp">    (((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_KEY_AGREEMENT)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is a key agreement algorithm, 0 otherwise. This macro may return either 0 or 1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Whether the specified algorithm is a key agreement algorithm.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_KEY_DERIVATION">
-<span id="c.PSA_ALG_IS_KEY_DERIVATION"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_KEY_DERIVATION</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_KEY_DERIVATION(alg) \</span>
-<span class="cp">    (((alg) &amp; PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_KEY_DERIVATION)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is a key derivation algorithm, 0 otherwise. This macro may return either 0 or 1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Whether the specified algorithm is a key derivation algorithm.</p>
-</div>
-<div class="section" id="PSA_ALG_HASH_MASK">
-<span id="c.PSA_ALG_HASH_MASK"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HASH_MASK</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_HASH_MASK  ((psa_algorithm_t)0x000000ff)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_MD2">
-<span id="c.PSA_ALG_MD2"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_MD2</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_MD2  ((psa_algorithm_t)0x01000001)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_MD4">
-<span id="c.PSA_ALG_MD4"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_MD4</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_MD4  ((psa_algorithm_t)0x01000002)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_MD5">
-<span id="c.PSA_ALG_MD5"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_MD5</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_MD5  ((psa_algorithm_t)0x01000003)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_RIPEMD160">
-<span id="c.PSA_ALG_RIPEMD160"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RIPEMD160</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_RIPEMD160  ((psa_algorithm_t)0x01000004)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_SHA_1">
-<span id="c.PSA_ALG_SHA_1"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA_1</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_SHA_1  ((psa_algorithm_t)0x01000005)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_SHA_224">
-<span id="c.PSA_ALG_SHA_224"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA_224</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_SHA_224  ((psa_algorithm_t)0x01000008)</span>
-</pre></div>
-</div>
-<p>SHA2-224.</p>
-</div>
-<div class="section" id="PSA_ALG_SHA_256">
-<span id="c.PSA_ALG_SHA_256"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA_256</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_SHA_256  ((psa_algorithm_t)0x01000009)</span>
-</pre></div>
-</div>
-<p>SHA2-256.</p>
-</div>
-<div class="section" id="PSA_ALG_SHA_384">
-<span id="c.PSA_ALG_SHA_384"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA_384</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_SHA_384  ((psa_algorithm_t)0x0100000a)</span>
-</pre></div>
-</div>
-<p>SHA2-384.</p>
-</div>
-<div class="section" id="PSA_ALG_SHA_512">
-<span id="c.PSA_ALG_SHA_512"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA_512</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_SHA_512  ((psa_algorithm_t)0x0100000b)</span>
-</pre></div>
-</div>
-<p>SHA2-512.</p>
-</div>
-<div class="section" id="PSA_ALG_SHA_512_224">
-<span id="c.PSA_ALG_SHA_512_224"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA_512_224</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_SHA_512_224  ((psa_algorithm_t)0x0100000c)</span>
-</pre></div>
-</div>
-<p>SHA2-512/224.</p>
-</div>
-<div class="section" id="PSA_ALG_SHA_512_256">
-<span id="c.PSA_ALG_SHA_512_256"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA_512_256</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_SHA_512_256  ((psa_algorithm_t)0x0100000d)</span>
-</pre></div>
-</div>
-<p>SHA2-512/256.</p>
-</div>
-<div class="section" id="PSA_ALG_SHA3_224">
-<span id="c.PSA_ALG_SHA3_224"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA3_224</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_SHA3_224  ((psa_algorithm_t)0x01000010)</span>
-</pre></div>
-</div>
-<p>SHA3-224.</p>
-</div>
-<div class="section" id="PSA_ALG_SHA3_256">
-<span id="c.PSA_ALG_SHA3_256"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA3_256</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_SHA3_256  ((psa_algorithm_t)0x01000011)</span>
-</pre></div>
-</div>
-<p>SHA3-256.</p>
-</div>
-<div class="section" id="PSA_ALG_SHA3_384">
-<span id="c.PSA_ALG_SHA3_384"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA3_384</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_SHA3_384  ((psa_algorithm_t)0x01000012)</span>
-</pre></div>
-</div>
-<p>SHA3-384.</p>
-</div>
-<div class="section" id="PSA_ALG_SHA3_512">
-<span id="c.PSA_ALG_SHA3_512"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA3_512</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_SHA3_512  ((psa_algorithm_t)0x01000013)</span>
-</pre></div>
-</div>
-<p>SHA3-512.</p>
-</div>
-<div class="section" id="PSA_ALG_ANY_HASH">
-<span id="c.PSA_ALG_ANY_HASH"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_ANY_HASH</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_ANY_HASH  ((psa_algorithm_t)0x010000ff)</span>
-</pre></div>
-</div>
-<p>In a hash-and-sign algorithm policy, allow any hash algorithm.</p>
-<p>This value may be used to form the algorithm usage field of a policy for a signature algorithm that is parametrized by a hash. The key may then be used to perform operations using the same signature algorithm parametrized with any supported hash.</p>
-<p>That is, suppose that <code class="docutils literal notranslate"><span class="pre">PSA_xxx_SIGNATURE</span></code> is one of the following macros:</p>
-<ul>
-<li><p class="first"><a class="reference internal" href="#c.PSA_ALG_RSA_PKCS1V15_SIGN" title="PSA_ALG_RSA_PKCS1V15_SIGN"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN</span></code></a>, <a class="reference internal" href="#c.PSA_ALG_RSA_PSS" title="PSA_ALG_RSA_PSS"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PSS</span></code></a>,</p>
-</li>
-<li><p class="first"><a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_ECDSA</span></code></a>, <a class="reference internal" href="#c.PSA_ALG_DETERMINISTIC_ECDSA" title="PSA_ALG_DETERMINISTIC_ECDSA"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code></a>. Then you may create and use a key as follows:</p>
-</li>
-<li><p class="first">Set the key usage field using <a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_ANY_HASH</span></code></a>, for example:</p>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_set_key_usage_flags</span><span class="p">(</span><span class="o">&amp;</span><span class="n">attributes</span><span class="p">,</span> <span class="n">PSA_KEY_USAGE_SIGN</span><span class="p">);</span> <span class="c1">// or VERIFY</span>
-<span class="n">psa_set_key_algorithm</span><span class="p">(</span><span class="o">&amp;</span><span class="n">attributes</span><span class="p">,</span> <span class="n">PSA_xxx_SIGNATURE</span><span class="p">(</span><span class="n">PSA_ALG_ANY_HASH</span><span class="p">));</span>
-</pre></div>
-</div>
-</li>
-<li><p class="first">Import or generate key material.</p>
-</li>
-<li><p class="first">Call <a class="reference internal" href="#c.psa_asymmetric_sign" title="psa_asymmetric_sign"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_asymmetric_sign()</span></code></a> or <a class="reference internal" href="#c.psa_asymmetric_verify" title="psa_asymmetric_verify"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_asymmetric_verify()</span></code></a>, passing an algorithm built from <code class="docutils literal notranslate"><span class="pre">PSA_xxx_SIGNATURE</span></code> and a specific hash. Each call to sign or verify a message may use a different hash.</p>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_asymmetric_sign</span><span class="p">(</span><span class="n">handle</span><span class="p">,</span> <span class="n">PSA_xxx_SIGNATURE</span><span class="p">(</span><span class="n">PSA_ALG_SHA_256</span><span class="p">),</span> <span class="p">...);</span>
-<span class="n">psa_asymmetric_sign</span><span class="p">(</span><span class="n">handle</span><span class="p">,</span> <span class="n">PSA_xxx_SIGNATURE</span><span class="p">(</span><span class="n">PSA_ALG_SHA_512</span><span class="p">),</span> <span class="p">...);</span>
-<span class="n">psa_asymmetric_sign</span><span class="p">(</span><span class="n">handle</span><span class="p">,</span> <span class="n">PSA_xxx_SIGNATURE</span><span class="p">(</span><span class="n">PSA_ALG_SHA3_256</span><span class="p">),</span> <span class="p">...);</span>
-</pre></div>
-</div>
-</li>
-</ul>
-<p>This value may not be used to build other algorithms that are parametrized over a hash. For any valid use of this macro to build an algorithm <code class="docutils literal notranslate"><span class="pre">alg</span></code>, <a class="reference internal" href="#c.PSA_ALG_IS_HASH_AND_SIGN" title="PSA_ALG_IS_HASH_AND_SIGN"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_HASH_AND_SIGN</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true.</p>
-<p>This value may not be used to build an algorithm specification to perform an operation. It is only valid to build policies.</p>
-</div>
-<div class="section" id="PSA_ALG_MAC_SUBCATEGORY_MASK">
-<span id="c.PSA_ALG_MAC_SUBCATEGORY_MASK"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_MAC_SUBCATEGORY_MASK</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_MAC_SUBCATEGORY_MASK  ((psa_algorithm_t)0x00c00000)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_HMAC_BASE">
-<span id="c.PSA_ALG_HMAC_BASE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HMAC_BASE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_HMAC_BASE  ((psa_algorithm_t)0x02800000)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_HMAC">
-<span id="c.PSA_ALG_HMAC"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HMAC</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_HMAC(hash_alg) \</span>
-<span class="cp">    (PSA_ALG_HMAC_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">hash_alg</span></code></dt>
-<dd>A hash algorithm (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_HASH</span></code></a>(<code class="docutils literal notranslate"><span class="pre">hash_alg</span></code>) is true).</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>The corresponding HMAC algorithm.</p>
-<p>Unspecified if <code class="docutils literal notranslate"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Macro to build an HMAC algorithm.</p>
-<p>For example, <a class="reference internal" href="#c.PSA_ALG_HMAC" title="PSA_ALG_HMAC"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_HMAC</span></code></a>(<a class="reference internal" href="#c.PSA_ALG_SHA_256" title="PSA_ALG_SHA_256"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_SHA_256</span></code></a>) is HMAC-SHA-256.</p>
-</div>
-<div class="section" id="PSA_ALG_HMAC_GET_HASH">
-<span id="c.PSA_ALG_HMAC_GET_HASH"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HMAC_GET_HASH</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_HMAC_GET_HASH(hmac_alg) \</span>
-<span class="cp">    (PSA_ALG_CATEGORY_HASH | ((hmac_alg) &amp; PSA_ALG_HASH_MASK))</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">hmac_alg</span></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-</div>
-<div class="section" id="PSA_ALG_IS_HMAC">
-<span id="c.PSA_ALG_IS_HMAC"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_HMAC</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_HMAC(alg) \</span>
-<span class="cp">    (((alg) &amp; (PSA_ALG_CATEGORY_MASK | PSA_ALG_MAC_SUBCATEGORY_MASK)) == PSA_ALG_HMAC_BASE)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is an HMAC algorithm, 0 otherwise. This macro may return either 0 or 1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Whether the specified algorithm is an HMAC algorithm.</p>
-<p>HMAC is a family of MAC algorithms that are based on a hash function.</p>
-</div>
-<div class="section" id="PSA_ALG_MAC_TRUNCATION_MASK">
-<span id="c.PSA_ALG_MAC_TRUNCATION_MASK"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_MAC_TRUNCATION_MASK</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_MAC_TRUNCATION_MASK  ((psa_algorithm_t)0x00003f00)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_MAC_TRUNCATION_OFFSET">
-<span id="c.PSA_MAC_TRUNCATION_OFFSET"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_MAC_TRUNCATION_OFFSET</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_MAC_TRUNCATION_OFFSET  8</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_TRUNCATED_MAC">
-<span id="c.PSA_ALG_TRUNCATED_MAC"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TRUNCATED_MAC</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_TRUNCATED_MAC(mac_alg, mac_length) \</span>
-<span class="cp">    (((mac_alg) &amp; ~PSA_ALG_MAC_TRUNCATION_MASK) | ((mac_length) &lt;&lt; PSA_MAC_TRUNCATION_OFFSET &amp; PSA_ALG_MAC_TRUNCATION_MASK))</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">mac_alg</span></code></dt>
-<dd>A MAC algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_MAC</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true). This may be a truncated or untruncated MAC algorithm.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">mac_length</span></code></dt>
-<dd>Desired length of the truncated MAC in bytes. This must be at most the full length of the MAC and must be at least an implementation-specified minimum. The implementation-specified minimum shall not be zero.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>The corresponding MAC algorithm with the specified length.</p>
-<p>Unspecified if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported MAC algorithm or if <code class="docutils literal notranslate"><span class="pre">mac_length</span></code> is too small or too large for the specified MAC algorithm.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Macro to build a truncated MAC algorithm.</p>
-<p>A truncated MAC algorithm is identical to the corresponding MAC algorithm except that the MAC value for the truncated algorithm consists of only the first <code class="docutils literal notranslate"><span class="pre">mac_length</span></code> bytes of the MAC value for the untruncated algorithm.</p>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">This macro may allow constructing algorithm identifiers that are not valid, either because the specified length is larger than the untruncated MAC or because the specified length is smaller than permitted by the implementation.</p>
-</div>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">It is implementation-defined whether a truncated MAC that is truncated to the same length as the MAC of the untruncated algorithm is considered identical to the untruncated algorithm for policy comparison purposes.</p>
-</div>
-</div>
-<div class="section" id="PSA_ALG_FULL_LENGTH_MAC">
-<span id="c.PSA_ALG_FULL_LENGTH_MAC"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_FULL_LENGTH_MAC</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_FULL_LENGTH_MAC(mac_alg) \</span>
-<span class="cp">    ((mac_alg) &amp; ~PSA_ALG_MAC_TRUNCATION_MASK)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">mac_alg</span></code></dt>
-<dd>A MAC algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_MAC</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true). This may be a truncated or untruncated MAC algorithm.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>The corresponding base MAC algorithm.</p>
-<p>Unspecified if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported MAC algorithm.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Macro to build the base MAC algorithm corresponding to a truncated MAC algorithm.</p>
-</div>
-<div class="section" id="PSA_MAC_TRUNCATED_LENGTH">
-<span id="c.PSA_MAC_TRUNCATED_LENGTH"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_MAC_TRUNCATED_LENGTH</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_MAC_TRUNCATED_LENGTH(mac_alg) \</span>
-<span class="cp">    (((mac_alg) &amp; PSA_ALG_MAC_TRUNCATION_MASK) &gt;&gt; PSA_MAC_TRUNCATION_OFFSET)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">mac_alg</span></code></dt>
-<dd>A MAC algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_MAC</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>Length of the truncated MAC in bytes.</p>
-<p>0 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is a non-truncated MAC algorithm.</p>
-<p>Unspecified if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported MAC algorithm.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Length to which a MAC algorithm is truncated.</p>
-</div>
-<div class="section" id="PSA_ALG_CIPHER_MAC_BASE">
-<span id="c.PSA_ALG_CIPHER_MAC_BASE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CIPHER_MAC_BASE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_CIPHER_MAC_BASE  ((psa_algorithm_t)0x02c00000)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_CBC_MAC">
-<span id="c.PSA_ALG_CBC_MAC"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CBC_MAC</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_CBC_MAC  ((psa_algorithm_t)0x02c00001)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_CMAC">
-<span id="c.PSA_ALG_CMAC"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CMAC</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_CMAC  ((psa_algorithm_t)0x02c00002)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_GMAC">
-<span id="c.PSA_ALG_GMAC"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_GMAC</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_GMAC  ((psa_algorithm_t)0x02c00003)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_IS_BLOCK_CIPHER_MAC">
-<span id="c.PSA_ALG_IS_BLOCK_CIPHER_MAC"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_BLOCK_CIPHER_MAC</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) \</span>
-<span class="cp">    (((alg) &amp; (PSA_ALG_CATEGORY_MASK | PSA_ALG_MAC_SUBCATEGORY_MASK)) == PSA_ALG_CIPHER_MAC_BASE)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is a MAC algorithm based on a block cipher, 0 otherwise. This macro may return either 0 or 1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Whether the specified algorithm is a MAC algorithm based on a block cipher.</p>
-</div>
-<div class="section" id="PSA_ALG_CIPHER_STREAM_FLAG">
-<span id="c.PSA_ALG_CIPHER_STREAM_FLAG"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CIPHER_STREAM_FLAG</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_CIPHER_STREAM_FLAG  ((psa_algorithm_t)0x00800000)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_CIPHER_FROM_BLOCK_FLAG">
-<span id="c.PSA_ALG_CIPHER_FROM_BLOCK_FLAG"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CIPHER_FROM_BLOCK_FLAG</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_CIPHER_FROM_BLOCK_FLAG  ((psa_algorithm_t)0x00400000)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_IS_STREAM_CIPHER">
-<span id="c.PSA_ALG_IS_STREAM_CIPHER"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_STREAM_CIPHER</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_STREAM_CIPHER(alg) \</span>
-<span class="cp">    (((alg) &amp; (PSA_ALG_CATEGORY_MASK | PSA_ALG_CIPHER_STREAM_FLAG)) == (PSA_ALG_CATEGORY_CIPHER | PSA_ALG_CIPHER_STREAM_FLAG))</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is a stream cipher algorithm, 0 otherwise. This macro may return either 0 or 1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported algorithm identifier or if it is not a symmetric cipher algorithm.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Whether the specified algorithm is a stream cipher.</p>
-<p>A stream cipher is a symmetric cipher that encrypts or decrypts messages by applying a bitwise-xor with a stream of bytes that is generated from a key.</p>
-</div>
-<div class="section" id="PSA_ALG_ARC4">
-<span id="c.PSA_ALG_ARC4"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_ARC4</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_ARC4  ((psa_algorithm_t)0x04800001)</span>
-</pre></div>
-</div>
-<p>The ARC4 stream cipher algorithm.</p>
-</div>
-<div class="section" id="PSA_ALG_CHACHA20">
-<span id="c.PSA_ALG_CHACHA20"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CHACHA20</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_CHACHA20  ((psa_algorithm_t)0x04800005)</span>
-</pre></div>
-</div>
-<p>The ChaCha20 stream cipher.</p>
-<p>ChaCha20 is defined in RFC 7539.</p>
-<p>The nonce size for <a class="reference internal" href="#c.psa_cipher_set_iv" title="psa_cipher_set_iv"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_set_iv()</span></code></a> or <a class="reference internal" href="#c.psa_cipher_generate_iv" title="psa_cipher_generate_iv"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_cipher_generate_iv()</span></code></a> must be 12.</p>
-<p>The initial block counter is always 0.</p>
-</div>
-<div class="section" id="PSA_ALG_CTR">
-<span id="c.PSA_ALG_CTR"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CTR</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_CTR  ((psa_algorithm_t)0x04c00001)</span>
-</pre></div>
-</div>
-<p>The CTR stream cipher mode.</p>
-<p>CTR is a stream cipher which is built from a block cipher. The underlying block cipher is determined by the key type. For example, to use AES-128-CTR, use this algorithm with a key of type <a class="reference internal" href="#c.PSA_KEY_TYPE_AES" title="PSA_KEY_TYPE_AES"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_AES</span></code></a> and a length of 128 bits (16 bytes).</p>
-</div>
-<div class="section" id="PSA_ALG_CFB">
-<span id="c.PSA_ALG_CFB"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CFB</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_CFB  ((psa_algorithm_t)0x04c00002)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_OFB">
-<span id="c.PSA_ALG_OFB"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_OFB</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_OFB  ((psa_algorithm_t)0x04c00003)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_XTS">
-<span id="c.PSA_ALG_XTS"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_XTS</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_XTS  ((psa_algorithm_t)0x044000ff)</span>
-</pre></div>
-</div>
-<p>The XTS cipher mode.</p>
-<p>XTS is a cipher mode which is built from a block cipher. It requires at least one full block of input, but beyond this minimum the input does not need to be a whole number of blocks.</p>
-</div>
-<div class="section" id="PSA_ALG_CBC_NO_PADDING">
-<span id="c.PSA_ALG_CBC_NO_PADDING"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CBC_NO_PADDING</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_CBC_NO_PADDING  ((psa_algorithm_t)0x04600100)</span>
-</pre></div>
-</div>
-<p>The CBC block cipher chaining mode, with no padding.</p>
-<p>The underlying block cipher is determined by the key type.</p>
-<p>This symmetric cipher mode can only be used with messages whose lengths are whole number of blocks for the chosen block cipher.</p>
-</div>
-<div class="section" id="PSA_ALG_CBC_PKCS7">
-<span id="c.PSA_ALG_CBC_PKCS7"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CBC_PKCS7</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_CBC_PKCS7  ((psa_algorithm_t)0x04600101)</span>
-</pre></div>
-</div>
-<p>The CBC block cipher chaining mode with PKCS#7 padding.</p>
-<p>The underlying block cipher is determined by the key type.</p>
-<p>This is the padding method defined by PKCS#7 (RFC 2315) §10.3.</p>
-</div>
-<div class="section" id="PSA_ALG_AEAD_FROM_BLOCK_FLAG">
-<span id="c.PSA_ALG_AEAD_FROM_BLOCK_FLAG"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_AEAD_FROM_BLOCK_FLAG</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_AEAD_FROM_BLOCK_FLAG  ((psa_algorithm_t)0x00400000)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER">
-<span id="c.PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) \</span>
-<span class="cp">    (((alg) &amp; (PSA_ALG_CATEGORY_MASK | PSA_ALG_AEAD_FROM_BLOCK_FLAG)) == (PSA_ALG_CATEGORY_AEAD | PSA_ALG_AEAD_FROM_BLOCK_FLAG))</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is an AEAD algorithm which is an AEAD mode based on a block cipher, 0 otherwise. This macro may return either 0 or 1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Whether the specified algorithm is an AEAD mode on a block cipher.</p>
-</div>
-<div class="section" id="PSA_ALG_CCM">
-<span id="c.PSA_ALG_CCM"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CCM</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_CCM  ((psa_algorithm_t)0x06401001)</span>
-</pre></div>
-</div>
-<p>The CCM authenticated encryption algorithm.</p>
-</div>
-<div class="section" id="PSA_ALG_GCM">
-<span id="c.PSA_ALG_GCM"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_GCM</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_GCM  ((psa_algorithm_t)0x06401002)</span>
-</pre></div>
-</div>
-<p>The GCM authenticated encryption algorithm.</p>
-</div>
-<div class="section" id="PSA_ALG_CHACHA20_POLY1305">
-<span id="c.PSA_ALG_CHACHA20_POLY1305"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CHACHA20_POLY1305</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_CHACHA20_POLY1305  ((psa_algorithm_t)0x06001005)</span>
-</pre></div>
-</div>
-<p>The Chacha20-Poly1305 AEAD algorithm.</p>
-<p>The ChaCha20_Poly1305 construction is defined in RFC 7539.</p>
-<p>Implementations must support 12-byte nonces, may support 8-byte nonces, and should reject other sizes.</p>
-<p>Implementations must support 16-byte tags and should reject other sizes.</p>
-</div>
-<div class="section" id="PSA_ALG_AEAD_TAG_LENGTH_MASK">
-<span id="c.PSA_ALG_AEAD_TAG_LENGTH_MASK"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_AEAD_TAG_LENGTH_MASK</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_AEAD_TAG_LENGTH_MASK  ((psa_algorithm_t)0x00003f00)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_AEAD_TAG_LENGTH_OFFSET">
-<span id="c.PSA_AEAD_TAG_LENGTH_OFFSET"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_TAG_LENGTH_OFFSET</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_AEAD_TAG_LENGTH_OFFSET  8</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_AEAD_WITH_TAG_LENGTH">
-<span id="c.PSA_ALG_AEAD_WITH_TAG_LENGTH"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_AEAD_WITH_TAG_LENGTH</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_AEAD_WITH_TAG_LENGTH(aead_alg, tag_length) \</span>
-<span class="cp">    (((aead_alg) &amp; ~PSA_ALG_AEAD_TAG_LENGTH_MASK) | ((tag_length) &lt;&lt; PSA_AEAD_TAG_LENGTH_OFFSET &amp; PSA_ALG_AEAD_TAG_LENGTH_MASK))</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">aead_alg</span></code></dt>
-<dd>An AEAD algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_AEAD</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">tag_length</span></code></dt>
-<dd>Desired length of the authentication tag in bytes.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>The corresponding AEAD algorithm with the specified length.</p>
-<p>Unspecified if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported AEAD algorithm or if <code class="docutils literal notranslate"><span class="pre">tag_length</span></code> is not valid for the specified AEAD algorithm.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Macro to build a shortened AEAD algorithm.</p>
-<p>A shortened AEAD algorithm is similar to the corresponding AEAD algorithm, but has an authentication tag that consists of fewer bytes. Depending on the algorithm, the tag length may affect the calculation of the ciphertext.</p>
-</div>
-<div class="section" id="PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH">
-<span id="c.PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(aead_alg) \</span>
-<span class="cp">    ( PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(aead_alg, PSA_ALG_CCM) PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(aead_alg, PSA_ALG_GCM) PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(aead_alg, PSA_ALG_CHACHA20_POLY1305) 0)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">aead_alg</span></code></dt>
-<dd>An AEAD algorithm (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_AEAD</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>The corresponding AEAD algorithm with the default tag length for that algorithm.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Calculate the corresponding AEAD algorithm with the default tag length.</p>
-</div>
-<div class="section" id="PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE">
-<span id="c.PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(aead_alg, ref) \</span>
-<span class="cp">    PSA_ALG_AEAD_WITH_TAG_LENGTH(aead_alg, 0) == PSA_ALG_AEAD_WITH_TAG_LENGTH(ref, 0) ? ref :</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">aead_alg</span></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">ref</span></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-</div>
-<div class="section" id="PSA_ALG_RSA_PKCS1V15_SIGN_BASE">
-<span id="c.PSA_ALG_RSA_PKCS1V15_SIGN_BASE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN_BASE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_RSA_PKCS1V15_SIGN_BASE  ((psa_algorithm_t)0x10020000)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_RSA_PKCS1V15_SIGN">
-<span id="c.PSA_ALG_RSA_PKCS1V15_SIGN"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_RSA_PKCS1V15_SIGN(hash_alg) \</span>
-<span class="cp">    (PSA_ALG_RSA_PKCS1V15_SIGN_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">hash_alg</span></code></dt>
-<dd>A hash algorithm (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_HASH</span></code></a>(<code class="docutils literal notranslate"><span class="pre">hash_alg</span></code>) is true). This includes <a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_ANY_HASH</span></code></a> when specifying the algorithm in a usage policy.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>The corresponding RSA PKCS#1 v1.5 signature algorithm.</p>
-<p>Unspecified if <code class="docutils literal notranslate"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>RSA PKCS#1 v1.5 signature with hashing.</p>
-<p>This is the signature scheme defined by RFC 8017 (PKCS#1: RSA Cryptography Specifications) under the name RSASSA-PKCS1-v1_5.</p>
-</div>
-<div class="section" id="PSA_ALG_RSA_PKCS1V15_SIGN_RAW">
-<span id="c.PSA_ALG_RSA_PKCS1V15_SIGN_RAW"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_RSA_PKCS1V15_SIGN_RAW  PSA_ALG_RSA_PKCS1V15_SIGN_BASE</span>
-</pre></div>
-</div>
-<p>Raw PKCS#1 v1.5 signature.</p>
-<p>The input to this algorithm is the DigestInfo structure used by RFC 8017 (PKCS#1: RSA Cryptography Specifications), §9.2 steps 3–6.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_RSA_PKCS1V15_SIGN">
-<span id="c.PSA_ALG_IS_RSA_PKCS1V15_SIGN"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_RSA_PKCS1V15_SIGN</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) \</span>
-<span class="cp">    (((alg) &amp; ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PKCS1V15_SIGN_BASE)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-</div>
-<div class="section" id="PSA_ALG_RSA_PSS_BASE">
-<span id="c.PSA_ALG_RSA_PSS_BASE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PSS_BASE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_RSA_PSS_BASE  ((psa_algorithm_t)0x10030000)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_RSA_PSS">
-<span id="c.PSA_ALG_RSA_PSS"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PSS</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_RSA_PSS(hash_alg) \</span>
-<span class="cp">    (PSA_ALG_RSA_PSS_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">hash_alg</span></code></dt>
-<dd>A hash algorithm (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_HASH</span></code></a>(<code class="docutils literal notranslate"><span class="pre">hash_alg</span></code>) is true). This includes <a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_ANY_HASH</span></code></a> when specifying the algorithm in a usage policy.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>The corresponding RSA PSS signature algorithm.</p>
-<p>Unspecified if <code class="docutils literal notranslate"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>RSA PSS signature with hashing.</p>
-<p>This is the signature scheme defined by RFC 8017 (PKCS#1: RSA Cryptography Specifications) under the name RSASSA-PSS, with the message generation function MGF1, and with a salt length equal to the length of the hash. The specified hash algorithm is used to hash the input message, to create the salted hash, and for the mask generation.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_RSA_PSS">
-<span id="c.PSA_ALG_IS_RSA_PSS"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_RSA_PSS</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_RSA_PSS(alg) \</span>
-<span class="cp">    (((alg) &amp; ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PSS_BASE)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-</div>
-<div class="section" id="PSA_ALG_ECDSA_BASE">
-<span id="c.PSA_ALG_ECDSA_BASE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_ECDSA_BASE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_ECDSA_BASE  ((psa_algorithm_t)0x10060000)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_ECDSA">
-<span id="c.PSA_ALG_ECDSA"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_ECDSA</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_ECDSA(hash_alg) \</span>
-<span class="cp">    (PSA_ALG_ECDSA_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">hash_alg</span></code></dt>
-<dd>A hash algorithm (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_HASH</span></code></a>(<code class="docutils literal notranslate"><span class="pre">hash_alg</span></code>) is true). This includes <a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_ANY_HASH</span></code></a> when specifying the algorithm in a usage policy.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>The corresponding ECDSA signature algorithm.</p>
-<p>Unspecified if <code class="docutils literal notranslate"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>ECDSA signature with hashing.</p>
-<p>This is the ECDSA signature scheme defined by ANSI X9.62, with a random per-message secret number (<em>k</em>).</p>
-<p>The representation of the signature as a byte string consists of the concatentation of the signature values <em>r</em> and <em>s</em>. Each of <em>r</em> and <em>s</em> is encoded as an <em>N</em>-octet string, where <em>N</em> is the length of the base point of the curve in octets. Each value is represented in big-endian order (most significant octet first).</p>
-</div>
-<div class="section" id="PSA_ALG_ECDSA_ANY">
-<span id="c.PSA_ALG_ECDSA_ANY"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_ECDSA_ANY</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_ECDSA_ANY  PSA_ALG_ECDSA_BASE</span>
-</pre></div>
-</div>
-<p>ECDSA signature without hashing.</p>
-<p>This is the same signature scheme as <a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_ECDSA()</span></code></a>, but without specifying a hash algorithm. This algorithm may only be used to sign or verify a sequence of bytes that should be an already-calculated hash. Note that the input is padded with zeros on the left or truncated on the left as required to fit the curve size.</p>
-</div>
-<div class="section" id="PSA_ALG_DETERMINISTIC_ECDSA_BASE">
-<span id="c.PSA_ALG_DETERMINISTIC_ECDSA_BASE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA_BASE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_DETERMINISTIC_ECDSA_BASE  ((psa_algorithm_t)0x10070000)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_DETERMINISTIC_ECDSA">
-<span id="c.PSA_ALG_DETERMINISTIC_ECDSA"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_DETERMINISTIC_ECDSA(hash_alg) \</span>
-<span class="cp">    (PSA_ALG_DETERMINISTIC_ECDSA_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">hash_alg</span></code></dt>
-<dd>A hash algorithm (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_HASH</span></code></a>(<code class="docutils literal notranslate"><span class="pre">hash_alg</span></code>) is true). This includes <a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_ANY_HASH</span></code></a> when specifying the algorithm in a usage policy.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>The corresponding deterministic ECDSA signature algorithm.</p>
-<p>Unspecified if <code class="docutils literal notranslate"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Deterministic ECDSA signature with hashing.</p>
-<p>This is the deterministic ECDSA signature scheme defined by RFC 6979.</p>
-<p>The representation of a signature is the same as with <a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_ECDSA()</span></code></a>.</p>
-<p>Note that when this algorithm is used for verification, signatures made with randomized ECDSA (<a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_ECDSA</span></code></a>(<code class="docutils literal notranslate"><span class="pre">hash_alg</span></code>)) with the same private key are accepted. In other words, <a class="reference internal" href="#c.PSA_ALG_DETERMINISTIC_ECDSA" title="PSA_ALG_DETERMINISTIC_ECDSA"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code></a>(<code class="docutils literal notranslate"><span class="pre">hash_alg</span></code>) differs from <a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_ECDSA</span></code></a>(<code class="docutils literal notranslate"><span class="pre">hash_alg</span></code>) only for signature, not for verification.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_ECDSA">
-<span id="c.PSA_ALG_IS_ECDSA"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_ECDSA</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_ECDSA(alg) \</span>
-<span class="cp">    (((alg) &amp; ~PSA_ALG_HASH_MASK &amp; ~PSA_ALG_DSA_DETERMINISTIC_FLAG) == PSA_ALG_ECDSA_BASE)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-</div>
-<div class="section" id="PSA_ALG_ECDSA_IS_DETERMINISTIC">
-<span id="c.PSA_ALG_ECDSA_IS_DETERMINISTIC"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_ECDSA_IS_DETERMINISTIC</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_ECDSA_IS_DETERMINISTIC(alg) \</span>
-<span class="cp">    (((alg) &amp; PSA_ALG_DSA_DETERMINISTIC_FLAG) != 0)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-</div>
-<div class="section" id="PSA_ALG_IS_DETERMINISTIC_ECDSA">
-<span id="c.PSA_ALG_IS_DETERMINISTIC_ECDSA"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_DETERMINISTIC_ECDSA</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_DETERMINISTIC_ECDSA(alg) \</span>
-<span class="cp">    (PSA_ALG_IS_ECDSA(alg) &amp;&amp; PSA_ALG_ECDSA_IS_DETERMINISTIC(alg))</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-</div>
-<div class="section" id="PSA_ALG_IS_RANDOMIZED_ECDSA">
-<span id="c.PSA_ALG_IS_RANDOMIZED_ECDSA"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_RANDOMIZED_ECDSA</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_RANDOMIZED_ECDSA(alg) \</span>
-<span class="cp">    (PSA_ALG_IS_ECDSA(alg) &amp;&amp; !PSA_ALG_ECDSA_IS_DETERMINISTIC(alg))</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-</div>
-<div class="section" id="PSA_ALG_IS_HASH_AND_SIGN">
-<span id="c.PSA_ALG_IS_HASH_AND_SIGN"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_HASH_AND_SIGN</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_HASH_AND_SIGN(alg) \</span>
-<span class="cp">    (PSA_ALG_IS_RSA_PSS(alg) || PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) || PSA_ALG_IS_ECDSA(alg))</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is a hash-and-sign algorithm, 0 otherwise. This macro may return either 0 or 1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Whether the specified algorithm is a hash-and-sign algorithm.</p>
-<p>Hash-and-sign algorithms are public-key signature algorithms structured in two parts: first the calculation of a hash in a way that does not depend on the key, then the calculation of a signature from the hash value and the key.</p>
-</div>
-<div class="section" id="PSA_ALG_SIGN_GET_HASH">
-<span id="c.PSA_ALG_SIGN_GET_HASH"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SIGN_GET_HASH</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_SIGN_GET_HASH(alg) \</span>
-<span class="cp">    (PSA_ALG_IS_HASH_AND_SIGN(alg) ? ((alg) &amp; PSA_ALG_HASH_MASK) == 0 ? </span><span class="cm">/*&quot;raw&quot; algorithm*/</span><span class="cp"> 0 : ((alg) &amp; PSA_ALG_HASH_MASK) | PSA_ALG_CATEGORY_HASH : 0)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>A signature algorithm (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_SIGN" title="PSA_ALG_IS_SIGN"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_SIGN</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>The underlying hash algorithm if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is a hash-and-sign algorithm.</p>
-<p>0 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is a signature algorithm that does not follow the hash-and-sign structure.</p>
-<p>Unspecified if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a signature algorithm or if it is not supported by the implementation.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Get the hash used by a hash-and-sign signature algorithm.</p>
-<p>A hash-and-sign algorithm is a signature algorithm which is composed of two phases: first a hashing phase which does not use the key and produces a hash of the input message, then a signing phase which only uses the hash and the key and not the message itself.</p>
-</div>
-<div class="section" id="PSA_ALG_RSA_PKCS1V15_CRYPT">
-<span id="c.PSA_ALG_RSA_PKCS1V15_CRYPT"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PKCS1V15_CRYPT</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_RSA_PKCS1V15_CRYPT  ((psa_algorithm_t)0x12020000)</span>
-</pre></div>
-</div>
-<p>RSA PKCS#1 v1.5 encryption.</p>
-</div>
-<div class="section" id="PSA_ALG_RSA_OAEP_BASE">
-<span id="c.PSA_ALG_RSA_OAEP_BASE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_OAEP_BASE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_RSA_OAEP_BASE  ((psa_algorithm_t)0x12030000)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_RSA_OAEP">
-<span id="c.PSA_ALG_RSA_OAEP"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_OAEP</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_RSA_OAEP(hash_alg) \</span>
-<span class="cp">    (PSA_ALG_RSA_OAEP_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">hash_alg</span></code></dt>
-<dd>The hash algorithm (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_HASH</span></code></a>(<code class="docutils literal notranslate"><span class="pre">hash_alg</span></code>) is true) to use for MGF1.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>The corresponding RSA OAEP signature algorithm.</p>
-<p>Unspecified if <code class="docutils literal notranslate"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>RSA OAEP encryption.</p>
-<p>This is the encryption scheme defined by RFC 8017 (PKCS#1: RSA Cryptography Specifications) under the name RSAES-OAEP, with the message generation function MGF1.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_RSA_OAEP">
-<span id="c.PSA_ALG_IS_RSA_OAEP"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_RSA_OAEP</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_RSA_OAEP(alg) \</span>
-<span class="cp">    (((alg) &amp; ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_OAEP_BASE)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-</div>
-<div class="section" id="PSA_ALG_RSA_OAEP_GET_HASH">
-<span id="c.PSA_ALG_RSA_OAEP_GET_HASH"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_OAEP_GET_HASH</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_RSA_OAEP_GET_HASH(alg) \</span>
-<span class="cp">    (PSA_ALG_IS_RSA_OAEP(alg) ? ((alg) &amp; PSA_ALG_HASH_MASK) | PSA_ALG_CATEGORY_HASH : 0)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-</div>
-<div class="section" id="PSA_ALG_HKDF_BASE">
-<span id="c.PSA_ALG_HKDF_BASE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HKDF_BASE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_HKDF_BASE  ((psa_algorithm_t)0x20000100)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_HKDF">
-<span id="c.PSA_ALG_HKDF"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HKDF</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_HKDF(hash_alg) \</span>
-<span class="cp">    (PSA_ALG_HKDF_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">hash_alg</span></code></dt>
-<dd>A hash algorithm (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_HASH</span></code></a>(<code class="docutils literal notranslate"><span class="pre">hash_alg</span></code>) is true).</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>The corresponding HKDF algorithm.</p>
-<p>Unspecified if <code class="docutils literal notranslate"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Macro to build an HKDF algorithm.</p>
-<p>For example, <code class="docutils literal notranslate"><span class="pre">PSA_ALG_HKDF(PSA_ALG_SHA256)</span></code> is HKDF using HMAC-SHA-256.</p>
-<p>This key derivation algorithm uses the following inputs:</p>
-<ul class="simple">
-<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SALT" title="PSA_KEY_DERIVATION_INPUT_SALT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_SALT</span></code></a> is the salt used in the “extract” step. It is optional; if omitted, the derivation uses an empty salt.</li>
-<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SECRET" title="PSA_KEY_DERIVATION_INPUT_SECRET"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code></a> is the secret key used in the “extract” step.</li>
-<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_INFO" title="PSA_KEY_DERIVATION_INPUT_INFO"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_INFO</span></code></a> is the info string used in the “expand” step. You must pass <a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SALT" title="PSA_KEY_DERIVATION_INPUT_SALT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_SALT</span></code></a> before <a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SECRET" title="PSA_KEY_DERIVATION_INPUT_SECRET"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code></a>. You may pass <a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_INFO" title="PSA_KEY_DERIVATION_INPUT_INFO"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_INFO</span></code></a> at any time after steup and before starting to generate output.</li>
-</ul>
-</div>
-<div class="section" id="PSA_ALG_IS_HKDF">
-<span id="c.PSA_ALG_IS_HKDF"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_HKDF</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_HKDF(alg) \</span>
-<span class="cp">    (((alg) &amp; ~PSA_ALG_HASH_MASK) == PSA_ALG_HKDF_BASE)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is an HKDF algorithm, 0 otherwise. This macro may return either 0 or 1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported key derivation algorithm identifier.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Whether the specified algorithm is an HKDF algorithm.</p>
-<p>HKDF is a family of key derivation algorithms that are based on a hash function and the HMAC construction.</p>
-</div>
-<div class="section" id="PSA_ALG_HKDF_GET_HASH">
-<span id="c.PSA_ALG_HKDF_GET_HASH"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HKDF_GET_HASH</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_HKDF_GET_HASH(hkdf_alg) \</span>
-<span class="cp">    (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) &amp; PSA_ALG_HASH_MASK))</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">hkdf_alg</span></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-</div>
-<div class="section" id="PSA_ALG_TLS12_PRF_BASE">
-<span id="c.PSA_ALG_TLS12_PRF_BASE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PRF_BASE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_TLS12_PRF_BASE  ((psa_algorithm_t)0x20000200)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_TLS12_PRF">
-<span id="c.PSA_ALG_TLS12_PRF"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PRF</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_TLS12_PRF(hash_alg) \</span>
-<span class="cp">    (PSA_ALG_TLS12_PRF_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">hash_alg</span></code></dt>
-<dd>A hash algorithm (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_HASH</span></code></a>(<code class="docutils literal notranslate"><span class="pre">hash_alg</span></code>) is true).</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>The corresponding TLS-1.2 PRF algorithm.</p>
-<p>Unspecified if <code class="docutils literal notranslate"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Macro to build a TLS-1.2 PRF algorithm.</p>
-<p>TLS 1.2 uses a custom pseudorandom function (PRF) for key schedule, specified in Section 5 of RFC 5246. It is based on HMAC and can be used with either SHA-256 or SHA-384.</p>
-<p>This key derivation algorithm uses the following inputs:</p>
-<ul class="simple">
-<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SECRET" title="PSA_KEY_DERIVATION_INPUT_SECRET"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code></a> is the secret key.</li>
-<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_LABEL" title="PSA_KEY_DERIVATION_INPUT_LABEL"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_LABEL</span></code></a> is the label.</li>
-<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SEED" title="PSA_KEY_DERIVATION_INPUT_SEED"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_SEED</span></code></a> is the seed.</li>
-</ul>
-<p>For the application to TLS-1.2 key expansion, the seed is the concatenation of ServerHello.Random + ClientHello.Random, and the label is “key expansion”.</p>
-<p>For example, <code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PRF(PSA_ALG_SHA256)</span></code> represents the TLS 1.2 PRF using HMAC-SHA-256.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_TLS12_PRF">
-<span id="c.PSA_ALG_IS_TLS12_PRF"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_TLS12_PRF</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_TLS12_PRF(alg) \</span>
-<span class="cp">    (((alg) &amp; ~PSA_ALG_HASH_MASK) == PSA_ALG_TLS12_PRF_BASE)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is a TLS-1.2 PRF algorithm, 0 otherwise. This macro may return either 0 or 1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported key derivation algorithm identifier.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Whether the specified algorithm is a TLS-1.2 PRF algorithm.</p>
-</div>
-<div class="section" id="PSA_ALG_TLS12_PRF_GET_HASH">
-<span id="c.PSA_ALG_TLS12_PRF_GET_HASH"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PRF_GET_HASH</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_TLS12_PRF_GET_HASH(hkdf_alg) \</span>
-<span class="cp">    (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) &amp; PSA_ALG_HASH_MASK))</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">hkdf_alg</span></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-</div>
-<div class="section" id="PSA_ALG_TLS12_PSK_TO_MS_BASE">
-<span id="c.PSA_ALG_TLS12_PSK_TO_MS_BASE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS_BASE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_TLS12_PSK_TO_MS_BASE  ((psa_algorithm_t)0x20000300)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_TLS12_PSK_TO_MS">
-<span id="c.PSA_ALG_TLS12_PSK_TO_MS"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_TLS12_PSK_TO_MS(hash_alg) \</span>
-<span class="cp">    (PSA_ALG_TLS12_PSK_TO_MS_BASE | ((hash_alg) &amp; PSA_ALG_HASH_MASK))</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">hash_alg</span></code></dt>
-<dd>A hash algorithm (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_HASH</span></code></a>(<code class="docutils literal notranslate"><span class="pre">hash_alg</span></code>) is true).</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>The corresponding TLS-1.2 PSK to MS algorithm.</p>
-<p>Unspecified if <code class="docutils literal notranslate"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Macro to build a TLS-1.2 PSK-to-MasterSecret algorithm.</p>
-<p>In a pure-PSK handshake in TLS 1.2, the master secret is derived from the PreSharedKey (PSK) through the application of padding (RFC 4279, Section 2) and the TLS-1.2 PRF (RFC 5246, Section 5). The latter is based on HMAC and can be used with either SHA-256 or SHA-384.</p>
-<p>This key derivation algorithm uses the following inputs:</p>
-<ul class="simple">
-<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SECRET" title="PSA_KEY_DERIVATION_INPUT_SECRET"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code></a> is the secret key.</li>
-<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_LABEL" title="PSA_KEY_DERIVATION_INPUT_LABEL"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_LABEL</span></code></a> is the label.</li>
-<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SEED" title="PSA_KEY_DERIVATION_INPUT_SEED"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_SEED</span></code></a> is the seed.</li>
-</ul>
-<p>For the application to TLS-1.2, the seed (which is forwarded to the TLS-1.2 PRF) is the concatenation of the ClientHello.Random + ServerHello.Random, and the label is “master secret” or “extended master secret”.</p>
-<p>For example, <code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA256)</span></code> represents the TLS-1.2 PSK to MasterSecret derivation PRF using HMAC-SHA-256.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_TLS12_PSK_TO_MS">
-<span id="c.PSA_ALG_IS_TLS12_PSK_TO_MS"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_TLS12_PSK_TO_MS</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_TLS12_PSK_TO_MS(alg) \</span>
-<span class="cp">    (((alg) &amp; ~PSA_ALG_HASH_MASK) == PSA_ALG_TLS12_PSK_TO_MS_BASE)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is a TLS-1.2 PSK to MS algorithm, 0 otherwise. This macro may return either 0 or 1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported key derivation algorithm identifier.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Whether the specified algorithm is a TLS-1.2 PSK to MS algorithm.</p>
-</div>
-<div class="section" id="PSA_ALG_TLS12_PSK_TO_MS_GET_HASH">
-<span id="c.PSA_ALG_TLS12_PSK_TO_MS_GET_HASH"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS_GET_HASH</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_TLS12_PSK_TO_MS_GET_HASH(hkdf_alg) \</span>
-<span class="cp">    (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) &amp; PSA_ALG_HASH_MASK))</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">hkdf_alg</span></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-</div>
-<div class="section" id="PSA_ALG_KEY_DERIVATION_MASK">
-<span id="c.PSA_ALG_KEY_DERIVATION_MASK"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_KEY_DERIVATION_MASK</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_KEY_DERIVATION_MASK  ((psa_algorithm_t)0x0803ffff)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_KEY_AGREEMENT_MASK">
-<span id="c.PSA_ALG_KEY_AGREEMENT_MASK"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_KEY_AGREEMENT_MASK</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_KEY_AGREEMENT_MASK  ((psa_algorithm_t)0x10fc0000)</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ALG_KEY_AGREEMENT">
-<span id="c.PSA_ALG_KEY_AGREEMENT"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_KEY_AGREEMENT</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_KEY_AGREEMENT(ka_alg, kdf_alg)  ((ka_alg) | (kdf_alg))</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">ka_alg</span></code></dt>
-<dd>A key agreement algorithm (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_KEY_AGREEMENT" title="PSA_ALG_IS_KEY_AGREEMENT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_KEY_AGREEMENT</span></code></a>(<code class="docutils literal notranslate"><span class="pre">ka_alg</span></code>) is true).</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">kdf_alg</span></code></dt>
-<dd>A key derivation algorithm (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_KEY_DERIVATION" title="PSA_ALG_IS_KEY_DERIVATION"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_KEY_DERIVATION</span></code></a>(<code class="docutils literal notranslate"><span class="pre">kdf_alg</span></code>) is true).</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>The corresponding key agreement and derivation algorithm.</p>
-<p>Unspecified if <code class="docutils literal notranslate"><span class="pre">ka_alg</span></code> is not a supported key agreement algorithm or <code class="docutils literal notranslate"><span class="pre">kdf_alg</span></code> is not a supported key derivation algorithm.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Macro to build a combined algorithm that chains a key agreement with a key derivation.</p>
-</div>
-<div class="section" id="PSA_ALG_KEY_AGREEMENT_GET_KDF">
-<span id="c.PSA_ALG_KEY_AGREEMENT_GET_KDF"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_KDF</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_KEY_AGREEMENT_GET_KDF(alg) \</span>
-<span class="cp">    (((alg) &amp; PSA_ALG_KEY_DERIVATION_MASK) | PSA_ALG_CATEGORY_KEY_DERIVATION)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-</div>
-<div class="section" id="PSA_ALG_KEY_AGREEMENT_GET_BASE">
-<span id="c.PSA_ALG_KEY_AGREEMENT_GET_BASE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_BASE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) \</span>
-<span class="cp">    (((alg) &amp; PSA_ALG_KEY_AGREEMENT_MASK) | PSA_ALG_CATEGORY_KEY_AGREEMENT)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-</div>
-<div class="section" id="PSA_ALG_IS_RAW_KEY_AGREEMENT">
-<span id="c.PSA_ALG_IS_RAW_KEY_AGREEMENT"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_RAW_KEY_AGREEMENT</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_RAW_KEY_AGREEMENT(alg) \</span>
-<span class="cp">    (PSA_ALG_IS_KEY_AGREEMENT(alg) &amp;&amp; PSA_ALG_KEY_AGREEMENT_GET_KDF(alg) == PSA_ALG_CATEGORY_KEY_DERIVATION)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is a raw key agreement algorithm, 0 otherwise. This macro may return either 0 or 1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Whether the specified algorithm is a raw key agreement algorithm.</p>
-<p>A raw key agreement algorithm is one that does not specify a key derivation function. Usually, raw key agreement algorithms are constructed directly with a <code class="docutils literal notranslate"><span class="pre">PSA_ALG_xxx</span></code> macro while non-raw key agreement algorithms are constructed with <a class="reference internal" href="#c.PSA_ALG_KEY_AGREEMENT" title="PSA_ALG_KEY_AGREEMENT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_KEY_AGREEMENT()</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_KEY_DERIVATION_OR_AGREEMENT">
-<span id="c.PSA_ALG_IS_KEY_DERIVATION_OR_AGREEMENT"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_KEY_DERIVATION_OR_AGREEMENT</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_KEY_DERIVATION_OR_AGREEMENT(alg) \</span>
-<span class="cp">    ((PSA_ALG_IS_KEY_DERIVATION(alg) || PSA_ALG_IS_KEY_AGREEMENT(alg)))</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-</div>
-<div class="section" id="PSA_ALG_FFDH">
-<span id="c.PSA_ALG_FFDH"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_FFDH</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_FFDH  ((psa_algorithm_t)0x30100000)</span>
-</pre></div>
-</div>
-<p>The finite-field Diffie-Hellman (DH) key agreement algorithm.</p>
-<p>The shared secret produced by key agreement is <code class="docutils literal notranslate"><span class="pre">g^{ab}</span></code> in big-endian format. It is <code class="docutils literal notranslate"><span class="pre">ceiling(m</span> <span class="pre">/</span> <span class="pre">8)</span></code> bytes long where <code class="docutils literal notranslate"><span class="pre">m</span></code> is the size of the prime <code class="docutils literal notranslate"><span class="pre">p</span></code> in bits.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_FFDH">
-<span id="c.PSA_ALG_IS_FFDH"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_FFDH</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_FFDH(alg) \</span>
-<span class="cp">    (PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == PSA_ALG_FFDH)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is a finite field Diffie-Hellman algorithm, 0 otherwise. This macro may return either 0 or 1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported key agreement algorithm identifier.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Whether the specified algorithm is a finite field Diffie-Hellman algorithm.</p>
-<p>This includes the raw finite field Diffie-Hellman algorithm as well as finite-field Diffie-Hellman followed by any supporter key derivation algorithm.</p>
-</div>
-<div class="section" id="PSA_ALG_ECDH">
-<span id="c.PSA_ALG_ECDH"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_ECDH</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_ECDH  ((psa_algorithm_t)0x30200000)</span>
-</pre></div>
-</div>
-<p>The elliptic curve Diffie-Hellman (ECDH) key agreement algorithm.</p>
-<p>The shared secret produced by key agreement is the x-coordinate of the shared secret point. It is always <code class="docutils literal notranslate"><span class="pre">ceiling(m</span> <span class="pre">/</span> <span class="pre">8)</span></code> bytes long where <code class="docutils literal notranslate"><span class="pre">m</span></code> is the bit size associated with the curve, i.e. the bit size of the order of the curve’s coordinate field. When <code class="docutils literal notranslate"><span class="pre">m</span></code> is not a multiple of 8, the byte containing the most significant bit of the shared secret is padded with zero bits. The byte order is either little-endian or big-endian depending on the curve type.</p>
-<ul class="simple">
-<li>For Montgomery curves (curve types <code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_CURVEXXX</span></code>), the shared secret is the x-coordinate of <code class="docutils literal notranslate"><span class="pre">d_A</span> <span class="pre">Q_B</span> <span class="pre">=</span> <span class="pre">d_B</span> <span class="pre">Q_A</span></code> in little-endian byte order. The bit size is 448 for Curve448 and 255 for Curve25519.</li>
-<li>For Weierstrass curves over prime fields (curve types <code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECPXXX</span></code> and <code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_BRAINPOOL_PXXX</span></code>), the shared secret is the x-coordinate of <code class="docutils literal notranslate"><span class="pre">d_A</span> <span class="pre">Q_B</span> <span class="pre">=</span> <span class="pre">d_B</span> <span class="pre">Q_A</span></code> in big-endian byte order. The bit size is <code class="docutils literal notranslate"><span class="pre">m</span> <span class="pre">=</span> <span class="pre">ceiling(log_2(p))</span></code> for the field <code class="docutils literal notranslate"><span class="pre">F_p</span></code>.</li>
-<li>For Weierstrass curves over binary fields (curve types <code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECTXXX</span></code>), the shared secret is the x-coordinate of <code class="docutils literal notranslate"><span class="pre">d_A</span> <span class="pre">Q_B</span> <span class="pre">=</span> <span class="pre">d_B</span> <span class="pre">Q_A</span></code> in big-endian byte order. The bit size is <code class="docutils literal notranslate"><span class="pre">m</span></code> for the field <code class="docutils literal notranslate"><span class="pre">F_{2^m}</span></code>.</li>
-</ul>
-</div>
-<div class="section" id="PSA_ALG_IS_ECDH">
-<span id="c.PSA_ALG_IS_ECDH"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_ECDH</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_ECDH(alg) \</span>
-<span class="cp">    (PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == PSA_ALG_ECDH)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is an elliptic curve Diffie-Hellman algorithm, 0 otherwise. This macro may return either 0 or 1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported key agreement algorithm identifier.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Whether the specified algorithm is an elliptic curve Diffie-Hellman algorithm.</p>
-<p>This includes the raw elliptic curve Diffie-Hellman algorithm as well as elliptic curve Diffie-Hellman followed by any supporter key derivation algorithm.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_WILDCARD">
-<span id="c.PSA_ALG_IS_WILDCARD"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_WILDCARD</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_IS_WILDCARD(alg) \</span>
-<span class="cp">    (PSA_ALG_IS_HASH_AND_SIGN(alg) ? PSA_ALG_SIGN_GET_HASH(alg) == PSA_ALG_ANY_HASH : (alg) == PSA_ALG_ANY_HASH)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is a wildcard algorithm encoding.</p>
-<p>0 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is a non-wildcard algorithm encoding (suitable for an operation).</p>
-<p>This macro may return either 0 or 1 if <code class="docutils literal notranslate"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Whether the specified algorithm encoding is a wildcard.</p>
-<p>Wildcard values may only be used to set the usage algorithm field in a policy, not to perform an operation.</p>
-</div>
-</div>
-<div class="section" id="key-lifetimes">
-<h1>Key lifetimes</h1>
-<div class="section" id="psa_key_lifetime_t">
-<span id="c.psa_key_lifetime_t"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_key_lifetime_t</span></code> (type)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="k">typedef</span> <span class="kt">uint32_t</span> <span class="n">psa_key_lifetime_t</span><span class="p">;</span>
-</pre></div>
-</div>
-<p>Encoding of key lifetimes.</p>
-<p>The lifetime of a key indicates where it is stored and what system actions may create and destroy it.</p>
-<p>Keys with the lifetime <a class="reference internal" href="#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code></a> are automatically destroyed when the application terminates or on a power reset.</p>
-<p>Keys with a lifetime other than <a class="reference internal" href="#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code></a> are said to be <em>persistent</em>. Persistent keys are preserved if the application or the system restarts. Persistent keys have a key identifier of type <a class="reference internal" href="#c.psa_key_id_t" title="psa_key_id_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_key_id_t</span></code></a>. The application can call <a class="reference internal" href="#c.psa_open_key" title="psa_open_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_open_key()</span></code></a> to open a persistent key that it created previously.</p>
-</div>
-<div class="section" id="psa_key_id_t">
-<span id="c.psa_key_id_t"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_key_id_t</span></code> (type)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="k">typedef</span> <span class="kt">uint32_t</span> <span class="n">psa_key_id_t</span><span class="p">;</span>
-</pre></div>
-</div>
-<p>Encoding of identifiers of persistent keys.</p>
-<ul class="simple">
-<li>Applications may freely choose key identifiers in the range <a class="reference internal" href="#c.PSA_KEY_ID_USER_MIN" title="PSA_KEY_ID_USER_MIN"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_ID_USER_MIN</span></code></a> to <a class="reference internal" href="#c.PSA_KEY_ID_USER_MAX" title="PSA_KEY_ID_USER_MAX"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_ID_USER_MAX</span></code></a>.</li>
-<li>Implementations may define additional key identifiers in the range <a class="reference internal" href="#c.PSA_KEY_ID_VENDOR_MIN" title="PSA_KEY_ID_VENDOR_MIN"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_ID_VENDOR_MIN</span></code></a> to <a class="reference internal" href="#c.PSA_KEY_ID_VENDOR_MAX" title="PSA_KEY_ID_VENDOR_MAX"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_ID_VENDOR_MAX</span></code></a>.</li>
-<li>0 is reserved as an invalid key identifier.</li>
-<li>Key identifiers outside these ranges are reserved for future use.</li>
-</ul>
-</div>
-<div class="section" id="PSA_KEY_LIFETIME_VOLATILE">
-<span id="c.PSA_KEY_LIFETIME_VOLATILE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_LIFETIME_VOLATILE  ((psa_key_lifetime_t)0x00000000)</span>
-</pre></div>
-</div>
-<p>A volatile key only exists as long as the handle to it is not closed.</p>
-<p>The key material is guaranteed to be erased on a power reset.</p>
-</div>
-<div class="section" id="PSA_KEY_LIFETIME_PERSISTENT">
-<span id="c.PSA_KEY_LIFETIME_PERSISTENT"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_LIFETIME_PERSISTENT  ((psa_key_lifetime_t)0x00000001)</span>
-</pre></div>
-</div>
-<p>The default storage area for persistent keys.</p>
-<p>A persistent key remains in storage until it is explicitly destroyed or until the corresponding storage area is wiped. This specification does not define any mechanism to wipe a storage area, but implementations may provide their own mechanism (for example to perform a factory reset, to prepare for device refurbishment, or to uninstall an application).</p>
-<p>This lifetime value is the default storage area for the calling application. Implementations may offer other storage areas designated by other lifetime values as implementation-specific extensions.</p>
-</div>
-<div class="section" id="PSA_KEY_ID_USER_MIN">
-<span id="c.PSA_KEY_ID_USER_MIN"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_ID_USER_MIN</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_ID_USER_MIN  ((psa_key_id_t)0x00000001)</span>
-</pre></div>
-</div>
-<p>The minimum value for a key identifier chosen by the application.</p>
-</div>
-<div class="section" id="PSA_KEY_ID_USER_MAX">
-<span id="c.PSA_KEY_ID_USER_MAX"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_ID_USER_MAX</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_ID_USER_MAX  ((psa_key_id_t)0x3fffffff)</span>
-</pre></div>
-</div>
-<p>The maximum value for a key identifier chosen by the application.</p>
-</div>
-<div class="section" id="PSA_KEY_ID_VENDOR_MIN">
-<span id="c.PSA_KEY_ID_VENDOR_MIN"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_ID_VENDOR_MIN</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_ID_VENDOR_MIN  ((psa_key_id_t)0x40000000)</span>
-</pre></div>
-</div>
-<p>The minimum value for a key identifier chosen by the implementation.</p>
-</div>
-<div class="section" id="PSA_KEY_ID_VENDOR_MAX">
-<span id="c.PSA_KEY_ID_VENDOR_MAX"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_ID_VENDOR_MAX</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_ID_VENDOR_MAX  ((psa_key_id_t)0x7fffffff)</span>
-</pre></div>
-</div>
-<p>The maximum value for a key identifier chosen by the implementation.</p>
-</div>
-</div>
-<div class="section" id="key-policies">
-<h1>Key policies</h1>
-<div class="section" id="psa_key_usage_t">
-<span id="c.psa_key_usage_t"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_key_usage_t</span></code> (type)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="k">typedef</span> <span class="kt">uint32_t</span> <span class="n">psa_key_usage_t</span><span class="p">;</span>
-</pre></div>
-</div>
-<p>Encoding of permitted usage on a key.</p>
-</div>
-<div class="section" id="PSA_KEY_USAGE_EXPORT">
-<span id="c.PSA_KEY_USAGE_EXPORT"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_USAGE_EXPORT  ((psa_key_usage_t)0x00000001)</span>
-</pre></div>
-</div>
-<p>Whether the key may be exported.</p>
-<p>A public key or the public part of a key pair may always be exported regardless of the value of this permission flag.</p>
-<p>If a key does not have export permission, implementations shall not allow the key to be exported in plain form from the cryptoprocessor, whether through <a class="reference internal" href="#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_export_key()</span></code></a> or through a proprietary interface. The key may however be exportable in a wrapped form, i.e. in a form where it is encrypted by another key.</p>
-</div>
-<div class="section" id="PSA_KEY_USAGE_COPY">
-<span id="c.PSA_KEY_USAGE_COPY"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_COPY</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_USAGE_COPY  ((psa_key_usage_t)0x00000002)</span>
-</pre></div>
-</div>
-<p>Whether the key may be copied.</p>
-<p>This flag allows the use of <a class="reference internal" href="#c.psa_copy_key" title="psa_copy_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_copy_key()</span></code></a> to make a copy of the key with the same policy or a more restrictive policy.</p>
-<p>For lifetimes for which the key is located in a secure element which enforce the non-exportability of keys, copying a key outside the secure element also requires the usage flag <a class="reference internal" href="#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code></a>. Copying the key inside the secure element is permitted with just <a class="reference internal" href="#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_COPY</span></code></a> if the secure element supports it. For keys with the lifetime <a class="reference internal" href="#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code></a> or <a class="reference internal" href="#c.PSA_KEY_LIFETIME_PERSISTENT" title="PSA_KEY_LIFETIME_PERSISTENT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code></a>, the usage flag <a class="reference internal" href="#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_COPY</span></code></a> is sufficient to permit the copy.</p>
-</div>
-<div class="section" id="PSA_KEY_USAGE_ENCRYPT">
-<span id="c.PSA_KEY_USAGE_ENCRYPT"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_USAGE_ENCRYPT  ((psa_key_usage_t)0x00000100)</span>
-</pre></div>
-</div>
-<p>Whether the key may be used to encrypt a message.</p>
-<p>This flag allows the key to be used for a symmetric encryption operation, for an AEAD encryption-and-authentication operation, or for an asymmetric encryption operation, if otherwise permitted by the key’s type and policy.</p>
-<p>For a key pair, this concerns the public key.</p>
-</div>
-<div class="section" id="PSA_KEY_USAGE_DECRYPT">
-<span id="c.PSA_KEY_USAGE_DECRYPT"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_USAGE_DECRYPT  ((psa_key_usage_t)0x00000200)</span>
-</pre></div>
-</div>
-<p>Whether the key may be used to decrypt a message.</p>
-<p>This flag allows the key to be used for a symmetric decryption operation, for an AEAD decryption-and-verification operation, or for an asymmetric decryption operation, if otherwise permitted by the key’s type and policy.</p>
-<p>For a key pair, this concerns the private key.</p>
-</div>
-<div class="section" id="PSA_KEY_USAGE_SIGN">
-<span id="c.PSA_KEY_USAGE_SIGN"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_SIGN</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_USAGE_SIGN  ((psa_key_usage_t)0x00000400)</span>
-</pre></div>
-</div>
-<p>Whether the key may be used to sign a message.</p>
-<p>This flag allows the key to be used for a MAC calculation operation or for an asymmetric signature operation, if otherwise permitted by the key’s type and policy.</p>
-<p>For a key pair, this concerns the private key.</p>
-</div>
-<div class="section" id="PSA_KEY_USAGE_VERIFY">
-<span id="c.PSA_KEY_USAGE_VERIFY"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_VERIFY</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_USAGE_VERIFY  ((psa_key_usage_t)0x00000800)</span>
-</pre></div>
-</div>
-<p>Whether the key may be used to verify a message signature.</p>
-<p>This flag allows the key to be used for a MAC verification operation or for an asymmetric signature verification operation, if otherwise permitted by by the key’s type and policy.</p>
-<p>For a key pair, this concerns the public key.</p>
-</div>
-<div class="section" id="PSA_KEY_USAGE_DERIVE">
-<span id="c.PSA_KEY_USAGE_DERIVE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_USAGE_DERIVE  ((psa_key_usage_t)0x00001000)</span>
-</pre></div>
-</div>
-<p>Whether the key may be used to derive other keys.</p>
-</div>
-</div>
-<div class="section" id="key-derivation">
-<h1>Key derivation</h1>
-<div class="section" id="psa_key_derivation_step_t">
-<span id="c.psa_key_derivation_step_t"></span><h2><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_step_t</span></code> (type)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="k">typedef</span> <span class="kt">uint16_t</span> <span class="n">psa_key_derivation_step_t</span><span class="p">;</span>
-</pre></div>
-</div>
-<p>Encoding of the step of a key derivation.</p>
-</div>
-<div class="section" id="PSA_KEY_DERIVATION_INPUT_SECRET">
-<span id="c.PSA_KEY_DERIVATION_INPUT_SECRET"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_DERIVATION_INPUT_SECRET  ((psa_key_derivation_step_t)0x0101)</span>
-</pre></div>
-</div>
-<p>A secret input for key derivation.</p>
-<p>This must be a key of type <a class="reference internal" href="#c.PSA_KEY_TYPE_DERIVE" title="PSA_KEY_TYPE_DERIVE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DERIVE</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_KEY_DERIVATION_INPUT_LABEL">
-<span id="c.PSA_KEY_DERIVATION_INPUT_LABEL"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_LABEL</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_DERIVATION_INPUT_LABEL  ((psa_key_derivation_step_t)0x0201)</span>
-</pre></div>
-</div>
-<p>A label for key derivation.</p>
-<p>This must be a direct input.</p>
-</div>
-<div class="section" id="PSA_KEY_DERIVATION_INPUT_SALT">
-<span id="c.PSA_KEY_DERIVATION_INPUT_SALT"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_SALT</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_DERIVATION_INPUT_SALT  ((psa_key_derivation_step_t)0x0202)</span>
-</pre></div>
-</div>
-<p>A salt for key derivation.</p>
-<p>This must be a direct input.</p>
-</div>
-<div class="section" id="PSA_KEY_DERIVATION_INPUT_INFO">
-<span id="c.PSA_KEY_DERIVATION_INPUT_INFO"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_INFO</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_DERIVATION_INPUT_INFO  ((psa_key_derivation_step_t)0x0203)</span>
-</pre></div>
-</div>
-<p>An information string for key derivation.</p>
-<p>This must be a direct input.</p>
-</div>
-<div class="section" id="PSA_KEY_DERIVATION_INPUT_SEED">
-<span id="c.PSA_KEY_DERIVATION_INPUT_SEED"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_SEED</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_DERIVATION_INPUT_SEED  ((psa_key_derivation_step_t)0x0204)</span>
-</pre></div>
-</div>
-<p>A seed for key derivation.</p>
-<p>This must be a direct input.</p>
-</div>
-</div>
-<div class="section" id="other-definitions">
-<h1>Other definitions</h1>
-<div class="section" id="PSA_BITS_TO_BYTES">
-<span id="c.PSA_BITS_TO_BYTES"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_BITS_TO_BYTES</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_BITS_TO_BYTES(bits)  (((bits) + 7) / 8)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">bits</span></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-</div>
-<div class="section" id="PSA_BYTES_TO_BITS">
-<span id="c.PSA_BYTES_TO_BITS"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_BYTES_TO_BITS</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_BYTES_TO_BITS(bytes)  ((bytes) * 8)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">bytes</span></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-</div>
-<div class="section" id="PSA_ROUND_UP_TO_MULTIPLE">
-<span id="c.PSA_ROUND_UP_TO_MULTIPLE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ROUND_UP_TO_MULTIPLE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ROUND_UP_TO_MULTIPLE(block_size, length) \</span>
-<span class="cp">    (((length) + (block_size) - 1) / (block_size) * (block_size))</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">block_size</span></code></dt>
-<dd></dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">length</span></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-</div>
-<div class="section" id="PSA_HASH_SIZE">
-<span id="c.PSA_HASH_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_HASH_SIZE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_HASH_SIZE(alg) \</span>
-<span class="cp">    ( PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD2 ? 16 : PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD4 ? 16 : PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 16 : PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 20 : PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 20 : PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 28 : PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 32 : PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 48 : PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 64 : PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 28 : PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 32 : PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 28 : PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 32 : PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 48 : PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 64 : 0)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>A hash algorithm (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_HASH</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true), or an HMAC algorithm (<a class="reference internal" href="#c.PSA_ALG_HMAC" title="PSA_ALG_HMAC"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_HMAC</span></code></a>(<code class="docutils literal notranslate"><span class="pre">hash_alg</span></code>) where <code class="docutils literal notranslate"><span class="pre">hash_alg</span></code> is a hash algorithm).</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>The hash size for the specified hash algorithm. If the hash algorithm is not recognized, return 0. An implementation may return either 0 or the correct size for a hash algorithm that it recognizes, but does not support.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>The size of the output of <a class="reference internal" href="#c.psa_hash_finish" title="psa_hash_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_finish()</span></code></a>, in bytes.</p>
-<p>This is also the hash size that <a class="reference internal" href="#c.psa_hash_verify" title="psa_hash_verify"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_hash_verify()</span></code></a> expects.</p>
-</div>
-<div class="section" id="PSA_HASH_MAX_SIZE">
-<span id="c.PSA_HASH_MAX_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_HASH_MAX_SIZE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_HASH_MAX_SIZE  64</span>
-</pre></div>
-</div>
-<p>Maximum size of a hash.</p>
-<p>This macro must expand to a compile-time constant integer. This value should be the maximum size of a hash supported by the implementation, in bytes, and must be no smaller than this maximum.</p>
-</div>
-<div class="section" id="PSA_HMAC_MAX_HASH_BLOCK_SIZE">
-<span id="c.PSA_HMAC_MAX_HASH_BLOCK_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_HMAC_MAX_HASH_BLOCK_SIZE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_HMAC_MAX_HASH_BLOCK_SIZE  128</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_MAC_MAX_SIZE">
-<span id="c.PSA_MAC_MAX_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_MAC_MAX_SIZE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_MAC_MAX_SIZE  PSA_HASH_MAX_SIZE</span>
-</pre></div>
-</div>
-<p>Maximum size of a MAC.</p>
-<p>This macro must expand to a compile-time constant integer. This value should be the maximum size of a MAC supported by the implementation, in bytes, and must be no smaller than this maximum.</p>
-</div>
-<div class="section" id="PSA_AEAD_TAG_LENGTH">
-<span id="c.PSA_AEAD_TAG_LENGTH"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_TAG_LENGTH</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_AEAD_TAG_LENGTH(alg) \</span>
-<span class="cp">    (PSA_ALG_IS_AEAD(alg) ? (((alg) &amp; PSA_ALG_AEAD_TAG_LENGTH_MASK) &gt;&gt; PSA_AEAD_TAG_LENGTH_OFFSET) : 0)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>An AEAD algorithm (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_AEAD</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>The tag size for the specified algorithm. If the AEAD algorithm does not have an identified tag that can be distinguished from the rest of the ciphertext, return 0. If the AEAD algorithm is not recognized, return 0. An implementation may return either 0 or a correct size for an AEAD algorithm that it recognizes, but does not support.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>The tag size for an AEAD algorithm, in bytes.</p>
-</div>
-<div class="section" id="PSA_VENDOR_RSA_MAX_KEY_BITS">
-<span id="c.PSA_VENDOR_RSA_MAX_KEY_BITS"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_VENDOR_RSA_MAX_KEY_BITS</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_VENDOR_RSA_MAX_KEY_BITS  4096</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_VENDOR_ECC_MAX_CURVE_BITS">
-<span id="c.PSA_VENDOR_ECC_MAX_CURVE_BITS"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_VENDOR_ECC_MAX_CURVE_BITS</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_VENDOR_ECC_MAX_CURVE_BITS  521</span>
-</pre></div>
-</div>
-</div>
-<div class="section" id="PSA_ECC_CURVE_BITS">
-<span id="c.PSA_ECC_CURVE_BITS"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_BITS</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECC_CURVE_BITS(curve)  </span><span class="cm">/*...*/</span><span class="cp"></span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">curve</span></code></dt>
-<dd>An elliptic curve (value of type <a class="reference internal" href="#c.psa_ecc_curve_t" title="psa_ecc_curve_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_ecc_curve_t</span></code></a>).</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>The size associated with <code class="docutils literal notranslate"><span class="pre">curve</span></code>, in bits. This may be 0 if the implementation does not support the specified curve.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Bit size associated with an elliptic curve.</p>
-</div>
-<div class="section" id="PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN">
-<span id="c.PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN  128</span>
-</pre></div>
-</div>
-<p>This macro returns the maximum length of the PSK supported by the TLS-1.2 PSK-to-MS key derivation.</p>
-<p>Quoting RFC 4279, Sect 5.3: TLS implementations supporting these ciphersuites MUST support arbitrary PSK identities up to 128 octets in length, and arbitrary PSKs up to 64 octets in length. Supporting longer identities and keys is RECOMMENDED.</p>
-<p>Therefore, no implementation should define a value smaller than 64 for <a class="reference internal" href="#c.PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN" title="PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE">
-<span id="c.PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE \</span>
-<span class="cp">    PSA_BITS_TO_BYTES( PSA_VENDOR_RSA_MAX_KEY_BITS &gt; PSA_VENDOR_ECC_MAX_CURVE_BITS ? PSA_VENDOR_RSA_MAX_KEY_BITS : PSA_VENDOR_ECC_MAX_CURVE_BITS )</span>
-</pre></div>
-</div>
-<p>Maximum size of an asymmetric signature.</p>
-<p>This macro must expand to a compile-time constant integer. This value should be the maximum size of a MAC supported by the implementation, in bytes, and must be no smaller than this maximum.</p>
-</div>
-<div class="section" id="PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE">
-<span id="c.PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE  16</span>
-</pre></div>
-</div>
-<p>The maximum size of a block cipher supported by the implementation.</p>
-</div>
-<div class="section" id="PSA_MAC_FINAL_SIZE">
-<span id="c.PSA_MAC_FINAL_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_MAC_FINAL_SIZE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_MAC_FINAL_SIZE(key_type, key_bits, alg) \</span>
-<span class="cp">    ((alg) &amp; PSA_ALG_MAC_TRUNCATION_MASK ? PSA_MAC_TRUNCATED_LENGTH(alg) : PSA_ALG_IS_HMAC(alg) ? PSA_HASH_SIZE(PSA_ALG_HMAC_GET_HASH(alg)) : PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) ? PSA_BLOCK_CIPHER_BLOCK_SIZE(key_type) : ((void)(key_type), (void)(key_bits), 0))</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">key_type</span></code></dt>
-<dd>The type of the MAC key.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">key_bits</span></code></dt>
-<dd>The size of the MAC key in bits.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>A MAC algorithm (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_MAC</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>The MAC size for the specified algorithm with the specified key parameters.</p>
-<p>0 if the MAC algorithm is not recognized.</p>
-<p>Either 0 or the correct size for a MAC algorithm that the implementation recognizes, but does not support.</p>
-<p>Unspecified if the key parameters are not consistent with the algorithm.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>The size of the output of <a class="reference internal" href="#c.psa_mac_sign_finish" title="psa_mac_sign_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_sign_finish()</span></code></a>, in bytes.</p>
-<p>This is also the MAC size that <a class="reference internal" href="#c.psa_mac_verify_finish" title="psa_mac_verify_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_mac_verify_finish()</span></code></a> expects.</p>
-</div>
-<div class="section" id="PSA_AEAD_ENCRYPT_OUTPUT_SIZE">
-<span id="c.PSA_AEAD_ENCRYPT_OUTPUT_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_ENCRYPT_OUTPUT_SIZE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(alg, plaintext_length) \</span>
-<span class="cp">    (PSA_AEAD_TAG_LENGTH(alg) != 0 ? (plaintext_length) + PSA_AEAD_TAG_LENGTH(alg) : 0)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>An AEAD algorithm (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_AEAD</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">plaintext_length</span></code></dt>
-<dd>Size of the plaintext in bytes.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>The AEAD ciphertext size for the specified algorithm. If the AEAD algorithm is not recognized, return 0. An implementation may return either 0 or a correct size for an AEAD algorithm that it recognizes, but does not support.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>The maximum size of the output of <a class="reference internal" href="#c.psa_aead_encrypt" title="psa_aead_encrypt"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_encrypt()</span></code></a>, in bytes.</p>
-<p>If the size of the ciphertext buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_aead_encrypt" title="psa_aead_encrypt"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_encrypt()</span></code></a> will not fail due to an insufficient buffer size. Depending on the algorithm, the actual size of the ciphertext may be smaller.</p>
-</div>
-<div class="section" id="PSA_AEAD_DECRYPT_OUTPUT_SIZE">
-<span id="c.PSA_AEAD_DECRYPT_OUTPUT_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_DECRYPT_OUTPUT_SIZE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_AEAD_DECRYPT_OUTPUT_SIZE(alg, ciphertext_length) \</span>
-<span class="cp">    (PSA_AEAD_TAG_LENGTH(alg) != 0 ? (ciphertext_length) - PSA_AEAD_TAG_LENGTH(alg) : 0)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>An AEAD algorithm (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_AEAD</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">ciphertext_length</span></code></dt>
-<dd>Size of the plaintext in bytes.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>The AEAD ciphertext size for the specified algorithm. If the AEAD algorithm is not recognized, return 0. An implementation may return either 0 or a correct size for an AEAD algorithm that it recognizes, but does not support.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>The maximum size of the output of <a class="reference internal" href="#c.psa_aead_decrypt" title="psa_aead_decrypt"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_decrypt()</span></code></a>, in bytes.</p>
-<p>If the size of the plaintext buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_aead_decrypt" title="psa_aead_decrypt"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_decrypt()</span></code></a> will not fail due to an insufficient buffer size. Depending on the algorithm, the actual size of the plaintext may be smaller.</p>
-</div>
-<div class="section" id="PSA_AEAD_UPDATE_OUTPUT_SIZE">
-<span id="c.PSA_AEAD_UPDATE_OUTPUT_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_UPDATE_OUTPUT_SIZE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_AEAD_UPDATE_OUTPUT_SIZE(alg, input_length) \</span>
-<span class="cp">    (PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? PSA_ROUND_UP_TO_MULTIPLE(PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE, (input_length)) : (input_length))</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>An AEAD algorithm (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_AEAD</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">input_length</span></code></dt>
-<dd>Size of the input in bytes.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>A sufficient output buffer size for the specified algorithm. If the AEAD algorithm is not recognized, return 0. An implementation may return either 0 or a correct size for an AEAD algorithm that it recognizes, but does not support.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>A sufficient output buffer size for <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update()</span></code></a>.</p>
-<p>If the size of the output buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update()</span></code></a> will not fail due to an insufficient buffer size. The actual size of the output may be smaller in any given call.</p>
-</div>
-<div class="section" id="PSA_AEAD_FINISH_OUTPUT_SIZE">
-<span id="c.PSA_AEAD_FINISH_OUTPUT_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_FINISH_OUTPUT_SIZE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_AEAD_FINISH_OUTPUT_SIZE(alg) \</span>
-<span class="cp">    (PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE : 0)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>An AEAD algorithm (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_AEAD</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>A sufficient ciphertext buffer size for the specified algorithm. If the AEAD algorithm is not recognized, return 0. An implementation may return either 0 or a correct size for an AEAD algorithm that it recognizes, but does not support.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>A sufficient ciphertext buffer size for <a class="reference internal" href="#c.psa_aead_finish" title="psa_aead_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_finish()</span></code></a>.</p>
-<p>If the size of the ciphertext buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_aead_finish" title="psa_aead_finish"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_finish()</span></code></a> will not fail due to an insufficient ciphertext buffer size. The actual size of the output may be smaller in any given call.</p>
-</div>
-<div class="section" id="PSA_AEAD_VERIFY_OUTPUT_SIZE">
-<span id="c.PSA_AEAD_VERIFY_OUTPUT_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_VERIFY_OUTPUT_SIZE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_AEAD_VERIFY_OUTPUT_SIZE(alg) \</span>
-<span class="cp">    (PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE : 0)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>An AEAD algorithm (<code class="docutils literal notranslate"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ALG_IS_AEAD</span></code></a>(<code class="docutils literal notranslate"><span class="pre">alg</span></code>) is true).</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>A sufficient plaintext buffer size for the specified algorithm. If the AEAD algorithm is not recognized, return 0. An implementation may return either 0 or a correct size for an AEAD algorithm that it recognizes, but does not support.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>A sufficient plaintext buffer size for <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_verify()</span></code></a>.</p>
-<p>If the size of the plaintext buffer is at least this large, it is guaranteed that <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_verify()</span></code></a> will not fail due to an insufficient plaintext buffer size. The actual size of the output may be smaller in any given call.</p>
-</div>
-<div class="section" id="PSA_RSA_MINIMUM_PADDING_SIZE">
-<span id="c.PSA_RSA_MINIMUM_PADDING_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_RSA_MINIMUM_PADDING_SIZE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_RSA_MINIMUM_PADDING_SIZE(alg) \</span>
-<span class="cp">    (PSA_ALG_IS_RSA_OAEP(alg) ? 2 * PSA_HASH_SIZE(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1 : 11 </span><span class="cm">/*PKCS#1v1.5*/</span><span class="cp">)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-</div>
-<div class="section" id="PSA_ECDSA_SIGNATURE_SIZE">
-<span id="c.PSA_ECDSA_SIGNATURE_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ECDSA_SIGNATURE_SIZE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ECDSA_SIGNATURE_SIZE(curve_bits) \</span>
-<span class="cp">    (PSA_BITS_TO_BYTES(curve_bits) * 2)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">curve_bits</span></code></dt>
-<dd>Curve size in bits.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>Signature size in bytes.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>ECDSA signature size for a given curve bit size.</p>
-<div class="admonition note">
-<p class="first admonition-title">Note</p>
-<p class="last">This macro returns a compile-time constant if its argument is one.</p>
-</div>
-</div>
-<div class="section" id="PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE">
-<span id="c.PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE(key_type, key_bits, alg) \</span>
-<span class="cp">    (PSA_KEY_TYPE_IS_RSA(key_type) ? ((void)alg, PSA_BITS_TO_BYTES(key_bits)) : PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(key_bits) : ((void)alg, 0))</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">key_type</span></code></dt>
-<dd>An asymmetric key type (this may indifferently be a key pair type or a public key type).</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">key_bits</span></code></dt>
-<dd>The size of the key in bits.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>The signature algorithm.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>If the parameters are valid and supported, return a buffer size in bytes that guarantees that <a class="reference internal" href="#c.psa_asymmetric_sign" title="psa_asymmetric_sign"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_asymmetric_sign()</span></code></a> will not fail with <a class="reference internal" href="#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a>. If the parameters are a valid combination that is not supported by the implementation, this macro shall return either a sensible size or 0. If the parameters are not valid, the return value is unspecified.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Sufficient signature buffer size for <a class="reference internal" href="#c.psa_asymmetric_sign" title="psa_asymmetric_sign"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_asymmetric_sign()</span></code></a>.</p>
-<p>This macro returns a sufficient buffer size for a signature using a key of the specified type and size, with the specified algorithm. Note that the actual size of the signature may be smaller (some algorithms produce a variable-size signature).</p>
-<div class="admonition warning">
-<p class="first admonition-title">Warning</p>
-<p class="last">This function may call its arguments multiple times or zero times, so you should not pass arguments that contain side effects.</p>
-</div>
-</div>
-<div class="section" id="PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE">
-<span id="c.PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \</span>
-<span class="cp">    (PSA_KEY_TYPE_IS_RSA(key_type) ? ((void)alg, PSA_BITS_TO_BYTES(key_bits)) : 0)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">key_type</span></code></dt>
-<dd>An asymmetric key type (this may indifferently be a key pair type or a public key type).</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">key_bits</span></code></dt>
-<dd>The size of the key in bits.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>The signature algorithm.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>If the parameters are valid and supported, return a buffer size in bytes that guarantees that <a class="reference internal" href="#c.psa_asymmetric_encrypt" title="psa_asymmetric_encrypt"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_asymmetric_encrypt()</span></code></a> will not fail with <a class="reference internal" href="#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a>. If the parameters are a valid combination that is not supported by the implementation, this macro shall return either a sensible size or 0. If the parameters are not valid, the return value is unspecified.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Sufficient output buffer size for <a class="reference internal" href="#c.psa_asymmetric_encrypt" title="psa_asymmetric_encrypt"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_asymmetric_encrypt()</span></code></a>.</p>
-<p>This macro returns a sufficient buffer size for a ciphertext produced using a key of the specified type and size, with the specified algorithm. Note that the actual size of the ciphertext may be smaller, depending on the algorithm.</p>
-<div class="admonition warning">
-<p class="first admonition-title">Warning</p>
-<p class="last">This function may call its arguments multiple times or zero times, so you should not pass arguments that contain side effects.</p>
-</div>
-</div>
-<div class="section" id="PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE">
-<span id="c.PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \</span>
-<span class="cp">    (PSA_KEY_TYPE_IS_RSA(key_type) ? PSA_BITS_TO_BYTES(key_bits) - PSA_RSA_MINIMUM_PADDING_SIZE(alg) : 0)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">key_type</span></code></dt>
-<dd>An asymmetric key type (this may indifferently be a key pair type or a public key type).</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">key_bits</span></code></dt>
-<dd>The size of the key in bits.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">alg</span></code></dt>
-<dd>The signature algorithm.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>If the parameters are valid and supported, return a buffer size in bytes that guarantees that <a class="reference internal" href="#c.psa_asymmetric_decrypt" title="psa_asymmetric_decrypt"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_asymmetric_decrypt()</span></code></a> will not fail with <a class="reference internal" href="#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a>. If the parameters are a valid combination that is not supported by the implementation, this macro shall return either a sensible size or 0. If the parameters are not valid, the return value is unspecified.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Sufficient output buffer size for <a class="reference internal" href="#c.psa_asymmetric_decrypt" title="psa_asymmetric_decrypt"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_asymmetric_decrypt()</span></code></a>.</p>
-<p>This macro returns a sufficient buffer size for a ciphertext produced using a key of the specified type and size, with the specified algorithm. Note that the actual size of the ciphertext may be smaller, depending on the algorithm.</p>
-<div class="admonition warning">
-<p class="first admonition-title">Warning</p>
-<p class="last">This function may call its arguments multiple times or zero times, so you should not pass arguments that contain side effects.</p>
-</div>
-</div>
-<div class="section" id="PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE">
-<span id="c.PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(bits)  ((bits) / 8 + 5)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">bits</span></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-</div>
-<div class="section" id="PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE">
-<span id="c.PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) \</span>
-<span class="cp">    (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 11)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">key_bits</span></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-</div>
-<div class="section" id="PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE">
-<span id="c.PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) \</span>
-<span class="cp">    (9 * PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE((key_bits) / 2 + 1) + 14)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">key_bits</span></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-</div>
-<div class="section" id="PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE">
-<span id="c.PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) \</span>
-<span class="cp">    (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 59)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">key_bits</span></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-</div>
-<div class="section" id="PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE">
-<span id="c.PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) \</span>
-<span class="cp">    (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 75)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">key_bits</span></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-</div>
-<div class="section" id="PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE">
-<span id="c.PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) \</span>
-<span class="cp">    (2 * PSA_BITS_TO_BYTES(key_bits) + 1)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">key_bits</span></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-</div>
-<div class="section" id="PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE">
-<span id="c.PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) \</span>
-<span class="cp">    (PSA_BITS_TO_BYTES(key_bits))</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">key_bits</span></code></dt>
-<dd></dd>
-</dl>
-<p class="subitem-title"><strong>Description:</strong></p>
-</div>
-<div class="section" id="PSA_KEY_EXPORT_MAX_SIZE">
-<span id="c.PSA_KEY_EXPORT_MAX_SIZE"></span><h2><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_MAX_SIZE</span></code> (macro)</h2>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#define PSA_KEY_EXPORT_MAX_SIZE(key_type, key_bits) \</span>
-<span class="cp">    (PSA_KEY_TYPE_IS_UNSTRUCTURED(key_type) ? PSA_BITS_TO_BYTES(key_bits) : (key_type) == PSA_KEY_TYPE_RSA_KEY_PAIR ? PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) : (key_type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : (key_type) == PSA_KEY_TYPE_DSA_KEY_PAIR ? PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) : (key_type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY ? PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) : PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) : PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : 0)</span>
-</pre></div>
-</div>
-<p class="subitem-title"><strong>Parameters:</strong> </p>
-<dl class="docutils">
-<dt> <code class="docutils literal notranslate"><span class="pre">key_type</span></code></dt>
-<dd>A supported key type.</dd>
-<dt> <code class="docutils literal notranslate"><span class="pre">key_bits</span></code></dt>
-<dd>The size of the key in bits.</dd>
-</dl>
-<p class="subitem-title"><strong>Returns:</strong> </p>
-<p>If the parameters are valid and supported, return a buffer size in bytes that guarantees that <a class="reference internal" href="#c.psa_asymmetric_sign" title="psa_asymmetric_sign"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_asymmetric_sign()</span></code></a> will not fail with <a class="reference internal" href="#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a>. If the parameters are a valid combination that is not supported by the implementation, this macro shall return either a sensible size or 0. If the parameters are not valid, the return value is unspecified.</p>
-<p class="subitem-title"><strong>Description:</strong></p>
-<p>Sufficient output buffer size for <a class="reference internal" href="#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_export_key()</span></code></a> or <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_export_public_key()</span></code></a>.</p>
-<p>This macro returns a compile-time constant if its arguments are compile-time constants.</p>
-<div class="admonition warning">
-<p class="first admonition-title">Warning</p>
-<p class="last">This function may call its arguments multiple times or zero times, so you should not pass arguments that contain side effects.</p>
-</div>
-<p>The following code illustrates how to allocate enough memory to export a key by querying the key type and size at runtime.</p>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_key_attributes_t</span> <span class="n">attributes</span> <span class="o">=</span> <span class="n">PSA_KEY_ATTRIBUTES_INIT</span><span class="p">;</span>
-<span class="n">psa_status_t</span> <span class="n">status</span><span class="p">;</span>
-<span class="n">status</span> <span class="o">=</span> <span class="n">psa_get_key_attributes</span><span class="p">(</span><span class="n">key</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">attributes</span><span class="p">);</span>
-<span class="k">if</span> <span class="p">(</span><span class="n">status</span> <span class="o">!=</span> <span class="n">PSA_SUCCESS</span><span class="p">)</span> <span class="n">handle_error</span><span class="p">(...);</span>
-<span class="n">psa_key_type_t</span> <span class="n">key_type</span> <span class="o">=</span> <span class="n">psa_get_key_type</span><span class="p">(</span><span class="o">&amp;</span><span class="n">attributes</span><span class="p">);</span>
-<span class="kt">size_t</span> <span class="n">key_bits</span> <span class="o">=</span> <span class="n">psa_get_key_bits</span><span class="p">(</span><span class="o">&amp;</span><span class="n">attributes</span><span class="p">);</span>
-<span class="kt">size_t</span> <span class="n">buffer_size</span> <span class="o">=</span> <span class="n">PSA_KEY_EXPORT_MAX_SIZE</span><span class="p">(</span><span class="n">key_type</span><span class="p">,</span> <span class="n">key_bits</span><span class="p">);</span>
-<span class="n">psa_reset_key_attributes</span><span class="p">(</span><span class="o">&amp;</span><span class="n">attributes</span><span class="p">);</span>
-<span class="kt">unsigned</span> <span class="kt">char</span> <span class="o">*</span><span class="n">buffer</span> <span class="o">=</span> <span class="n">malloc</span><span class="p">(</span><span class="n">buffer_size</span><span class="p">);</span>
-<span class="k">if</span> <span class="p">(</span><span class="n">buffer</span> <span class="o">==</span> <span class="nb">NULL</span><span class="p">)</span> <span class="n">handle_error</span><span class="p">(...);</span>
-<span class="kt">size_t</span> <span class="n">buffer_length</span><span class="p">;</span>
-<span class="n">status</span> <span class="o">=</span> <span class="n">psa_export_key</span><span class="p">(</span><span class="n">key</span><span class="p">,</span> <span class="n">buffer</span><span class="p">,</span> <span class="n">buffer_size</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">buffer_length</span><span class="p">);</span>
-<span class="k">if</span> <span class="p">(</span><span class="n">status</span> <span class="o">!=</span> <span class="n">PSA_SUCCESS</span><span class="p">)</span> <span class="n">handle_error</span><span class="p">(...);</span>
-</pre></div>
-</div>
-<p>For <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_export_public_key()</span></code></a>, calculate the buffer size from the public key type. You can use the macro <a class="reference internal" href="#c.PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR" title="PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR</span></code></a> to convert a key pair type to the corresponding public key type.</p>
-<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">psa_key_attributes_t</span> <span class="n">attributes</span> <span class="o">=</span> <span class="n">PSA_KEY_ATTRIBUTES_INIT</span><span class="p">;</span>
-<span class="n">psa_status_t</span> <span class="n">status</span><span class="p">;</span>
-<span class="n">status</span> <span class="o">=</span> <span class="n">psa_get_key_attributes</span><span class="p">(</span><span class="n">key</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">attributes</span><span class="p">);</span>
-<span class="k">if</span> <span class="p">(</span><span class="n">status</span> <span class="o">!=</span> <span class="n">PSA_SUCCESS</span><span class="p">)</span> <span class="n">handle_error</span><span class="p">(...);</span>
-<span class="n">psa_key_type_t</span> <span class="n">key_type</span> <span class="o">=</span> <span class="n">psa_get_key_type</span><span class="p">(</span><span class="o">&amp;</span><span class="n">attributes</span><span class="p">);</span>
-<span class="n">psa_key_type_t</span> <span class="n">public_key_type</span> <span class="o">=</span> <span class="n">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR</span><span class="p">(</span><span class="n">key_type</span><span class="p">);</span>
-<span class="kt">size_t</span> <span class="n">key_bits</span> <span class="o">=</span> <span class="n">psa_get_key_bits</span><span class="p">(</span><span class="o">&amp;</span><span class="n">attributes</span><span class="p">);</span>
-<span class="kt">size_t</span> <span class="n">buffer_size</span> <span class="o">=</span> <span class="n">PSA_KEY_EXPORT_MAX_SIZE</span><span class="p">(</span><span class="n">public_key_type</span><span class="p">,</span> <span class="n">key_bits</span><span class="p">);</span>
-<span class="n">psa_reset_key_attributes</span><span class="p">(</span><span class="o">&amp;</span><span class="n">attributes</span><span class="p">);</span>
-<span class="kt">unsigned</span> <span class="kt">char</span> <span class="o">*</span><span class="n">buffer</span> <span class="o">=</span> <span class="n">malloc</span><span class="p">(</span><span class="n">buffer_size</span><span class="p">);</span>
-<span class="k">if</span> <span class="p">(</span><span class="n">buffer</span> <span class="o">==</span> <span class="nb">NULL</span><span class="p">)</span> <span class="n">handle_error</span><span class="p">(...);</span>
-<span class="kt">size_t</span> <span class="n">buffer_length</span><span class="p">;</span>
-<span class="n">status</span> <span class="o">=</span> <span class="n">psa_export_public_key</span><span class="p">(</span><span class="n">key</span><span class="p">,</span> <span class="n">buffer</span><span class="p">,</span> <span class="n">buffer_size</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">buffer_length</span><span class="p">);</span>
-<span class="k">if</span> <span class="p">(</span><span class="n">status</span> <span class="o">!=</span> <span class="n">PSA_SUCCESS</span><span class="p">)</span> <span class="n">handle_error</span><span class="p">(...);</span>
-</pre></div>
-</div>
-</div>
-</div>
-
-
-          </div>
-          
-        </div>
-      </div>
-      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
-        <div class="sphinxsidebarwrapper">
-<h1 class="logo"><a href="index.html">psa_crypto_api</a></h1>
-
-
-
-
-
-
-
-
-<h3>Navigation</h3>
-<ul class="current">
-<li class="toctree-l1"><a class="reference internal" href="general.html">Introduction</a></li>
-<li class="toctree-l1"><a class="reference internal" href="general.html#design-goals">Design goals</a></li>
-<li class="toctree-l1"><a class="reference internal" href="general.html#functionality-overview">Functionality overview</a></li>
-<li class="toctree-l1"><a class="reference internal" href="general.html#sample-architectures">Sample architectures</a></li>
-<li class="toctree-l1"><a class="reference internal" href="general.html#library-conventions">Library conventions</a></li>
-<li class="toctree-l1"><a class="reference internal" href="general.html#implementation-considerations">Implementation considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="general.html#usage-considerations">Usage considerations</a></li>
-<li class="toctree-l1 current"><a class="current reference internal" href="#">Implementation-specific definitions</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="#psa_key_handle_t"><code class="docutils literal notranslate"><span class="pre">psa_key_handle_t</span></code> (type)</a></li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="#library-initialization">Library initialization</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="#psa_crypto_init"><code class="docutils literal notranslate"><span class="pre">psa_crypto_init</span></code> (function)</a></li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="#key-attributes">Key attributes</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="#psa_key_attributes_t"><code class="docutils literal notranslate"><span class="pre">psa_key_attributes_t</span></code> (type)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_ATTRIBUTES_INIT"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_ATTRIBUTES_INIT</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_key_attributes_init"><code class="docutils literal notranslate"><span class="pre">psa_key_attributes_init</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_set_key_id"><code class="docutils literal notranslate"><span class="pre">psa_set_key_id</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_set_key_lifetime"><code class="docutils literal notranslate"><span class="pre">psa_set_key_lifetime</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_get_key_id"><code class="docutils literal notranslate"><span class="pre">psa_get_key_id</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_get_key_lifetime"><code class="docutils literal notranslate"><span class="pre">psa_get_key_lifetime</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_set_key_usage_flags"><code class="docutils literal notranslate"><span class="pre">psa_set_key_usage_flags</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_get_key_usage_flags"><code class="docutils literal notranslate"><span class="pre">psa_get_key_usage_flags</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_set_key_algorithm"><code class="docutils literal notranslate"><span class="pre">psa_set_key_algorithm</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_get_key_algorithm"><code class="docutils literal notranslate"><span class="pre">psa_get_key_algorithm</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_set_key_type"><code class="docutils literal notranslate"><span class="pre">psa_set_key_type</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_set_key_bits"><code class="docutils literal notranslate"><span class="pre">psa_set_key_bits</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_get_key_type"><code class="docutils literal notranslate"><span class="pre">psa_get_key_type</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_get_key_bits"><code class="docutils literal notranslate"><span class="pre">psa_get_key_bits</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_get_key_attributes"><code class="docutils literal notranslate"><span class="pre">psa_get_key_attributes</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_reset_key_attributes"><code class="docutils literal notranslate"><span class="pre">psa_reset_key_attributes</span></code> (function)</a></li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="#key-management">Key management</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="#psa_open_key"><code class="docutils literal notranslate"><span class="pre">psa_open_key</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_close_key"><code class="docutils literal notranslate"><span class="pre">psa_close_key</span></code> (function)</a></li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="#key-import-and-export">Key import and export</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="#psa_import_key"><code class="docutils literal notranslate"><span class="pre">psa_import_key</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_destroy_key"><code class="docutils literal notranslate"><span class="pre">psa_destroy_key</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_export_key"><code class="docutils literal notranslate"><span class="pre">psa_export_key</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_export_public_key"><code class="docutils literal notranslate"><span class="pre">psa_export_public_key</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_copy_key"><code class="docutils literal notranslate"><span class="pre">psa_copy_key</span></code> (function)</a></li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="#message-digests">Message digests</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="#psa_hash_operation_t"><code class="docutils literal notranslate"><span class="pre">psa_hash_operation_t</span></code> (type)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_HASH_OPERATION_INIT"><code class="docutils literal notranslate"><span class="pre">PSA_HASH_OPERATION_INIT</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_hash_compute"><code class="docutils literal notranslate"><span class="pre">psa_hash_compute</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_hash_compare"><code class="docutils literal notranslate"><span class="pre">psa_hash_compare</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_hash_operation_init"><code class="docutils literal notranslate"><span class="pre">psa_hash_operation_init</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_hash_setup"><code class="docutils literal notranslate"><span class="pre">psa_hash_setup</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_hash_update"><code class="docutils literal notranslate"><span class="pre">psa_hash_update</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_hash_finish"><code class="docutils literal notranslate"><span class="pre">psa_hash_finish</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_hash_verify"><code class="docutils literal notranslate"><span class="pre">psa_hash_verify</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_hash_abort"><code class="docutils literal notranslate"><span class="pre">psa_hash_abort</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_hash_clone"><code class="docutils literal notranslate"><span class="pre">psa_hash_clone</span></code> (function)</a></li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="#message-authentication-codes">Message authentication codes</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="#psa_mac_operation_t"><code class="docutils literal notranslate"><span class="pre">psa_mac_operation_t</span></code> (type)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_MAC_OPERATION_INIT"><code class="docutils literal notranslate"><span class="pre">PSA_MAC_OPERATION_INIT</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_mac_compute"><code class="docutils literal notranslate"><span class="pre">psa_mac_compute</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_mac_verify"><code class="docutils literal notranslate"><span class="pre">psa_mac_verify</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_mac_operation_init"><code class="docutils literal notranslate"><span class="pre">psa_mac_operation_init</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_mac_sign_setup"><code class="docutils literal notranslate"><span class="pre">psa_mac_sign_setup</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_mac_verify_setup"><code class="docutils literal notranslate"><span class="pre">psa_mac_verify_setup</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_mac_update"><code class="docutils literal notranslate"><span class="pre">psa_mac_update</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_mac_sign_finish"><code class="docutils literal notranslate"><span class="pre">psa_mac_sign_finish</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_mac_verify_finish"><code class="docutils literal notranslate"><span class="pre">psa_mac_verify_finish</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_mac_abort"><code class="docutils literal notranslate"><span class="pre">psa_mac_abort</span></code> (function)</a></li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="#symmetric-ciphers">Symmetric ciphers</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="#psa_cipher_operation_t"><code class="docutils literal notranslate"><span class="pre">psa_cipher_operation_t</span></code> (type)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_CIPHER_OPERATION_INIT"><code class="docutils literal notranslate"><span class="pre">PSA_CIPHER_OPERATION_INIT</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_cipher_encrypt"><code class="docutils literal notranslate"><span class="pre">psa_cipher_encrypt</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_cipher_decrypt"><code class="docutils literal notranslate"><span class="pre">psa_cipher_decrypt</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_cipher_operation_init"><code class="docutils literal notranslate"><span class="pre">psa_cipher_operation_init</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_cipher_encrypt_setup"><code class="docutils literal notranslate"><span class="pre">psa_cipher_encrypt_setup</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_cipher_decrypt_setup"><code class="docutils literal notranslate"><span class="pre">psa_cipher_decrypt_setup</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_cipher_generate_iv"><code class="docutils literal notranslate"><span class="pre">psa_cipher_generate_iv</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_cipher_set_iv"><code class="docutils literal notranslate"><span class="pre">psa_cipher_set_iv</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_cipher_update"><code class="docutils literal notranslate"><span class="pre">psa_cipher_update</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_cipher_finish"><code class="docutils literal notranslate"><span class="pre">psa_cipher_finish</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_cipher_abort"><code class="docutils literal notranslate"><span class="pre">psa_cipher_abort</span></code> (function)</a></li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="#authenticated-encryption-with-associated-data-aead">Authenticated encryption with associated data (AEAD)</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="#psa_aead_operation_t"><code class="docutils literal notranslate"><span class="pre">psa_aead_operation_t</span></code> (type)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_AEAD_OPERATION_INIT"><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_OPERATION_INIT</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_aead_encrypt"><code class="docutils literal notranslate"><span class="pre">psa_aead_encrypt</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_aead_decrypt"><code class="docutils literal notranslate"><span class="pre">psa_aead_decrypt</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_aead_operation_init"><code class="docutils literal notranslate"><span class="pre">psa_aead_operation_init</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_aead_encrypt_setup"><code class="docutils literal notranslate"><span class="pre">psa_aead_encrypt_setup</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_aead_decrypt_setup"><code class="docutils literal notranslate"><span class="pre">psa_aead_decrypt_setup</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_aead_generate_nonce"><code class="docutils literal notranslate"><span class="pre">psa_aead_generate_nonce</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_aead_set_nonce"><code class="docutils literal notranslate"><span class="pre">psa_aead_set_nonce</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_aead_set_lengths"><code class="docutils literal notranslate"><span class="pre">psa_aead_set_lengths</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_aead_update_ad"><code class="docutils literal notranslate"><span class="pre">psa_aead_update_ad</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_aead_update"><code class="docutils literal notranslate"><span class="pre">psa_aead_update</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_aead_finish"><code class="docutils literal notranslate"><span class="pre">psa_aead_finish</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_aead_verify"><code class="docutils literal notranslate"><span class="pre">psa_aead_verify</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_aead_abort"><code class="docutils literal notranslate"><span class="pre">psa_aead_abort</span></code> (function)</a></li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="#asymmetric-cryptography">Asymmetric cryptography</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="#psa_asymmetric_sign"><code class="docutils literal notranslate"><span class="pre">psa_asymmetric_sign</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_asymmetric_verify"><code class="docutils literal notranslate"><span class="pre">psa_asymmetric_verify</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_asymmetric_encrypt"><code class="docutils literal notranslate"><span class="pre">psa_asymmetric_encrypt</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_asymmetric_decrypt"><code class="docutils literal notranslate"><span class="pre">psa_asymmetric_decrypt</span></code> (function)</a></li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="#key-derivation-and-pseudorandom-generation">Key derivation and pseudorandom generation</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="#psa_key_derivation_operation_t"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_operation_t</span></code> (type)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_DERIVATION_OPERATION_INIT"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_OPERATION_INIT</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_DERIVATION_UNLIMITED_CAPACITY"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_UNLIMITED_CAPACITY</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_key_derivation_operation_init"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_operation_init</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_key_derivation_setup"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_setup</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_key_derivation_get_capacity"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_get_capacity</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_key_derivation_set_capacity"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_set_capacity</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_key_derivation_input_bytes"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_input_bytes</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_key_derivation_input_key"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_input_key</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_key_derivation_key_agreement"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_key_agreement</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_key_derivation_output_bytes"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_output_bytes</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_key_derivation_output_key"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_output_key</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_key_derivation_abort"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_abort</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_raw_key_agreement"><code class="docutils literal notranslate"><span class="pre">psa_raw_key_agreement</span></code> (function)</a></li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="#random-generation">Random generation</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="#psa_generate_random"><code class="docutils literal notranslate"><span class="pre">psa_generate_random</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_generate_key"><code class="docutils literal notranslate"><span class="pre">psa_generate_key</span></code> (function)</a></li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="#error-codes">Error codes</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="#psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code> (type)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ERROR_GENERIC_ERROR"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_GENERIC_ERROR</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ERROR_ALREADY_EXISTS"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_ALREADY_EXISTS</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ERROR_DOES_NOT_EXIST"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_DOES_NOT_EXIST</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ERROR_INSUFFICIENT_STORAGE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_STORAGE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ERROR_INVALID_SIGNATURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ERROR_INVALID_PADDING"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_PADDING</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ERROR_INSUFFICIENT_DATA"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_DATA</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code> (macro)</a></li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="#key-and-algorithm-types">Key and algorithm types</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="#psa_key_type_t"><code class="docutils literal notranslate"><span class="pre">psa_key_type_t</span></code> (type)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_ecc_curve_t"><code class="docutils literal notranslate"><span class="pre">psa_ecc_curve_t</span></code> (type)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_dh_group_t"><code class="docutils literal notranslate"><span class="pre">psa_dh_group_t</span></code> (type)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_algorithm_t"><code class="docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code> (type)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_NONE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_NONE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_VENDOR_FLAG"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_VENDOR_FLAG</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_CATEGORY_MASK"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CATEGORY_MASK</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_CATEGORY_SYMMETRIC"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CATEGORY_SYMMETRIC</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_CATEGORY_RAW"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CATEGORY_RAW</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_CATEGORY_KEY_PAIR"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CATEGORY_KEY_PAIR</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_CATEGORY_FLAG_PAIR"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CATEGORY_FLAG_PAIR</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_IS_VENDOR_DEFINED"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_VENDOR_DEFINED</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_IS_UNSTRUCTURED"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_UNSTRUCTURED</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_IS_ASYMMETRIC"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_ASYMMETRIC</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_IS_PUBLIC_KEY"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_PUBLIC_KEY</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_IS_KEY_PAIR"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_KEY_PAIR</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_RAW_DATA"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_RAW_DATA</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_HMAC"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_HMAC</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_DERIVE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DERIVE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_AES"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_AES</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_DES"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DES</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_CAMELLIA"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CAMELLIA</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_ARC4"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ARC4</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_CHACHA20"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CHACHA20</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_RSA_PUBLIC_KEY"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_RSA_PUBLIC_KEY</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_RSA_KEY_PAIR"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_RSA_KEY_PAIR</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_IS_RSA"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_RSA</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_ECC_KEY_PAIR_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR_BASE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_ECC_CURVE_MASK"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ECC_CURVE_MASK</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_ECC_KEY_PAIR"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_ECC_PUBLIC_KEY"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ECC_PUBLIC_KEY</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_IS_ECC"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_ECC</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_IS_ECC_KEY_PAIR"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_ECC_KEY_PAIR</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_GET_CURVE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_GET_CURVE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECT163K1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT163K1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECT163R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT163R1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECT163R2"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT163R2</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECT193R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT193R1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECT193R2"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT193R2</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECT233K1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT233K1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECT233R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT233R1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECT239K1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT239K1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECT283K1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT283K1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECT283R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT283R1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECT409K1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT409K1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECT409R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT409R1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECT571K1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT571K1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECT571R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT571R1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECP160K1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP160K1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECP160R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP160R1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECP160R2"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP160R2</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECP192K1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP192K1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECP192R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP192R1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECP224K1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP224K1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECP224R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP224R1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECP256K1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP256K1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECP256R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP256R1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECP384R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP384R1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_SECP521R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP521R1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_BRAINPOOL_P256R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_BRAINPOOL_P256R1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_BRAINPOOL_P384R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_BRAINPOOL_P384R1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_BRAINPOOL_P512R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_BRAINPOOL_P512R1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_CURVE25519"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_CURVE25519</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_CURVE448"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_CURVE448</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_DH_KEY_PAIR_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DH_KEY_PAIR_BASE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_DH_GROUP_MASK"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DH_GROUP_MASK</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_DH_KEY_PAIR"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DH_KEY_PAIR</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_DH_PUBLIC_KEY"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DH_PUBLIC_KEY</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_IS_DH"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_DH</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_IS_DH_KEY_PAIR"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_DH_KEY_PAIR</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_IS_DH_PUBLIC_KEY"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_DH_PUBLIC_KEY</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_TYPE_GET_GROUP"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_GET_GROUP</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_DH_GROUP_FFDHE2048"><code class="docutils literal notranslate"><span class="pre">PSA_DH_GROUP_FFDHE2048</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_DH_GROUP_FFDHE3072"><code class="docutils literal notranslate"><span class="pre">PSA_DH_GROUP_FFDHE3072</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_DH_GROUP_FFDHE4096"><code class="docutils literal notranslate"><span class="pre">PSA_DH_GROUP_FFDHE4096</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_DH_GROUP_FFDHE6144"><code class="docutils literal notranslate"><span class="pre">PSA_DH_GROUP_FFDHE6144</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_DH_GROUP_FFDHE8192"><code class="docutils literal notranslate"><span class="pre">PSA_DH_GROUP_FFDHE8192</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_BLOCK_CIPHER_BLOCK_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_BLOCK_CIPHER_BLOCK_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_VENDOR_FLAG"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_VENDOR_FLAG</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_CATEGORY_MASK"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_MASK</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_CATEGORY_HASH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_HASH</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_CATEGORY_MAC"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_MAC</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_CATEGORY_CIPHER"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_CIPHER</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_CATEGORY_AEAD"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_AEAD</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_CATEGORY_SIGN"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_SIGN</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_CATEGORY_KEY_DERIVATION"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_KEY_DERIVATION</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_CATEGORY_KEY_AGREEMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_KEY_AGREEMENT</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_VENDOR_DEFINED"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_VENDOR_DEFINED</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_HASH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_HASH</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_MAC"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_MAC</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_CIPHER"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_CIPHER</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_AEAD"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_AEAD</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_SIGN"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_SIGN</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_ASYMMETRIC_ENCRYPTION"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_ASYMMETRIC_ENCRYPTION</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_KEY_AGREEMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_KEY_AGREEMENT</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_KEY_DERIVATION"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_KEY_DERIVATION</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_HASH_MASK"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HASH_MASK</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_MD2"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_MD2</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_MD4"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_MD4</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_MD5"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_MD5</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_RIPEMD160"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RIPEMD160</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_SHA_1"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA_1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_SHA_224"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA_224</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_SHA_256"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA_256</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_SHA_384"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA_384</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_SHA_512"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA_512</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_SHA_512_224"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA_512_224</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_SHA_512_256"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA_512_256</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_SHA3_224"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA3_224</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_SHA3_256"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA3_256</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_SHA3_384"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA3_384</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_SHA3_512"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA3_512</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_ANY_HASH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_ANY_HASH</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_MAC_SUBCATEGORY_MASK"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_MAC_SUBCATEGORY_MASK</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_HMAC_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HMAC_BASE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_HMAC"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HMAC</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_HMAC_GET_HASH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HMAC_GET_HASH</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_HMAC"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_HMAC</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_MAC_TRUNCATION_MASK"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_MAC_TRUNCATION_MASK</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_MAC_TRUNCATION_OFFSET"><code class="docutils literal notranslate"><span class="pre">PSA_MAC_TRUNCATION_OFFSET</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_TRUNCATED_MAC"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TRUNCATED_MAC</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_FULL_LENGTH_MAC"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_FULL_LENGTH_MAC</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_MAC_TRUNCATED_LENGTH"><code class="docutils literal notranslate"><span class="pre">PSA_MAC_TRUNCATED_LENGTH</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_CIPHER_MAC_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CIPHER_MAC_BASE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_CBC_MAC"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CBC_MAC</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_CMAC"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CMAC</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_GMAC"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_GMAC</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_BLOCK_CIPHER_MAC"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_BLOCK_CIPHER_MAC</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_CIPHER_STREAM_FLAG"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CIPHER_STREAM_FLAG</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_CIPHER_FROM_BLOCK_FLAG"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CIPHER_FROM_BLOCK_FLAG</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_STREAM_CIPHER"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_STREAM_CIPHER</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_ARC4"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_ARC4</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_CHACHA20"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CHACHA20</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_CTR"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CTR</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_CFB"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CFB</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_OFB"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_OFB</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_XTS"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_XTS</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_CBC_NO_PADDING"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CBC_NO_PADDING</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_CBC_PKCS7"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CBC_PKCS7</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_AEAD_FROM_BLOCK_FLAG"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_AEAD_FROM_BLOCK_FLAG</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_CCM"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CCM</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_GCM"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_GCM</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_CHACHA20_POLY1305"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CHACHA20_POLY1305</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_AEAD_TAG_LENGTH_MASK"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_AEAD_TAG_LENGTH_MASK</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_AEAD_TAG_LENGTH_OFFSET"><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_TAG_LENGTH_OFFSET</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_AEAD_WITH_TAG_LENGTH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_AEAD_WITH_TAG_LENGTH</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE"><code class="docutils literal notranslate"><span class="pre">PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_RSA_PKCS1V15_SIGN_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN_BASE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_RSA_PKCS1V15_SIGN"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_RSA_PKCS1V15_SIGN_RAW"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_RSA_PKCS1V15_SIGN"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_RSA_PKCS1V15_SIGN</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_RSA_PSS_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PSS_BASE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_RSA_PSS"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PSS</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_RSA_PSS"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_RSA_PSS</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_ECDSA_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_ECDSA_BASE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_ECDSA"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_ECDSA</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_ECDSA_ANY"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_ECDSA_ANY</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_DETERMINISTIC_ECDSA_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA_BASE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_DETERMINISTIC_ECDSA"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_ECDSA"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_ECDSA</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_ECDSA_IS_DETERMINISTIC"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_ECDSA_IS_DETERMINISTIC</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_DETERMINISTIC_ECDSA"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_DETERMINISTIC_ECDSA</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_RANDOMIZED_ECDSA"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_RANDOMIZED_ECDSA</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_HASH_AND_SIGN"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_HASH_AND_SIGN</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_SIGN_GET_HASH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SIGN_GET_HASH</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_RSA_PKCS1V15_CRYPT"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PKCS1V15_CRYPT</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_RSA_OAEP_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_OAEP_BASE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_RSA_OAEP"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_OAEP</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_RSA_OAEP"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_RSA_OAEP</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_RSA_OAEP_GET_HASH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_OAEP_GET_HASH</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_HKDF_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HKDF_BASE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_HKDF"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HKDF</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_HKDF"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_HKDF</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_HKDF_GET_HASH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HKDF_GET_HASH</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_TLS12_PRF_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PRF_BASE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_TLS12_PRF"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PRF</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_TLS12_PRF"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_TLS12_PRF</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_TLS12_PRF_GET_HASH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PRF_GET_HASH</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_TLS12_PSK_TO_MS_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS_BASE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_TLS12_PSK_TO_MS"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_TLS12_PSK_TO_MS"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_TLS12_PSK_TO_MS</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_TLS12_PSK_TO_MS_GET_HASH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS_GET_HASH</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_KEY_DERIVATION_MASK"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_KEY_DERIVATION_MASK</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_KEY_AGREEMENT_MASK"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_KEY_AGREEMENT_MASK</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_KEY_AGREEMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_KEY_AGREEMENT</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_KEY_AGREEMENT_GET_KDF"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_KDF</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_KEY_AGREEMENT_GET_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_BASE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_RAW_KEY_AGREEMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_RAW_KEY_AGREEMENT</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_KEY_DERIVATION_OR_AGREEMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_KEY_DERIVATION_OR_AGREEMENT</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_FFDH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_FFDH</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_FFDH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_FFDH</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_ECDH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_ECDH</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_ECDH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_ECDH</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_IS_WILDCARD"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_WILDCARD</span></code> (macro)</a></li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="#key-lifetimes">Key lifetimes</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="#psa_key_lifetime_t"><code class="docutils literal notranslate"><span class="pre">psa_key_lifetime_t</span></code> (type)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#psa_key_id_t"><code class="docutils literal notranslate"><span class="pre">psa_key_id_t</span></code> (type)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_LIFETIME_VOLATILE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_LIFETIME_PERSISTENT"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_ID_USER_MIN"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_ID_USER_MIN</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_ID_USER_MAX"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_ID_USER_MAX</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_ID_VENDOR_MIN"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_ID_VENDOR_MIN</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_ID_VENDOR_MAX"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_ID_VENDOR_MAX</span></code> (macro)</a></li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="#key-policies">Key policies</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="#psa_key_usage_t"><code class="docutils literal notranslate"><span class="pre">psa_key_usage_t</span></code> (type)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_USAGE_EXPORT"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_USAGE_COPY"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_COPY</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_USAGE_ENCRYPT"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_USAGE_DECRYPT"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_USAGE_SIGN"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_SIGN</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_USAGE_VERIFY"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_VERIFY</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_USAGE_DERIVE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code> (macro)</a></li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="#key-derivation">Key derivation</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="#psa_key_derivation_step_t"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_step_t</span></code> (type)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_DERIVATION_INPUT_SECRET"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_DERIVATION_INPUT_LABEL"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_LABEL</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_DERIVATION_INPUT_SALT"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_SALT</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_DERIVATION_INPUT_INFO"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_INFO</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_DERIVATION_INPUT_SEED"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_SEED</span></code> (macro)</a></li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="#other-definitions">Other definitions</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_BITS_TO_BYTES"><code class="docutils literal notranslate"><span class="pre">PSA_BITS_TO_BYTES</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_BYTES_TO_BITS"><code class="docutils literal notranslate"><span class="pre">PSA_BYTES_TO_BITS</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ROUND_UP_TO_MULTIPLE"><code class="docutils literal notranslate"><span class="pre">PSA_ROUND_UP_TO_MULTIPLE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_HASH_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_HASH_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_HASH_MAX_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_HASH_MAX_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_HMAC_MAX_HASH_BLOCK_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_HMAC_MAX_HASH_BLOCK_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_MAC_MAX_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_MAC_MAX_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_AEAD_TAG_LENGTH"><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_TAG_LENGTH</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_VENDOR_RSA_MAX_KEY_BITS"><code class="docutils literal notranslate"><span class="pre">PSA_VENDOR_RSA_MAX_KEY_BITS</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_VENDOR_ECC_MAX_CURVE_BITS"><code class="docutils literal notranslate"><span class="pre">PSA_VENDOR_ECC_MAX_CURVE_BITS</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ECC_CURVE_BITS"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_BITS</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_MAC_FINAL_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_MAC_FINAL_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_AEAD_ENCRYPT_OUTPUT_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_ENCRYPT_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_AEAD_DECRYPT_OUTPUT_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_DECRYPT_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_AEAD_UPDATE_OUTPUT_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_UPDATE_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_AEAD_FINISH_OUTPUT_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_FINISH_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_AEAD_VERIFY_OUTPUT_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_VERIFY_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_RSA_MINIMUM_PADDING_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_RSA_MINIMUM_PADDING_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ECDSA_SIGNATURE_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_ECDSA_SIGNATURE_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#PSA_KEY_EXPORT_MAX_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_MAX_SIZE</span></code> (macro)</a></li>
-</ul>
-</li>
-</ul>
-
-<div class="relations">
-<h3>Related Topics</h3>
-<ul>
-  <li><a href="index.html">Documentation overview</a><ul>
-      <li>Previous: <a href="general.html" title="previous chapter">Introduction</a></li>
-  </ul></li>
-</ul>
-</div>
-<div id="searchbox" style="display: none" role="search">
-  <h3>Quick search</h3>
-    <div class="searchformwrapper">
-    <form class="search" action="search.html" method="get">
-      <input type="text" name="q" />
-      <input type="submit" value="Go" />
-      <input type="hidden" name="check_keywords" value="yes" />
-      <input type="hidden" name="area" value="default" />
-    </form>
-    </div>
-</div>
-<script type="text/javascript">$('#searchbox').show(0);</script>
-
-
-
-
-
-
-
-
-        </div>
-      </div>
-      <div class="clearer"></div>
-    </div>
-    <div class="footer">
-      &copy;2019, Arm.
-      
-      |
-      Powered by <a href="http://sphinx-doc.org/">Sphinx 1.8.5</a>
-      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.12</a>
-      
-      |
-      <a href="_sources/from_doxygen.rst.txt"
-          rel="nofollow">Page source</a>
-    </div>
-
-    
-
-    
-  </body>
-</html>
\ No newline at end of file
diff --git a/docs/html/general.html b/docs/html/general.html
deleted file mode 100644
index 0a76f6d..0000000
--- a/docs/html/general.html
+++ /dev/null
@@ -1,1456 +0,0 @@
-
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta http-equiv="X-UA-Compatible" content="IE=Edge" />
-    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-    <title>Introduction &#8212; psa_crypto_api 1.0 beta3 documentation</title>
-    <link rel="stylesheet" href="_static/alabaster.css" type="text/css" />
-    <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
-    <script type="text/javascript" id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
-    <script type="text/javascript" src="_static/jquery.js"></script>
-    <script type="text/javascript" src="_static/underscore.js"></script>
-    <script type="text/javascript" src="_static/doctools.js"></script>
-    <script type="text/javascript" src="_static/language_data.js"></script>
-    <link rel="index" title="Index" href="genindex.html" />
-    <link rel="search" title="Search" href="search.html" />
-    <link rel="next" title="Implementation-specific definitions" href="from_doxygen.html" />
-    <link rel="prev" title="PSA Cryptography API Specification" href="index.html" />
-   
-  <link rel="stylesheet" href="_static/custom.css" type="text/css" />
-  
-  
-  <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
-
-  </head><body>
-  
-
-    <div class="document">
-      <div class="documentwrapper">
-        <div class="bodywrapper">
-          
-
-          <div class="body" role="main">
-            
-  <div class="section" id="introduction">
-<h1>Introduction</h1>
-<p>Arm’s Platform Security Architecture (PSA) is a holistic set of threat
-models, security analyses, hardware and firmware architecture
-specifications, and an open source firmware reference implementation.
-PSA provides a recipe, based on industry best practice, that allows
-security to be consistently designed in, at both a hardware and firmware
-level.</p>
-<p>The PSA Cryptographic API (Crypto API) described in this document is an
-important PSA component that provides an interface to modern
-cryptographic primitives on resource-constrained devices. The interface
-is user-friendly, while still providing access to the primitives used in
-modern cryptography. It does not require that the user have access to
-the key material. Instead, it uses opaque key handles.</p>
-<p>This document is part of the PSA family of specifications. It defines an
-interface for cryptographic services, including cryptography primitives
-and a key storage functionality.</p>
-<p>This document includes:</p>
-<ul class="simple">
-<li>A <a class="reference external" href="#design-goals">rationale</a> for the design.</li>
-<li>A <a class="reference external" href="#functionality-overview">high-level overview of the
-functionality</a> provided by the interface.</li>
-<li>A <a class="reference external" href="#sample-architectures">description of typical architectures</a> of
-implementations for this specification.</li>
-<li>General considerations <a class="reference external" href="#implementation-considerations">for
-implementers</a> of this
-specification and <a class="reference external" href="#usage-considerations">for applications</a> that
-use the interface defined in this specification.</li>
-<li>A detailed definition of the API.</li>
-</ul>
-<p>Companion documents will define <em>profiles</em> for this specification. A
-profile is a minimum mandatory subset of the interface that a compliant
-implementation must provide.</p>
-</div>
-<div class="section" id="design-goals">
-<h1>Design goals</h1>
-<div class="section" id="suitable-for-constrained-devices">
-<h2>Suitable for constrained devices</h2>
-<p>The interface is suitable for a vast range of devices: from
-special-purpose cryptographic processors that process data with a
-built-in key, to constrained devices running custom application code,
-such as microcontrollers, and multi-application devices, such as
-servers. Consequentially, the interface is scalable and modular.</p>
-<ul class="simple">
-<li><em>Scalable</em>: you shouldn’t pay for functionality that you don’t need.</li>
-<li><em>Modular</em>: larger devices implement larger subsets of the same
-interface, rather than different interfaces.</li>
-</ul>
-<p>Because this specification is suitable for very constrained devices,
-including those where memory is very limited, all operations on
-unbounded amounts of data allow <em>multipart</em> processing, as long as the
-calculations on the data are performed in a streaming manner. This means
-that the application does not need to store the whole message in memory
-at one time.</p>
-<p>Memory outside the keystore boundary is managed by the application. An
-implementation of the interface is not required to retain any state
-between function calls, apart from the content of the keystore and other
-data that must be kept inside the keystore security boundary.</p>
-<p>The interface does not expose the representation of keys and
-intermediate data, except when required for interchange. This allows
-each implementation to choose optimal data representations.
-Implementations with multiple components are also free to choose which
-memory area to use for internal data.</p>
-</div>
-<div class="section" id="a-keystore-interface">
-<h2>A keystore interface</h2>
-<p>The specification allows cryptographic operations to be performed on a
-key to which the application does not have direct access. Except where
-required for interchange, applications access all keys indirectly, by a
-handle. The key material corresponding to that handle can reside inside
-a security boundary that prevents it from being extracted, except as
-permitted by a policy that is defined when the key is created.</p>
-</div>
-<div class="section" id="optional-isolation">
-<h2>Optional isolation</h2>
-<p>Implementations can isolate the cryptoprocessor from the calling
-application, and can further isolate multiple calling applications. The
-interface allows the implementation to be separated between a frontend
-and a backend. In an isolated implementation, the frontend is the part
-of the implementation that is located in the same isolation boundary as
-the application, which the application accesses by function calls. The
-backend is the part of the implementation that is located in a different
-environment, which is protected from the frontend. Various technologies
-can provide protection, for example:</p>
-<ul class="simple">
-<li>Process isolation in an operating system.</li>
-<li>Partition isolation, either with a virtual machine or a partition
-manager.</li>
-<li>Physical separation between devices.</li>
-</ul>
-<p>Communication between the frontend and backend is beyond the scope of
-this specification.</p>
-<p>In an isolated implementation, the backend can serve more than one
-implementation instance. In this case, a single backend communicates
-with multiple instances of the frontend. The backend must enforce
-<strong>caller isolation</strong>: it must ensure that assets of one frontend are not
-visible to any other frontend. How callers are identified is beyond the
-scope of this specification. An implementation that provides caller
-isolation must document how callers are identified. An implementation
-that provides isolation must document any implementation-specific
-extension of the API that enables frontend instances to share data in
-any form.</p>
-<p>In summary, there are three types of implementations:</p>
-<ul class="simple">
-<li>No isolation: there is no security boundary between the application
-and the cryptoprocessor. For example, a statically or dynamically
-linked library is an implementation with no isolation.</li>
-<li>Cryptoprocessor isolation: there is a security boundary between the
-application and the cryptoprocessor, but the cryptoprocessor does not
-communicate with other applications. For example, a cryptoprocessor
-chip that is a companion to an application processor is an
-implementation with cryptoprocessor isolation.</li>
-<li>Caller isolation: there are multiple application instances, with a
-security boundary between the application instances among themselves,
-as well as between the cryptoprocessor and the application instances.
-For example, a cryptography service in a multiprocess environment is
-an implementation with caller and cryptoprocessor isolation.</li>
-</ul>
-</div>
-<div class="section" id="choice-of-algorithms">
-<h2>Choice of algorithms</h2>
-<p>The specification defines a low-level cryptographic interface, where the
-caller explicitly chooses which algorithm and which security parameters
-they use. This is necessary to implement protocols that are inescapable
-in various use cases. The design of the interface enables applications
-to implement widely-used protocols and data exchange formats, as well as
-custom ones.</p>
-<p>As a consequence, all cryptographic functionality operates according to
-the precise algorithm specified by the caller. However, this does not
-apply to device-internal functionality, which does not involve any form
-of interoperability, such as random number generation. The specification
-does not include generic higher-level interfaces, where the
-implementation chooses the best algorithm for a purpose. However,
-higher-level libraries can be built on top of the PSA Crypto API.</p>
-<p>Another consequence is that the specification permits the use of
-algorithms, key sizes and other parameters that, while known to be
-insecure, may be necessary to support legacy protocols or legacy data.
-Where major weaknesses are known, the algorithm description give
-applicable warnings. However, the lack of a warning does not and cannot
-indicate that an algorithm is secure in all circumstances. Application
-developers should research the security of the algorithms that they plan
-to use to determine if the algorithms meet their requirements.</p>
-<p>The interface facilitates algorithm agility. As a consequence,
-cryptographic primitives are presented through generic functions with a
-parameter indicating the specific choice of algorithm. For example,
-there is a single function to calculate a message digest, which takes a
-parameter that identifies the specific hash algorithm.</p>
-</div>
-<div class="section" id="ease-of-use">
-<h2>Ease of use</h2>
-<p>The interface is designed to be as user-friendly as possible, given the
-aforementioned constraints on suitability for various types of devices
-and on the freedom to choose algorithms.</p>
-<p>In particular, the code flows are designed to reduce the chance of
-dangerous misuse. The interface makes it harder to misuse than to use
-correctly, and typical mistakes result in test failures, rather than
-subtle security issues. Implementations avoid leaking data when a
-function is called with invalid parameters, to the extent allowed by the
-C language and by implementation size constraints.</p>
-</div>
-<div class="section" id="example-use-cases">
-<h2>Example use cases</h2>
-<p>This section lists some of the use cases that were considered while
-designing this API. This list is not exhaustive, nor are all
-implementations required to support all use cases.</p>
-<div class="section" id="network-security-tls">
-<h3>Network Security (TLS)</h3>
-<p>The API provides everything needed to establish TLS connections on the
-device side: asymmetric key management inside a key store, symmetric
-ciphers, MAC, HMAC, message digests, and AEAD.</p>
-</div>
-<div class="section" id="secure-storage">
-<h3>Secure Storage</h3>
-<p>The API provides all primitives related to storage encryption, block or
-file-based, with master encryption keys stored inside a key store.</p>
-</div>
-<div class="section" id="network-credentials">
-<h3>Network Credentials</h3>
-<p>The API provides network credential management inside a key store, for
-example, for X.509-based authentication or pre-shared keys on enterprise
-networks.</p>
-</div>
-<div class="section" id="device-pairing">
-<h3>Device Pairing</h3>
-<p>The API provides support for key agreement protocols that are often used
-for secure pairing of devices over wireless channels. For example, the
-pairing of an NFC token or a Bluetooth device could make use of key
-agreement protocols upon first use.</p>
-</div>
-<div class="section" id="secure-boot">
-<h3>Secure Boot</h3>
-<p>The API provides primitives for use during firmware integrity and
-authenticity validation, during a secure or trusted boot process.</p>
-</div>
-<div class="section" id="attestation">
-<h3>Attestation</h3>
-<p>The API provides primitives used in attestation activities. Attestation
-is the ability for a device to sign an array of bytes with a device
-private key and return the result to the caller. There are several use
-cases: from attestation of the device state to the ability to generate a
-key pair and prove that it has been generated inside a secure key store.
-The API provides access to the algorithms commonly used for attestation.</p>
-</div>
-<div class="section" id="factory-provisioning">
-<h3>Factory Provisioning</h3>
-<p>Most IoT devices receive a unique identity during the factory
-provisioning process, or once deployed to the field. This API provides
-the APIs necessary for populating a device with keys that represent that
-identity.</p>
-</div>
-</div>
-</div>
-<div class="section" id="functionality-overview">
-<h1>Functionality overview</h1>
-<p>This section provides a high-level overview of the functionality
-provided by the interface defined in this specification. Refer to the
-API definition for a detailed description.</p>
-<p>Due to the modularity of the interface, almost every part of the library
-is optional. The only mandatory function is <code class="docutils literal notranslate"><span class="pre">psa_crypto_init</span></code>.</p>
-<div class="section" id="library-management">
-<h2>Library management</h2>
-<p>Before any use, applications must call <code class="docutils literal notranslate"><span class="pre">psa_crypto_init</span></code> to initialize
-the library.</p>
-</div>
-<div class="section" id="key-management">
-<h2>Key management</h2>
-<p>Applications always access keys via a handle. This allows keys to be
-non-extractable, that is, an application can perform operations using a
-key without having access to the key material. Non-extractable keys are
-bound to the device, can be rate-limited and can have their usage
-restricted by policies.</p>
-<p>Each key has a set of attributes that describe the key and the policy
-for using the key. A <code class="docutils literal notranslate"><span class="pre">psa_key_attributes_t</span></code> object contains all of the
-attributes, which is used when creating a key and when querying key
-attibutes.</p>
-<p>Each key has a <em>lifetime</em> that determines when the key material is
-destroyed. There are two types of lifetimes:
-<a class="reference external" href="#volatile-keys">volatile</a> and <a class="reference external" href="#persistent-keys">persistent</a>.</p>
-<div class="section" id="volatile-keys">
-<h3>Volatile keys</h3>
-<p>A <em>volatile</em> key is destroyed as soon as the application closes the
-handle to the key. When the application terminates, it conceptually
-closes all of its key handles. Conceptually, a volatile key is stored in
-RAM. Volatile keys have the lifetime <code class="docutils literal notranslate"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code>.</p>
-<p>To create a volatile key:</p>
-<ol class="arabic simple">
-<li>Populate a <code class="docutils literal notranslate"><span class="pre">psa_key_attributes_t</span></code> object with the key’s type, size,
-policy and other attributes.</li>
-<li>Create the key with <code class="docutils literal notranslate"><span class="pre">psa_import_key</span></code>, <code class="docutils literal notranslate"><span class="pre">psa_generate_key</span></code>,
-<code class="docutils literal notranslate"><span class="pre">psa_key_derivation_output_key</span></code> or <code class="docutils literal notranslate"><span class="pre">psa_copy_key</span></code>.</li>
-</ol>
-<p>To destroy a volatile key, call <code class="docutils literal notranslate"><span class="pre">psa_close_key</span></code> or <code class="docutils literal notranslate"><span class="pre">psa_destroy_key</span></code>
-(these functions are equivalent when called on a volatile key).</p>
-</div>
-<div class="section" id="persistent-keys">
-<h3>Persistent keys</h3>
-<p>A <em>persistent</em> key exists until it explicitly destroyed with
-<code class="docutils literal notranslate"><span class="pre">psa_destroy_key</span></code> or until it is wiped by the reset or destruction of
-the device.</p>
-<p>Each persistent key has a key identifier, which acts as a name for the
-key. Within an application, the key identifier corresponds to a single
-key. The application specifies the key identifier when the key is
-created, and uses the key identifier to obtain a handle to a persistent
-key that has already been created. If the implementation provides
-<a class="reference external" href="#optional-isolation">caller isolation</a>, then key identifiers are
-local to each application: the same key identifier in two applications
-corresponds to different keys.</p>
-<p>Persistent keys may be stored in different storage areas; this is
-indicated through different lifetime values. This specification defines
-a single lifetime value <code class="docutils literal notranslate"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code> which
-corresponds to a default storage area. Implementations may define
-alternative lifetime values corresponding to different storage areas
-with different retention policies, or to secure elements with different
-security characteristics.</p>
-<p>To create a persistent key:</p>
-<ol class="arabic simple">
-<li>Populate a <code class="docutils literal notranslate"><span class="pre">psa_key_attributes_t</span></code> object with the key’s type, size,
-policy and other attributes.</li>
-<li>In the attributes object, set the desired lifetime and persistent
-identifier for the key.</li>
-<li>Create the key with <code class="docutils literal notranslate"><span class="pre">psa_import_key</span></code>, <code class="docutils literal notranslate"><span class="pre">psa_generate_key</span></code>,
-<code class="docutils literal notranslate"><span class="pre">psa_key_derivation_output_key</span></code> or <code class="docutils literal notranslate"><span class="pre">psa_copy_key</span></code>.</li>
-</ol>
-<p>To release memory resources associated with a key but keep the key in
-storage, call <code class="docutils literal notranslate"><span class="pre">psa_close_key</span></code>. To access an existing persistent key,
-call <code class="docutils literal notranslate"><span class="pre">psa_open_key</span></code> with the same key identifier used when creating
-the key.</p>
-<p>To destroy a persistent key, open it (if it isn’t already open) and call
-<code class="docutils literal notranslate"><span class="pre">psa_destroy_key</span></code>.</p>
-<p>The key lifetime and identifier are set when the key is created and
-cannot be changed without destroying the key first. If the original key
-permits copying, then the application can specify a different lifetime
-for the copy of the key.</p>
-</div>
-<div class="section" id="recommendations-of-minimum-standards-for-key-management">
-<h3>Recommendations of minimum standards for key management</h3>
-<p>Most implementations provide the function <code class="docutils literal notranslate"><span class="pre">psa_import_key</span></code>. The only
-exceptions are implementations that only give access to a key or keys
-that are provisioned by proprietary means, and do not allow the main
-application to use its own cryptographic material.</p>
-<p>Most implementations provide <code class="docutils literal notranslate"><span class="pre">psa_get_key_attributes</span></code> and the
-<code class="docutils literal notranslate"><span class="pre">psa_get_key_xxx</span></code> accessor functions, as they are easy to implement,
-and it is difficult to write applications and to diagnose issues without
-being able to check the metadata.</p>
-<p>Most implementations also provide <code class="docutils literal notranslate"><span class="pre">psa_export_public_key</span></code> if they
-support any asymmetric algorithm, since public-key cryptography often
-requires the delivery of a public key that is associated with a
-protected private key.</p>
-<p>Most implementations provide <code class="docutils literal notranslate"><span class="pre">psa_export_key</span></code>. However, highly
-constrained implementations that are designed to work only with
-short-term keys (no non-volatile storage), or only with long-term
-non-extractable keys, may omit this function.</p>
-</div>
-</div>
-<div class="section" id="usage-policies">
-<h2>Usage policies</h2>
-<p>All keys have an associated policy that regulates which operations are
-permitted on the key. Each key policy is a set of usage flags and a
-specific algorithm that is permitted with the key. The policy is part of
-the key attributes that are managed by a <code class="docutils literal notranslate"><span class="pre">psa_key_attributes_t</span></code>
-object.</p>
-<p>The usage flags are encoded in a bitmask, which has the type
-<code class="docutils literal notranslate"><span class="pre">psa_key_usage_t</span></code>. Three kinds of usage flag can be specified: * The
-extractable flag <code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code> determines whether the key
-material can be extracted. * The copyable flag <code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_COPY</span></code>
-determines whether the key material can be copied into a new key, which
-can have a different lifetime or a more restrictive policy. * The usage
-flags <code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code>, <code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_SIGN</span></code>, and so on
-determine whether the corresponding operation is permitted on the key.</p>
-<p>In addition to the usage bitmask, a policy specifies which algorithm is
-permitted with the key. This specification only defines policies that
-restrict keys to a single algorithm, which is in keeping with common
-practice and with security good practice.</p>
-<p>A highly constrained implementation may not be able to support all the
-policies that can be expressed through this interface. If an
-implementation cannot create a key with the required policy, it must
-return an appropriate error code when the key is created.</p>
-</div>
-<div class="section" id="symmetric-cryptography">
-<h2>Symmetric cryptography</h2>
-<p>This specification defines interfaces for message digests (hash
-functions), MAC (message authentication codes), symmetric ciphers and
-authenticated encryption with associated data (AEAD). For each type of
-primitive, the API includes two standalone functions (compute and
-verify, or encrypt and decrypt) as well as a series of functions that
-permit <a class="reference external" href="#multipart-operations">multipart operations</a>.</p>
-<p>The standalone functions are:</p>
-<ul class="simple">
-<li><code class="docutils literal notranslate"><span class="pre">psa_hash_compute</span></code> and <code class="docutils literal notranslate"><span class="pre">psa_hash_compare</span></code> to calculate the hash
-of a message or compare the hash of a message with a reference value.</li>
-<li><code class="docutils literal notranslate"><span class="pre">psa_mac_compute</span></code> and <code class="docutils literal notranslate"><span class="pre">psa_mac_verify</span></code> to calculate the MAC of a
-message of compare the MAC with a reference value.</li>
-<li><code class="docutils literal notranslate"><span class="pre">psa_cipher_encrypt</span></code> and <code class="docutils literal notranslate"><span class="pre">psa_cipher_decrypt</span></code> to encrypt or
-decrypt a message using an unauthenticated symmetric cipher. The
-encryption function generates a random IV; to use a deterministic IV
-(which is not secure in general, but can be secure in some conditions
-that depend on the algorithm), use the multipart API.</li>
-<li><code class="docutils literal notranslate"><span class="pre">psa_aead_encrypt</span></code> and <code class="docutils literal notranslate"><span class="pre">psa_aead_decrypt</span></code> to encrypt/decrypt and
-authenticate a message using an AEAD algorithm. These functions
-follow the interface recommended by RFC 5116.</li>
-</ul>
-<div class="section" id="multipart-operations">
-<h3>Multipart operations</h3>
-<p>The API provides a multipart interface to hash, MAC, symmetric cipher
-and AEAD primitives. These interfaces process messages one chunk at a
-time, with the size of chunks determined by the caller. This allows the
-processing of messages that cannot be assembled in memory. To perform a
-multipart operation:</p>
-<ol class="arabic simple">
-<li>Allocate an operation object of the appropriate type. You can use any
-allocation strategy: stack, heap, static, etc.</li>
-<li>Initialize the operation object by one of the following methods:<ul>
-<li>Set it to all-bits-zero.</li>
-<li>Initialize it to logical zero.</li>
-<li>Assign the value of the associated macro <code class="docutils literal notranslate"><span class="pre">PSA_xxx_INIT</span></code>.</li>
-<li>Assign the result of calling the associated function
-<code class="docutils literal notranslate"><span class="pre">psa_xxx_init</span></code>.</li>
-</ul>
-</li>
-<li>Specify a key for the operation using the associated setup function:
-<code class="docutils literal notranslate"><span class="pre">psa_hash_setup</span></code>, <code class="docutils literal notranslate"><span class="pre">psa_mac_sign_setup</span></code>, <code class="docutils literal notranslate"><span class="pre">psa_mac_verify_setup</span></code>,
-<code class="docutils literal notranslate"><span class="pre">psa_cipher_encrypt_setup</span></code>, <code class="docutils literal notranslate"><span class="pre">psa_cipher_decrypt_setup</span></code>,
-<code class="docutils literal notranslate"><span class="pre">psa_aead_encrypt_setup</span></code> or <code class="docutils literal notranslate"><span class="pre">psa_aead_decrypt_setup</span></code>.</li>
-<li>Provide additional parameters:<ul>
-<li>When encrypting data, generate or set an initialization vector
-(IV), nonce, or similar initial value such as an initial counter
-value.</li>
-<li>When decrypting, set the IV or nonce.</li>
-<li>For a symmetric cipher, to generate a random IV, which is
-recommended in most protocols, call <code class="docutils literal notranslate"><span class="pre">psa_cipher_generate_iv</span></code>. To
-set the IV, call <code class="docutils literal notranslate"><span class="pre">psa_cipher_set_iv</span></code>.</li>
-<li>For AEAD, call <code class="docutils literal notranslate"><span class="pre">psa_aead_generate_nonce</span></code> or
-<code class="docutils literal notranslate"><span class="pre">psa_aead_set_nonce</span></code>.</li>
-</ul>
-</li>
-<li>Call the associated update function on successive chunks of the
-message: <code class="docutils literal notranslate"><span class="pre">psa_hash_update</span></code>, <code class="docutils literal notranslate"><span class="pre">psa_mac_update</span></code>,
-<code class="docutils literal notranslate"><span class="pre">psa_cipher_update</span></code>, <code class="docutils literal notranslate"><span class="pre">psa_aead_update_ad</span></code> or <code class="docutils literal notranslate"><span class="pre">psa_aead_update</span></code>.</li>
-<li>At the end of the message, call the applicable finishing function.
-There are three kinds of finishing function, depending on what to do
-with the verification tag.<ul>
-<li>Unauthenticated encryption and decryption does not involve a
-verification tag. Call <code class="docutils literal notranslate"><span class="pre">psa_cipher_finish</span></code>.</li>
-<li>To calculate the digest or MAC or authentication tag of a message,
-call the associated function to calculate and output the
-verification tag: <code class="docutils literal notranslate"><span class="pre">psa_hash_finish</span></code>, <code class="docutils literal notranslate"><span class="pre">psa_mac_sign_finish</span></code> or
-<code class="docutils literal notranslate"><span class="pre">psa_aead_finish</span></code>.</li>
-<li>To verify the digest or MAC of a message against a reference value
-or to verify the authentication tag at the end of AEAD decryption,
-call the associated function to compare the verification tag with
-the reference value: <code class="docutils literal notranslate"><span class="pre">psa_hash_verify</span></code>,
-<code class="docutils literal notranslate"><span class="pre">psa_mac_verify_finish</span></code> or <code class="docutils literal notranslate"><span class="pre">psa_aead_verify</span></code>.</li>
-</ul>
-</li>
-</ol>
-<p>Calling the setup function allocates resources inside the
-implementation. These resources are freed when calling the associated
-finishing function. In addition, each family of functions defines a
-function <code class="docutils literal notranslate"><span class="pre">psa_xxx_abort</span></code>, which can be called at any time to free the
-resources associated with an operation.</p>
-</div>
-<div class="section" id="authenticated-encryption">
-<h3>Authenticated encryption</h3>
-<p>Having a multipart interface to authenticated encryption raises specific
-issues.</p>
-<p>Multipart authenticated decryption produces partial results that are not
-authenticated. Applications must not use or expose partial results of
-authenticated decryption until <code class="docutils literal notranslate"><span class="pre">psa_aead_verify</span></code> has returned a
-success status, and must destroy all partial results without revealing
-them if <code class="docutils literal notranslate"><span class="pre">psa_aead_verify</span></code> returns a failure status. Revealing partial
-results (directly, or indirectly through the application’s behavior) can
-compromise the confidentiality of all inputs that are encrypted with the
-same key.</p>
-<p>For encryption, some common algorithms cannot be processed in a
-streaming fashion. For SIV mode, the whole plaintext must be known
-before the encryption can start; the multipart AEAD API is not meant to
-be usable with SIV mode. For CCM mode, the length of the plaintext must
-be known before the encryption can start; the application can call the
-function <code class="docutils literal notranslate"><span class="pre">psa_aead_set_lengths</span></code> to provide these lengths before
-providing input.</p>
-</div>
-</div>
-<div class="section" id="key-derivation">
-<h2>Key derivation</h2>
-<p>The specification defines a mechanism for key derivation that allows the
-output of the derivation to be split into multiple keys, as well as
-non-key outputs.</p>
-<p>In an implementation with <a class="reference external" href="#optional-isolation">isolation</a>, the
-intermediate state of the key derivation is not visible to the caller,
-and if an output of the derivation is a non-exportable key, then this
-output cannot be recovered outside the isolation boundary.</p>
-<div class="section" id="key-derivation-operations">
-<h3>Key derivation operations</h3>
-<p>A key derivation operation encodes a deterministic method to generate a
-finite stream of bytes. This data stream is computed by the
-cryptoprocessor and extracted in chunks. If two key derivation
-operations are constructed with the same parameters, then they should
-produce the same outputs.</p>
-<p>Some example uses of key derivation operations are:</p>
-<ul class="simple">
-<li>A key derivation function: initialized with a secret, a salt and
-other parameters.</li>
-<li>A key agreement function: initialized with a public key (peer key), a
-key pair (own key) and other parameters.</li>
-</ul>
-<p>Applications use the <code class="docutils literal notranslate"><span class="pre">psa_key_derivation_operation_t</span></code> type to create
-key derivation operations.</p>
-<p>The lifecycle of a key derivation operation is as follows:</p>
-<ol class="arabic simple">
-<li>Setup: construct a <code class="docutils literal notranslate"><span class="pre">psa_key_derivation_operation_t</span></code> object, and set
-its parameters and inputs. The setup phase determines the key
-derivation operation’s capacity, which is the maximum number of bytes
-that can be output from this key derivation operation.</li>
-<li>Output: read bytes from the stream defined by the key derivation
-operation. This can be done any number of times, until the stream is
-exhausted when its capacity has been reached. Each output step can
-either be used to populate a key object
-(<code class="docutils literal notranslate"><span class="pre">psa_key_derivation_output_key</span></code>), or to read some bytes and
-extract them as cleartext (<code class="docutils literal notranslate"><span class="pre">psa_key_derivation_output_bytes</span></code>).</li>
-<li>Terminate: clear the key derivation operation and release associated
-resources (<code class="docutils literal notranslate"><span class="pre">psa_key_derivation_abort</span></code>).</li>
-</ol>
-<p>A key derivation operation cannot be rewound. Once a part of the stream
-has been output, it cannot be output again. This ensures that the same
-part of the output will not be used for different purposes.</p>
-</div>
-<div class="section" id="key-derivation-function">
-<h3>Key derivation function</h3>
-<p>This specification defines functions to set up a key derivation. A key
-derivation consists of two parts:</p>
-<ol class="arabic simple">
-<li>Input collection. This is sometimes known as <em>extraction</em>: the
-operation “extracts” information from the inputs to generate a
-pseudorandom intermediate secret value.</li>
-<li>Output generation. This is sometimes known as <em>expansion</em>: the
-operation “expands” the intermediate secret value to the desired
-output length.</li>
-</ol>
-<p>To perform a key derivation:</p>
-<ol class="arabic simple">
-<li>Initialize a <code class="docutils literal notranslate"><span class="pre">psa_key_derivation_operation_t</span></code> object to zero or to
-<code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_OPERAITON_INIT</span></code>.</li>
-<li>Call <code class="docutils literal notranslate"><span class="pre">psa_key_derivation_setup</span></code> to select a key derivation
-algorithm.</li>
-<li>Call the functions <code class="docutils literal notranslate"><span class="pre">psa_key_derivation_input_bytes</span></code> and
-<code class="docutils literal notranslate"><span class="pre">psa_key_derivation_input_key</span></code>, or
-<code class="docutils literal notranslate"><span class="pre">psa_key_derivation_key_agreement</span></code> to provide the inputs to the key
-derivation algorithm. Many key derivation algorithms take multiple
-inputs; the “step” parameter to these functions indicates which input
-is being passed. The documentation for each key derivation algorithm
-describes the expected inputs for that algorithm.</li>
-<li>Call <code class="docutils literal notranslate"><span class="pre">psa_key_derivation_output_key</span></code> to create a derived key, or
-<code class="docutils literal notranslate"><span class="pre">psa_key_derivation_output_bytes</span></code> to export the derived data. These
-functions may be called multiple times to read successive output from
-the key derivation.</li>
-<li>Call <code class="docutils literal notranslate"><span class="pre">psa_key_derivation_abort</span></code> to release the key derivation
-operation memory.</li>
-</ol>
-<p>Here is an example of a use case where a master key is used to generate
-both a message encryption key and an IV for the encryption, and the
-derived key and IV are then used to encrypt a message.</p>
-<ol class="arabic simple">
-<li>Derive the message encryption material from the master key.<ol class="arabic">
-<li>Initialize a <code class="docutils literal notranslate"><span class="pre">psa_key_derivation_operation_t</span></code> object to zero or
-to <code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_OPERATION_INIT</span></code>.</li>
-<li>Call <code class="docutils literal notranslate"><span class="pre">psa_key_derivation_setup</span></code> with <code class="docutils literal notranslate"><span class="pre">PSA_ALG_HKDF</span></code> as the
-algorithm.</li>
-<li>Call <code class="docutils literal notranslate"><span class="pre">psa_key_derivation_input_key</span></code> with the step
-<code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code> and the master key.</li>
-<li>Call <code class="docutils literal notranslate"><span class="pre">psa_key_derivation_input_bytes</span></code> with the step
-<code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_INFO</span></code> and a public value that uniquely
-identifies the message.</li>
-<li>Populate a <code class="docutils literal notranslate"><span class="pre">psa_key_attributes_t</span></code> object with the derived
-message encryption key’s attributes.</li>
-<li>Call <code class="docutils literal notranslate"><span class="pre">psa_key_derivation_output_key</span></code> to create the derived
-message key.</li>
-<li>Call <code class="docutils literal notranslate"><span class="pre">psa_key_derivation_output_bytes</span></code> to generate the derived
-IV.</li>
-<li>Call <code class="docutils literal notranslate"><span class="pre">psa_key_derivation_abort</span></code> to release the key derivation
-operation memory.</li>
-</ol>
-</li>
-<li>Encrypt the message with the derived material.<ol class="arabic">
-<li>Initialize a <code class="docutils literal notranslate"><span class="pre">psa_cipher_operation_t</span></code> object to zero or to
-<code class="docutils literal notranslate"><span class="pre">PSA_CIPHER_OPERATION_INIT</span></code>.</li>
-<li>Call <code class="docutils literal notranslate"><span class="pre">psa_cipher_encrypt_setup</span></code> with the derived message
-encryption key.</li>
-<li>Call <code class="docutils literal notranslate"><span class="pre">psa_cipher_set_iv</span></code> using the derived IV retrieved above.</li>
-<li>Call <code class="docutils literal notranslate"><span class="pre">psa_cipher_update</span></code> one or more times to encrypt the
-message.</li>
-<li>Call <code class="docutils literal notranslate"><span class="pre">psa_cipher_finish</span></code> at the end of the message.</li>
-</ol>
-</li>
-<li>Call <code class="docutils literal notranslate"><span class="pre">psa_destroy_key</span></code> to clear the generated key.</li>
-</ol>
-</div>
-</div>
-<div class="section" id="asymmetric-cryptography">
-<h2>Asymmetric cryptography</h2>
-<p>The asymmetric cryptography part of this interface defines functions for
-asymmetric encryption, asymmetric signature and two-way key agreement.</p>
-<div class="section" id="asymmetric-encryption">
-<h3>Asymmetric encryption</h3>
-<p>Asymmetric encryption is provided through the functions
-<code class="docutils literal notranslate"><span class="pre">psa_asymmetric_encrypt</span></code> and <code class="docutils literal notranslate"><span class="pre">psa_asymmetric_decrypt</span></code>.</p>
-</div>
-<div class="section" id="hash-and-sign">
-<h3>Hash-and-sign</h3>
-<p>The signature and verification functions <code class="docutils literal notranslate"><span class="pre">psa_asymmetric_sign</span></code> and
-<code class="docutils literal notranslate"><span class="pre">psa_asymmetric_verify</span></code> take a hash as one of their inputs. This hash
-should be calculated with <code class="docutils literal notranslate"><span class="pre">psa_hash_setup</span></code>, <code class="docutils literal notranslate"><span class="pre">psa_hash_update</span></code> and
-<code class="docutils literal notranslate"><span class="pre">psa_hash_finish</span></code> before calling <code class="docutils literal notranslate"><span class="pre">psa_asymmetric_sign</span></code> or
-<code class="docutils literal notranslate"><span class="pre">psa_asymmetric_verify</span></code>. To determine which hash algorithm to use,
-call the macro <code class="docutils literal notranslate"><span class="pre">PSA_ALG_SIGN_GET_HASH</span></code> on the corresponding signature
-algorithm.</p>
-</div>
-<div class="section" id="key-agreement">
-<h3>Key agreement</h3>
-<p>This specification defines two functions for a Diffie-Hellman-style key
-agreement where each party combines its own private key with the peer’s
-public key.</p>
-<p>The recommended approach is to use a <a class="reference external" href="#key-derivation">key derivation
-operation</a> with the
-<code class="docutils literal notranslate"><span class="pre">psa_key_derivation_key_agreement</span></code> input function, which calculates a
-shared secret for the key derivation function.</p>
-<p>In case an application needs direct access to the shared secret, it can
-call <code class="docutils literal notranslate"><span class="pre">psa_raw_key_agreement</span></code> instead. Note that in general the shared
-secret is not directly suitable for use as a key because it is biased.</p>
-</div>
-</div>
-<div class="section" id="randomness-and-key-generation">
-<h2>Randomness and key generation</h2>
-<p>We strongly recommended that implementations include a random generator,
-consisting of a cryptographically secure pseudo-random generator
-(CSPRNG), which is adequately seeded with a cryptographic-quality
-hardware entropy source, commonly referred to as a true random number
-generator (TRNG). Constrained implementations may omit the random
-generation functionality if they do not implement any algorithm that
-requires randomness internally, and they do not provide a key generation
-functionality. For example, a special-purpose component for signature
-verification can omit this.</p>
-<p>Applications should use <code class="docutils literal notranslate"><span class="pre">psa_generate_key</span></code>,
-<code class="docutils literal notranslate"><span class="pre">psa_encrypt_generate_iv</span></code> or <code class="docutils literal notranslate"><span class="pre">psa_aead_generate_iv</span></code> to generate
-suitably-formatted random data, as applicable. In addition, the API
-includes a function <code class="docutils literal notranslate"><span class="pre">psa_generate_random</span></code> to generate and extract
-arbitrary random data.</p>
-</div>
-<div class="section" id="future-additions">
-<h2>Future additions</h2>
-<p>We plan to cover the following features in future drafts and editions of
-this specification:</p>
-<ul class="simple">
-<li>Single-shot functions for symmetric operations.</li>
-<li>Multi-part operations for hybrid cryptography. For example, this
-includes hash-and-sign for EdDSA, and hybrid encryption for ECIES.</li>
-<li>Key exchange and a more general interface to key derivation. This
-would enable an application to derive a non-extractable session key
-from non-extractable secrets, without leaking the intermediate
-material.</li>
-<li>Key wrapping mechanisms to extract and import keys in a protected
-form (encrypted and authenticated).</li>
-<li>Key discovery mechanisms. This would enable an application to locate
-a key by its name or attributes.</li>
-<li>Implementation capability description. This would enable an
-application to determine the algorithms, key types and storage
-lifetimes that the implementation provides.</li>
-<li>An ownership and access control mechanism allowing a multi-client
-implementation to have privileged clients that are able to manage
-keys of other clients.</li>
-</ul>
-</div>
-</div>
-<div class="section" id="sample-architectures">
-<h1>Sample architectures</h1>
-<p>This section describes some example architectures that can be used for
-implementations of the interface described in this specification. This
-list is not exhaustive and the section is entirely non-normative.</p>
-<div class="section" id="single-partition-architecture">
-<h2>Single-partition architecture</h2>
-<p>In this architecture, there is no security boundary inside the system.
-The application code may access all the system memory, including the
-memory used by the cryptographic services described in this
-specification. Thus, the architecture provides <a class="reference external" href="#optional-isolation">no
-isolation</a>.</p>
-<p>This architecture does not conform to the Arm <em>Platform Security
-Architecture Security Model</em>. However, it may be useful for providing
-cryptographic services that use the same interface, even on devices that
-cannot support any security boundary. So, while this architecture is not
-the primary design goal of the API defined in the present specification,
-it is supported.</p>
-<p>The functions in this specification simply execute the underlying
-algorithmic code. Security checks can be kept to a minimum, since the
-cryptoprocessor cannot defend against a malicious application. Key
-import and export copy data inside the same memory space.</p>
-<p>This architecture also describes a subset of some larger systems, where
-the cryptographic services are implemented inside a high-security
-partition, separate from the code of the main application, though it
-shares this high-security partition with other platform security
-services.</p>
-</div>
-<div class="section" id="cryptographic-token-and-single-application-processor">
-<h2>Cryptographic token and single-application processor</h2>
-<p>This system is composed of two partitions: one is a cryptoprocessor and
-the other partition runs an application. There is a security boundary
-between the two partitions, so that the application cannot access the
-cryptoprocessor, except through its public interface. Thus, the
-architecture provides <a class="reference external" href="#optional-isolation">cryptoprocessor
-isolation</a>. The cryptoprocessor has some
-nonvolatile storage, a TRNG, and possibly, some cryptographic
-accelerators.</p>
-<p>There are a number of potential physical realizations: the
-cryptoprocessor may be a separate chip, a separate processor on the same
-chip, or a logical partition using a combination of hardware and
-software to provide the isolation. These realizations are functionally
-equivalent in terms of the offered software interface, but they would
-typically offer different levels of security guarantees.</p>
-<p>The PSA crypto API in the application processor consists of a thin layer
-of code that translates function calls to remote procedure calls in the
-cryptoprocessor. All cryptographic computations are, therefore,
-performed inside the cryptoprocessor. Non-volatile keys are stored
-inside the cryptoprocessor.</p>
-</div>
-<div class="section" id="cryptoprocessor-with-no-key-storage">
-<h2>Cryptoprocessor with no key storage</h2>
-<p>As in the <a class="reference external" href="#cryptographic-token-and-single-application-processor">previous
-example</a>, this
-system is also composed of two partitions separated by a security
-boundary. Thus, this architecture also provides <a class="reference external" href="#optional-isolation">cryptoprocessor
-isolation</a>. However, unlike the previous
-architecture, in this system, the cryptoprocessor does not have any
-secure, persistent storage that could be used to store application keys.</p>
-<p>If the cryptoprocessor is not capable of storing cryptographic material,
-then there is little use for a separate cryptoprocessor, since all data
-would have to be imported by the application.</p>
-<p>The cryptoprocessor can provide useful services if it is able to store
-at least one key. This may be a hardware unique key that is burnt to
-one-time programmable memory during the manufacturing of the device.
-This key can be used for one or more purposes:</p>
-<ul class="simple">
-<li>Encrypt and authenticate data stored in the application processor.</li>
-<li>Communicate with a paired device.</li>
-<li>Allow the application to perform operations with keys that are
-derived from the hardware unique key.</li>
-</ul>
-</div>
-<div class="section" id="multi-client-cryptoprocessor">
-<h2>Multi-client cryptoprocessor</h2>
-<p>This is an expanded variant of the <a class="reference external" href="#cryptographic-token-and-single-application-processor">cryptographic token plus application
-architecture</a>.
-In this variant, the cryptoprocessor serves multiple applications that
-are mutually untrustworthy. This architecture provides <a class="reference external" href="#optional-isolation">caller
-isolation</a>.</p>
-<p>In this architecture, API calls are translated to remote procedure
-calls, which encode the identity of the client application. The
-cryptoprocessor carefully segments its internal storage to ensure that a
-client’s data is never leaked to another client.</p>
-</div>
-<div class="section" id="multi-cryptoprocessor-architecture">
-<h2>Multi-cryptoprocessor architecture</h2>
-<p>This system includes multiple cryptoprocessors. There are several
-reasons to have multiple cryptoprocessors:</p>
-<ul class="simple">
-<li>Different compromises between security and performance for different
-keys. Typically, this means a cryptoprocessor that runs on the same
-hardware as the main application and processes short-term secrets, a
-secure element or a similar separate chip that retains long-term
-secrets.</li>
-<li>Independent provisioning of certain secrets.</li>
-<li>A combination of a non-removable cryptoprocessor and removable ones,
-for example, a smartcard or HSM.</li>
-<li>Cryptoprocessors managed by different stakeholders who do not trust
-each other.</li>
-</ul>
-<p>The keystore implementation needs to dispatch each request to the
-correct processor. For example: * All requests involving a
-non-extractable key must be processed in the cryptoprocessor that holds
-that key. * Requests involving a persistent key must be processed in
-the cryptoprocessor that corresponds to the key’s lifetime value. *
-Requests involving a volatile key may target a cryptoprocessor based on
-parameters supplied by the application, or based on considerations such
-as performance inside the implementation.</p>
-</div>
-</div>
-<div class="section" id="library-conventions">
-<h1>Library conventions</h1>
-<div class="section" id="error-handling">
-<h2>Error handling</h2>
-<div class="section" id="return-status">
-<h3>Return status</h3>
-<p>Almost all functions return a status indication of type
-<code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code>. This is an enumeration of integer values, with 0
-(<code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code>) indicating successful operation and other values
-indicating errors. The exception is data structure accessor functions,
-which cannot fail. Such functions may return <code class="docutils literal notranslate"><span class="pre">void</span></code> or a data value.</p>
-<p>Unless specified otherwise, if multiple error conditions apply, an
-implementation is free to return any of the applicable error codes. The
-choice of error code is considered an implementation quality issue.
-Different implementations may make different choices, for example to
-favor code size over ease of debugging or vice versa.</p>
-<p>Note that if the behavior is undefined (for example, if a function
-receives an invalid pointer as a parameter), this specification makes no
-guarantee that the function will return an error. Implementations are
-encouraged to return an error or halt the application in a manner that
-is appropriate for the platform if the undefined behavior condition can
-be detected. However, application programmers should be aware that
-undefined behavior conditions cannot be detected in general.</p>
-</div>
-<div class="section" id="behavior-on-error">
-<h3>Behavior on error</h3>
-<p>All function calls must be implemented atomically:</p>
-<ul class="simple">
-<li>When a function returns a type other than <code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code>, the
-requested action has been carried out.</li>
-<li>When a function returns the status <code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code>, the requested
-action has been carried out.</li>
-<li>When a function returns another status of type <code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code>, no
-action has been carried out. The content of the output parameters is
-undefined, but otherwise the state of the system has not changed,
-except as described below.</li>
-</ul>
-<p>In general, functions that modify the system state, for example,
-creating or destroying a key, must leave the system state unchanged if
-they return an error code. There are specific conditions that can result
-in different behavior:</p>
-<ul class="simple">
-<li>The status <code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code> indicates that a parameter was not
-in a valid state for the requested action. This parameter may have
-been modified by the call and is now in an undefined state. The only
-valid action on an object in an undefined state is to abort it with
-the appropriate <code class="docutils literal notranslate"><span class="pre">psa_abort_xxx</span></code> function.</li>
-<li>The status <code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_CAPACITY</span></code> indicates that a key
-derivation object has reached its maximum capacity. The key
-derivation operation may have been modified by the call. Any further
-attempt to obtain output from the key derivation operation will
-return <code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_CAPACITY</span></code>.</li>
-<li>The status <code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code> indicates that the
-communication between the application and the cryptoprocessor has
-broken down. In this case, the cryptoprocessor must either finish the
-requested action successfully, or interrupt the action and roll back
-the system to its original state. Because it is often impossible to
-report the outcome to the application after a communication failure,
-this specification does not provide a way for the application to
-determine whether the action was successful.</li>
-<li>The statuses <code class="docutils literal notranslate"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code>,
-<code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code> and <code class="docutils literal notranslate"><span class="pre">PSA_ERROR_TAMPERING_DETECTED</span></code>
-may indicate data corruption in the system state. When a function
-returns one of these statuses, the system state may have changed from
-its previous state before the function call, even though the function
-call failed.</li>
-<li>Some system states cannot be rolled back, for example, the internal
-state of the random number generator or the content of access logs.</li>
-</ul>
-<p>Unless otherwise documented, the content of output parameters is not
-defined when a function returns a status other than <code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code>.
-Implementations should set output parameters to safe defaults to avoid
-leaking confidential data and limit risk, in case an application does
-not properly handle all errors.</p>
-</div>
-</div>
-<div class="section" id="parameter-conventions">
-<h2>Parameter conventions</h2>
-<div class="section" id="pointer-conventions">
-<h3>Pointer conventions</h3>
-<p>Unless explicitly stated in the documentation of a function, all
-pointers must be valid pointers to an object of the specified type.</p>
-<p>A parameter is considered a <strong>buffer</strong> if it points to an array of
-bytes. A buffer parameter always has the type <code class="docutils literal notranslate"><span class="pre">uint8_t</span> <span class="pre">*</span></code> or
-<code class="docutils literal notranslate"><span class="pre">const</span> <span class="pre">uint8_t</span> <span class="pre">*</span></code>, and always has an associated parameter indicating
-the size of the array. Note that a parameter of type <code class="docutils literal notranslate"><span class="pre">void</span> <span class="pre">*</span></code> is never
-considered a buffer.</p>
-<p>All parameters of pointer type must be valid non-null pointers, unless
-the pointer is to a buffer of length 0 or the function’s documentation
-explicitly describes the behavior when the pointer is null.
-Implementations where a null pointer dereference usually aborts the
-application, passing <code class="docutils literal notranslate"><span class="pre">NULL</span></code> as a function parameter where a null
-pointer is not allowed, should abort the caller in the habitual manner.</p>
-<p>Pointers to input parameters may be in read-only memory. Output
-parameters must be in writable memory. Output parameters that are not
-buffers must also be readable, and the implementation must be able to
-write to a non-buffer output parameter and read back the same value, as
-explained in the <a class="reference external" href="#stability-of-parameters">“Stability of
-parameters”</a> section.</p>
-</div>
-<div class="section" id="input-buffer-sizes">
-<h3>Input buffer sizes</h3>
-<p>For input buffers, the parameter convention is:</p>
-<ul class="simple">
-<li><code class="docutils literal notranslate"><span class="pre">const</span> <span class="pre">uint8_t</span> <span class="pre">*foo</span></code>: pointer to the first byte of the data. The
-pointer may be invalid if the buffer size is 0.</li>
-<li><code class="docutils literal notranslate"><span class="pre">size_t</span> <span class="pre">foo_length</span></code>: size of the buffer in bytes.</li>
-</ul>
-<p>The interface never uses input-output buffers.</p>
-</div>
-<div class="section" id="output-buffer-sizes">
-<h3>Output buffer sizes</h3>
-<p>For output buffers, the parameter convention is:</p>
-<ul class="simple">
-<li><code class="docutils literal notranslate"><span class="pre">uint8_t</span> <span class="pre">*foo</span></code>: pointer to the first byte of the data. The pointer
-may be invalid if the buffer size is 0.</li>
-<li><code class="docutils literal notranslate"><span class="pre">size_t</span> <span class="pre">foo_size</span></code>: the size of the buffer in bytes.</li>
-<li><code class="docutils literal notranslate"><span class="pre">size_t</span> <span class="pre">*foo_length</span></code>: on successful return, contains the length of
-the output in bytes.</li>
-</ul>
-<p>The content of the data buffer and of <code class="docutils literal notranslate"><span class="pre">*foo_length</span></code> on errors is
-unspecified, unless explicitly mentioned in the function description.
-They may be unmodified or set to a safe default. On successful
-completion, the content of the buffer between the offsets
-<code class="docutils literal notranslate"><span class="pre">*foo_length</span></code> and <code class="docutils literal notranslate"><span class="pre">foo_size</span></code> is also unspecified.</p>
-<p>Functions return <code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code> if the buffer size is
-insufficient to carry out the requested operation. The interface defines
-macros to calculate a sufficient buffer size for each operation that has
-an output buffer. These macros return compile-time constants if their
-arguments are compile-time constants, so they are suitable for static or
-stack allocation. Refer to an individual function’s documentation for
-the associated output size macro.</p>
-<p>Some functions always return exactly as much data as the size of the
-output buffer. In this case, the parameter convention changes to:</p>
-<ul class="simple">
-<li><code class="docutils literal notranslate"><span class="pre">uint8_t</span> <span class="pre">*foo</span></code>: pointer to the first byte of the output. The
-pointer may be invalid if the buffer size is 0.</li>
-<li><code class="docutils literal notranslate"><span class="pre">size_t</span> <span class="pre">foo_length</span></code>: the number of bytes to return in <code class="docutils literal notranslate"><span class="pre">foo</span></code> if
-successful.</li>
-</ul>
-</div>
-<div class="section" id="overlap-between-parameters">
-<h3>Overlap between parameters</h3>
-<p>Output parameters that are not buffers must not overlap with any input
-buffer or with any other output parameter. Otherwise, the behavior is
-undefined.</p>
-<p>Output buffers may overlap with input buffers. If this happens, the
-implementation must return the same result, as if the buffers did not
-overlap. In other words, the implementation must behave as if it had
-copied all the inputs into temporary memory, as far as the result is
-concerned. However, application developers should note that overlap
-between parameters may affect the performance of a function call.
-Overlap may also affect memory management security if the buffer is
-located in memory that the caller shares with another security context,
-as described in the <a class="reference external" href="#stability-of-parameters">“Stability of
-parameters”</a> section.</p>
-</div>
-<div class="section" id="stability-of-parameters">
-<h3>Stability of parameters</h3>
-<p>In some environments, it is possible for the content of a parameter to
-change while a function is executing. It may also be possible for the
-content of an output parameter to be read before the function
-terminates. This can happen if the application is multithreaded. In some
-implementations, memory can be shared between security contexts, for
-example, between tasks in a multitasking operating system, between a
-user land task and the kernel, or between the non-secure world and the
-secure world of a trusted execution environment. This section describes
-what implementations need or need not guarantee in such cases.</p>
-<p>Parameters that are not buffers are assumed to be under the caller’s
-full control. In a shared memory environment, this means that the
-parameter must be in memory that is exclusively accessible by the
-application. In a multithreaded environment, this means that the
-parameter may not be modified during the execution, and the value of an
-output parameter is undetermined until the function returns. The
-implementation may read an input parameter that is not a buffer multiple
-times and expect to read the same data. The implementation may write to
-an output parameter that is not a buffer and expect to read back the
-value that it last wrote. The implementation has the same permissions on
-buffers that overlap with a buffer in the opposite direction.</p>
-<p>In an environment with multiple threads or with shared memory, the
-implementation carefully accesses non-overlapping buffer parameters in
-order to prevent any security risk resulting from the content of the
-buffer being modified or observed during the execution of the function.
-In an input buffer that does not overlap with an output buffer, the
-implementation reads each byte of the input once, at most. The
-implementation does not read from an output buffer that does not overlap
-with an input buffer. Additionally, the implementation does not write
-data to a non-overlapping output buffer if this data is potentially
-confidential and the implementation has not yet verified that outputting
-this data is authorized.</p>
-</div>
-</div>
-<div class="section" id="key-types-and-algorithms">
-<h2>Key types and algorithms</h2>
-<p>Types of cryptographic keys and cryptographic algorithms are encoded
-separately. Each is encoded by using an integral type:
-<code class="docutils literal notranslate"><span class="pre">psa_key_type_t</span></code> and <code class="docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code>, respectively.</p>
-<p>There is some overlap in the information conveyed by key types and
-algorithms. Both types contain enough information, so that the meaning
-of an algorithm type value does not depend on what type of key it is
-used with, and vice versa. However, the particular instance of an
-algorithm may depend on the key type. For example, the algorithm
-<code class="docutils literal notranslate"><span class="pre">PSA_ALG_GCM</span></code> can be instantiated as any AEAD algorithm using the GCM
-mode over a block cipher. The underlying block cipher is determined by
-the key type.</p>
-<p>Key types do not encode the key size. For example, AES-128, AES-192 and
-AES-256 share a key type <code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_AES</span></code>.</p>
-<div class="section" id="structure-of-key-and-algorithm-types">
-<h3>Structure of key and algorithm types</h3>
-<p>Both types use a partial bitmask structure, which allows the analysis
-and building of values from parts. However, the interface defines
-constants, so that applications do not need to depend on the encoding,
-and an implementation may only care about the encoding for code size
-optimization.</p>
-<p>The encodings follows a few conventions:</p>
-<ul class="simple">
-<li>The highest bit is a vendor flag. Current and future versions of this
-specification will only define values where this bit is clear.
-Implementations that wish to define additional
-implementation-specific values must use values where this bit is set,
-to avoid conflicts with future versions of this specification.</li>
-<li>The next few highest bits indicate the corresponding algorithm
-category: hash, MAC, symmetric cipher, asymmetric encryption, and so
-on.</li>
-<li>The following bits identify a family of algorithms in a
-category-dependent manner.</li>
-<li>In some categories and algorithm families, the lowest-order bits
-indicate a variant in a systematic way. For example, algorithm
-families that are parametrized around a hash function encode the hash
-in the 8 lowest bits.</li>
-</ul>
-</div>
-</div>
-<div class="section" id="concurrent-calls">
-<h2>Concurrent calls</h2>
-<p>In some environments, an application can make calls to the PSA crypto
-API in separate threads. In such an environment, concurrent calls are
-performed correctly, as if the calls were executed in sequence, provided
-that they obey the following constraints:</p>
-<ul class="simple">
-<li>There is no overlap between an output parameter of one call and an
-input or output parameter of another call. Overlap between input
-parameters is permitted.</li>
-<li>If a call modifies a key, then no other call must modify or use that
-key. <em>Using</em>, in this context, includes all functions of multipart
-operations using the key. Concurrent calls that merely use the same
-key are permitted.</li>
-<li>Concurrent calls must not use the same operation object.</li>
-</ul>
-<p>If any of these constraints are violated, the behavior is undefined.</p>
-<p>Individual implementations may provide additional guarantees.</p>
-</div>
-</div>
-<div class="section" id="implementation-considerations">
-<h1>Implementation considerations</h1>
-<div class="section" id="implementation-specific-aspects-of-the-interface">
-<h2>Implementation-specific aspects of the interface</h2>
-<div class="section" id="implementation-profile">
-<h3>Implementation profile</h3>
-<p>Implementations may implement a subset of the API and a subset of the
-available algorithms. The implemented subset is known as the
-implementation’s profile. The documentation for each implementation must
-describe the profile that it implements. This specification’s companion
-documents also define a number of standard profiles.</p>
-</div>
-<div class="section" id="implementation-specific-types">
-<h3>Implementation-specific types</h3>
-<p>This specification defines a number of platform-specific types, which
-represent data structures whose content depends on the implementation.
-These are C <code class="docutils literal notranslate"><span class="pre">struct</span></code> types. In the associated header files,
-<code class="docutils literal notranslate"><span class="pre">crypto.h</span></code> declares the <code class="docutils literal notranslate"><span class="pre">struct</span></code> tags and <code class="docutils literal notranslate"><span class="pre">crypto_struct.h</span></code>
-provides a definition for the structures.</p>
-</div>
-<div class="section" id="implementation-specific-macros">
-<h3>Implementation-specific macros</h3>
-<p>Some macros compute a result based on an algorithm or key type. This
-specification provides a sample implementation of these macros, which
-works for all standard types. If an implementation defines
-vendor-specific algorithms or key types, then it must provide an
-implementation for such macros that takes all relevant algorithms and
-types into account. Conversely, an implementation that does not support
-a certain algorithm or key type can define such macros in a simpler way
-that does not take unsupported argument values into account.</p>
-<p>Some macros define the minimum sufficient output buffer size for certain
-functions. In some cases, an implementation is allowed to require a
-buffer size that is larger than the theoretical minimum. An
-implementation must define minimum-size macros in such a way that it
-guarantees that the buffer of the resulting size is sufficient for the
-output of the corresponding function. Refer to each macro’s
-documentation for the applicable requirements.</p>
-</div>
-</div>
-<div class="section" id="porting-to-a-platform">
-<h2>Porting to a platform</h2>
-<div class="section" id="platform-assumptions">
-<h3>Platform assumptions</h3>
-<p>This specification is designed for a C89 platform. The interface is
-defined in terms of C macros, functions and objects.</p>
-<p>The specification assumes 8-bit bytes, and “byte” and “octet” are used
-synonymously.</p>
-</div>
-<div class="section" id="platform-specific-types">
-<h3>Platform-specific types</h3>
-<p>The specification makes use of some platform-specific types, which
-should be defined in <code class="docutils literal notranslate"><span class="pre">crypto_platform.h</span></code> or by a header included in
-this file. <code class="docutils literal notranslate"><span class="pre">crypto_platform.h</span></code> must define the following types:</p>
-<ul class="simple">
-<li><code class="docutils literal notranslate"><span class="pre">uint8_t</span></code>, <code class="docutils literal notranslate"><span class="pre">uint16_t</span></code>, <code class="docutils literal notranslate"><span class="pre">uint32_t</span></code>: unsigned integer types with
-8, 16 and 32 value bits respectively. These may be the types defined
-by the C99 header <code class="docutils literal notranslate"><span class="pre">stdint.h</span></code>.</li>
-<li><code class="docutils literal notranslate"><span class="pre">psa_key_handle_t</span></code>: an unsigned integer type of the
-implementation’s choice.</li>
-</ul>
-</div>
-<div class="section" id="cryptographic-hardware-support">
-<h3>Cryptographic hardware support</h3>
-<p>Implementations are encouraged to make use of hardware accelerators
-where available. A future version of this specification will define a
-function interface that calls drivers for hardware accelerators and
-external cryptographic hardware.</p>
-</div>
-</div>
-<div class="section" id="security-requirements-and-recommendations">
-<h2>Security requirements and recommendations</h2>
-<div class="section" id="error-detection">
-<h3>Error detection</h3>
-<p>Implementations that provide isolation between the caller and the
-cryptography processing environment must validate parameters to ensure
-that the cryptography processing environment is protected from attacks
-caused by passing invalid parameters.</p>
-<p>Even implementations that do not provide isolation should strive to
-detect bad parameters and fail-safe as much as possible.</p>
-</div>
-<div class="section" id="memory-cleanup">
-<h3>Memory cleanup</h3>
-<p>Implementations must wipe all sensitive data from memory when it is no
-longer used. They should wipe this sensitive data as soon as possible.
-In any case, all temporary data used during the execution of a function,
-such as stack buffers, must be wiped before the function returns. All
-data associated with an object, such as a multipart operation, must be
-wiped, at the latest, when the object becomes inactive, for example,
-when a multipart operation is aborted.</p>
-<p>The rationale for this non-functional requirement is to minimize impact
-if the system is compromised. If sensitive data is wiped immediately
-after use, only data that is currently in use can be leaked. It does not
-compromise past data.</p>
-</div>
-<div class="section" id="safe-outputs-on-error">
-<h3>Safe outputs on error</h3>
-<p>Implementations must ensure that confidential data is not written to
-output parameters before validating that the disclosure of this
-confidential data is authorized. This requirement is especially
-important for implementations where the caller may share memory with
-another security context, as described in the <a class="reference external" href="#stability-of-parameters">“Stability of
-parameters”</a> section.</p>
-<p>In most cases, the specification does not define the content of output
-parameters when an error occurs. Implementations should try to ensure
-that the content of output parameters is as safe as possible, in case an
-application flaw or a data leak causes it to be used. In particular, Arm
-recommends that implementations avoid placing partial output in output
-buffers when an action is interrupted. The meaning of “safe as possible”
-depends on the implementation, as different environments require
-different compromises between implementation complexity, overall
-robustness and performance. Some common strategies are to leave output
-parameters unchanged, in case of errors, or zeroing them out.</p>
-</div>
-<div class="section" id="attack-resistance">
-<h3>Attack resistance</h3>
-<p>Cryptographic code tends to manipulate high-value secrets, from which
-other secrets can be unlocked. As such, it is a high-value target for
-attacks. There is a vast body of literature on attack types, such as
-side channel attacks and glitch attacks. Typical side channels include
-timing, cache access patterns, branch-prediction access patterns, power
-consumption, radio emissions and more.</p>
-<p>This specification does not specify particular requirements for attack
-resistance. Therefore, implementers should consider the attack
-resistance desired in each use case and design their implementation
-accordingly. Security standards for attack resistance for particular
-targets may be applicable in certain use cases.</p>
-</div>
-</div>
-<div class="section" id="other-implementation-considerations">
-<h2>Other implementation considerations</h2>
-<div class="section" id="philosophy-of-resource-management">
-<h3>Philosophy of resource management</h3>
-<p>The specification allows most functions to return
-<code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code>. This gives implementations the
-freedom to manage memory as they please.</p>
-<p>Alternatively, the interface is also designed for conservative
-strategies of memory management. An implementation may avoid dynamic
-memory allocation altogether by obeying certain restrictions:</p>
-<ul class="simple">
-<li>Pre-allocate memory for a predefined number of keys, each with
-sufficient memory for all key types that can be stored.</li>
-<li>For multipart operations, in an implementation without isolation,
-place all the data that needs to be carried over from one step to the
-next in the operation object. The application is then fully in
-control of how memory is allocated for the operation.</li>
-<li>In an implementation with isolation, pre-allocate memory for a
-predefined number of operations inside the cryptoprocessor.</li>
-</ul>
-<!--
-#### Inclusion of algorithms
-
-Inline algorithm-generic functions into specialized functions at compile/link time
---></div>
-</div>
-</div>
-<div class="section" id="usage-considerations">
-<h1>Usage considerations</h1>
-<div class="section" id="security-recommendations">
-<h2>Security recommendations</h2>
-<div class="section" id="always-check-for-errors">
-<h3>Always check for errors</h3>
-<p>Most functions in this API can return errors. All functions that can
-fail have the return type <code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code>. A few functions cannot fail,
-and thus, return <code class="docutils literal notranslate"><span class="pre">void</span></code> or some other type.</p>
-<p>If an error occurs, unless otherwise specified, the content of the
-output parameters is undefined and must not be used.</p>
-<p>Some common causes of errors include:</p>
-<ul class="simple">
-<li>In implementations where the keys are stored and processed in a
-separate environment from the application, all functions that need to
-access the cryptography processing environment may fail due to an
-error in the communication between the two environments.</li>
-<li>If an algorithm is implemented with a hardware accelerator, which is
-logically separate from the application processor, the accelerator
-may fail, even when the application processor keeps running normally.</li>
-<li>All functions may fail due to a lack of resources. However, some
-implementations guarantee that certain functions always have
-sufficient memory.</li>
-<li>All functions that access persistent keys may fail due to a storage
-failure.</li>
-<li>All functions that require randomness may fail due to a lack of
-entropy. Implementations are encouraged to seed the random generator
-with sufficient entropy during the execution of <code class="docutils literal notranslate"><span class="pre">psa_crypto_init</span></code>.
-However, some security standards require periodic reseeding from a
-hardware random generator, which can fail.</li>
-</ul>
-</div>
-<div class="section" id="shared-memory-and-concurrency">
-<h3>Shared memory and concurrency</h3>
-<p>Some environments allow applications to be multithreaded, while others
-do not. In some environments, applications may share memory with a
-different security context. In environments with multithreaded
-applications or shared memory, applications must be written carefully to
-avoid data corruption or leakage. This specification requires the
-application to obey certain constraints.</p>
-<p>In general, this API allows either one writer or any number of
-simultaneous readers, on any given object. In other words, if two or
-more calls access the same object concurrently, then the behavior is
-only well-defined if all the calls are only reading from the object and
-do not modify it. Read accesses include reading memory by input
-parameters and reading keystore content by using a key. For more
-details, refer to the <a class="reference external" href="#concurrent-calls">“Concurrent calls”</a>
-section.</p>
-<p>If an application shares memory with another security context, it may
-pass shared memory blocks as input buffers or output buffers, but not as
-non-buffer parameters. For more details, refer to the <a class="reference external" href="#stability-of-parameters">“Stability of
-parameters”</a> section.</p>
-</div>
-<div class="section" id="cleaning-up-after-use">
-<h3>Cleaning up after use</h3>
-<p>To minimize impact if the system is compromised, applications should
-wipe all sensitive data from memory when it is no longer used. That way,
-only data that is currently in use may be leaked, and past data is not
-compromised.</p>
-<p>Wiping sensitive data includes:</p>
-<ul class="simple">
-<li>Clearing temporary buffers in the stack or on the heap.</li>
-<li>Aborting operations if they will not be finished.</li>
-<li>Destroying keys that are no longer used.</li>
-</ul>
-</div>
-</div>
-</div>
-
-
-          </div>
-          
-        </div>
-      </div>
-      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
-        <div class="sphinxsidebarwrapper">
-<h1 class="logo"><a href="index.html">psa_crypto_api</a></h1>
-
-
-
-
-
-
-
-
-<h3>Navigation</h3>
-<ul class="current">
-<li class="toctree-l1 current"><a class="current reference internal" href="#">Introduction</a></li>
-<li class="toctree-l1"><a class="reference internal" href="#design-goals">Design goals</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="#suitable-for-constrained-devices">Suitable for constrained devices</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#a-keystore-interface">A keystore interface</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#optional-isolation">Optional isolation</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#choice-of-algorithms">Choice of algorithms</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#ease-of-use">Ease of use</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#example-use-cases">Example use cases</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="#network-security-tls">Network Security (TLS)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#secure-storage">Secure Storage</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#network-credentials">Network Credentials</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#device-pairing">Device Pairing</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#secure-boot">Secure Boot</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#attestation">Attestation</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#factory-provisioning">Factory Provisioning</a></li>
-</ul>
-</li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="#functionality-overview">Functionality overview</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="#library-management">Library management</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#key-management">Key management</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="#volatile-keys">Volatile keys</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#persistent-keys">Persistent keys</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#recommendations-of-minimum-standards-for-key-management">Recommendations of minimum standards for key management</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="#usage-policies">Usage policies</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#symmetric-cryptography">Symmetric cryptography</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="#multipart-operations">Multipart operations</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#authenticated-encryption">Authenticated encryption</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="#key-derivation">Key derivation</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="#key-derivation-operations">Key derivation operations</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#key-derivation-function">Key derivation function</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="#asymmetric-cryptography">Asymmetric cryptography</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="#asymmetric-encryption">Asymmetric encryption</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#hash-and-sign">Hash-and-sign</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#key-agreement">Key agreement</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="#randomness-and-key-generation">Randomness and key generation</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#future-additions">Future additions</a></li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="#sample-architectures">Sample architectures</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="#single-partition-architecture">Single-partition architecture</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#cryptographic-token-and-single-application-processor">Cryptographic token and single-application processor</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#cryptoprocessor-with-no-key-storage">Cryptoprocessor with no key storage</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#multi-client-cryptoprocessor">Multi-client cryptoprocessor</a></li>
-<li class="toctree-l2"><a class="reference internal" href="#multi-cryptoprocessor-architecture">Multi-cryptoprocessor architecture</a></li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="#library-conventions">Library conventions</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="#error-handling">Error handling</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="#return-status">Return status</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#behavior-on-error">Behavior on error</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="#parameter-conventions">Parameter conventions</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="#pointer-conventions">Pointer conventions</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#input-buffer-sizes">Input buffer sizes</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#output-buffer-sizes">Output buffer sizes</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#overlap-between-parameters">Overlap between parameters</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#stability-of-parameters">Stability of parameters</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="#key-types-and-algorithms">Key types and algorithms</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="#structure-of-key-and-algorithm-types">Structure of key and algorithm types</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="#concurrent-calls">Concurrent calls</a></li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="#implementation-considerations">Implementation considerations</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="#implementation-specific-aspects-of-the-interface">Implementation-specific aspects of the interface</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="#implementation-profile">Implementation profile</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#implementation-specific-types">Implementation-specific types</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#implementation-specific-macros">Implementation-specific macros</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="#porting-to-a-platform">Porting to a platform</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="#platform-assumptions">Platform assumptions</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#platform-specific-types">Platform-specific types</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#cryptographic-hardware-support">Cryptographic hardware support</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="#security-requirements-and-recommendations">Security requirements and recommendations</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="#error-detection">Error detection</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#memory-cleanup">Memory cleanup</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#safe-outputs-on-error">Safe outputs on error</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#attack-resistance">Attack resistance</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="#other-implementation-considerations">Other implementation considerations</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="#philosophy-of-resource-management">Philosophy of resource management</a></li>
-</ul>
-</li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="#usage-considerations">Usage considerations</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="#security-recommendations">Security recommendations</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="#always-check-for-errors">Always check for errors</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#shared-memory-and-concurrency">Shared memory and concurrency</a></li>
-<li class="toctree-l3"><a class="reference internal" href="#cleaning-up-after-use">Cleaning up after use</a></li>
-</ul>
-</li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html">Implementation-specific definitions</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#library-initialization">Library initialization</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-attributes">Key attributes</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-management">Key management</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-import-and-export">Key import and export</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#message-digests">Message digests</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#message-authentication-codes">Message authentication codes</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#symmetric-ciphers">Symmetric ciphers</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#authenticated-encryption-with-associated-data-aead">Authenticated encryption with associated data (AEAD)</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#asymmetric-cryptography">Asymmetric cryptography</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-derivation-and-pseudorandom-generation">Key derivation and pseudorandom generation</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#random-generation">Random generation</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#error-codes">Error codes</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-and-algorithm-types">Key and algorithm types</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-lifetimes">Key lifetimes</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-policies">Key policies</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-derivation">Key derivation</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#other-definitions">Other definitions</a></li>
-</ul>
-
-<div class="relations">
-<h3>Related Topics</h3>
-<ul>
-  <li><a href="index.html">Documentation overview</a><ul>
-      <li>Previous: <a href="index.html" title="previous chapter">PSA Cryptography API Specification</a></li>
-      <li>Next: <a href="from_doxygen.html" title="next chapter">Implementation-specific definitions</a></li>
-  </ul></li>
-</ul>
-</div>
-<div id="searchbox" style="display: none" role="search">
-  <h3>Quick search</h3>
-    <div class="searchformwrapper">
-    <form class="search" action="search.html" method="get">
-      <input type="text" name="q" />
-      <input type="submit" value="Go" />
-      <input type="hidden" name="check_keywords" value="yes" />
-      <input type="hidden" name="area" value="default" />
-    </form>
-    </div>
-</div>
-<script type="text/javascript">$('#searchbox').show(0);</script>
-
-
-
-
-
-
-
-
-        </div>
-      </div>
-      <div class="clearer"></div>
-    </div>
-    <div class="footer">
-      &copy;2019, Arm.
-      
-      |
-      Powered by <a href="http://sphinx-doc.org/">Sphinx 1.8.5</a>
-      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.12</a>
-      
-      |
-      <a href="_sources/general.rst.txt"
-          rel="nofollow">Page source</a>
-    </div>
-
-    
-
-    
-  </body>
-</html>
\ No newline at end of file
diff --git a/docs/html/genindex.html b/docs/html/genindex.html
index b0e55bf..192532f 100644
--- a/docs/html/genindex.html
+++ b/docs/html/genindex.html
@@ -5,32 +5,37 @@
 
 <html xmlns="http://www.w3.org/1999/xhtml">
   <head>
-    <meta http-equiv="X-UA-Compatible" content="IE=Edge" />
     <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-    <title>Index &#8212; psa_crypto_api 1.0 beta3 documentation</title>
+    <title>Index &#8212; PSA Crypto API 1.0.0 documentation</title>
     <link rel="stylesheet" href="_static/alabaster.css" type="text/css" />
     <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
-    <script type="text/javascript" id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
+    <script type="text/javascript">
+      var DOCUMENTATION_OPTIONS = {
+        URL_ROOT:    './',
+        VERSION:     '1.0.0',
+        COLLAPSE_INDEX: false,
+        FILE_SUFFIX: '.html',
+        HAS_SOURCE:  true,
+        SOURCELINK_SUFFIX: '.txt'
+      };
+    </script>
     <script type="text/javascript" src="_static/jquery.js"></script>
     <script type="text/javascript" src="_static/underscore.js"></script>
     <script type="text/javascript" src="_static/doctools.js"></script>
-    <script type="text/javascript" src="_static/language_data.js"></script>
     <link rel="index" title="Index" href="#" />
     <link rel="search" title="Search" href="search.html" />
    
   <link rel="stylesheet" href="_static/custom.css" type="text/css" />
   
-  
   <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
 
-  </head><body>
+  </head>
+  <body>
   
 
     <div class="document">
       <div class="documentwrapper">
         <div class="bodywrapper">
-          
-
           <div class="body" role="main">
             
 
@@ -42,86 +47,39 @@
 
 
           </div>
-          
         </div>
       </div>
       <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
         <div class="sphinxsidebarwrapper">
-<h1 class="logo"><a href="index.html">psa_crypto_api</a></h1>
 
-
-
-
-
-
-
-
-<h3>Navigation</h3>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="general.html">Introduction</a></li>
-<li class="toctree-l1"><a class="reference internal" href="general.html#design-goals">Design goals</a></li>
-<li class="toctree-l1"><a class="reference internal" href="general.html#functionality-overview">Functionality overview</a></li>
-<li class="toctree-l1"><a class="reference internal" href="general.html#sample-architectures">Sample architectures</a></li>
-<li class="toctree-l1"><a class="reference internal" href="general.html#library-conventions">Library conventions</a></li>
-<li class="toctree-l1"><a class="reference internal" href="general.html#implementation-considerations">Implementation considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="general.html#usage-considerations">Usage considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html">Implementation-specific definitions</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#library-initialization">Library initialization</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-attributes">Key attributes</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-management">Key management</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-import-and-export">Key import and export</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#message-digests">Message digests</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#message-authentication-codes">Message authentication codes</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#symmetric-ciphers">Symmetric ciphers</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#authenticated-encryption-with-associated-data-aead">Authenticated encryption with associated data (AEAD)</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#asymmetric-cryptography">Asymmetric cryptography</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-derivation-and-pseudorandom-generation">Key derivation and pseudorandom generation</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#random-generation">Random generation</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#error-codes">Error codes</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-and-algorithm-types">Key and algorithm types</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-lifetimes">Key lifetimes</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-policies">Key policies</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-derivation">Key derivation</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#other-definitions">Other definitions</a></li>
-</ul>
-
-<div class="relations">
+   <div class="relations">
 <h3>Related Topics</h3>
 <ul>
   <li><a href="index.html">Documentation overview</a><ul>
   </ul></li>
 </ul>
 </div>
+
 <div id="searchbox" style="display: none" role="search">
   <h3>Quick search</h3>
-    <div class="searchformwrapper">
     <form class="search" action="search.html" method="get">
-      <input type="text" name="q" />
-      <input type="submit" value="Go" />
+      <div><input type="text" name="q" /></div>
+      <div><input type="submit" value="Go" /></div>
       <input type="hidden" name="check_keywords" value="yes" />
       <input type="hidden" name="area" value="default" />
     </form>
-    </div>
 </div>
 <script type="text/javascript">$('#searchbox').show(0);</script>
-
-
-
-
-
-
-
-
         </div>
       </div>
       <div class="clearer"></div>
     </div>
     <div class="footer">
-      &copy;2019, Arm.
+      &copy; 2019-2020, Arm Limited or its affiliates. All rights reserved.
       
       |
-      Powered by <a href="http://sphinx-doc.org/">Sphinx 1.8.5</a>
-      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.12</a>
+      Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
+      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
       
     </div>
 
diff --git a/docs/html/index.html b/docs/html/index.html
index c212c05..6f91897 100644
--- a/docs/html/index.html
+++ b/docs/html/index.html
@@ -4,731 +4,302 @@
 
 <html xmlns="http://www.w3.org/1999/xhtml">
   <head>
-    <meta http-equiv="X-UA-Compatible" content="IE=Edge" />
     <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-    <title>PSA Cryptography API Specification &#8212; psa_crypto_api 1.0 beta3 documentation</title>
+    <title>PSA Cryptography API 1.0 &#8212; PSA Crypto API 1.0.0 documentation</title>
     <link rel="stylesheet" href="_static/alabaster.css" type="text/css" />
     <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
-    <script type="text/javascript" id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
+    <script type="text/javascript">
+      var DOCUMENTATION_OPTIONS = {
+        URL_ROOT:    './',
+        VERSION:     '1.0.0',
+        COLLAPSE_INDEX: false,
+        FILE_SUFFIX: '.html',
+        HAS_SOURCE:  true,
+        SOURCELINK_SUFFIX: '.txt'
+      };
+    </script>
     <script type="text/javascript" src="_static/jquery.js"></script>
     <script type="text/javascript" src="_static/underscore.js"></script>
     <script type="text/javascript" src="_static/doctools.js"></script>
-    <script type="text/javascript" src="_static/language_data.js"></script>
     <link rel="index" title="Index" href="genindex.html" />
     <link rel="search" title="Search" href="search.html" />
-    <link rel="next" title="Introduction" href="general.html" />
+    <link rel="next" title="Introduction" href="overview/intro.html" />
    
   <link rel="stylesheet" href="_static/custom.css" type="text/css" />
   
-  
   <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
 
-  </head><body>
+  </head>
+  <body>
   
 
     <div class="document">
       <div class="documentwrapper">
         <div class="bodywrapper">
-          
-
           <div class="body" role="main">
             
-  <div class="section" id="psa-cryptography-api-specification">
-<h1>PSA Cryptography API Specification</h1>
+  <div class="section" id="psa-cryptography-api-version">
+<h1>PSA Cryptography API 1.0</h1>
 <div class="toctree-wrapper compound">
 <ul>
-<li class="toctree-l1"><a class="reference internal" href="general.html">Introduction</a></li>
-<li class="toctree-l1"><a class="reference internal" href="general.html#design-goals">Design goals</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="general.html#suitable-for-constrained-devices">Suitable for constrained devices</a></li>
-<li class="toctree-l2"><a class="reference internal" href="general.html#a-keystore-interface">A keystore interface</a></li>
-<li class="toctree-l2"><a class="reference internal" href="general.html#optional-isolation">Optional isolation</a></li>
-<li class="toctree-l2"><a class="reference internal" href="general.html#choice-of-algorithms">Choice of algorithms</a></li>
-<li class="toctree-l2"><a class="reference internal" href="general.html#ease-of-use">Ease of use</a></li>
-<li class="toctree-l2"><a class="reference internal" href="general.html#example-use-cases">Example use cases</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="general.html#network-security-tls">Network Security (TLS)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="general.html#secure-storage">Secure Storage</a></li>
-<li class="toctree-l3"><a class="reference internal" href="general.html#network-credentials">Network Credentials</a></li>
-<li class="toctree-l3"><a class="reference internal" href="general.html#device-pairing">Device Pairing</a></li>
-<li class="toctree-l3"><a class="reference internal" href="general.html#secure-boot">Secure Boot</a></li>
-<li class="toctree-l3"><a class="reference internal" href="general.html#attestation">Attestation</a></li>
-<li class="toctree-l3"><a class="reference internal" href="general.html#factory-provisioning">Factory Provisioning</a></li>
+<li class="toctree-l1"><a class="reference internal" href="overview/intro.html">Introduction</a></li>
+<li class="toctree-l1"><a class="reference internal" href="overview/goals.html">Design goals</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="overview/goals.html#suitable-for-constrained-devices">Suitable for constrained devices</a></li>
+<li class="toctree-l2"><a class="reference internal" href="overview/goals.html#a-keystore-interface">A keystore interface</a></li>
+<li class="toctree-l2"><a class="reference internal" href="overview/goals.html#optional-isolation">Optional isolation</a></li>
+<li class="toctree-l2"><a class="reference internal" href="overview/goals.html#choice-of-algorithms">Choice of algorithms</a></li>
+<li class="toctree-l2"><a class="reference internal" href="overview/goals.html#ease-of-use">Ease of use</a></li>
+<li class="toctree-l2"><a class="reference internal" href="overview/goals.html#example-use-cases">Example use cases</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="overview/goals.html#network-security-tls">Network Security (TLS)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/goals.html#secure-storage">Secure Storage</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/goals.html#network-credentials">Network Credentials</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/goals.html#device-pairing">Device Pairing</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/goals.html#secure-boot">Secure Boot</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/goals.html#attestation">Attestation</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/goals.html#factory-provisioning">Factory Provisioning</a></li>
 </ul>
 </li>
 </ul>
 </li>
-<li class="toctree-l1"><a class="reference internal" href="general.html#functionality-overview">Functionality overview</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="general.html#library-management">Library management</a></li>
-<li class="toctree-l2"><a class="reference internal" href="general.html#key-management">Key management</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="general.html#volatile-keys">Volatile keys</a></li>
-<li class="toctree-l3"><a class="reference internal" href="general.html#persistent-keys">Persistent keys</a></li>
-<li class="toctree-l3"><a class="reference internal" href="general.html#recommendations-of-minimum-standards-for-key-management">Recommendations of minimum standards for key management</a></li>
+<li class="toctree-l1"><a class="reference internal" href="overview/functionality.html">Functionality overview</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="overview/functionality.html#library-management">Library management</a></li>
+<li class="toctree-l2"><a class="reference internal" href="overview/functionality.html#key-management">Key management</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="overview/functionality.html#volatile-keys">Volatile keys</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/functionality.html#persistent-keys">Persistent keys</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/functionality.html#key-identifiers">Key identifiers</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/functionality.html#recommendations-of-minimum-standards-for-key-management">Recommendations of minimum standards for key management</a></li>
 </ul>
 </li>
-<li class="toctree-l2"><a class="reference internal" href="general.html#usage-policies">Usage policies</a></li>
-<li class="toctree-l2"><a class="reference internal" href="general.html#symmetric-cryptography">Symmetric cryptography</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="general.html#multipart-operations">Multipart operations</a></li>
-<li class="toctree-l3"><a class="reference internal" href="general.html#authenticated-encryption">Authenticated encryption</a></li>
+<li class="toctree-l2"><a class="reference internal" href="overview/functionality.html#usage-policies">Usage policies</a></li>
+<li class="toctree-l2"><a class="reference internal" href="overview/functionality.html#symmetric-cryptography">Symmetric cryptography</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="overview/functionality.html#single-part-functions">Single-part Functions</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/functionality.html#multi-part-operations">Multi-part operations</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/functionality.html#message-digests-hashes">Message digests (Hashes)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/functionality.html#message-authentication-codes-macs">Message authentication codes (MACs)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/functionality.html#encryption-and-decryption">Encryption and decryption</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/functionality.html#authenticated-encryption-aead">Authenticated encryption (AEAD)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/functionality.html#key-derivation">Key derivation</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/functionality.html#example-of-the-symmetric-cryptography-api">Example of the symmetric cryptography API</a></li>
 </ul>
 </li>
-<li class="toctree-l2"><a class="reference internal" href="general.html#key-derivation">Key derivation</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="general.html#key-derivation-operations">Key derivation operations</a></li>
-<li class="toctree-l3"><a class="reference internal" href="general.html#key-derivation-function">Key derivation function</a></li>
+<li class="toctree-l2"><a class="reference internal" href="overview/functionality.html#asymmetric-cryptography">Asymmetric cryptography</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="overview/functionality.html#asymmetric-encryption">Asymmetric encryption</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/functionality.html#hash-and-sign">Hash-and-sign</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/functionality.html#key-agreement">Key agreement</a></li>
 </ul>
 </li>
-<li class="toctree-l2"><a class="reference internal" href="general.html#asymmetric-cryptography">Asymmetric cryptography</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="general.html#asymmetric-encryption">Asymmetric encryption</a></li>
-<li class="toctree-l3"><a class="reference internal" href="general.html#hash-and-sign">Hash-and-sign</a></li>
-<li class="toctree-l3"><a class="reference internal" href="general.html#key-agreement">Key agreement</a></li>
+<li class="toctree-l2"><a class="reference internal" href="overview/functionality.html#randomness-and-key-generation">Randomness and key generation</a></li>
 </ul>
 </li>
-<li class="toctree-l2"><a class="reference internal" href="general.html#randomness-and-key-generation">Randomness and key generation</a></li>
-<li class="toctree-l2"><a class="reference internal" href="general.html#future-additions">Future additions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="overview/sample-arch.html">Sample architectures</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="overview/sample-arch.html#single-partition-architecture">Single-partition architecture</a></li>
+<li class="toctree-l2"><a class="reference internal" href="overview/sample-arch.html#cryptographic-token-and-single-application-processor">Cryptographic token and single-application processor</a></li>
+<li class="toctree-l2"><a class="reference internal" href="overview/sample-arch.html#cryptoprocessor-with-no-key-storage">Cryptoprocessor with no key storage</a></li>
+<li class="toctree-l2"><a class="reference internal" href="overview/sample-arch.html#multi-client-cryptoprocessor">Multi-client cryptoprocessor</a></li>
+<li class="toctree-l2"><a class="reference internal" href="overview/sample-arch.html#multi-cryptoprocessor-architecture">Multi-cryptoprocessor architecture</a></li>
 </ul>
 </li>
-<li class="toctree-l1"><a class="reference internal" href="general.html#sample-architectures">Sample architectures</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="general.html#single-partition-architecture">Single-partition architecture</a></li>
-<li class="toctree-l2"><a class="reference internal" href="general.html#cryptographic-token-and-single-application-processor">Cryptographic token and single-application processor</a></li>
-<li class="toctree-l2"><a class="reference internal" href="general.html#cryptoprocessor-with-no-key-storage">Cryptoprocessor with no key storage</a></li>
-<li class="toctree-l2"><a class="reference internal" href="general.html#multi-client-cryptoprocessor">Multi-client cryptoprocessor</a></li>
-<li class="toctree-l2"><a class="reference internal" href="general.html#multi-cryptoprocessor-architecture">Multi-cryptoprocessor architecture</a></li>
+<li class="toctree-l1"><a class="reference internal" href="overview/conventions.html">Library conventions</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="overview/conventions.html#error-handling">Error handling</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="overview/conventions.html#return-status">Return status</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/conventions.html#behavior-on-error">Behavior on error</a></li>
 </ul>
 </li>
-<li class="toctree-l1"><a class="reference internal" href="general.html#library-conventions">Library conventions</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="general.html#error-handling">Error handling</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="general.html#return-status">Return status</a></li>
-<li class="toctree-l3"><a class="reference internal" href="general.html#behavior-on-error">Behavior on error</a></li>
+<li class="toctree-l2"><a class="reference internal" href="overview/conventions.html#parameter-conventions">Parameter conventions</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="overview/conventions.html#pointer-conventions">Pointer conventions</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/conventions.html#input-buffer-sizes">Input buffer sizes</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/conventions.html#output-buffer-sizes">Output buffer sizes</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/conventions.html#overlap-between-parameters">Overlap between parameters</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/conventions.html#stability-of-parameters">Stability of parameters</a></li>
 </ul>
 </li>
-<li class="toctree-l2"><a class="reference internal" href="general.html#parameter-conventions">Parameter conventions</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="general.html#pointer-conventions">Pointer conventions</a></li>
-<li class="toctree-l3"><a class="reference internal" href="general.html#input-buffer-sizes">Input buffer sizes</a></li>
-<li class="toctree-l3"><a class="reference internal" href="general.html#output-buffer-sizes">Output buffer sizes</a></li>
-<li class="toctree-l3"><a class="reference internal" href="general.html#overlap-between-parameters">Overlap between parameters</a></li>
-<li class="toctree-l3"><a class="reference internal" href="general.html#stability-of-parameters">Stability of parameters</a></li>
+<li class="toctree-l2"><a class="reference internal" href="overview/conventions.html#key-types-and-algorithms">Key types and algorithms</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="overview/conventions.html#structure-of-key-and-algorithm-types">Structure of key and algorithm types</a></li>
 </ul>
 </li>
-<li class="toctree-l2"><a class="reference internal" href="general.html#key-types-and-algorithms">Key types and algorithms</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="general.html#structure-of-key-and-algorithm-types">Structure of key and algorithm types</a></li>
+<li class="toctree-l2"><a class="reference internal" href="overview/conventions.html#concurrent-calls">Concurrent calls</a></li>
 </ul>
 </li>
-<li class="toctree-l2"><a class="reference internal" href="general.html#concurrent-calls">Concurrent calls</a></li>
+<li class="toctree-l1"><a class="reference internal" href="overview/implementation.html">Implementation considerations</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="overview/implementation.html#implementation-specific-aspects-of-the-interface">Implementation-specific aspects of the interface</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="overview/implementation.html#implementation-profile">Implementation profile</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/implementation.html#implementation-specific-types">Implementation-specific types</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/implementation.html#implementation-specific-macros">Implementation-specific macros</a></li>
 </ul>
 </li>
-<li class="toctree-l1"><a class="reference internal" href="general.html#implementation-considerations">Implementation considerations</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="general.html#implementation-specific-aspects-of-the-interface">Implementation-specific aspects of the interface</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="general.html#implementation-profile">Implementation profile</a></li>
-<li class="toctree-l3"><a class="reference internal" href="general.html#implementation-specific-types">Implementation-specific types</a></li>
-<li class="toctree-l3"><a class="reference internal" href="general.html#implementation-specific-macros">Implementation-specific macros</a></li>
+<li class="toctree-l2"><a class="reference internal" href="overview/implementation.html#porting-to-a-platform">Porting to a platform</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="overview/implementation.html#platform-assumptions">Platform assumptions</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/implementation.html#platform-specific-types">Platform-specific types</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/implementation.html#cryptographic-hardware-support">Cryptographic hardware support</a></li>
 </ul>
 </li>
-<li class="toctree-l2"><a class="reference internal" href="general.html#porting-to-a-platform">Porting to a platform</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="general.html#platform-assumptions">Platform assumptions</a></li>
-<li class="toctree-l3"><a class="reference internal" href="general.html#platform-specific-types">Platform-specific types</a></li>
-<li class="toctree-l3"><a class="reference internal" href="general.html#cryptographic-hardware-support">Cryptographic hardware support</a></li>
+<li class="toctree-l2"><a class="reference internal" href="overview/implementation.html#security-requirements-and-recommendations">Security requirements and recommendations</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="overview/implementation.html#error-detection">Error detection</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/implementation.html#indirect-object-references">Indirect object references</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/implementation.html#memory-cleanup">Memory cleanup</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/implementation.html#managing-key-material">Managing key material</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/implementation.html#safe-outputs-on-error">Safe outputs on error</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/implementation.html#attack-resistance">Attack resistance</a></li>
 </ul>
 </li>
-<li class="toctree-l2"><a class="reference internal" href="general.html#security-requirements-and-recommendations">Security requirements and recommendations</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="general.html#error-detection">Error detection</a></li>
-<li class="toctree-l3"><a class="reference internal" href="general.html#memory-cleanup">Memory cleanup</a></li>
-<li class="toctree-l3"><a class="reference internal" href="general.html#safe-outputs-on-error">Safe outputs on error</a></li>
-<li class="toctree-l3"><a class="reference internal" href="general.html#attack-resistance">Attack resistance</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="general.html#other-implementation-considerations">Other implementation considerations</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="general.html#philosophy-of-resource-management">Philosophy of resource management</a></li>
+<li class="toctree-l2"><a class="reference internal" href="overview/implementation.html#other-implementation-considerations">Other implementation considerations</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="overview/implementation.html#philosophy-of-resource-management">Philosophy of resource management</a></li>
 </ul>
 </li>
 </ul>
 </li>
-<li class="toctree-l1"><a class="reference internal" href="general.html#usage-considerations">Usage considerations</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="general.html#security-recommendations">Security recommendations</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="general.html#always-check-for-errors">Always check for errors</a></li>
-<li class="toctree-l3"><a class="reference internal" href="general.html#shared-memory-and-concurrency">Shared memory and concurrency</a></li>
-<li class="toctree-l3"><a class="reference internal" href="general.html#cleaning-up-after-use">Cleaning up after use</a></li>
+<li class="toctree-l1"><a class="reference internal" href="overview/usage.html">Usage considerations</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="overview/usage.html#security-recommendations">Security recommendations</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="overview/usage.html#always-check-for-errors">Always check for errors</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/usage.html#shared-memory-and-concurrency">Shared memory and concurrency</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/usage.html#cleaning-up-after-use">Cleaning up after use</a></li>
 </ul>
 </li>
 </ul>
 </li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html">Implementation-specific definitions</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_key_handle_t"><code class="docutils literal notranslate"><span class="pre">psa_key_handle_t</span></code> (type)</a></li>
+<li class="toctree-l1"><a class="reference internal" href="api/library/index.html">Library management reference</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="api/library/status.html">PSA status codes</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="api/library/status.html#status-type">Status type</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/library/status.html#success-codes">Success codes</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/library/status.html#error-codes">Error codes</a></li>
 </ul>
 </li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#library-initialization">Library initialization</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_crypto_init"><code class="docutils literal notranslate"><span class="pre">psa_crypto_init</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="api/library/library.html">PSA Crypto library</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="api/library/library.html#api-version">API version</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/library/library.html#library-initialization">Library initialization</a></li>
 </ul>
 </li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-attributes">Key attributes</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_key_attributes_t"><code class="docutils literal notranslate"><span class="pre">psa_key_attributes_t</span></code> (type)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_ATTRIBUTES_INIT"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_ATTRIBUTES_INIT</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_key_attributes_init"><code class="docutils literal notranslate"><span class="pre">psa_key_attributes_init</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_set_key_id"><code class="docutils literal notranslate"><span class="pre">psa_set_key_id</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_set_key_lifetime"><code class="docutils literal notranslate"><span class="pre">psa_set_key_lifetime</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_get_key_id"><code class="docutils literal notranslate"><span class="pre">psa_get_key_id</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_get_key_lifetime"><code class="docutils literal notranslate"><span class="pre">psa_get_key_lifetime</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_set_key_usage_flags"><code class="docutils literal notranslate"><span class="pre">psa_set_key_usage_flags</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_get_key_usage_flags"><code class="docutils literal notranslate"><span class="pre">psa_get_key_usage_flags</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_set_key_algorithm"><code class="docutils literal notranslate"><span class="pre">psa_set_key_algorithm</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_get_key_algorithm"><code class="docutils literal notranslate"><span class="pre">psa_get_key_algorithm</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_set_key_type"><code class="docutils literal notranslate"><span class="pre">psa_set_key_type</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_set_key_bits"><code class="docutils literal notranslate"><span class="pre">psa_set_key_bits</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_get_key_type"><code class="docutils literal notranslate"><span class="pre">psa_get_key_type</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_get_key_bits"><code class="docutils literal notranslate"><span class="pre">psa_get_key_bits</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_get_key_attributes"><code class="docutils literal notranslate"><span class="pre">psa_get_key_attributes</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_reset_key_attributes"><code class="docutils literal notranslate"><span class="pre">psa_reset_key_attributes</span></code> (function)</a></li>
 </ul>
 </li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-management">Key management</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_open_key"><code class="docutils literal notranslate"><span class="pre">psa_open_key</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_close_key"><code class="docutils literal notranslate"><span class="pre">psa_close_key</span></code> (function)</a></li>
+<li class="toctree-l1"><a class="reference internal" href="api/keys/index.html">Key management reference</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="api/keys/attributes.html">Key attributes</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="api/keys/attributes.html#attribute-types">Attribute types</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/keys/attributes.html#managing-attributes">Managing attributes</a></li>
 </ul>
 </li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-import-and-export">Key import and export</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_import_key"><code class="docutils literal notranslate"><span class="pre">psa_import_key</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_destroy_key"><code class="docutils literal notranslate"><span class="pre">psa_destroy_key</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_export_key"><code class="docutils literal notranslate"><span class="pre">psa_export_key</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_export_public_key"><code class="docutils literal notranslate"><span class="pre">psa_export_public_key</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_copy_key"><code class="docutils literal notranslate"><span class="pre">psa_copy_key</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="api/keys/locations.html">Key locations</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="api/keys/locations.html#key-lifetimes">Key lifetimes</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/keys/locations.html#key-identifiers">Key identifiers</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/keys/locations.html#attribute-accessors">Attribute accessors</a></li>
 </ul>
 </li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#message-digests">Message digests</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_hash_operation_t"><code class="docutils literal notranslate"><span class="pre">psa_hash_operation_t</span></code> (type)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_HASH_OPERATION_INIT"><code class="docutils literal notranslate"><span class="pre">PSA_HASH_OPERATION_INIT</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_hash_compute"><code class="docutils literal notranslate"><span class="pre">psa_hash_compute</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_hash_compare"><code class="docutils literal notranslate"><span class="pre">psa_hash_compare</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_hash_operation_init"><code class="docutils literal notranslate"><span class="pre">psa_hash_operation_init</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_hash_setup"><code class="docutils literal notranslate"><span class="pre">psa_hash_setup</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_hash_update"><code class="docutils literal notranslate"><span class="pre">psa_hash_update</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_hash_finish"><code class="docutils literal notranslate"><span class="pre">psa_hash_finish</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_hash_verify"><code class="docutils literal notranslate"><span class="pre">psa_hash_verify</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_hash_abort"><code class="docutils literal notranslate"><span class="pre">psa_hash_abort</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_hash_clone"><code class="docutils literal notranslate"><span class="pre">psa_hash_clone</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="api/keys/types.html">Key types</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="api/keys/types.html#key-categories">Key categories</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/keys/types.html#symmetric-keys">Symmetric keys</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/keys/types.html#rsa-keys">RSA keys</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/keys/types.html#elliptic-curve-keys">Elliptic Curve keys</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/keys/types.html#diffie-hellman-keys">Diffie Hellman keys</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/keys/types.html#attribute-accessors">Attribute accessors</a></li>
 </ul>
 </li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#message-authentication-codes">Message authentication codes</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_mac_operation_t"><code class="docutils literal notranslate"><span class="pre">psa_mac_operation_t</span></code> (type)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_MAC_OPERATION_INIT"><code class="docutils literal notranslate"><span class="pre">PSA_MAC_OPERATION_INIT</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_mac_compute"><code class="docutils literal notranslate"><span class="pre">psa_mac_compute</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_mac_verify"><code class="docutils literal notranslate"><span class="pre">psa_mac_verify</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_mac_operation_init"><code class="docutils literal notranslate"><span class="pre">psa_mac_operation_init</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_mac_sign_setup"><code class="docutils literal notranslate"><span class="pre">psa_mac_sign_setup</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_mac_verify_setup"><code class="docutils literal notranslate"><span class="pre">psa_mac_verify_setup</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_mac_update"><code class="docutils literal notranslate"><span class="pre">psa_mac_update</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_mac_sign_finish"><code class="docutils literal notranslate"><span class="pre">psa_mac_sign_finish</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_mac_verify_finish"><code class="docutils literal notranslate"><span class="pre">psa_mac_verify_finish</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_mac_abort"><code class="docutils literal notranslate"><span class="pre">psa_mac_abort</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="api/keys/usage.html">Key policies</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="api/keys/usage.html#key-usage-flags">Key usage flags</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/keys/usage.html#attribute-accessors">Attribute accessors</a></li>
 </ul>
 </li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#symmetric-ciphers">Symmetric ciphers</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_cipher_operation_t"><code class="docutils literal notranslate"><span class="pre">psa_cipher_operation_t</span></code> (type)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_CIPHER_OPERATION_INIT"><code class="docutils literal notranslate"><span class="pre">PSA_CIPHER_OPERATION_INIT</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_cipher_encrypt"><code class="docutils literal notranslate"><span class="pre">psa_cipher_encrypt</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_cipher_decrypt"><code class="docutils literal notranslate"><span class="pre">psa_cipher_decrypt</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_cipher_operation_init"><code class="docutils literal notranslate"><span class="pre">psa_cipher_operation_init</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_cipher_encrypt_setup"><code class="docutils literal notranslate"><span class="pre">psa_cipher_encrypt_setup</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_cipher_decrypt_setup"><code class="docutils literal notranslate"><span class="pre">psa_cipher_decrypt_setup</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_cipher_generate_iv"><code class="docutils literal notranslate"><span class="pre">psa_cipher_generate_iv</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_cipher_set_iv"><code class="docutils literal notranslate"><span class="pre">psa_cipher_set_iv</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_cipher_update"><code class="docutils literal notranslate"><span class="pre">psa_cipher_update</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_cipher_finish"><code class="docutils literal notranslate"><span class="pre">psa_cipher_finish</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_cipher_abort"><code class="docutils literal notranslate"><span class="pre">psa_cipher_abort</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="api/keys/algorithms.html">Algorithms</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="api/keys/algorithms.html#algorithm-categories">Algorithm categories</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/keys/algorithms.html#attribute-accessors">Attribute accessors</a></li>
 </ul>
 </li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#authenticated-encryption-with-associated-data-aead">Authenticated encryption with associated data (AEAD)</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_aead_operation_t"><code class="docutils literal notranslate"><span class="pre">psa_aead_operation_t</span></code> (type)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_AEAD_OPERATION_INIT"><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_OPERATION_INIT</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_aead_encrypt"><code class="docutils literal notranslate"><span class="pre">psa_aead_encrypt</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_aead_decrypt"><code class="docutils literal notranslate"><span class="pre">psa_aead_decrypt</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_aead_operation_init"><code class="docutils literal notranslate"><span class="pre">psa_aead_operation_init</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_aead_encrypt_setup"><code class="docutils literal notranslate"><span class="pre">psa_aead_encrypt_setup</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_aead_decrypt_setup"><code class="docutils literal notranslate"><span class="pre">psa_aead_decrypt_setup</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_aead_generate_nonce"><code class="docutils literal notranslate"><span class="pre">psa_aead_generate_nonce</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_aead_set_nonce"><code class="docutils literal notranslate"><span class="pre">psa_aead_set_nonce</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_aead_set_lengths"><code class="docutils literal notranslate"><span class="pre">psa_aead_set_lengths</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_aead_update_ad"><code class="docutils literal notranslate"><span class="pre">psa_aead_update_ad</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_aead_update"><code class="docutils literal notranslate"><span class="pre">psa_aead_update</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_aead_finish"><code class="docutils literal notranslate"><span class="pre">psa_aead_finish</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_aead_verify"><code class="docutils literal notranslate"><span class="pre">psa_aead_verify</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_aead_abort"><code class="docutils literal notranslate"><span class="pre">psa_aead_abort</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="api/keys/management.html">Key management functions</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="api/keys/management.html#key-creation">Key creation</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/keys/management.html#key-destruction">Key destruction</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/keys/management.html#key-export">Key export</a></li>
 </ul>
 </li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#asymmetric-cryptography">Asymmetric cryptography</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_asymmetric_sign"><code class="docutils literal notranslate"><span class="pre">psa_asymmetric_sign</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_asymmetric_verify"><code class="docutils literal notranslate"><span class="pre">psa_asymmetric_verify</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_asymmetric_encrypt"><code class="docutils literal notranslate"><span class="pre">psa_asymmetric_encrypt</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_asymmetric_decrypt"><code class="docutils literal notranslate"><span class="pre">psa_asymmetric_decrypt</span></code> (function)</a></li>
 </ul>
 </li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-derivation-and-pseudorandom-generation">Key derivation and pseudorandom generation</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_key_derivation_operation_t"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_operation_t</span></code> (type)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_DERIVATION_OPERATION_INIT"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_OPERATION_INIT</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_DERIVATION_UNLIMITED_CAPACITY"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_UNLIMITED_CAPACITY</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_key_derivation_operation_init"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_operation_init</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_key_derivation_setup"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_setup</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_key_derivation_get_capacity"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_get_capacity</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_key_derivation_set_capacity"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_set_capacity</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_key_derivation_input_bytes"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_input_bytes</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_key_derivation_input_key"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_input_key</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_key_derivation_key_agreement"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_key_agreement</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_key_derivation_output_bytes"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_output_bytes</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_key_derivation_output_key"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_output_key</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_key_derivation_abort"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_abort</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_raw_key_agreement"><code class="docutils literal notranslate"><span class="pre">psa_raw_key_agreement</span></code> (function)</a></li>
+<li class="toctree-l1"><a class="reference internal" href="api/ops/index.html">Cryptographic operation reference</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="api/ops/hashes.html">Message digests</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/hashes.html#hash-algorithms">Hash algorithms</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/hashes.html#single-part-hashing-functions">Single-part hashing functions</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/hashes.html#multi-part-hashing-operations">Multi-part hashing operations</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/hashes.html#support-macros">Support macros</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/hashes.html#hash-suspend-state">Hash suspend state</a></li>
 </ul>
 </li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#random-generation">Random generation</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_generate_random"><code class="docutils literal notranslate"><span class="pre">psa_generate_random</span></code> (function)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_generate_key"><code class="docutils literal notranslate"><span class="pre">psa_generate_key</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="api/ops/macs.html">Message authentication codes (MAC)</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/macs.html#mac-algorithms">MAC algorithms</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/macs.html#single-part-mac-functions">Single-part MAC functions</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/macs.html#multi-part-mac-operations">Multi-part MAC operations</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/macs.html#support-macros">Support macros</a></li>
 </ul>
 </li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#error-codes">Error codes</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_status_t"><code class="docutils literal notranslate"><span class="pre">psa_status_t</span></code> (type)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_SUCCESS"><code class="docutils literal notranslate"><span class="pre">PSA_SUCCESS</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ERROR_GENERIC_ERROR"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_GENERIC_ERROR</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ERROR_NOT_PERMITTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ERROR_ALREADY_EXISTS"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_ALREADY_EXISTS</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ERROR_DOES_NOT_EXIST"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_DOES_NOT_EXIST</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ERROR_BAD_STATE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_BAD_STATE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ERROR_INSUFFICIENT_STORAGE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_STORAGE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ERROR_INVALID_SIGNATURE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ERROR_INVALID_PADDING"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_PADDING</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ERROR_INSUFFICIENT_DATA"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_DATA</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ERROR_INVALID_HANDLE"><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="api/ops/ciphers.html">Unauthenticated ciphers</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/ciphers.html#cipher-algorithms">Cipher algorithms</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/ciphers.html#single-part-cipher-functions">Single-part cipher functions</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/ciphers.html#multi-part-cipher-operations">Multi-part cipher operations</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/ciphers.html#support-macros">Support macros</a></li>
 </ul>
 </li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-and-algorithm-types">Key and algorithm types</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_key_type_t"><code class="docutils literal notranslate"><span class="pre">psa_key_type_t</span></code> (type)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_ecc_curve_t"><code class="docutils literal notranslate"><span class="pre">psa_ecc_curve_t</span></code> (type)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_dh_group_t"><code class="docutils literal notranslate"><span class="pre">psa_dh_group_t</span></code> (type)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_algorithm_t"><code class="docutils literal notranslate"><span class="pre">psa_algorithm_t</span></code> (type)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_NONE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_NONE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_VENDOR_FLAG"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_VENDOR_FLAG</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_CATEGORY_MASK"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CATEGORY_MASK</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_CATEGORY_SYMMETRIC"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CATEGORY_SYMMETRIC</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_CATEGORY_RAW"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CATEGORY_RAW</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_CATEGORY_KEY_PAIR"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CATEGORY_KEY_PAIR</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_CATEGORY_FLAG_PAIR"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CATEGORY_FLAG_PAIR</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_IS_VENDOR_DEFINED"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_VENDOR_DEFINED</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_IS_UNSTRUCTURED"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_UNSTRUCTURED</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_IS_ASYMMETRIC"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_ASYMMETRIC</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_IS_PUBLIC_KEY"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_PUBLIC_KEY</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_IS_KEY_PAIR"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_KEY_PAIR</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_RAW_DATA"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_RAW_DATA</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_HMAC"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_HMAC</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_DERIVE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DERIVE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_AES"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_AES</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_DES"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DES</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_CAMELLIA"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CAMELLIA</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_ARC4"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ARC4</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_CHACHA20"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_CHACHA20</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_RSA_PUBLIC_KEY"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_RSA_PUBLIC_KEY</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_RSA_KEY_PAIR"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_RSA_KEY_PAIR</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_IS_RSA"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_RSA</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_ECC_KEY_PAIR_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR_BASE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_ECC_CURVE_MASK"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ECC_CURVE_MASK</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_ECC_KEY_PAIR"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_ECC_PUBLIC_KEY"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_ECC_PUBLIC_KEY</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_IS_ECC"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_ECC</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_IS_ECC_KEY_PAIR"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_ECC_KEY_PAIR</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_GET_CURVE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_GET_CURVE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECT163K1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT163K1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECT163R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT163R1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECT163R2"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT163R2</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECT193R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT193R1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECT193R2"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT193R2</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECT233K1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT233K1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECT233R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT233R1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECT239K1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT239K1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECT283K1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT283K1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECT283R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT283R1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECT409K1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT409K1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECT409R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT409R1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECT571K1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT571K1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECT571R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECT571R1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECP160K1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP160K1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECP160R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP160R1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECP160R2"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP160R2</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECP192K1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP192K1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECP192R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP192R1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECP224K1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP224K1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECP224R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP224R1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECP256K1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP256K1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECP256R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP256R1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECP384R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP384R1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_SECP521R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_SECP521R1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_BRAINPOOL_P256R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_BRAINPOOL_P256R1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_BRAINPOOL_P384R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_BRAINPOOL_P384R1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_BRAINPOOL_P512R1"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_BRAINPOOL_P512R1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_CURVE25519"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_CURVE25519</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_CURVE448"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_CURVE448</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_DH_KEY_PAIR_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DH_KEY_PAIR_BASE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_DH_GROUP_MASK"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DH_GROUP_MASK</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_DH_KEY_PAIR"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DH_KEY_PAIR</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_DH_PUBLIC_KEY"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_DH_PUBLIC_KEY</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_IS_DH"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_DH</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_IS_DH_KEY_PAIR"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_DH_KEY_PAIR</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_IS_DH_PUBLIC_KEY"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_IS_DH_PUBLIC_KEY</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_TYPE_GET_GROUP"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_TYPE_GET_GROUP</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_DH_GROUP_FFDHE2048"><code class="docutils literal notranslate"><span class="pre">PSA_DH_GROUP_FFDHE2048</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_DH_GROUP_FFDHE3072"><code class="docutils literal notranslate"><span class="pre">PSA_DH_GROUP_FFDHE3072</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_DH_GROUP_FFDHE4096"><code class="docutils literal notranslate"><span class="pre">PSA_DH_GROUP_FFDHE4096</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_DH_GROUP_FFDHE6144"><code class="docutils literal notranslate"><span class="pre">PSA_DH_GROUP_FFDHE6144</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_DH_GROUP_FFDHE8192"><code class="docutils literal notranslate"><span class="pre">PSA_DH_GROUP_FFDHE8192</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_BLOCK_CIPHER_BLOCK_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_BLOCK_CIPHER_BLOCK_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_VENDOR_FLAG"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_VENDOR_FLAG</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_CATEGORY_MASK"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_MASK</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_CATEGORY_HASH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_HASH</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_CATEGORY_MAC"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_MAC</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_CATEGORY_CIPHER"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_CIPHER</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_CATEGORY_AEAD"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_AEAD</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_CATEGORY_SIGN"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_SIGN</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_CATEGORY_KEY_DERIVATION"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_KEY_DERIVATION</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_CATEGORY_KEY_AGREEMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CATEGORY_KEY_AGREEMENT</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_VENDOR_DEFINED"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_VENDOR_DEFINED</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_HASH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_HASH</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_MAC"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_MAC</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_CIPHER"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_CIPHER</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_AEAD"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_AEAD</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_SIGN"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_SIGN</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_ASYMMETRIC_ENCRYPTION"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_ASYMMETRIC_ENCRYPTION</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_KEY_AGREEMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_KEY_AGREEMENT</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_KEY_DERIVATION"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_KEY_DERIVATION</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_HASH_MASK"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HASH_MASK</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_MD2"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_MD2</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_MD4"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_MD4</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_MD5"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_MD5</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_RIPEMD160"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RIPEMD160</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_SHA_1"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA_1</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_SHA_224"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA_224</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_SHA_256"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA_256</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_SHA_384"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA_384</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_SHA_512"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA_512</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_SHA_512_224"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA_512_224</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_SHA_512_256"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA_512_256</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_SHA3_224"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA3_224</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_SHA3_256"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA3_256</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_SHA3_384"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA3_384</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_SHA3_512"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SHA3_512</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_ANY_HASH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_ANY_HASH</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_MAC_SUBCATEGORY_MASK"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_MAC_SUBCATEGORY_MASK</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_HMAC_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HMAC_BASE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_HMAC"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HMAC</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_HMAC_GET_HASH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HMAC_GET_HASH</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_HMAC"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_HMAC</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_MAC_TRUNCATION_MASK"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_MAC_TRUNCATION_MASK</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_MAC_TRUNCATION_OFFSET"><code class="docutils literal notranslate"><span class="pre">PSA_MAC_TRUNCATION_OFFSET</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_TRUNCATED_MAC"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TRUNCATED_MAC</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_FULL_LENGTH_MAC"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_FULL_LENGTH_MAC</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_MAC_TRUNCATED_LENGTH"><code class="docutils literal notranslate"><span class="pre">PSA_MAC_TRUNCATED_LENGTH</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_CIPHER_MAC_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CIPHER_MAC_BASE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_CBC_MAC"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CBC_MAC</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_CMAC"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CMAC</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_GMAC"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_GMAC</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_BLOCK_CIPHER_MAC"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_BLOCK_CIPHER_MAC</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_CIPHER_STREAM_FLAG"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CIPHER_STREAM_FLAG</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_CIPHER_FROM_BLOCK_FLAG"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CIPHER_FROM_BLOCK_FLAG</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_STREAM_CIPHER"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_STREAM_CIPHER</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_ARC4"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_ARC4</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_CHACHA20"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CHACHA20</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_CTR"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CTR</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_CFB"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CFB</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_OFB"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_OFB</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_XTS"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_XTS</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_CBC_NO_PADDING"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CBC_NO_PADDING</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_CBC_PKCS7"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CBC_PKCS7</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_AEAD_FROM_BLOCK_FLAG"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_AEAD_FROM_BLOCK_FLAG</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_CCM"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CCM</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_GCM"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_GCM</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_CHACHA20_POLY1305"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_CHACHA20_POLY1305</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_AEAD_TAG_LENGTH_MASK"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_AEAD_TAG_LENGTH_MASK</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_AEAD_TAG_LENGTH_OFFSET"><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_TAG_LENGTH_OFFSET</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_AEAD_WITH_TAG_LENGTH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_AEAD_WITH_TAG_LENGTH</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE"><code class="docutils literal notranslate"><span class="pre">PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_RSA_PKCS1V15_SIGN_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN_BASE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_RSA_PKCS1V15_SIGN"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_RSA_PKCS1V15_SIGN_RAW"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_RSA_PKCS1V15_SIGN"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_RSA_PKCS1V15_SIGN</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_RSA_PSS_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PSS_BASE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_RSA_PSS"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PSS</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_RSA_PSS"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_RSA_PSS</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_ECDSA_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_ECDSA_BASE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_ECDSA"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_ECDSA</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_ECDSA_ANY"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_ECDSA_ANY</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_DETERMINISTIC_ECDSA_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA_BASE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_DETERMINISTIC_ECDSA"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_ECDSA"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_ECDSA</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_ECDSA_IS_DETERMINISTIC"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_ECDSA_IS_DETERMINISTIC</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_DETERMINISTIC_ECDSA"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_DETERMINISTIC_ECDSA</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_RANDOMIZED_ECDSA"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_RANDOMIZED_ECDSA</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_HASH_AND_SIGN"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_HASH_AND_SIGN</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_SIGN_GET_HASH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_SIGN_GET_HASH</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_RSA_PKCS1V15_CRYPT"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_PKCS1V15_CRYPT</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_RSA_OAEP_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_OAEP_BASE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_RSA_OAEP"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_OAEP</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_RSA_OAEP"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_RSA_OAEP</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_RSA_OAEP_GET_HASH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_RSA_OAEP_GET_HASH</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_HKDF_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HKDF_BASE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_HKDF"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HKDF</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_HKDF"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_HKDF</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_HKDF_GET_HASH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_HKDF_GET_HASH</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_TLS12_PRF_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PRF_BASE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_TLS12_PRF"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PRF</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_TLS12_PRF"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_TLS12_PRF</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_TLS12_PRF_GET_HASH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PRF_GET_HASH</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_TLS12_PSK_TO_MS_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS_BASE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_TLS12_PSK_TO_MS"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_TLS12_PSK_TO_MS"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_TLS12_PSK_TO_MS</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_TLS12_PSK_TO_MS_GET_HASH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS_GET_HASH</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_KEY_DERIVATION_MASK"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_KEY_DERIVATION_MASK</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_KEY_AGREEMENT_MASK"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_KEY_AGREEMENT_MASK</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_KEY_AGREEMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_KEY_AGREEMENT</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_KEY_AGREEMENT_GET_KDF"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_KDF</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_KEY_AGREEMENT_GET_BASE"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_BASE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_RAW_KEY_AGREEMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_RAW_KEY_AGREEMENT</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_KEY_DERIVATION_OR_AGREEMENT"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_KEY_DERIVATION_OR_AGREEMENT</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_FFDH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_FFDH</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_FFDH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_FFDH</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_ECDH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_ECDH</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_ECDH"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_ECDH</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_IS_WILDCARD"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_WILDCARD</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="api/ops/aead.html">Authenticated encryption with associated data (AEAD)</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/aead.html#aead-algorithms">AEAD algorithms</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/aead.html#single-part-aead-functions">Single-part AEAD functions</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/aead.html#multi-part-aead-operations">Multi-part AEAD operations</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/aead.html#support-macros">Support macros</a></li>
 </ul>
 </li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-lifetimes">Key lifetimes</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_key_lifetime_t"><code class="docutils literal notranslate"><span class="pre">psa_key_lifetime_t</span></code> (type)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_key_id_t"><code class="docutils literal notranslate"><span class="pre">psa_key_id_t</span></code> (type)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_LIFETIME_VOLATILE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_LIFETIME_PERSISTENT"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_ID_USER_MIN"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_ID_USER_MIN</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_ID_USER_MAX"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_ID_USER_MAX</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_ID_VENDOR_MIN"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_ID_VENDOR_MIN</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_ID_VENDOR_MAX"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_ID_VENDOR_MAX</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="api/ops/kdf.html">Key derivation</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/kdf.html#key-derivation-algorithms">Key derivation algorithms</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/kdf.html#input-step-types">Input step types</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/kdf.html#key-derivation-functions">Key derivation functions</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/kdf.html#support-macros">Support macros</a></li>
 </ul>
 </li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-policies">Key policies</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_key_usage_t"><code class="docutils literal notranslate"><span class="pre">psa_key_usage_t</span></code> (type)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_USAGE_EXPORT"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_USAGE_COPY"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_COPY</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_USAGE_ENCRYPT"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_USAGE_DECRYPT"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_USAGE_SIGN"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_SIGN</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_USAGE_VERIFY"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_VERIFY</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_USAGE_DERIVE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="api/ops/sign.html">Asymmetric signature</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/sign.html#asymmetric-signature-algorithms">Asymmetric signature algorithms</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/sign.html#asymmetric-signature-functions">Asymmetric signature functions</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/sign.html#support-macros">Support macros</a></li>
 </ul>
 </li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-derivation">Key derivation</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#psa_key_derivation_step_t"><code class="docutils literal notranslate"><span class="pre">psa_key_derivation_step_t</span></code> (type)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_DERIVATION_INPUT_SECRET"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_DERIVATION_INPUT_LABEL"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_LABEL</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_DERIVATION_INPUT_SALT"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_SALT</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_DERIVATION_INPUT_INFO"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_INFO</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_DERIVATION_INPUT_SEED"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_SEED</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="api/ops/pke.html">Asymmetric encryption</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/pke.html#asymmetric-encryption-algorithms">Asymmetric encryption algorithms</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/pke.html#asymmetric-encryption-functions">Asymmetric encryption functions</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/pke.html#support-macros">Support macros</a></li>
 </ul>
 </li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#other-definitions">Other definitions</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_BITS_TO_BYTES"><code class="docutils literal notranslate"><span class="pre">PSA_BITS_TO_BYTES</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_BYTES_TO_BITS"><code class="docutils literal notranslate"><span class="pre">PSA_BYTES_TO_BITS</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ROUND_UP_TO_MULTIPLE"><code class="docutils literal notranslate"><span class="pre">PSA_ROUND_UP_TO_MULTIPLE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_HASH_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_HASH_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_HASH_MAX_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_HASH_MAX_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_HMAC_MAX_HASH_BLOCK_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_HMAC_MAX_HASH_BLOCK_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_MAC_MAX_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_MAC_MAX_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_AEAD_TAG_LENGTH"><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_TAG_LENGTH</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_VENDOR_RSA_MAX_KEY_BITS"><code class="docutils literal notranslate"><span class="pre">PSA_VENDOR_RSA_MAX_KEY_BITS</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_VENDOR_ECC_MAX_CURVE_BITS"><code class="docutils literal notranslate"><span class="pre">PSA_VENDOR_ECC_MAX_CURVE_BITS</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECC_CURVE_BITS"><code class="docutils literal notranslate"><span class="pre">PSA_ECC_CURVE_BITS</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN"><code class="docutils literal notranslate"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_MAC_FINAL_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_MAC_FINAL_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_AEAD_ENCRYPT_OUTPUT_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_ENCRYPT_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_AEAD_DECRYPT_OUTPUT_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_DECRYPT_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_AEAD_UPDATE_OUTPUT_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_UPDATE_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_AEAD_FINISH_OUTPUT_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_FINISH_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_AEAD_VERIFY_OUTPUT_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_AEAD_VERIFY_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_RSA_MINIMUM_PADDING_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_RSA_MINIMUM_PADDING_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ECDSA_SIGNATURE_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_ECDSA_SIGNATURE_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE</span></code> (macro)</a></li>
-<li class="toctree-l2"><a class="reference internal" href="from_doxygen.html#PSA_KEY_EXPORT_MAX_SIZE"><code class="docutils literal notranslate"><span class="pre">PSA_KEY_EXPORT_MAX_SIZE</span></code> (macro)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="api/ops/ka.html">Key agreement</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/ka.html#key-agreement-algorithms">Key agreement algorithms</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/ka.html#standalone-key-agreement">Standalone key agreement</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/ka.html#combining-key-agreement-and-key-derivation">Combining key agreement and key derivation</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/ka.html#support-macros">Support macros</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="api/ops/rng.html">Other cryptographic services</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/rng.html#random-number-generation">Random number generation</a></li>
+</ul>
+</li>
 </ul>
 </li>
 </ul>
 </div>
-<div class="section" id="document-history">
-<h2>Document history</h2>
-<table border="1" class="longtable docutils">
-<colgroup>
-<col width="11%" />
-<col width="89%" />
-</colgroup>
-<thead valign="bottom">
-<tr class="row-odd"><th class="head">Date</th>
-<th class="head">Changes</th>
-</tr>
-</thead>
-<tbody valign="top">
-<tr class="row-even"><td>2019-01-21</td>
-<td><em>Release 1.0 beta 1</em></td>
-</tr>
-<tr class="row-odd"><td>2019-02-08</td>
-<td><ul class="first last simple">
-<li>Remove obsolete definition <code class="docutils literal notranslate"><span class="pre">PSA_ALG_IS_KEY_SELECTION</span></code>.</li>
-<li><code class="docutils literal notranslate"><span class="pre">psa_key_agreement</span></code>: document <code class="docutils literal notranslate"><span class="pre">alg</span></code> parameter.</li>
-<li><a class="reference internal" href="from_doxygen.html#c.PSA_AEAD_FINISH_OUTPUT_SIZE" title="PSA_AEAD_FINISH_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_AEAD_FINISH_OUTPUT_SIZE</span></code></a>: remove spurious parameter <code class="docutils literal notranslate"><span class="pre">plaintext_length</span></code>.</li>
+<div class="toctree-wrapper compound">
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="appendix/example_header.html">Example header file</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="appendix/example_header.html#psa-crypto-h">psa/crypto.h</a></li>
 </ul>
-</td>
-</tr>
-<tr class="row-even"><td>2019-02-08</td>
-<td>Document formatting improvements</td>
-</tr>
-<tr class="row-odd"><td>2019-02-22</td>
-<td><em>Release 1.0 beta 2</em></td>
-</tr>
-<tr class="row-even"><td>2019-03-12</td>
-<td>Specify <code class="docutils literal notranslate"><span class="pre">psa_generator_import_key</span></code> for most key types.</td>
-</tr>
-<tr class="row-odd"><td>2019-04-09</td>
-<td><p class="first">Change the value of error codes, and some names, to align
-with other PSA specifications. The name changes are:</p>
-<ul class="last simple">
-<li><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_UNKNOWN_ERROR</span></code> → <a class="reference internal" href="from_doxygen.html#c.PSA_ERROR_GENERIC_ERROR" title="PSA_ERROR_GENERIC_ERROR"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_GENERIC_ERROR</span></code></a></li>
-<li><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_OCCUPIED_SLOT</span></code> → <a class="reference internal" href="from_doxygen.html#c.PSA_ERROR_ALREADY_EXISTS" title="PSA_ERROR_ALREADY_EXISTS"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_ALREADY_EXISTS</span></code></a></li>
-<li><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_EMPTY_SLOT</span></code> → <a class="reference internal" href="from_doxygen.html#c.PSA_ERROR_DOES_NOT_EXIST" title="PSA_ERROR_DOES_NOT_EXIST"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_DOES_NOT_EXIST</span></code></a></li>
-<li><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_CAPACITY</span></code> → <a class="reference internal" href="from_doxygen.html#c.PSA_ERROR_INSUFFICIENT_DATA" title="PSA_ERROR_INSUFFICIENT_DATA"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_INSUFFICIENT_DATA</span></code></a></li>
-<li><code class="docutils literal notranslate"><span class="pre">PSA_ERROR_TAMPERING_DETECTED</span></code> → <a class="reference internal" href="from_doxygen.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></li>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="appendix/specdef_values.html">Example macro implementations</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="appendix/specdef_values.html#algorithm-macros">Algorithm macros</a></li>
+<li class="toctree-l2"><a class="reference internal" href="appendix/specdef_values.html#key-type-macros">Key type macros</a></li>
+<li class="toctree-l2"><a class="reference internal" href="appendix/specdef_values.html#hash-suspend-state-macros">Hash suspend state macros</a></li>
 </ul>
-</td>
-</tr>
-<tr class="row-even"><td>2019-05-02</td>
-<td><p class="first">Change the way keys are created to avoid “half-filled” handles
-that contained key metadata, but no key material.
-Now, to create a key, first fill in a data structure containing
-its attributes, then pass this structure to a function that
-both allocates resources for the key and fills in the key
-material. This affects the following functions:</p>
-<ul class="last simple">
-<li><a class="reference internal" href="from_doxygen.html#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_import_key</span></code></a>, <a class="reference internal" href="from_doxygen.html#c.psa_generate_key" title="psa_generate_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_generate_key</span></code></a>, <code class="docutils literal notranslate"><span class="pre">psa_generator_import_key</span></code>
-and <a class="reference internal" href="from_doxygen.html#c.psa_copy_key" title="psa_copy_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_copy_key</span></code></a> now take an attribute structure (specifically,
-a pointer to <a class="reference internal" href="from_doxygen.html#c.psa_key_attributes_t" title="psa_key_attributes_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_key_attributes_t</span></code></a>) to specify key metadata.
-This replaces the previous method of passing arguments to
-<code class="docutils literal notranslate"><span class="pre">psa_create_key</span></code> or to the key material creation function
-or calling <code class="docutils literal notranslate"><span class="pre">psa_set_key_policy</span></code>.</li>
-<li><code class="docutils literal notranslate"><span class="pre">psa_key_policy_t</span></code> and functions operating on that type
-no longer exist. A key’s policy is now accessible as part of
-its attributes.</li>
-<li><code class="docutils literal notranslate"><span class="pre">psa_get_key_information</span></code> is also replaced by accessing the
-key’s attributes (retrieved with <a class="reference internal" href="from_doxygen.html#c.psa_get_key_attributes" title="psa_get_key_attributes"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_get_key_attributes</span></code></a>).</li>
-<li><code class="docutils literal notranslate"><span class="pre">psa_create_key</span></code> no longer exists. Instead, set the key id
-attribute and the lifetime attribute before creating the
-key material.</li>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="appendix/history.html">Changes to the API</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="appendix/history.html#release-information">Release information</a></li>
+<li class="toctree-l2"><a class="reference internal" href="appendix/history.html#document-change-history">Document change history</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="appendix/history.html#changes-between-1-0-beta-1-and-1-0-beta-2">Changes between <em>1.0 beta 1</em> and <em>1.0 beta 2</em></a></li>
+<li class="toctree-l3"><a class="reference internal" href="appendix/history.html#changes-between-1-0-beta-2-and-1-0-beta-3">Changes between <em>1.0 beta 2</em> and <em>1.0 beta 3</em></a></li>
+<li class="toctree-l3"><a class="reference internal" href="appendix/history.html#changes-between-1-0-beta-3-and-1-0-0">Changes between <em>1.0 beta 3</em> and <em>1.0.0</em></a></li>
 </ul>
-</td>
-</tr>
-<tr class="row-odd"><td>2019-05-14</td>
-<td><ul class="first last simple">
-<li>Allow <a class="reference internal" href="from_doxygen.html#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_aead_update</span></code></a> to buffer data.</li>
-<li>New buffer size calculation macros.</li>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="appendix/history.html#planned-changes-for-version-1-0-x">Planned changes for version 1.0.x</a></li>
+<li class="toctree-l2"><a class="reference internal" href="appendix/history.html#future-additions">Future additions</a></li>
 </ul>
-</td>
-</tr>
-<tr class="row-even"><td>2019-05-16</td>
-<td><ul class="first last simple">
-<li>Key identifiers are no longer specific to a given lifetime
-value. <a class="reference internal" href="from_doxygen.html#c.psa_open_key" title="psa_open_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_open_key</span></code></a> no longer takes a <code class="docutils literal notranslate"><span class="pre">lifetime</span></code> parameter.</li>
-<li>Define a range of key identifiers for use by applications
-and a separate range for use by implementations.</li>
+</li>
 </ul>
-</td>
-</tr>
-<tr class="row-odd"><td>2019-05-16</td>
-<td><p class="first">Avoid the unusual terminology “generator”: call them
-“key derivation operations” instead. Rename a number of functions
-and other identifiers related to for clarity and consistency:</p>
-<ul class="last simple">
-<li><code class="docutils literal notranslate"><span class="pre">psa_crypto_generator_t</span></code> → <a class="reference internal" href="from_doxygen.html#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t"><code class="xref any c c-type docutils literal notranslate"><span class="pre">psa_key_derivation_operation_t</span></code></a></li>
-<li><code class="docutils literal notranslate"><span class="pre">PSA_CRYPTO_GENERATOR_INIT</span></code> → <a class="reference internal" href="from_doxygen.html#c.PSA_KEY_DERIVATION_OPERATION_INIT" title="PSA_KEY_DERIVATION_OPERATION_INIT"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_OPERATION_INIT</span></code></a></li>
-<li><code class="docutils literal notranslate"><span class="pre">psa_crypto_generator_init</span></code> → <a class="reference internal" href="from_doxygen.html#c.psa_key_derivation_operation_init" title="psa_key_derivation_operation_init"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_operation_init</span></code></a></li>
-<li><code class="docutils literal notranslate"><span class="pre">PSA_GENERATOR_UNBRIDLED_CAPACITY</span></code> → <a class="reference internal" href="from_doxygen.html#c.PSA_KEY_DERIVATION_UNLIMITED_CAPACITY" title="PSA_KEY_DERIVATION_UNLIMITED_CAPACITY"><code class="xref any c c-macro docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_UNLIMITED_CAPACITY</span></code></a></li>
-<li><code class="docutils literal notranslate"><span class="pre">psa_set_generator_capacity</span></code> → <a class="reference internal" href="from_doxygen.html#c.psa_key_derivation_set_capacity" title="psa_key_derivation_set_capacity"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_set_capacity</span></code></a></li>
-<li><code class="docutils literal notranslate"><span class="pre">psa_get_generator_capacity</span></code> → <a class="reference internal" href="from_doxygen.html#c.psa_key_derivation_get_capacity" title="psa_key_derivation_get_capacity"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_get_capacity</span></code></a></li>
-<li><code class="docutils literal notranslate"><span class="pre">psa_key_agreement</span></code> → <a class="reference internal" href="from_doxygen.html#c.psa_key_derivation_key_agreement" title="psa_key_derivation_key_agreement"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_key_agreement</span></code></a></li>
-<li><code class="docutils literal notranslate"><span class="pre">psa_generator_read</span></code> → <a class="reference internal" href="from_doxygen.html#c.psa_key_derivation_output_bytes" title="psa_key_derivation_output_bytes"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_output_bytes</span></code></a></li>
-<li><code class="docutils literal notranslate"><span class="pre">psa_generate_derived_key</span></code> → <a class="reference internal" href="from_doxygen.html#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_output_key</span></code></a></li>
-<li><code class="docutils literal notranslate"><span class="pre">psa_generator_abort</span></code> → <a class="reference internal" href="from_doxygen.html#c.psa_key_derivation_abort" title="psa_key_derivation_abort"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_key_derivation_abort</span></code></a></li>
-<li><code class="docutils literal notranslate"><span class="pre">psa_key_agreement_raw_shared_secret</span></code> → <a class="reference internal" href="from_doxygen.html#c.psa_raw_key_agreement" title="psa_raw_key_agreement"><code class="xref any c c-func docutils literal notranslate"><span class="pre">psa_raw_key_agreement</span></code></a></li>
-<li><code class="docutils literal notranslate"><span class="pre">PSA_KDF_STEP_xxx</span></code> → <code class="docutils literal notranslate"><span class="pre">PSA_KEY_DERIVATION_INPUT_xxx</span></code></li>
-<li><code class="docutils literal notranslate"><span class="pre">PSA_xxx_KEYPAIR</span></code> → <code class="docutils literal notranslate"><span class="pre">PSA_xxx_KEY_PAIR</span></code></li>
-</ul>
-</td>
-</tr>
-<tr class="row-even"><td>2019-05-16</td>
-<td><ul class="first last simple">
-<li>Clarify the behavior in various corner cases.</li>
-<li>Document more error conditions.</li>
-</ul>
-</td>
-</tr>
-<tr class="row-odd"><td>2019-05-21</td>
-<td>Convert TLS1.2 KDF descriptions to multistep key derivation.</td>
-</tr>
-<tr class="row-even"><td>2019-05-22</td>
-<td><em>Release 1.0 beta 3</em></td>
-</tr>
-</tbody>
-</table>
 </div>
-<div class="section" id="planned-changes-for-version-1-0">
-<h2>Planned changes for version 1.0</h2>
-<p>Here is a summary of the changes we are currently planning to make to
-this specification for version 1.0.</p>
-<ul class="simple">
-<li>Add missing macros to calculate output buffer sizes, IV/nonce sizes,
-and maximum supported data sizes.</li>
-<li>Remove the definition of most macros, to give implementations free
-choice regarding how these macros are implemented, as long as the
-implementation meets the English-language specification.</li>
-<li>Remove certain auxiliary macros that are not directly useful to
-applications, but are currently used as building blocks to define
-other macros.</li>
-<li>Correct lists of documented error codes for several functions, and
-clarify error conditions for many functions.</li>
-<li>Constrain whether and when an application may have the same persistent key
-open multiple times.</li>
-<li>Constrain the permitted implementation behavior when calling a function on
-an operation object in a state where this function does not make sense,
-and when a key is destroyed while in use.</li>
-<li>Declare identifiers for additional cryptographic algorithms.</li>
-<li>Forbid zero-length keys.</li>
-<li>Use a standard import/export format for EC keys on Montgomery curves.</li>
-<li>Mandate certain checks when importing some types of asymmetric keys.</li>
-<li>Clarifications and improvements to the description of some API elements
-and to the structure of the document.</li>
-</ul>
 <h2 id="indices">Indices</h2>
 
 <ul>
@@ -736,91 +307,47 @@
   <li><a class="reference internal" href="psa_c-identifiers.html">Index of identifiers</a></li>
   <li><a class="reference internal" href="search.html">Search</a></li>
 </ul></div>
-</div>
 
 
           </div>
-          
         </div>
       </div>
       <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
-        <div class="sphinxsidebarwrapper">
-<h1 class="logo"><a href="#">psa_crypto_api</a></h1>
-
-
-
-
-
-
-
-
-<h3>Navigation</h3>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="general.html">Introduction</a></li>
-<li class="toctree-l1"><a class="reference internal" href="general.html#design-goals">Design goals</a></li>
-<li class="toctree-l1"><a class="reference internal" href="general.html#functionality-overview">Functionality overview</a></li>
-<li class="toctree-l1"><a class="reference internal" href="general.html#sample-architectures">Sample architectures</a></li>
-<li class="toctree-l1"><a class="reference internal" href="general.html#library-conventions">Library conventions</a></li>
-<li class="toctree-l1"><a class="reference internal" href="general.html#implementation-considerations">Implementation considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="general.html#usage-considerations">Usage considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html">Implementation-specific definitions</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#library-initialization">Library initialization</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-attributes">Key attributes</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-management">Key management</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-import-and-export">Key import and export</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#message-digests">Message digests</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#message-authentication-codes">Message authentication codes</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#symmetric-ciphers">Symmetric ciphers</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#authenticated-encryption-with-associated-data-aead">Authenticated encryption with associated data (AEAD)</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#asymmetric-cryptography">Asymmetric cryptography</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-derivation-and-pseudorandom-generation">Key derivation and pseudorandom generation</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#random-generation">Random generation</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#error-codes">Error codes</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-and-algorithm-types">Key and algorithm types</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-lifetimes">Key lifetimes</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-policies">Key policies</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-derivation">Key derivation</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#other-definitions">Other definitions</a></li>
-</ul>
-
-<div class="relations">
+        <div class="sphinxsidebarwrapper"><div class="relations">
 <h3>Related Topics</h3>
 <ul>
   <li><a href="#">Documentation overview</a><ul>
-      <li>Next: <a href="general.html" title="next chapter">Introduction</a></li>
+      <li>Next: <a href="overview/intro.html" title="next chapter">Introduction</a></li>
   </ul></li>
 </ul>
 </div>
+  <div role="note" aria-label="source link">
+    <h3>This Page</h3>
+    <ul class="this-page-menu">
+      <li><a href="_sources/index.rst.txt"
+            rel="nofollow">Show Source</a></li>
+    </ul>
+   </div>
 <div id="searchbox" style="display: none" role="search">
   <h3>Quick search</h3>
-    <div class="searchformwrapper">
     <form class="search" action="search.html" method="get">
-      <input type="text" name="q" />
-      <input type="submit" value="Go" />
+      <div><input type="text" name="q" /></div>
+      <div><input type="submit" value="Go" /></div>
       <input type="hidden" name="check_keywords" value="yes" />
       <input type="hidden" name="area" value="default" />
     </form>
-    </div>
 </div>
 <script type="text/javascript">$('#searchbox').show(0);</script>
-
-
-
-
-
-
-
-
         </div>
       </div>
       <div class="clearer"></div>
     </div>
     <div class="footer">
-      &copy;2019, Arm.
+      &copy; 2019-2020, Arm Limited or its affiliates. All rights reserved.
       
       |
-      Powered by <a href="http://sphinx-doc.org/">Sphinx 1.8.5</a>
-      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.12</a>
+      Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
+      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
       
       |
       <a href="_sources/index.rst.txt"
diff --git a/docs/html/objects.inv b/docs/html/objects.inv
index 2df1e5e..410760f 100644
--- a/docs/html/objects.inv
+++ b/docs/html/objects.inv
Binary files differ
diff --git a/docs/html/overview/conventions.html b/docs/html/overview/conventions.html
new file mode 100644
index 0000000..b294ef6
--- /dev/null
+++ b/docs/html/overview/conventions.html
@@ -0,0 +1,368 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <title>Library conventions &#8212; PSA Crypto API 1.0.0 documentation</title>
+    <link rel="stylesheet" href="../_static/alabaster.css" type="text/css" />
+    <link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
+    <script type="text/javascript">
+      var DOCUMENTATION_OPTIONS = {
+        URL_ROOT:    '../',
+        VERSION:     '1.0.0',
+        COLLAPSE_INDEX: false,
+        FILE_SUFFIX: '.html',
+        HAS_SOURCE:  true,
+        SOURCELINK_SUFFIX: '.txt'
+      };
+    </script>
+    <script type="text/javascript" src="../_static/jquery.js"></script>
+    <script type="text/javascript" src="../_static/underscore.js"></script>
+    <script type="text/javascript" src="../_static/doctools.js"></script>
+    <link rel="index" title="Index" href="../genindex.html" />
+    <link rel="search" title="Search" href="../search.html" />
+    <link rel="next" title="Implementation considerations" href="implementation.html" />
+    <link rel="prev" title="Sample architectures" href="sample-arch.html" />
+   
+  <link rel="stylesheet" href="../_static/custom.css" type="text/css" />
+  
+  <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
+
+  </head>
+  <body>
+  
+
+    <div class="document">
+      <div class="documentwrapper">
+        <div class="bodywrapper">
+          <div class="body" role="main">
+            
+  <div class="section" id="library-conventions">
+<h1>Library conventions</h1>
+<div class="section" id="error-handling">
+<h2>Error handling</h2>
+<div class="section" id="return-status">
+<h3>Return status</h3>
+<p>Almost all functions return a status indication of type <a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_status_t</span></code></a>. This
+is an enumeration of integer values, with <code class="docutils literal"><span class="pre">0</span></code> (<a class="reference internal" href="../api/library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SUCCESS</span></code></a>) indicating
+successful operation and other values indicating errors. The exceptions are
+functions which only access objects that are intended to be implemented as
+simple data structures. Such functions cannot fail and either return
+<code class="docutils literal"><span class="pre">void</span></code> or a data value.</p>
+<p>Unless specified otherwise, if multiple error conditions apply, an
+implementation is free to return any of the applicable error codes. The choice
+of error code is considered an implementation quality issue. Different
+implementations can make different choices, for example to favor code size over
+ease of debugging or vice versa.</p>
+<p>If the behavior is undefined, for example, if a function receives an invalid
+pointer as a parameter, this specification makes no guarantee that the function
+will return an error. Implementations are encouraged to return an error or halt
+the application in a manner that is appropriate for the platform if the
+undefined behavior condition can be detected. However, application developers need to be aware that undefined behavior conditions cannot be detected in general.</p>
+</div>
+<div class="section" id="behavior-on-error">
+<h3>Behavior on error</h3>
+<p>All function calls must be implemented atomically:</p>
+<ul class="simple">
+<li>When a function returns a type other than <a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_status_t</span></code></a>, the requested
+action has been carried out.</li>
+<li>When a function returns the status <a class="reference internal" href="../api/library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SUCCESS</span></code></a>, the requested action has
+been carried out.</li>
+<li>When a function returns another status of type <a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_status_t</span></code></a>, no action
+has been carried out. The content of the output parameters is undefined, but
+otherwise the state of the system has not changed, except as described below.</li>
+</ul>
+<p>In general, functions that modify the system state, for example, creating or
+destroying a key, must leave the system state unchanged if they return an error
+code. There are specific conditions that can result in different behavior:</p>
+<ul class="simple">
+<li>The status <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a> indicates that a parameter was not in a
+valid state for the requested action. This parameter might have been modified
+by the call and is now in an undefined state. The only valid action on an
+object in an undefined state is to abort it with the appropriate
+<code class="docutils literal"><span class="pre">psa_abort_xxx()</span></code> function.</li>
+<li>The status <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_INSUFFICIENT_DATA" title="PSA_ERROR_INSUFFICIENT_DATA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_DATA</span></code></a> indicates that a key
+derivation object has reached its maximum capacity. The key derivation
+operation might have been modified by the call. Any further attempt to obtain
+output from the key derivation operation will return
+<a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_INSUFFICIENT_DATA" title="PSA_ERROR_INSUFFICIENT_DATA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_DATA</span></code></a>.</li>
+<li>The status <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a> indicates that the
+communication between the application and the cryptoprocessor has broken
+down. In this case, the cryptoprocessor must either finish the requested
+action successfully, or interrupt the action and roll back the system to its
+original state. Because it is often impossible to report the outcome to the
+application after a communication failure, this specification does not
+provide a way for the application to determine whether the action was
+successful.</li>
+<li>The statuses <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a>, <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a>, <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a>
+and <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a> might indicate data corruption in the
+system state. When a function returns one of these statuses, the system state
+might have changed from its previous state before the function call, even
+though the function call failed.</li>
+<li>Some system states cannot be rolled back, for example, the internal state of
+the random number generator or the content of access logs.</li>
+</ul>
+<p>Unless otherwise documented, the content of output parameters is not defined
+when a function returns a status other than <a class="reference internal" href="../api/library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SUCCESS</span></code></a>. It is recommended
+that implementations set output parameters to safe defaults to avoid leaking
+confidential data and limit risk, in case an application does not properly
+handle all errors.</p>
+</div>
+</div>
+<div class="section" id="parameter-conventions">
+<h2>Parameter conventions</h2>
+<div class="section" id="pointer-conventions">
+<h3>Pointer conventions</h3>
+<p>Unless explicitly stated in the documentation of a function, all pointers must
+be valid pointers to an object of the specified type.</p>
+<p>A parameter is considered a <strong>buffer</strong> if it points to an array of bytes. A
+buffer parameter always has the type <code class="docutils literal"><span class="pre">uint8_t</span> <span class="pre">*</span></code> or <code class="docutils literal"><span class="pre">const</span> <span class="pre">uint8_t</span> <span class="pre">*</span></code>, and
+always has an associated parameter indicating the size of the array. Note that a
+parameter of type <code class="docutils literal"><span class="pre">void</span> <span class="pre">*</span></code> is never considered a buffer.</p>
+<p>All parameters of pointer type must be valid non-null pointers, unless the
+pointer is to a buffer of length <code class="docutils literal"><span class="pre">0</span></code> or the function’s documentation
+explicitly describes the behavior when the pointer is null. Passing a null
+pointer as a function parameter in other cases is expected to abort the caller
+on implementations where this is the normal behavior for a null pointer
+dereference.</p>
+<p>Pointers to input parameters can be in read-only memory. Output parameters must
+be in writable memory. Output parameters that are not buffers must also be
+readable, and the implementation must be able to write to a non-buffer output
+parameter and read back the same value, as explained in the
+<em><a class="reference internal" href="#stability-of-parameters"><span class="std std-ref">Stability of parameters</span></a></em> section.</p>
+</div>
+<div class="section" id="input-buffer-sizes">
+<h3>Input buffer sizes</h3>
+<p>For input buffers, the parameter convention is:</p>
+<dl class="docutils">
+<dt><code class="docutils literal"><span class="pre">const</span> <span class="pre">uint8_t</span> <span class="pre">*foo</span></code></dt>
+<dd>Pointer to the first byte of the data. The pointer
+can be invalid if the buffer size is <code class="docutils literal"><span class="pre">0</span></code>.</dd>
+<dt><code class="docutils literal"><span class="pre">size_t</span> <span class="pre">foo_length</span></code></dt>
+<dd>Size of the buffer in bytes.</dd>
+</dl>
+<p>The interface never uses input-output buffers.</p>
+</div>
+<div class="section" id="output-buffer-sizes">
+<h3>Output buffer sizes</h3>
+<p>For output buffers, the parameter convention is:</p>
+<dl class="docutils">
+<dt><code class="docutils literal"><span class="pre">uint8_t</span> <span class="pre">*foo</span></code></dt>
+<dd>Pointer to the first byte of the data. The pointer can be
+invalid if the buffer size is <code class="docutils literal"><span class="pre">0</span></code>.</dd>
+<dt><code class="docutils literal"><span class="pre">size_t</span> <span class="pre">foo_size</span></code></dt>
+<dd>The size of the buffer in bytes.</dd>
+<dt><code class="docutils literal"><span class="pre">size_t</span> <span class="pre">*foo_length</span></code></dt>
+<dd>On successful return, contains the length of the
+output in bytes.</dd>
+</dl>
+<p>The content of the data buffer and of <code class="docutils literal"><span class="pre">*foo_length</span></code> on errors is unspecified,
+unless explicitly mentioned in the function description. They might be unmodified
+or set to a safe default. On successful completion, the content of the buffer
+between the offsets <code class="docutils literal"><span class="pre">*foo_length</span></code> and <code class="docutils literal"><span class="pre">foo_size</span></code> is also unspecified.</p>
+<p>Functions return <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a> if the buffer size is
+insufficient to carry out the requested operation. The interface defines macros
+to calculate a sufficient buffer size for each operation that has an output
+buffer. These macros return compile-time constants if their arguments are
+compile-time constants, so they are suitable for static or stack allocation.
+Refer to an individual function’s documentation for the associated output size
+macro.</p>
+<p>Some functions always return exactly as much data as the size of the output
+buffer. In this case, the parameter convention changes to:</p>
+<dl class="docutils">
+<dt><code class="docutils literal"><span class="pre">uint8_t</span> <span class="pre">*foo</span></code></dt>
+<dd>Pointer to the first byte of the output. The pointer can be
+invalid if the buffer size is <code class="docutils literal"><span class="pre">0</span></code>.</dd>
+<dt><code class="docutils literal"><span class="pre">size_t</span> <span class="pre">foo_length</span></code></dt>
+<dd>The number of bytes to return in <code class="docutils literal"><span class="pre">foo</span></code> if
+successful.</dd>
+</dl>
+</div>
+<div class="section" id="overlap-between-parameters">
+<h3>Overlap between parameters</h3>
+<p>Output parameters that are not buffers must not overlap with any input buffer or
+with any other output parameter. Otherwise, the behavior is undefined.</p>
+<p>Output buffers can overlap with input buffers. In this event, the implementation
+must return the same result as if the buffers did not overlap. The
+implementation must behave as if it had copied all the inputs into temporary
+memory, as far as the result is concerned. However, it is possible that overlap
+between parameters will affect the performance of a function call. Overlap might
+also affect memory management security if the buffer is located in memory that
+the caller shares with another security context, as described in the
+<em><a class="reference internal" href="#stability-of-parameters"><span class="std std-ref">Stability of parameters</span></a></em> section.</p>
+</div>
+<div class="section" id="stability-of-parameters">
+<span id="id1"></span><h3>Stability of parameters</h3>
+<p>In some environments, it is possible for the content of a parameter to change
+while a function is executing. It might also be possible for the content of an
+output parameter to be read before the function terminates. This can happen if
+the application is multithreaded. In some implementations, memory can be shared
+between security contexts, for example, between tasks in a multitasking
+operating system, between a user land task and the kernel, or between the
+Non-secure world and the Secure world of a trusted execution environment.</p>
+<p>This section describes the assumptions that an implementation can make about
+function parameters, and the guarantees that the implementation must provide
+about how it accesses parameters.</p>
+<p>Parameters that are not buffers are assumed to be under the caller’s full
+control. In a shared memory environment, this means that the parameter must be
+in memory that is exclusively accessible by the application. In a multithreaded
+environment, this means that the parameter must not be modified during the
+execution, and the value of an output parameter is undetermined until the
+function returns. The implementation can read an input parameter that is not a
+buffer multiple times and expect to read the same data. The implementation can
+write to an output parameter that is not a buffer and expect to read back the
+value that it last wrote. The implementation has the same permissions on buffers
+that overlap with a buffer in the opposite direction.</p>
+<p>In an environment with multiple threads or with shared memory, the
+implementation carefully accesses non-overlapping buffer parameters in order to
+prevent any security risk resulting from the content of the buffer being
+modified or observed during the execution of the function. In an input buffer
+that does not overlap with an output buffer, the implementation reads each byte
+of the input once, at most. The implementation does not read from an output
+buffer that does not overlap with an input buffer. Additionally, the
+implementation does not write data to a non-overlapping output buffer if this
+data is potentially confidential and the implementation has not yet verified
+that outputting this data is authorized.</p>
+<p>Unless otherwise specified, the implementation must not keep a reference to any
+parameter once a function call has returned.</p>
+</div>
+</div>
+<div class="section" id="key-types-and-algorithms">
+<h2>Key types and algorithms</h2>
+<p>Types of cryptographic keys and cryptographic algorithms are encoded separately.
+Each is encoded by using an integral type: <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a> and
+<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>, respectively.</p>
+<p>There is some overlap in the information conveyed by key types and algorithms.
+Both types contain enough information, so that the meaning of an algorithm type
+value does not depend on what type of key it is used with, and vice versa.
+However, the particular instance of an algorithm might depend on the key type. For
+example, the algorithm <a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_GCM" title="PSA_ALG_GCM"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_GCM</span></code></a> can be instantiated as any AEAD algorithm
+using the GCM mode over a block cipher. The underlying block cipher is
+determined by the key type.</p>
+<p>Key types do not encode the key size. For example, AES-128, AES-192 and AES-256
+share a key type <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_AES" title="PSA_KEY_TYPE_AES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_AES</span></code></a>.</p>
+<div class="section" id="structure-of-key-and-algorithm-types">
+<h3>Structure of key and algorithm types</h3>
+<p>Both types use a partial bitmask structure, which allows the analysis and
+building of values from parts. However, the interface defines constants, so that
+applications do not need to depend on the encoding, and an implementation might
+only care about the encoding for code size optimization.</p>
+<p>The encodings follows a few conventions:</p>
+<ul class="simple">
+<li>The highest bit is a vendor flag. Current and future versions of this
+specification will only define values where this bit is clear.
+Implementations that wish to define additional implementation-specific values
+must use values where this bit is set, to avoid conflicts with future
+versions of this specification.</li>
+<li>The next few highest bits indicate the corresponding algorithm category:
+hash, MAC, symmetric cipher, asymmetric encryption, and so on.</li>
+<li>The following bits identify a family of algorithms in a category-dependent
+manner.</li>
+<li>In some categories and algorithm families, the lowest-order bits indicate a
+variant in a systematic way. For example, algorithm families that are
+parametrized around a hash function encode the hash in the 8 lowest bits.</li>
+</ul>
+</div>
+</div>
+<div class="section" id="concurrent-calls">
+<span id="concurrency"></span><h2>Concurrent calls</h2>
+<p>In some environments, an application can make calls to the PSA crypto API in
+separate threads. In such an environment, concurrent calls are performed
+correctly, as if the calls were executed in sequence, provided that they obey
+the following constraints:</p>
+<ul class="simple">
+<li>There is no overlap between an output parameter of one call and an input or
+output parameter of another call. Overlap between input parameters is
+permitted.</li>
+<li>If a call destroys a key, then no other call must destroy or use that key.
+<em>Using</em>, in this context, includes all functions of multi-part operations
+which have used the key as an input in a previous function.</li>
+<li>Concurrent calls that use the same key are permitted.</li>
+<li>Concurrent calls must not use the same operation object.</li>
+</ul>
+<p>If any of these constraints are violated, the behavior is undefined.</p>
+<p>If the application modifies an input parameter while a function call is in
+progress, the behavior is undefined.</p>
+<p>Individual implementations can provide additional guarantees.</p>
+</div>
+</div>
+
+
+          </div>
+        </div>
+      </div>
+      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
+        <div class="sphinxsidebarwrapper">
+  <h3><a href="../index.html">Table Of Contents</a></h3>
+  <ul>
+<li><a class="reference internal" href="#">Library conventions</a><ul>
+<li><a class="reference internal" href="#error-handling">Error handling</a><ul>
+<li><a class="reference internal" href="#return-status">Return status</a></li>
+<li><a class="reference internal" href="#behavior-on-error">Behavior on error</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#parameter-conventions">Parameter conventions</a><ul>
+<li><a class="reference internal" href="#pointer-conventions">Pointer conventions</a></li>
+<li><a class="reference internal" href="#input-buffer-sizes">Input buffer sizes</a></li>
+<li><a class="reference internal" href="#output-buffer-sizes">Output buffer sizes</a></li>
+<li><a class="reference internal" href="#overlap-between-parameters">Overlap between parameters</a></li>
+<li><a class="reference internal" href="#stability-of-parameters">Stability of parameters</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#key-types-and-algorithms">Key types and algorithms</a><ul>
+<li><a class="reference internal" href="#structure-of-key-and-algorithm-types">Structure of key and algorithm types</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#concurrent-calls">Concurrent calls</a></li>
+</ul>
+</li>
+</ul>
+<div class="relations">
+<h3>Related Topics</h3>
+<ul>
+  <li><a href="../index.html">Documentation overview</a><ul>
+      <li>Previous: <a href="sample-arch.html" title="previous chapter">Sample architectures</a></li>
+      <li>Next: <a href="implementation.html" title="next chapter">Implementation considerations</a></li>
+  </ul></li>
+</ul>
+</div>
+  <div role="note" aria-label="source link">
+    <h3>This Page</h3>
+    <ul class="this-page-menu">
+      <li><a href="../_sources/overview/conventions.rst.txt"
+            rel="nofollow">Show Source</a></li>
+    </ul>
+   </div>
+<div id="searchbox" style="display: none" role="search">
+  <h3>Quick search</h3>
+    <form class="search" action="../search.html" method="get">
+      <div><input type="text" name="q" /></div>
+      <div><input type="submit" value="Go" /></div>
+      <input type="hidden" name="check_keywords" value="yes" />
+      <input type="hidden" name="area" value="default" />
+    </form>
+</div>
+<script type="text/javascript">$('#searchbox').show(0);</script>
+        </div>
+      </div>
+      <div class="clearer"></div>
+    </div>
+    <div class="footer">
+      &copy; 2019-2020, Arm Limited or its affiliates. All rights reserved.
+      
+      |
+      Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
+      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
+      
+      |
+      <a href="../_sources/overview/conventions.rst.txt"
+          rel="nofollow">Page source</a>
+    </div>
+
+    
+
+    
+  </body>
+</html>
\ No newline at end of file
diff --git a/docs/html/overview/functionality.html b/docs/html/overview/functionality.html
new file mode 100644
index 0000000..5f9d447
--- /dev/null
+++ b/docs/html/overview/functionality.html
@@ -0,0 +1,706 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <title>Functionality overview &#8212; PSA Crypto API 1.0.0 documentation</title>
+    <link rel="stylesheet" href="../_static/alabaster.css" type="text/css" />
+    <link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
+    <script type="text/javascript">
+      var DOCUMENTATION_OPTIONS = {
+        URL_ROOT:    '../',
+        VERSION:     '1.0.0',
+        COLLAPSE_INDEX: false,
+        FILE_SUFFIX: '.html',
+        HAS_SOURCE:  true,
+        SOURCELINK_SUFFIX: '.txt'
+      };
+    </script>
+    <script type="text/javascript" src="../_static/jquery.js"></script>
+    <script type="text/javascript" src="../_static/underscore.js"></script>
+    <script type="text/javascript" src="../_static/doctools.js"></script>
+    <link rel="index" title="Index" href="../genindex.html" />
+    <link rel="search" title="Search" href="../search.html" />
+    <link rel="next" title="Sample architectures" href="sample-arch.html" />
+    <link rel="prev" title="Design goals" href="goals.html" />
+   
+  <link rel="stylesheet" href="../_static/custom.css" type="text/css" />
+  
+  <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
+
+  </head>
+  <body>
+  
+
+    <div class="document">
+      <div class="documentwrapper">
+        <div class="bodywrapper">
+          <div class="body" role="main">
+            
+  <div class="section" id="functionality-overview">
+<span id="id1"></span><h1>Functionality overview</h1>
+<p>This section provides a high-level overview of the functionality provided by the
+interface defined in this specification. Refer to the <a class="reference internal" href="../api/library/index.html#api-reference"><span class="std std-ref">API definition</span></a> for a detailed description.</p>
+<p><a class="reference internal" href="../appendix/history.html#future"><span class="std std-ref">Future additions</span></a> describes features that might be included in future versions of this
+specification.</p>
+<p>Due to the modularity of the interface, almost every part of the library is
+optional. The only mandatory function is <a class="reference internal" href="../api/library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</p>
+<div class="section" id="library-management">
+<h2>Library management</h2>
+<p>Applications must call <a class="reference internal" href="../api/library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a> to initialize the library before
+using any other function.</p>
+</div>
+<div class="section" id="key-management">
+<h2>Key management</h2>
+<p>Applications always access keys indirectly via an identifier, and can perform
+operations using a key without accessing the key material. This allows keys to
+be <em>non-extractable</em>, where an application can use a key but is not permitted to
+obtain the key material. Non-extractable keys are bound to the device, can be
+rate-limited and can have their usage restricted by policies.</p>
+<p>Each key has a set of attributes that describe the key and the policy for using
+the key. A <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_attributes_t</span></code></a> object contains all of the attributes, which
+is used when creating a key and when querying key attributes.</p>
+<p>Each key has a <em>lifetime</em> that determines when the key material is destroyed.
+There are two types of lifetimes: <a class="reference internal" href="#volatile-keys"><span class="std std-ref">volatile</span></a> and
+<a class="reference internal" href="#persistent-keys"><span class="std std-ref">persistent</span></a>.</p>
+<div class="section" id="volatile-keys">
+<span id="id2"></span><h3>Volatile keys</h3>
+<p>A <em>volatile</em> key exists until it explicitly destroyed with <a class="reference internal" href="../api/keys/management.html#c.psa_destroy_key" title="psa_destroy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_destroy_key()</span></code></a>
+or until the application terminates, which conceptually destroys all of its
+volatile keys.</p>
+<p>Conceptually, a volatile key is stored in RAM. Volatile keys have the
+lifetime <a class="reference internal" href="../api/keys/locations.html#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code></a>.</p>
+<p>To create a volatile key:</p>
+<ol class="arabic simple">
+<li>Populate a <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_attributes_t</span></code></a> object with the required type, size, policy
+and other key attributes.</li>
+<li>Create the key with <a class="reference internal" href="../api/keys/management.html#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_import_key()</span></code></a>, <a class="reference internal" href="../api/keys/management.html#c.psa_generate_key" title="psa_generate_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_generate_key()</span></code></a>,
+<a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_key()</span></code></a> or <a class="reference internal" href="../api/keys/management.html#c.psa_copy_key" title="psa_copy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_copy_key()</span></code></a>. If successful, these
+functions output a transient <a class="reference internal" href="#key-ids"><span class="std std-ref">key identifier</span></a>.</li>
+</ol>
+<p>To destroy a volatile key, call <a class="reference internal" href="../api/keys/management.html#c.psa_destroy_key" title="psa_destroy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_destroy_key()</span></code></a> with the key identifier.</p>
+</div>
+<div class="section" id="persistent-keys">
+<span id="id3"></span><h3>Persistent keys</h3>
+<p>A <em>persistent</em> key exists until it explicitly destroyed with <a class="reference internal" href="../api/keys/management.html#c.psa_destroy_key" title="psa_destroy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_destroy_key()</span></code></a>
+or until it is wiped by the reset or destruction of the device.</p>
+<p>Each persistent key has a permanent key identifier, which acts as a name for the key.
+Within an application, the key identifier corresponds to a single key. The
+application specifies the key identifier when the key is created and when
+using the key.</p>
+<p>Persistent keys can be stored in different storage areas; this is indicated
+through different lifetime values. This specification defines a single lifetime
+value <a class="reference internal" href="../api/keys/locations.html#c.PSA_KEY_LIFETIME_PERSISTENT" title="PSA_KEY_LIFETIME_PERSISTENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code></a> which corresponds to a default storage
+area. Implementations can define alternative lifetime values corresponding to
+different storage areas with different retention policies, or to secure elements
+with different security characteristics.</p>
+<p>To create a persistent key:</p>
+<ol class="arabic">
+<li><p class="first">Populate a <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_attributes_t</span></code></a> object with the key’s type, size, policy
+and other attributes.</p>
+</li>
+<li><p class="first">In the attributes object, set the desired lifetime and persistent identifier
+for the key.</p>
+</li>
+<li><p class="first">Create the key with one of the <em>key creation functions</em>:</p>
+<ul class="simple">
+<li><a class="reference internal" href="../api/keys/management.html#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_import_key()</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/management.html#c.psa_generate_key" title="psa_generate_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_generate_key()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_key()</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/management.html#c.psa_copy_key" title="psa_copy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_copy_key()</span></code></a></li>
+</ul>
+<p>If successful, these functions output the <a class="reference internal" href="#key-ids"><span class="std std-ref">key identifier</span></a>
+that was specified by the application in step 2.</p>
+</li>
+</ol>
+<p>To access an existing persistent key: use the key identifier in any API that
+requires a key.</p>
+<p>To remove cached copies of key material for persistent keys created with the
+<a class="reference internal" href="../api/keys/usage.html#c.PSA_KEY_USAGE_CACHE" title="PSA_KEY_USAGE_CACHE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_CACHE</span></code></a> policy: call <a class="reference internal" href="../api/keys/management.html#c.psa_purge_key" title="psa_purge_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_purge_key()</span></code></a> with the key identifier.</p>
+<p>To destroy a persistent key: call <a class="reference internal" href="../api/keys/management.html#c.psa_destroy_key" title="psa_destroy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_destroy_key()</span></code></a> with the key identifier.
+Destroying a persistent key permanently removes it from memory and storage.</p>
+<p>The key lifetime and identifier are set when the key is created and cannot be
+changed without destroying the key first. If the original key permits copying,
+then the application can specify a different lifetime for the copy of the key.</p>
+</div>
+<div class="section" id="key-identifiers">
+<span id="key-ids"></span><h3>Key identifiers</h3>
+<p>Key identifiers are integral values that act as permanent names for persistent
+keys, or as transient references to volatile keys. Key identifiers use the
+<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_id_t</span></code></a> type, and the range of identifier values is divided as follows:</p>
+<dl class="docutils">
+<dt><a class="reference internal" href="../api/keys/locations.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a><code class="docutils literal"> <span class="pre">=</span> <span class="pre">0</span></code></dt>
+<dd>Reserved as an invalid key identifier.</dd>
+<dt><a class="reference internal" href="../api/keys/locations.html#c.PSA_KEY_ID_USER_MIN" title="PSA_KEY_ID_USER_MIN"><code class="docutils literal"><span class="pre">PSA_KEY_ID_USER_MIN</span></code></a><code class="docutils literal"> <span class="pre">-</span> </code><a class="reference internal" href="../api/keys/locations.html#c.PSA_KEY_ID_USER_MAX" title="PSA_KEY_ID_USER_MAX"><code class="docutils literal"><span class="pre">PSA_KEY_ID_USER_MAX</span></code></a></dt>
+<dd>Applications can freely choose persistent key identifiers in this range.</dd>
+<dt><a class="reference internal" href="../api/keys/locations.html#c.PSA_KEY_ID_VENDOR_MIN" title="PSA_KEY_ID_VENDOR_MIN"><code class="docutils literal"><span class="pre">PSA_KEY_ID_VENDOR_MIN</span></code></a><code class="docutils literal"> <span class="pre">-</span> </code><a class="reference internal" href="../api/keys/locations.html#c.PSA_KEY_ID_VENDOR_MAX" title="PSA_KEY_ID_VENDOR_MAX"><code class="docutils literal"><span class="pre">PSA_KEY_ID_VENDOR_MAX</span></code></a></dt>
+<dd>Implementations can define additional persistent key identifiers in this
+range, and must allocate any volatile key identifiers from this range.</dd>
+</dl>
+<p>Key identifiers outside these ranges are reserved for future use.</p>
+<p>Key identifiers are output from a successful call to one of
+the key creation functions. For persistent keys, this is the same identifier
+as the one specified in the key attributes used to create the key.
+The key identifier remains valid until it is invalidated by passing it to
+<a class="reference internal" href="../api/keys/management.html#c.psa_destroy_key" title="psa_destroy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_destroy_key()</span></code></a>. A volatile key identifier must not be used after it has been
+invalidated.</p>
+<p>Valid key identifiers must have distinct values within the same application. If
+the implementation provides <a class="reference internal" href="goals.html#isolation"><span class="std std-ref">caller isolation</span></a>, then key
+identifiers are local to each application. That is, the same key identifier in two
+applications corresponds to two different keys.</p>
+<p>If an invalid key identifier is provided as a parameter in any function, the
+function will return <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a>; except for the special case of
+calling <a class="reference internal" href="../api/keys/management.html#c.psa_destroy_key" title="psa_destroy_key"><code class="docutils literal"><span class="pre">psa_destroy_key</span></code></a><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="../api/keys/locations.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a><code class="docutils literal"><span class="pre">)</span></code>, which has no effect and always
+returns <a class="reference internal" href="../api/library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SUCCESS</span></code></a>.</p>
+<p>There must be a matching call to <a class="reference internal" href="../api/keys/management.html#c.psa_destroy_key" title="psa_destroy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_destroy_key()</span></code></a> for each successful call
+to a create a volatile key.</p>
+<p>A call to <a class="reference internal" href="../api/keys/management.html#c.psa_destroy_key" title="psa_destroy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_destroy_key()</span></code></a> destroys the key material, and will cause any active
+operations that are using the key to fail. Therefore an application must not
+destroy a key while an operation using that key is in progress, unless the
+application is prepared to handle a failure of the operation.</p>
+</div>
+<div class="section" id="recommendations-of-minimum-standards-for-key-management">
+<h3>Recommendations of minimum standards for key management</h3>
+<p>Most implementations provide the following functions:</p>
+<ul class="simple">
+<li><a class="reference internal" href="../api/keys/management.html#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_import_key()</span></code></a>. The exceptions are implementations that only give access
+to a key or keys that are provisioned by proprietary means, and do not allow
+the main application to use its own cryptographic material.</li>
+<li><a class="reference internal" href="../api/keys/attributes.html#c.psa_get_key_attributes" title="psa_get_key_attributes"><code class="xref any c c-func docutils literal"><span class="pre">psa_get_key_attributes()</span></code></a> and the <code class="docutils literal"><span class="pre">psa_get_key_xxx()</span></code> accessor functions.
+They are easy to implement, and it is difficult to write applications and to
+diagnose issues without being able to check the metadata.</li>
+<li><a class="reference internal" href="../api/keys/management.html#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_public_key()</span></code></a>. This function is usually provided if the
+implementation supports any asymmetric algorithm, since public-key
+cryptography often requires the delivery of a public key that is associated
+with a protected private key.</li>
+<li><a class="reference internal" href="../api/keys/management.html#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_key()</span></code></a>. However, highly constrained implementations that are
+designed to work only with short-term keys, or only with long-term
+non-extractable keys, do not need to provide this function.</li>
+</ul>
+</div>
+</div>
+<div class="section" id="usage-policies">
+<h2>Usage policies</h2>
+<p>All keys have an associated policy that regulates which operations are permitted
+on the key. Each key policy is a set of usage flags and a specific algorithm
+that is permitted with the key. The policy is part of the key attributes that
+are managed by a <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_attributes_t</span></code></a> object.</p>
+<p>The usage flags are encoded in a bitmask, which has the type
+<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_usage_t" title="psa_key_usage_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_usage_t</span></code></a>. Four kinds of usage flag can be specified:</p>
+<ul class="simple">
+<li>The extractable flag <a class="reference internal" href="../api/keys/usage.html#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code></a> determines whether the key
+material can be extracted.</li>
+<li>The copyable flag <a class="reference internal" href="../api/keys/usage.html#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_COPY</span></code></a> determines whether the key material
+can be copied into a new key, which can have a different lifetime or a more
+restrictive policy.</li>
+<li>The cacheable flag <a class="reference internal" href="../api/keys/usage.html#c.PSA_KEY_USAGE_CACHE" title="PSA_KEY_USAGE_CACHE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_CACHE</span></code></a> determines whether the
+implementation is permitted to retain non-essential copies of the
+key material in RAM. This policy only applies to persistent keys. See also
+<em><a class="reference internal" href="implementation.html#key-material"><span class="std std-ref">Managing key material</span></a></em>.</li>
+<li>The other usage flags, for example, <a class="reference internal" href="../api/keys/usage.html#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code></a> and <a class="reference internal" href="../api/keys/usage.html#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code></a>,
+determine whether the corresponding operation is permitted on the key.</li>
+</ul>
+<p>In addition to the usage bitmask, a policy specifies which algorithm is
+permitted with the key. This specification only defines policies that restrict
+keys to a single algorithm, which is consistent with both common practice and
+security good practice.</p>
+<p>A highly constrained implementation might not be able to support all the policies
+that can be expressed through this interface. If an implementation cannot create
+a key with the required policy, it must return an appropriate error code when
+the key is created.</p>
+</div>
+<div class="section" id="symmetric-cryptography">
+<h2>Symmetric cryptography</h2>
+<p>This specification defines interfaces for the following types of symmetric
+cryptographic operation:</p>
+<ul class="simple">
+<li>Message digests, commonly known as hash functions.</li>
+<li>Message authentication codes (MAC).</li>
+<li>Symmetric ciphers.</li>
+<li>Authenticated encryption with associated data (AEAD).</li>
+</ul>
+<p>For each type of symmetric cryptographic operation, the API includes:</p>
+<ul class="simple">
+<li>A pair of <em>single-part</em> functions. For example, compute and verify, or
+encrypt and decrypt.</li>
+<li>A series of functions that permit <em>multi-part operations</em>.</li>
+</ul>
+<div class="section" id="single-part-functions">
+<h3>Single-part Functions</h3>
+<p>Single-part functions are APIs that implement the cryptographic operation in a
+single function call. This is the easiest API to use when all of the inputs and
+outputs fit into the application memory.</p>
+<p>Some use cases involve messages that are too large to be assembled in memory, or
+require non-default configuration of the algorithm. These use cases require the
+use of a <em><a class="reference internal" href="#multi-part-operations"><span class="std std-ref">multi-part operation</span></a></em>.</p>
+</div>
+<div class="section" id="multi-part-operations">
+<span id="id4"></span><h3>Multi-part operations</h3>
+<p>Multi-part operations are APIs which split a single cryptographic operation into
+a sequence of separate steps. This enables fine control over the configuration
+of the cryptographic operation, and allows the message data to be processed in
+fragments instead of all at once. For example, the following situations require
+the use of a multi-part operation:</p>
+<ul class="simple">
+<li>Processing messages that cannot be assembled in memory.</li>
+<li>Using a deterministic IV for unauthenticated encryption.</li>
+<li>Providing the IV separately for unauthenticated encryption or decryption.</li>
+<li>Separating the AEAD authentication tag from the cipher text.</li>
+</ul>
+<p>Each multi-part operation defines a specific object type to maintain the state
+of the operation. These types are implementation-defined. All multi-part
+operations follow the same pattern of use:</p>
+<ol class="arabic">
+<li><p class="first"><strong>Allocate:</strong> Allocate memory for an operation object of the appropriate
+type. The application can use any allocation strategy: stack, heap, static, etc.</p>
+</li>
+<li><p class="first"><strong>Initialize:</strong> Initialize or assign the operation object by one of the
+following methods:</p>
+<blockquote>
+<div><ul class="simple">
+<li>Set it to logical zero. This is automatic for static and global
+variables. Explicit initialization must use the associated
+<code class="docutils literal"><span class="pre">PSA_xxx_INIT</span></code> macro as the type is implementation-defined.</li>
+<li>Set it to all-bits zero. This is automatic if the object was
+allocated with <code class="docutils literal"><span class="pre">calloc()</span></code>.</li>
+<li>Assign the value of the associated macro <code class="docutils literal"><span class="pre">PSA_xxx_INIT</span></code>.</li>
+<li>Assign the result of calling the associated function
+<code class="docutils literal"><span class="pre">psa_xxx_init()</span></code>.</li>
+</ul>
+</div></blockquote>
+<p>The resulting object is now <em>inactive</em>.</p>
+<p>It is an error to initialize an operation object that is in <em>active</em> or
+<em>error</em> states. This can leak memory or other resources.</p>
+</li>
+<li><p class="first"><strong>Setup:</strong> Start a new multi-part operation on an <em>inactive</em> operation
+object. Each operation object will define one or more setup functions to
+start a specific operation.</p>
+<p>On success, a setup function will put an operation object into an <em>active</em>
+state. On failure, the operation object will remain <em>inactive</em>.</p>
+</li>
+<li><p class="first"><strong>Update:</strong> Update an <em>active</em> operation object. The update function can
+provide additional parameters, supply data for processing or generate
+outputs.</p>
+<p>On success, the operation object remains <em>active</em>. On failure, the
+operation object will enter an <em>error</em> state.</p>
+</li>
+<li><p class="first"><strong>Finish:</strong> To end the operation, call the applicable finishing function.
+This will take any final inputs, produce any final outputs, and then
+release any resources associated with the operation.</p>
+<p>On success, the operation object returns to the <em>inactive</em> state. On
+failure, the operation object will enter an <em>error</em> state.</p>
+</li>
+</ol>
+<p>An operation can be aborted at any stage during its use by calling the
+associated <code class="docutils literal"><span class="pre">psa_xxx_abort()</span></code> function. This will release any resources
+associated with the operation and return the operation object to the <em>inactive</em>
+state.</p>
+<p>Any error that occurs to an operation while it is in an <em>active</em> state will
+result in the operation entering an <em>error</em> state. The application must call the
+associated <code class="docutils literal"><span class="pre">psa_xxx_abort()</span></code> function to release the operation resources and
+return the object to the <em>inactive</em> state.</p>
+<p>Once an operation object is returned to the <em>inactive</em> state, it can be reused
+by calling one of the applicable setup functions again.</p>
+<p>If a multi-part operation object is not initialized before use, the behavior is
+undefined.</p>
+<p>If a multi-part operation function determines that the operation object is not in
+any valid state, it can return <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a>.</p>
+<p>If a multi-part operation function is called with an operation object in the
+wrong state, the function will return <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a> and the operation
+object will enter the <em>error</em> state.</p>
+<p>It is safe to move a multi-part operation object to a different memory location,
+for example, using a bitwise copy, and then to use the object in the new
+location. For example, an application can allocate an operation object on the
+stack and return it, or the operation object can be allocated within memory
+managed by a garbage collector. However, this does not permit the following
+behaviors:</p>
+<ul class="simple">
+<li>Moving the object while a function is being called on the object. This is
+not safe. See also <a class="reference internal" href="conventions.html#concurrency"><span class="std std-ref">Concurrent calls</span></a>.</li>
+<li>Working with both the original and the copied operation objects. This
+requires cloning the operation, which is only available for hash operations
+using <a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_clone" title="psa_hash_clone"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_clone()</span></code></a>.</li>
+</ul>
+<p>Each type of multi-part operation can have multiple <em>active</em> states.
+Documentation for the specific operation describes the configuration and update
+functions, and any requirements about their usage and ordering.</p>
+</div>
+<div class="section" id="message-digests-hashes">
+<h3>Message digests (Hashes)</h3>
+<p>The single-part hash functions are:</p>
+<ul class="simple">
+<li><a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_compute" title="psa_hash_compute"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_compute()</span></code></a> to calculate the hash of a message.</li>
+<li><a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_compare" title="psa_hash_compare"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_compare()</span></code></a> to compare the hash of a message with a reference value.</li>
+</ul>
+<p>The <a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_operation_t" title="psa_hash_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_hash_operation_t</span></code></a> <a class="reference internal" href="#multi-part-operations"><span class="std std-ref">multi-part operation</span></a>
+allows messages to be processed in fragments:</p>
+<ol class="arabic simple">
+<li>Initialize the <a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_operation_t" title="psa_hash_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_hash_operation_t</span></code></a> object to zero, or by assigning the
+value of the associated macro <a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_OPERATION_INIT" title="PSA_HASH_OPERATION_INIT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_HASH_OPERATION_INIT</span></code></a>.</li>
+<li>Call <a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_setup" title="psa_hash_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_setup()</span></code></a> to specify the required hash algorithm, call
+<a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_clone" title="psa_hash_clone"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_clone()</span></code></a> to duplicate the state of <em>active</em> <a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_operation_t" title="psa_hash_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_hash_operation_t</span></code></a>
+object, or call <a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_resume" title="psa_hash_resume"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_resume()</span></code></a> to restart a hash operation with the
+output from a previously suspended hash operation.</li>
+<li>Call the <a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_update" title="psa_hash_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_update()</span></code></a> function on successive chunks of the message.</li>
+<li>At the end of the message, call the required finishing function:<ul>
+<li>To suspend the hash operation and extract a hash suspend state,
+call <a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a>. The output state can subsequently be used
+to resume the hash operation.</li>
+<li>To calculate the digest of a message, call <a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_finish" title="psa_hash_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_finish()</span></code></a>.</li>
+<li>To verify the digest of a message against a reference value, call
+<a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_verify" title="psa_hash_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_verify()</span></code></a>.</li>
+</ul>
+</li>
+</ol>
+<p>To abort the operation or recover from an error, call <a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_abort" title="psa_hash_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_abort()</span></code></a>.</p>
+</div>
+<div class="section" id="message-authentication-codes-macs">
+<h3>Message authentication codes (MACs)</h3>
+<p>The single-part MAC functions are:</p>
+<ul class="simple">
+<li><a class="reference internal" href="../api/ops/macs.html#c.psa_mac_compute" title="psa_mac_compute"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_compute()</span></code></a> to calculate the MAC of a message.</li>
+<li><a class="reference internal" href="../api/ops/macs.html#c.psa_mac_verify" title="psa_mac_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_verify()</span></code></a> to compare the MAC of a message with a reference value.</li>
+</ul>
+<p>The <a class="reference internal" href="../api/ops/macs.html#c.psa_mac_operation_t" title="psa_mac_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_mac_operation_t</span></code></a> <a class="reference internal" href="#multi-part-operations"><span class="std std-ref">multi-part operation</span></a>
+allows messages to be processed in fragments:</p>
+<ol class="arabic simple">
+<li>Initialize the <a class="reference internal" href="../api/ops/macs.html#c.psa_mac_operation_t" title="psa_mac_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_mac_operation_t</span></code></a> object to zero, or by assigning the
+value of the associated macro <a class="reference internal" href="../api/ops/macs.html#c.PSA_MAC_OPERATION_INIT" title="PSA_MAC_OPERATION_INIT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_MAC_OPERATION_INIT</span></code></a>.</li>
+<li>Call <a class="reference internal" href="../api/ops/macs.html#c.psa_mac_sign_setup" title="psa_mac_sign_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_sign_setup()</span></code></a> or <a class="reference internal" href="../api/ops/macs.html#c.psa_mac_verify_setup" title="psa_mac_verify_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_verify_setup()</span></code></a> to specify the
+algorithm and key.</li>
+<li>Call the <a class="reference internal" href="../api/ops/macs.html#c.psa_mac_update" title="psa_mac_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_update()</span></code></a> function on successive chunks of the message.</li>
+<li>At the end of the message, call the required finishing function:<ul>
+<li>To calculate the MAC of the message, call <a class="reference internal" href="../api/ops/macs.html#c.psa_mac_sign_finish" title="psa_mac_sign_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_sign_finish()</span></code></a>.</li>
+<li>To verify the MAC of the message against a reference value, call
+<a class="reference internal" href="../api/ops/macs.html#c.psa_mac_verify_finish" title="psa_mac_verify_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_verify_finish()</span></code></a>.</li>
+</ul>
+</li>
+</ol>
+<p>To abort the operation or recover from an error, call <a class="reference internal" href="../api/ops/macs.html#c.psa_mac_abort" title="psa_mac_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_abort()</span></code></a>.</p>
+</div>
+<div class="section" id="encryption-and-decryption">
+<h3>Encryption and decryption</h3>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">The unauthenticated cipher API is provided to implement legacy protocols and
+for use cases where the data integrity and authenticity is guaranteed by
+non-cryptographic means. It is recommended that newer protocols use
+<em><a class="reference internal" href="#func-aead"><span class="std std-ref">Authenticated encryption (AEAD)</span></a></em>.</p>
+</div>
+<p>The single-part functions for encrypting or decrypting a message using an
+unauthenticated symmetric cipher are:</p>
+<ul class="simple">
+<li><a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_encrypt" title="psa_cipher_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_encrypt()</span></code></a> to encrypt a message using an unauthenticated symmetric
+cipher. The encryption function generates a random IV. Use the multi-part API
+to provide a deterministic IV: this is not secure in general, but
+can be secure in some conditions that depend on the algorithm.</li>
+<li><a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_decrypt" title="psa_cipher_decrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_decrypt()</span></code></a> to decrypt a message using an unauthenticated symmetric
+cipher.</li>
+</ul>
+<p>The <a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_operation_t" title="psa_cipher_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_cipher_operation_t</span></code></a> <a class="reference internal" href="#multi-part-operations"><span class="std std-ref">multi-part operation</span></a>
+permits alternative initialization parameters and allows messages to be
+processed in fragments:</p>
+<ol class="arabic simple">
+<li>Initialize the <a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_operation_t" title="psa_cipher_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_cipher_operation_t</span></code></a> object to zero, or by assigning the
+value of the associated macro <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_CIPHER_OPERATION_INIT" title="PSA_CIPHER_OPERATION_INIT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_OPERATION_INIT</span></code></a>.</li>
+<li>Call <a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_encrypt_setup" title="psa_cipher_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_encrypt_setup()</span></code></a> or <a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_decrypt_setup" title="psa_cipher_decrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_decrypt_setup()</span></code></a> to specify the
+algorithm and key.</li>
+<li>Provide additional parameters:<ul>
+<li>When encrypting data, generate or set an initialization vector (IV),
+nonce, or similar initial value such as an initial counter value. To
+generate a random IV, which is recommended in most protocols, call
+<a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_generate_iv" title="psa_cipher_generate_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_generate_iv()</span></code></a>. To set the IV, call <a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_set_iv" title="psa_cipher_set_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_set_iv()</span></code></a>.</li>
+<li>When decrypting, set the IV or nonce. To set the IV, call
+<a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_set_iv" title="psa_cipher_set_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_set_iv()</span></code></a>.</li>
+</ul>
+</li>
+<li>Call the <a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_update" title="psa_cipher_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_update()</span></code></a> function on successive chunks of the message.</li>
+<li>Call <a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_finish" title="psa_cipher_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_finish()</span></code></a> to complete the operation and return any final
+output.</li>
+</ol>
+<p>To abort the operation or recover from an error, call <a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_abort" title="psa_cipher_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_abort()</span></code></a>.</p>
+</div>
+<div class="section" id="authenticated-encryption-aead">
+<span id="func-aead"></span><h3>Authenticated encryption (AEAD)</h3>
+<p>The single-part AEAD functions are:</p>
+<ul class="simple">
+<li><a class="reference internal" href="../api/ops/aead.html#c.psa_aead_encrypt" title="psa_aead_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_encrypt()</span></code></a> to encrypt a message using an authenticated symmetric
+cipher.</li>
+<li><a class="reference internal" href="../api/ops/aead.html#c.psa_aead_decrypt" title="psa_aead_decrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_decrypt()</span></code></a> to decrypt a message using an authenticated symmetric
+cipher.</li>
+</ul>
+<p>These functions follow the interface recommended by <a class="reference external" href="https://tools.ietf.org/html/rfc5116.html">RFC 5116</a>.</p>
+<p>The encryption function requires a nonce to be provided. To generate a random
+nonce, either call <a class="reference internal" href="../api/ops/rng.html#c.psa_generate_random" title="psa_generate_random"><code class="xref any c c-func docutils literal"><span class="pre">psa_generate_random()</span></code></a> or use the AEAD multi-part API.</p>
+<p>The <a class="reference internal" href="../api/ops/aead.html#c.psa_aead_operation_t" title="psa_aead_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_aead_operation_t</span></code></a> <a class="reference internal" href="#multi-part-operations"><span class="std std-ref">multi-part operation</span></a>
+permits alternative initialization parameters and allows messages to be
+processed in fragments:</p>
+<ol class="arabic simple">
+<li>Initialize the <a class="reference internal" href="../api/ops/aead.html#c.psa_aead_operation_t" title="psa_aead_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_aead_operation_t</span></code></a> object to zero, or by assigning the
+value of the associated macro <a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_OPERATION_INIT" title="PSA_AEAD_OPERATION_INIT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_OPERATION_INIT</span></code></a>.</li>
+<li>Call <a class="reference internal" href="../api/ops/aead.html#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_encrypt_setup()</span></code></a> or <a class="reference internal" href="../api/ops/aead.html#c.psa_aead_decrypt_setup" title="psa_aead_decrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_decrypt_setup()</span></code></a> to specify the
+algorithm and key.</li>
+<li>Provide additional parameters:<ul>
+<li>If the algorithm requires it, call <a class="reference internal" href="../api/ops/aead.html#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_lengths()</span></code></a> to specify the
+length of the non-encrypted and encrypted inputs to the operation.</li>
+<li>When encrypting, call either <a class="reference internal" href="../api/ops/aead.html#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_generate_nonce()</span></code></a> or
+<a class="reference internal" href="../api/ops/aead.html#c.psa_aead_set_nonce" title="psa_aead_set_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_nonce()</span></code></a> to generate or set the nonce.</li>
+<li>When decrypting, call <a class="reference internal" href="../api/ops/aead.html#c.psa_aead_set_nonce" title="psa_aead_set_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_nonce()</span></code></a> to set the nonce.</li>
+</ul>
+</li>
+<li>Call <a class="reference internal" href="../api/ops/aead.html#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update_ad()</span></code></a> zero or more times with fragments of the
+non-encrypted additional data.</li>
+<li>Call <a class="reference internal" href="../api/ops/aead.html#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update()</span></code></a> zero or more times with fragments of the plaintext
+or ciphertext to encrypt or decrypt.</li>
+<li>At the end of the message, call the required finishing function:<ul>
+<li>To complete an encryption operation, call <a class="reference internal" href="../api/ops/aead.html#c.psa_aead_finish" title="psa_aead_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_finish()</span></code></a> to compute
+and return authentication tag.</li>
+<li>To complete a decryption operation, call <a class="reference internal" href="../api/ops/aead.html#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_verify()</span></code></a> to
+compute the authentication tag and verify it against a reference value.</li>
+</ul>
+</li>
+</ol>
+<p>To abort the operation or recover from an error, call <a class="reference internal" href="../api/ops/aead.html#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_abort()</span></code></a>.</p>
+<p>Having a multi-part interface to authenticated encryption raises specific issues.</p>
+<p>Multi-part authenticated decryption produces partial results that are not
+authenticated. Applications must not use or expose partial results of
+authenticated decryption until <a class="reference internal" href="../api/ops/aead.html#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_verify()</span></code></a> has returned a success
+status and must destroy all partial results without revealing them if
+<a class="reference internal" href="../api/ops/aead.html#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_verify()</span></code></a> returns a failure status. Revealing partial results, either directly or indirectly through the application’s behavior, can compromise the
+confidentiality of all inputs that are encrypted with the same key.</p>
+<p>For encryption, some common algorithms cannot be processed in a streaming
+fashion. For SIV mode, the whole plaintext must be known before the encryption
+can start; the multi-part AEAD API is not meant to be usable with SIV mode. For
+CCM mode, the length of the plaintext must be known before the encryption can
+start; the application can call the function <a class="reference internal" href="../api/ops/aead.html#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_lengths()</span></code></a> to provide
+these lengths before providing input.</p>
+</div>
+<div class="section" id="key-derivation">
+<span id="id5"></span><h3>Key derivation</h3>
+<p>A key derivation encodes a deterministic method to generate a finite stream of
+bytes. This data stream is computed by the cryptoprocessor and extracted in
+chunks. If two key derivation operations are constructed with the same
+parameters, then they produce the same output.</p>
+<p>A key derivation consists of two phases:</p>
+<ol class="arabic simple">
+<li>Input collection. This is sometimes known as <em>extraction</em>: the operation
+“extracts” information from the inputs to generate a pseudorandom
+intermediate secret value.</li>
+<li>Output generation. This is sometimes known as <em>expansion</em>: the operation
+“expands” the intermediate secret value to the desired output length.</li>
+</ol>
+<p>The specification defines a <a class="reference internal" href="#multi-part-operations"><span class="std std-ref">multi-part operation</span></a>
+API for key derivation that allows for multiple key and non-key outputs to be
+extracted from a single derivation operation object.</p>
+<p>In an implementation with <a class="reference internal" href="goals.html#isolation"><span class="std std-ref">isolation</span></a>, the intermediate
+state of the key derivation is not visible to the caller, and if an output of
+the derivation is a non-exportable key, then this key cannot be recovered
+outside the isolation boundary.</p>
+<p>Applications use the <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_derivation_operation_t</span></code></a> type to create key
+derivation operations. The operation object is used as follows:</p>
+<ol class="arabic simple">
+<li>Initialize a <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_derivation_operation_t</span></code></a> object to zero or to
+<a class="reference internal" href="../api/ops/kdf.html#c.PSA_KEY_DERIVATION_OPERATION_INIT" title="PSA_KEY_DERIVATION_OPERATION_INIT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_OPERATION_INIT</span></code></a>.</li>
+<li>Call <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_setup" title="psa_key_derivation_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_setup()</span></code></a> to select a key derivation algorithm.</li>
+<li>Call the functions <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_input_bytes" title="psa_key_derivation_input_bytes"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_input_bytes()</span></code></a> and
+<a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_input_key" title="psa_key_derivation_input_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_input_key()</span></code></a>, or <a class="reference internal" href="../api/ops/ka.html#c.psa_key_derivation_key_agreement" title="psa_key_derivation_key_agreement"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_key_agreement()</span></code></a> to
+provide the inputs to the key derivation algorithm. Many key derivation
+algorithms take multiple inputs; the <code class="docutils literal"><span class="pre">step</span></code> parameter to these functions
+indicates which input is being provided. The documentation for each key
+derivation algorithm describes the expected inputs for that algorithm and
+in what order to pass them.</li>
+<li>Optionally, call <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_set_capacity" title="psa_key_derivation_set_capacity"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_set_capacity()</span></code></a> to set a limit on the
+amount of data that can be output from the key derivation operation.</li>
+<li>Call <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_key()</span></code></a> to create a derived key, or
+<a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_output_bytes" title="psa_key_derivation_output_bytes"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_bytes()</span></code></a> to export the derived data. These
+functions can be called multiple times to read successive output from the key
+derivation, until the stream is exhausted when its capacity has been reached.</li>
+<li>Key derivation does not finish in the same way as other multi-part
+operations. Call <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_abort" title="psa_key_derivation_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_abort()</span></code></a> to release the key derivation
+operation memory when the object is no longer required.</li>
+</ol>
+<p>To recover from an error, call <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_abort" title="psa_key_derivation_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_abort()</span></code></a> to release the key
+derivation operation memory.</p>
+<p>A key derivation operation cannot be rewound. Once a part of the stream has been
+output, it cannot be output again. This ensures that the same part of the output
+will not be used for different purposes.</p>
+</div>
+<div class="section" id="example-of-the-symmetric-cryptography-api">
+<h3>Example of the symmetric cryptography API</h3>
+<p>Here is an example of a use case where a master key is used to generate both a
+message encryption key and an IV for the encryption, and the derived key and IV
+are then used to encrypt a message.</p>
+<ol class="arabic simple">
+<li>Derive the message encryption material from the master key.<ol class="arabic">
+<li>Initialize a <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_derivation_operation_t</span></code></a> object to zero or to
+<a class="reference internal" href="../api/ops/kdf.html#c.PSA_KEY_DERIVATION_OPERATION_INIT" title="PSA_KEY_DERIVATION_OPERATION_INIT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_OPERATION_INIT</span></code></a>.</li>
+<li>Call <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_setup" title="psa_key_derivation_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_setup()</span></code></a> with <a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_HKDF" title="PSA_ALG_HKDF"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_HKDF</span></code></a> as the algorithm.</li>
+<li>Call <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_input_key" title="psa_key_derivation_input_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_input_key()</span></code></a> with the step
+<a class="reference internal" href="../api/ops/kdf.html#c.PSA_KEY_DERIVATION_INPUT_SECRET" title="PSA_KEY_DERIVATION_INPUT_SECRET"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code></a> and the master key.</li>
+<li>Call <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_input_bytes" title="psa_key_derivation_input_bytes"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_input_bytes()</span></code></a> with the step
+<a class="reference internal" href="../api/ops/kdf.html#c.PSA_KEY_DERIVATION_INPUT_INFO" title="PSA_KEY_DERIVATION_INPUT_INFO"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_INFO</span></code></a> and a public value that uniquely
+identifies the message.</li>
+<li>Populate a <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_attributes_t</span></code></a> object with the derived message
+encryption key’s attributes.</li>
+<li>Call <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_key()</span></code></a> to create the derived message key.</li>
+<li>Call <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_output_bytes" title="psa_key_derivation_output_bytes"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_bytes()</span></code></a> to generate the derived IV.</li>
+<li>Call <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_abort" title="psa_key_derivation_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_abort()</span></code></a> to release the key derivation operation
+memory.</li>
+</ol>
+</li>
+<li>Encrypt the message with the derived material.<ol class="arabic">
+<li>Initialize a <a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_operation_t" title="psa_cipher_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_cipher_operation_t</span></code></a> object to zero or to
+<a class="reference internal" href="../api/ops/ciphers.html#c.PSA_CIPHER_OPERATION_INIT" title="PSA_CIPHER_OPERATION_INIT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_OPERATION_INIT</span></code></a>.</li>
+<li>Call <a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_encrypt_setup" title="psa_cipher_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_encrypt_setup()</span></code></a> with the derived message encryption key.</li>
+<li>Call <a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_set_iv" title="psa_cipher_set_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_set_iv()</span></code></a> using the derived IV retrieved above.</li>
+<li>Call <a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_update" title="psa_cipher_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_update()</span></code></a> one or more times to encrypt the message.</li>
+<li>Call <a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_finish" title="psa_cipher_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_finish()</span></code></a> at the end of the message.</li>
+</ol>
+</li>
+<li>Call <a class="reference internal" href="../api/keys/management.html#c.psa_destroy_key" title="psa_destroy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_destroy_key()</span></code></a> to clear the generated key.</li>
+</ol>
+</div>
+</div>
+<div class="section" id="asymmetric-cryptography">
+<h2>Asymmetric cryptography</h2>
+<p>This specification defines functions for asymmetric cryptography, including
+asymmetric encryption, asymmetric signature, and two-way key agreement.</p>
+<div class="section" id="asymmetric-encryption">
+<h3>Asymmetric encryption</h3>
+<p>Asymmetric encryption is provided through the functions
+<a class="reference internal" href="../api/ops/pke.html#c.psa_asymmetric_encrypt" title="psa_asymmetric_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_asymmetric_encrypt()</span></code></a> and <a class="reference internal" href="../api/ops/pke.html#c.psa_asymmetric_decrypt" title="psa_asymmetric_decrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_asymmetric_decrypt()</span></code></a>.</p>
+</div>
+<div class="section" id="hash-and-sign">
+<h3>Hash-and-sign</h3>
+<p>The signature and verification functions <a class="reference internal" href="../api/ops/sign.html#c.psa_sign_message" title="psa_sign_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_message()</span></code></a> and
+<a class="reference internal" href="../api/ops/sign.html#c.psa_verify_message" title="psa_verify_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_message()</span></code></a> take a message as one of their inputs and perform a
+hash-and-sign algorithm.</p>
+<p>The functions <a class="reference internal" href="../api/ops/sign.html#c.psa_sign_hash" title="psa_sign_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_hash()</span></code></a> and <a class="reference internal" href="../api/ops/sign.html#c.psa_verify_hash" title="psa_verify_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_hash()</span></code></a> take a message hash as
+one of their inputs. This is useful for signing pre-computed hashes, or for
+implementing hash-and-sign using a <a class="reference internal" href="../api/ops/hashes.html#hash-mp"><span class="std std-ref">multi-part hash operation</span></a>
+before signing the resulting hash. To determine which
+hash algorithm to use, call the macro <a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_GET_HASH" title="PSA_ALG_GET_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_GET_HASH()</span></code></a> on the
+corresponding signature algorithm.</p>
+<p>Some hash-and-sign algorithms add padding to the message hash before completing
+the signing operation. The format of the padding that is used depends on the
+algorithm used to construct the signature.</p>
+</div>
+<div class="section" id="key-agreement">
+<h3>Key agreement</h3>
+<p>This specification defines two functions for a Diffie-Hellman-style key
+agreement where each party combines its own private key with the peer’s public
+key.</p>
+<p>The recommended approach is to use a <a class="reference internal" href="#key-derivation"><span class="std std-ref">key derivation
+operation</span></a> with the <a class="reference internal" href="../api/ops/ka.html#c.psa_key_derivation_key_agreement" title="psa_key_derivation_key_agreement"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_key_agreement()</span></code></a>
+input function, which calculates a shared secret for the key derivation
+function.</p>
+<p>Where an application needs direct access to the shared secret, it can call
+<a class="reference internal" href="../api/ops/ka.html#c.psa_raw_key_agreement" title="psa_raw_key_agreement"><code class="xref any c c-func docutils literal"><span class="pre">psa_raw_key_agreement()</span></code></a> instead. Note that in general the shared secret is not
+directly suitable for use as a key because it is biased.</p>
+</div>
+</div>
+<div class="section" id="randomness-and-key-generation">
+<h2>Randomness and key generation</h2>
+<p>We strongly recommended that implementations include a random generator,
+consisting of a cryptographically secure pseudo-random generator (CSPRNG), which
+is adequately seeded with a cryptographic-quality hardware entropy source,
+commonly referred to as a true random number generator (TRNG). Constrained
+implementations can omit the random generation functionality if they do not
+implement any algorithm that requires randomness internally, and they do not
+provide a key generation functionality. For example, a special-purpose component
+for signature verification can omit this.</p>
+<p>It is recommended that applications use <a class="reference internal" href="../api/keys/management.html#c.psa_generate_key" title="psa_generate_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_generate_key()</span></code></a>,
+<a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_generate_iv" title="psa_cipher_generate_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_generate_iv()</span></code></a> or <a class="reference internal" href="../api/ops/aead.html#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_generate_nonce()</span></code></a> to generate
+suitably-formatted random data, as applicable. In addition, the API includes a
+function <a class="reference internal" href="../api/ops/rng.html#c.psa_generate_random" title="psa_generate_random"><code class="xref any c c-func docutils literal"><span class="pre">psa_generate_random()</span></code></a> to generate and extract arbitrary random data.</p>
+</div>
+</div>
+
+
+          </div>
+        </div>
+      </div>
+      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
+        <div class="sphinxsidebarwrapper">
+  <h3><a href="../index.html">Table Of Contents</a></h3>
+  <ul>
+<li><a class="reference internal" href="#">Functionality overview</a><ul>
+<li><a class="reference internal" href="#library-management">Library management</a></li>
+<li><a class="reference internal" href="#key-management">Key management</a><ul>
+<li><a class="reference internal" href="#volatile-keys">Volatile keys</a></li>
+<li><a class="reference internal" href="#persistent-keys">Persistent keys</a></li>
+<li><a class="reference internal" href="#key-identifiers">Key identifiers</a></li>
+<li><a class="reference internal" href="#recommendations-of-minimum-standards-for-key-management">Recommendations of minimum standards for key management</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#usage-policies">Usage policies</a></li>
+<li><a class="reference internal" href="#symmetric-cryptography">Symmetric cryptography</a><ul>
+<li><a class="reference internal" href="#single-part-functions">Single-part Functions</a></li>
+<li><a class="reference internal" href="#multi-part-operations">Multi-part operations</a></li>
+<li><a class="reference internal" href="#message-digests-hashes">Message digests (Hashes)</a></li>
+<li><a class="reference internal" href="#message-authentication-codes-macs">Message authentication codes (MACs)</a></li>
+<li><a class="reference internal" href="#encryption-and-decryption">Encryption and decryption</a></li>
+<li><a class="reference internal" href="#authenticated-encryption-aead">Authenticated encryption (AEAD)</a></li>
+<li><a class="reference internal" href="#key-derivation">Key derivation</a></li>
+<li><a class="reference internal" href="#example-of-the-symmetric-cryptography-api">Example of the symmetric cryptography API</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#asymmetric-cryptography">Asymmetric cryptography</a><ul>
+<li><a class="reference internal" href="#asymmetric-encryption">Asymmetric encryption</a></li>
+<li><a class="reference internal" href="#hash-and-sign">Hash-and-sign</a></li>
+<li><a class="reference internal" href="#key-agreement">Key agreement</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#randomness-and-key-generation">Randomness and key generation</a></li>
+</ul>
+</li>
+</ul>
+<div class="relations">
+<h3>Related Topics</h3>
+<ul>
+  <li><a href="../index.html">Documentation overview</a><ul>
+      <li>Previous: <a href="goals.html" title="previous chapter">Design goals</a></li>
+      <li>Next: <a href="sample-arch.html" title="next chapter">Sample architectures</a></li>
+  </ul></li>
+</ul>
+</div>
+  <div role="note" aria-label="source link">
+    <h3>This Page</h3>
+    <ul class="this-page-menu">
+      <li><a href="../_sources/overview/functionality.rst.txt"
+            rel="nofollow">Show Source</a></li>
+    </ul>
+   </div>
+<div id="searchbox" style="display: none" role="search">
+  <h3>Quick search</h3>
+    <form class="search" action="../search.html" method="get">
+      <div><input type="text" name="q" /></div>
+      <div><input type="submit" value="Go" /></div>
+      <input type="hidden" name="check_keywords" value="yes" />
+      <input type="hidden" name="area" value="default" />
+    </form>
+</div>
+<script type="text/javascript">$('#searchbox').show(0);</script>
+        </div>
+      </div>
+      <div class="clearer"></div>
+    </div>
+    <div class="footer">
+      &copy; 2019-2020, Arm Limited or its affiliates. All rights reserved.
+      
+      |
+      Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
+      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
+      
+      |
+      <a href="../_sources/overview/functionality.rst.txt"
+          rel="nofollow">Page source</a>
+    </div>
+
+    
+
+    
+  </body>
+</html>
\ No newline at end of file
diff --git a/docs/html/overview/goals.html b/docs/html/overview/goals.html
new file mode 100644
index 0000000..028cf5e
--- /dev/null
+++ b/docs/html/overview/goals.html
@@ -0,0 +1,287 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <title>Design goals &#8212; PSA Crypto API 1.0.0 documentation</title>
+    <link rel="stylesheet" href="../_static/alabaster.css" type="text/css" />
+    <link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
+    <script type="text/javascript">
+      var DOCUMENTATION_OPTIONS = {
+        URL_ROOT:    '../',
+        VERSION:     '1.0.0',
+        COLLAPSE_INDEX: false,
+        FILE_SUFFIX: '.html',
+        HAS_SOURCE:  true,
+        SOURCELINK_SUFFIX: '.txt'
+      };
+    </script>
+    <script type="text/javascript" src="../_static/jquery.js"></script>
+    <script type="text/javascript" src="../_static/underscore.js"></script>
+    <script type="text/javascript" src="../_static/doctools.js"></script>
+    <link rel="index" title="Index" href="../genindex.html" />
+    <link rel="search" title="Search" href="../search.html" />
+    <link rel="next" title="Functionality overview" href="functionality.html" />
+    <link rel="prev" title="Introduction" href="intro.html" />
+   
+  <link rel="stylesheet" href="../_static/custom.css" type="text/css" />
+  
+  <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
+
+  </head>
+  <body>
+  
+
+    <div class="document">
+      <div class="documentwrapper">
+        <div class="bodywrapper">
+          <div class="body" role="main">
+            
+  <div class="section" id="design-goals">
+<span id="id1"></span><h1>Design goals</h1>
+<div class="section" id="suitable-for-constrained-devices">
+<h2>Suitable for constrained devices</h2>
+<p>The interface is suitable for a vast range of devices: from special-purpose
+cryptographic processors that process data with a built-in key, to constrained
+devices running custom application code, such as microcontrollers, and
+multi-application devices, such as servers. Consequentially, the interface is
+scalable and modular.</p>
+<ul class="simple">
+<li><em>Scalable</em>: devices only need to implement the functionality that they will
+use.</li>
+<li><em>Modular</em>: larger devices implement larger subsets of the same interface,
+rather than different interfaces.</li>
+</ul>
+<p>In this interface, all operations on unbounded amounts of data
+allow <em>multi-part</em> processing, as long as the calculations on the data are
+performed in a streaming manner. This means that the application does not need
+to store the whole message in memory at one time. As a result, this
+specification is suitable for very constrained devices, including those where
+memory is very limited.</p>
+<p>Memory outside the keystore boundary is managed by the application. An
+implementation of the interface is not required to retain any state between
+function calls, apart from the content of the keystore and other data that must
+be kept inside the keystore security boundary.</p>
+<p>The interface does not expose the representation of keys and intermediate data,
+except when required for interchange. This allows each implementation to choose
+optimal data representations. Implementations with multiple components are also
+free to choose which memory area to use for internal data.</p>
+</div>
+<div class="section" id="a-keystore-interface">
+<h2>A keystore interface</h2>
+<p>The specification allows cryptographic operations to be performed on a key to
+which the application does not have direct access. Except where required for
+interchange, applications access all keys indirectly, by an identifier. The key
+material corresponding to that identifier can reside inside a security boundary
+that prevents it from being extracted, except as permitted by a policy that is
+defined when the key is created.</p>
+</div>
+<div class="section" id="optional-isolation">
+<span id="isolation"></span><h2>Optional isolation</h2>
+<p>Implementations can isolate the cryptoprocessor from the calling application,
+and can further isolate multiple calling applications. The interface allows the
+implementation to be separated between a frontend and a backend. In an isolated
+implementation, the frontend is the part of the implementation that is located
+in the same isolation boundary as the application, which the application
+accesses by function calls. The backend is the part of the implementation that
+is located in a different environment, which is protected from the frontend.
+Various technologies can provide protection, for example:</p>
+<ul class="simple">
+<li>Process isolation in an operating system.</li>
+<li>Partition isolation, either with a virtual machine or a partition manager.</li>
+<li>Physical separation between devices.</li>
+</ul>
+<p>Communication between the frontend and backend is beyond the scope of this
+specification.</p>
+<p>In an isolated implementation, the backend can serve more than one
+implementation instance. In this case, a single backend communicates with
+multiple instances of the frontend. The backend must enforce <strong>caller
+isolation</strong>: it must ensure that assets of one frontend are not visible to any
+other frontend. The mechanism for identifying callers is beyond the scope of this
+specification. An implementation that provides caller isolation must document
+the identification mechanism. An implementation that provides isolation must
+document any implementation-specific extension of the API that enables frontend
+instances to share data in any form.</p>
+<p>In summary, there are three types of implementation:</p>
+<ul class="simple">
+<li>No isolation: there is no security boundary between the application and the
+cryptoprocessor. For example, a statically or dynamically linked library is
+an implementation with no isolation.</li>
+<li>Cryptoprocessor isolation: there is a security boundary between the
+application and the cryptoprocessor, but the cryptoprocessor does not
+communicate with other applications. For example, a cryptoprocessor chip that
+is a companion to an application processor is an implementation with
+cryptoprocessor isolation.</li>
+<li>Caller isolation: there are multiple application instances, with a security
+boundary between the application instances among themselves, as well as
+between the cryptoprocessor and the application instances. For example, a
+cryptography service in a multiprocess environment is an implementation with
+caller and cryptoprocessor isolation.</li>
+</ul>
+</div>
+<div class="section" id="choice-of-algorithms">
+<h2>Choice of algorithms</h2>
+<p>The specification defines a low-level cryptographic interface, where the caller
+explicitly chooses which algorithm and which security parameters they use. This
+is necessary to implement protocols that are inescapable in various use cases.
+The design of the interface enables applications to implement widely-used
+protocols and data exchange formats, as well as custom ones.</p>
+<p>As a consequence, all cryptographic functionality operates according to the
+precise algorithm specified by the caller. However, this does not apply to
+device-internal functionality, which does not involve any form of
+interoperability, such as random number generation. The specification does not
+include generic higher-level interfaces, where the implementation chooses the
+best algorithm for a purpose. However, higher-level libraries can be built on
+top of the PSA Crypto API.</p>
+<p>Another consequence is that the specification permits the use of algorithms, key
+sizes and other parameters that, while known to be insecure, might be necessary to
+support legacy protocols or legacy data. Where major weaknesses are known, the
+algorithm descriptions give applicable warnings. However, the lack of a warning
+both does not and cannot indicate that an algorithm is secure in all circumstances.
+Application developers need to research the security of the protocols and
+algorithms that they plan to use to determine if these meet their requirements.</p>
+<p>The interface facilitates algorithm agility. As a consequence, cryptographic
+primitives are presented through generic functions with a parameter indicating
+the specific choice of algorithm. For example, there is a single function to
+calculate a message digest, which takes a parameter that identifies the specific
+hash algorithm.</p>
+</div>
+<div class="section" id="ease-of-use">
+<h2>Ease of use</h2>
+<p>The interface is designed to be as user-friendly as possible, given the
+aforementioned constraints on suitability for various types of devices and on
+the freedom to choose algorithms.</p>
+<p>In particular, the code flows are designed to reduce the risk of dangerous
+misuse. The interface is designed in part to make it harder to misuse. Where
+possible, it is designed so that
+typical mistakes result in test failures, rather than subtle security issues.
+Implementations avoid leaking data when a function is called with invalid
+parameters, to the extent allowed by the C language and by implementation size
+constraints.</p>
+</div>
+<div class="section" id="example-use-cases">
+<h2>Example use cases</h2>
+<p>This section lists some of the use cases that were considered during the design
+of this API. This list is not exhaustive, nor are all implementations required to
+support all use cases.</p>
+<div class="section" id="network-security-tls">
+<h3>Network Security (TLS)</h3>
+<p>The API provides all of the cryptographic primitives needed to establish TLS
+connections.</p>
+</div>
+<div class="section" id="secure-storage">
+<h3>Secure Storage</h3>
+<p>The API provides all primitives related to storage encryption, block or
+file-based, with master encryption keys stored inside a key store.</p>
+</div>
+<div class="section" id="network-credentials">
+<h3>Network Credentials</h3>
+<p>The API provides network credential management inside a key store, for example,
+for X.509-based authentication or pre-shared keys on enterprise networks.</p>
+</div>
+<div class="section" id="device-pairing">
+<h3>Device Pairing</h3>
+<p>The API provides support for key agreement protocols that are often used for
+secure pairing of devices over wireless channels. For example, the pairing of an
+NFC token or a Bluetooth device might use key agreement protocols upon
+first use.</p>
+</div>
+<div class="section" id="secure-boot">
+<h3>Secure Boot</h3>
+<p>The API provides primitives for use during firmware integrity and authenticity
+validation, during a secure or trusted boot process.</p>
+</div>
+<div class="section" id="attestation">
+<h3>Attestation</h3>
+<p>The API provides primitives used in attestation activities. Attestation is the
+ability for a device to sign an array of bytes with a device private key and
+return the result to the caller. There are several use cases; ranging from attestation
+of the device state, to the ability to generate a key pair and prove that it has
+been generated inside a secure key store. The API provides access to the
+algorithms commonly used for attestation.</p>
+</div>
+<div class="section" id="factory-provisioning">
+<h3>Factory Provisioning</h3>
+<p>Most IoT devices receive a unique identity during the factory provisioning
+process, or once they have been deployed to the field. This API provides the APIs necessary for
+populating a device with keys that represent that identity.</p>
+</div>
+</div>
+</div>
+
+
+          </div>
+        </div>
+      </div>
+      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
+        <div class="sphinxsidebarwrapper">
+  <h3><a href="../index.html">Table Of Contents</a></h3>
+  <ul>
+<li><a class="reference internal" href="#">Design goals</a><ul>
+<li><a class="reference internal" href="#suitable-for-constrained-devices">Suitable for constrained devices</a></li>
+<li><a class="reference internal" href="#a-keystore-interface">A keystore interface</a></li>
+<li><a class="reference internal" href="#optional-isolation">Optional isolation</a></li>
+<li><a class="reference internal" href="#choice-of-algorithms">Choice of algorithms</a></li>
+<li><a class="reference internal" href="#ease-of-use">Ease of use</a></li>
+<li><a class="reference internal" href="#example-use-cases">Example use cases</a><ul>
+<li><a class="reference internal" href="#network-security-tls">Network Security (TLS)</a></li>
+<li><a class="reference internal" href="#secure-storage">Secure Storage</a></li>
+<li><a class="reference internal" href="#network-credentials">Network Credentials</a></li>
+<li><a class="reference internal" href="#device-pairing">Device Pairing</a></li>
+<li><a class="reference internal" href="#secure-boot">Secure Boot</a></li>
+<li><a class="reference internal" href="#attestation">Attestation</a></li>
+<li><a class="reference internal" href="#factory-provisioning">Factory Provisioning</a></li>
+</ul>
+</li>
+</ul>
+</li>
+</ul>
+<div class="relations">
+<h3>Related Topics</h3>
+<ul>
+  <li><a href="../index.html">Documentation overview</a><ul>
+      <li>Previous: <a href="intro.html" title="previous chapter">Introduction</a></li>
+      <li>Next: <a href="functionality.html" title="next chapter">Functionality overview</a></li>
+  </ul></li>
+</ul>
+</div>
+  <div role="note" aria-label="source link">
+    <h3>This Page</h3>
+    <ul class="this-page-menu">
+      <li><a href="../_sources/overview/goals.rst.txt"
+            rel="nofollow">Show Source</a></li>
+    </ul>
+   </div>
+<div id="searchbox" style="display: none" role="search">
+  <h3>Quick search</h3>
+    <form class="search" action="../search.html" method="get">
+      <div><input type="text" name="q" /></div>
+      <div><input type="submit" value="Go" /></div>
+      <input type="hidden" name="check_keywords" value="yes" />
+      <input type="hidden" name="area" value="default" />
+    </form>
+</div>
+<script type="text/javascript">$('#searchbox').show(0);</script>
+        </div>
+      </div>
+      <div class="clearer"></div>
+    </div>
+    <div class="footer">
+      &copy; 2019-2020, Arm Limited or its affiliates. All rights reserved.
+      
+      |
+      Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
+      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
+      
+      |
+      <a href="../_sources/overview/goals.rst.txt"
+          rel="nofollow">Page source</a>
+    </div>
+
+    
+
+    
+  </body>
+</html>
\ No newline at end of file
diff --git a/docs/html/overview/implementation.html b/docs/html/overview/implementation.html
new file mode 100644
index 0000000..53eb1a9
--- /dev/null
+++ b/docs/html/overview/implementation.html
@@ -0,0 +1,367 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <title>Implementation considerations &#8212; PSA Crypto API 1.0.0 documentation</title>
+    <link rel="stylesheet" href="../_static/alabaster.css" type="text/css" />
+    <link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
+    <script type="text/javascript">
+      var DOCUMENTATION_OPTIONS = {
+        URL_ROOT:    '../',
+        VERSION:     '1.0.0',
+        COLLAPSE_INDEX: false,
+        FILE_SUFFIX: '.html',
+        HAS_SOURCE:  true,
+        SOURCELINK_SUFFIX: '.txt'
+      };
+    </script>
+    <script type="text/javascript" src="../_static/jquery.js"></script>
+    <script type="text/javascript" src="../_static/underscore.js"></script>
+    <script type="text/javascript" src="../_static/doctools.js"></script>
+    <link rel="index" title="Index" href="../genindex.html" />
+    <link rel="search" title="Search" href="../search.html" />
+    <link rel="next" title="Usage considerations" href="usage.html" />
+    <link rel="prev" title="Library conventions" href="conventions.html" />
+   
+  <link rel="stylesheet" href="../_static/custom.css" type="text/css" />
+  
+  <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
+
+  </head>
+  <body>
+  
+
+    <div class="document">
+      <div class="documentwrapper">
+        <div class="bodywrapper">
+          <div class="body" role="main">
+            
+  <div class="section" id="implementation-considerations">
+<span id="id1"></span><h1>Implementation considerations</h1>
+<div class="section" id="implementation-specific-aspects-of-the-interface">
+<h2>Implementation-specific aspects of the interface</h2>
+<div class="section" id="implementation-profile">
+<h3>Implementation profile</h3>
+<p>Implementations can implement a subset of the API and a subset of the available
+algorithms. The implemented subset is known as the implementation’s profile. The
+documentation for each implementation must describe the profile that it
+implements. This specification’s companion documents also define a number of
+standard profiles.</p>
+</div>
+<div class="section" id="implementation-specific-types">
+<span id="implementation-defined-type"></span><h3>Implementation-specific types</h3>
+<p>This specification defines a number of implementation-specific types, which
+represent objects whose content depends on the implementation. These are defined
+as C <code class="docutils literal"><span class="pre">typedef</span></code> types in this specification, with a comment
+<em><a class="reference internal" href="#implementation-defined-type"><span class="std std-ref">/* implementation-defined type */</span></a></em> in place of the underlying type
+definition. For some types the specification constrains the type, for example,
+by requiring that the type is a <code class="docutils literal"><span class="pre">struct</span></code>, or that it is convertible to and
+from an unsigned integer. In the implementation’s version of <strong>psa/crypto.h</strong>,
+these types need to be defined as complete C types so that objects of these
+types can be instantiated by application code.</p>
+<p>Applications that rely on the implementation specific definition of any of these
+types might not be portable to other implementations of this specification.</p>
+</div>
+<div class="section" id="implementation-specific-macros">
+<span id="implementation-specific-macro"></span><h3>Implementation-specific macros</h3>
+<p>Some macro constants and function-like macros are precisely defined by this
+specification. The use of an exact definition is essential if the definition can
+appear in more than one header file within a compilation.</p>
+<p>Other macros that are defined by this specification have a macro body that is
+implementation-specific. The description of an implementation-specific macro can
+optionally specify each of the following requirements:</p>
+<ul class="simple">
+<li>Input domains: the macro must be valid for arguments within the input domain.</li>
+<li>A return type: the macro result must be compatible with this type.</li>
+<li>Output range: the macro result must lie in the output range.</li>
+<li>Computed value: A precise mapping of valid input to output values.</li>
+</ul>
+<p>Each implementation-specific macro is in one of following categories:</p>
+<p id="specification-defined-value"><em>Specification-defined value</em></p>
+<blockquote>
+<div><p>The result type and computed value of the macro expression is defined by
+this specification, but the definition of the macro body is provided by the
+implementation.</p>
+<p>These macros are indicated in this specification using the comment
+<em><a class="reference internal" href="#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>.</p>
+<p>For function-like macros with specification-defined values:</p>
+<ul class="simple">
+<li>Example implementations are provided in an appendix to this specification.
+See <em><a class="reference internal" href="../appendix/specdef_values.html#appendix-specdef-values"><span class="std std-ref">Example macro implementations</span></a></em>.</li>
+<li>The expected computation for valid and supported input arguments will be
+defined as pseudo-code in a future version of this specification.</li>
+</ul>
+</div></blockquote>
+<p id="implementation-defined-value"><em>Implementation-defined value</em></p>
+<blockquote>
+<div><p>The value of the macro expression is implementation-defined.</p>
+<p>For some macros, the computed value is derived from the specification of one
+or more cryptographic algorithms. In these cases, the result must exactly
+match the value in those external specifications.</p>
+<p>These macros are indicated in this specification using the comment
+<em><a class="reference internal" href="#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>.</p>
+</div></blockquote>
+<p>Some of these macros compute a result based on an algorithm or key type.
+If an implementation defines vendor-specific algorithms or
+key types, then it must provide an implementation for such macros that takes all
+relevant algorithms and types into account. Conversely, an implementation that
+does not support a certain algorithm or key type can define such macros in a
+simpler way that does not take unsupported argument values into account.</p>
+<p>Some macros define the minimum sufficient output buffer size for certain
+functions. In some cases, an implementation is allowed to require a buffer size
+that is larger than the theoretical minimum. An implementation must define
+minimum-size macros in such a way that it guarantees that the buffer of the
+resulting size is sufficient for the output of the corresponding function. Refer
+to each macro’s documentation for the applicable requirements.</p>
+</div>
+</div>
+<div class="section" id="porting-to-a-platform">
+<h2>Porting to a platform</h2>
+<div class="section" id="platform-assumptions">
+<h3>Platform assumptions</h3>
+<p>This specification is designed for a C99 platform. The interface is defined in
+terms of C macros, functions and objects.</p>
+<p>The specification assumes 8-bit bytes, and “byte” and “octet” are used
+synonymously.</p>
+</div>
+<div class="section" id="platform-specific-types">
+<h3>Platform-specific types</h3>
+<p>The specification makes use of some types defined in C99. These types must be
+defined in the implementation version of <strong>psa/crypto.h</strong> or by a header
+included in this file. The following C99 types are used:</p>
+<dl class="docutils">
+<dt><code class="docutils literal"><span class="pre">uint8_t</span></code>, <code class="docutils literal"><span class="pre">uint16_t</span></code>, <code class="docutils literal"><span class="pre">uint32_t</span></code></dt>
+<dd>Unsigned integer types with 8, 16 and 32 value bits respectively.
+These types are defined by the C99 header <strong>stdint.h</strong>.</dd>
+</dl>
+</div>
+<div class="section" id="cryptographic-hardware-support">
+<h3>Cryptographic hardware support</h3>
+<p>Implementations are encouraged to make use of hardware accelerators where
+available. A future version of this specification will define a function
+interface that calls drivers for hardware accelerators and external
+cryptographic hardware.</p>
+</div>
+</div>
+<div class="section" id="security-requirements-and-recommendations">
+<h2>Security requirements and recommendations</h2>
+<div class="section" id="error-detection">
+<h3>Error detection</h3>
+<p>Implementations that provide isolation between the caller and the cryptography
+processing environment must validate parameters to ensure that the cryptography
+processing environment is protected from attacks caused by passing invalid
+parameters.</p>
+<p>Even implementations that do not provide isolation are recommended to detect bad
+parameters and fail-safe where possible.</p>
+</div>
+<div class="section" id="indirect-object-references">
+<h3>Indirect object references</h3>
+<p>Implementations can use different strategies for allocating key identifiers,
+and other types of indirect object reference.</p>
+<p>Implementations that provide isolation between the caller and the cryptography
+processing environment must consider the threats relating to abuse and misuse
+of key identifiers and other indirect resource references. For example,
+multi-part operations can be implemented as backend state to which the client
+only maintains an indirect reference in the application’s multi-part operation
+object.</p>
+<p>An implementation that supports multiple callers must implement strict isolation
+of API resources between different callers. For example, a client must not be
+able to obtain a reference to another client’s key by guessing the key
+identifier value. Isolation of key identifiers can be achieved in several ways.
+For example:</p>
+<ul class="simple">
+<li>There is a single identifier namespace for all clients, and the
+implementation verifies that the client is the owner of the identifier when
+looking up the key.</li>
+<li>Each client has an independent identifier namespace, and the implementation
+uses a client specific identifier-to-key mapping when looking up the key.</li>
+</ul>
+<p>After a volatile key identifier is destroyed, it is recommended that the
+implementation does not immediately reuse the same identifier value for a
+different key. This reduces the risk of an attack that is able to exploit a key
+identifier reuse vulnerability within an application.</p>
+</div>
+<div class="section" id="memory-cleanup">
+<span id="id2"></span><h3>Memory cleanup</h3>
+<p>Implementations must wipe all sensitive data from memory when it is no longer
+used. It is recommended that they wipe this sensitive data as soon as possible. All
+temporary data used during the execution of a function, such as stack buffers,
+must be wiped before the function returns. All data associated with an object,
+such as a multi-part operation, must be wiped, at the latest, when the object
+becomes inactive, for example, when a multi-part operation is aborted.</p>
+<p>The rationale for this non-functional requirement is to minimize impact if the
+system is compromised. If sensitive data is wiped immediately after use, only
+data that is currently in use can be leaked. It does not compromise past data.</p>
+</div>
+<div class="section" id="managing-key-material">
+<span id="key-material"></span><h3>Managing key material</h3>
+<p>In implementations that have limited volatile memory for keys, the
+implementation is permitted to store a <a class="reference internal" href="functionality.html#volatile-keys"><span class="std std-ref">volatile key</span></a> to a
+temporary location in non-volatile memory. The implementation must delete any
+such copies when the key is destroyed, and it is recommended that these copies
+are deleted as soon as the key is reloaded into volatile memory. An
+implementation that uses this method must clear any stored volatile key material
+on startup.</p>
+<p>Implementing the <a class="reference internal" href="#memory-cleanup"><span class="std std-ref">memory cleanup rule</span></a> for persistent keys
+can result in inefficiencies when the same persistent key is used sequentially
+in multiple cryptographic operations. The inefficiency stems from loading the
+key from non-volatile storage on each use of the key. The <a class="reference internal" href="../api/keys/usage.html#c.PSA_KEY_USAGE_CACHE" title="PSA_KEY_USAGE_CACHE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_CACHE</span></code></a>
+policy allows an application to request that the implementation does not cleanup
+non-essential copies of persistent key material, effectively suspending the
+cleanup rules for that key. The effects of this policy depend on the
+implementation and the key, for example:</p>
+<ul class="simple">
+<li>For volatile keys or keys in a secure element with no open/close mechanism,
+this is likely to have no effect.</li>
+<li>For persistent keys that are not in a secure element, this allows the
+implementation to keep the key in a memory cache outside of the memory used
+by ongoing operations.</li>
+<li>For keys in a secure element with an open/close mechanism, this is a hint to
+keep the key open in the secure element.</li>
+</ul>
+<p>The application can indicate when it has finished using the key by calling
+<a class="reference internal" href="../api/keys/management.html#c.psa_purge_key" title="psa_purge_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_purge_key()</span></code></a>, to request that the key material is cleaned from memory.</p>
+</div>
+<div class="section" id="safe-outputs-on-error">
+<h3>Safe outputs on error</h3>
+<p>Implementations must ensure that confidential data is not written to output
+parameters before validating that the disclosure of this confidential data is
+authorized. This requirement is particularly important for implementations where
+the caller can share memory with another security context, as described in the
+<a class="reference internal" href="conventions.html#stability-of-parameters"><span class="std std-ref">Stability of parameters</span></a> section.</p>
+<p>In most cases, the specification does not define the content of output
+parameters when an error occurs. It is recommended that implementations try to
+ensure that the content of output parameters is as safe as possible, in case an
+application flaw or a data leak causes it to be used. In particular, Arm
+recommends that implementations avoid placing partial output in output buffers
+when an action is interrupted. The meaning of “safe as possible” depends on the
+implementation, as different environments require different compromises between
+implementation complexity, overall robustness and performance. Some common
+strategies are to leave output parameters unchanged, in case of errors, or
+zeroing them out.</p>
+</div>
+<div class="section" id="attack-resistance">
+<h3>Attack resistance</h3>
+<p>Cryptographic code tends to manipulate high-value secrets, from which other
+secrets can be unlocked. As such, it is a high-value target for attacks. There
+is a vast body of literature on attack types, such as side channel attacks and
+glitch attacks. Typical side channels include timing, cache access patterns,
+branch-prediction access patterns, power consumption, radio emissions and more.</p>
+<p>This specification does not specify particular requirements for attack
+resistance. Implementers are encouraged to consider the attack resistance
+desired in each use case and design their implementation accordingly. Security
+standards for attack resistance for particular targets might be applicable in
+certain use cases.</p>
+</div>
+</div>
+<div class="section" id="other-implementation-considerations">
+<h2>Other implementation considerations</h2>
+<div class="section" id="philosophy-of-resource-management">
+<h3>Philosophy of resource management</h3>
+<p>The specification allows most functions to return
+<a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a>. This gives implementations the freedom to
+manage memory as they please.</p>
+<p>Alternatively, the interface is also designed for conservative strategies of
+memory management. An implementation can avoid dynamic memory allocation
+altogether by obeying certain restrictions:</p>
+<ul class="simple">
+<li>Pre-allocate memory for a predefined number of keys, each with sufficient
+memory for all key types that can be stored.</li>
+<li>For multi-part operations, in an implementation without isolation, place all
+the data that needs to be carried over from one step to the next in the
+operation object. The application is then fully in control of how memory is
+allocated for the operation.</li>
+<li>In an implementation with isolation, pre-allocate memory for a predefined
+number of operations inside the cryptoprocessor.</li>
+</ul>
+</div>
+</div>
+</div>
+
+
+          </div>
+        </div>
+      </div>
+      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
+        <div class="sphinxsidebarwrapper">
+  <h3><a href="../index.html">Table Of Contents</a></h3>
+  <ul>
+<li><a class="reference internal" href="#">Implementation considerations</a><ul>
+<li><a class="reference internal" href="#implementation-specific-aspects-of-the-interface">Implementation-specific aspects of the interface</a><ul>
+<li><a class="reference internal" href="#implementation-profile">Implementation profile</a></li>
+<li><a class="reference internal" href="#implementation-specific-types">Implementation-specific types</a></li>
+<li><a class="reference internal" href="#implementation-specific-macros">Implementation-specific macros</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#porting-to-a-platform">Porting to a platform</a><ul>
+<li><a class="reference internal" href="#platform-assumptions">Platform assumptions</a></li>
+<li><a class="reference internal" href="#platform-specific-types">Platform-specific types</a></li>
+<li><a class="reference internal" href="#cryptographic-hardware-support">Cryptographic hardware support</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#security-requirements-and-recommendations">Security requirements and recommendations</a><ul>
+<li><a class="reference internal" href="#error-detection">Error detection</a></li>
+<li><a class="reference internal" href="#indirect-object-references">Indirect object references</a></li>
+<li><a class="reference internal" href="#memory-cleanup">Memory cleanup</a></li>
+<li><a class="reference internal" href="#managing-key-material">Managing key material</a></li>
+<li><a class="reference internal" href="#safe-outputs-on-error">Safe outputs on error</a></li>
+<li><a class="reference internal" href="#attack-resistance">Attack resistance</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#other-implementation-considerations">Other implementation considerations</a><ul>
+<li><a class="reference internal" href="#philosophy-of-resource-management">Philosophy of resource management</a></li>
+</ul>
+</li>
+</ul>
+</li>
+</ul>
+<div class="relations">
+<h3>Related Topics</h3>
+<ul>
+  <li><a href="../index.html">Documentation overview</a><ul>
+      <li>Previous: <a href="conventions.html" title="previous chapter">Library conventions</a></li>
+      <li>Next: <a href="usage.html" title="next chapter">Usage considerations</a></li>
+  </ul></li>
+</ul>
+</div>
+  <div role="note" aria-label="source link">
+    <h3>This Page</h3>
+    <ul class="this-page-menu">
+      <li><a href="../_sources/overview/implementation.rst.txt"
+            rel="nofollow">Show Source</a></li>
+    </ul>
+   </div>
+<div id="searchbox" style="display: none" role="search">
+  <h3>Quick search</h3>
+    <form class="search" action="../search.html" method="get">
+      <div><input type="text" name="q" /></div>
+      <div><input type="submit" value="Go" /></div>
+      <input type="hidden" name="check_keywords" value="yes" />
+      <input type="hidden" name="area" value="default" />
+    </form>
+</div>
+<script type="text/javascript">$('#searchbox').show(0);</script>
+        </div>
+      </div>
+      <div class="clearer"></div>
+    </div>
+    <div class="footer">
+      &copy; 2019-2020, Arm Limited or its affiliates. All rights reserved.
+      
+      |
+      Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
+      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
+      
+      |
+      <a href="../_sources/overview/implementation.rst.txt"
+          rel="nofollow">Page source</a>
+    </div>
+
+    
+
+    
+  </body>
+</html>
\ No newline at end of file
diff --git a/docs/html/overview/intro.html b/docs/html/overview/intro.html
new file mode 100644
index 0000000..dd5a664
--- /dev/null
+++ b/docs/html/overview/intro.html
@@ -0,0 +1,127 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <title>Introduction &#8212; PSA Crypto API 1.0.0 documentation</title>
+    <link rel="stylesheet" href="../_static/alabaster.css" type="text/css" />
+    <link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
+    <script type="text/javascript">
+      var DOCUMENTATION_OPTIONS = {
+        URL_ROOT:    '../',
+        VERSION:     '1.0.0',
+        COLLAPSE_INDEX: false,
+        FILE_SUFFIX: '.html',
+        HAS_SOURCE:  true,
+        SOURCELINK_SUFFIX: '.txt'
+      };
+    </script>
+    <script type="text/javascript" src="../_static/jquery.js"></script>
+    <script type="text/javascript" src="../_static/underscore.js"></script>
+    <script type="text/javascript" src="../_static/doctools.js"></script>
+    <link rel="index" title="Index" href="../genindex.html" />
+    <link rel="search" title="Search" href="../search.html" />
+    <link rel="next" title="Design goals" href="goals.html" />
+    <link rel="prev" title="PSA Cryptography API 1.0" href="../index.html" />
+   
+  <link rel="stylesheet" href="../_static/custom.css" type="text/css" />
+  
+  <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
+
+  </head>
+  <body>
+  
+
+    <div class="document">
+      <div class="documentwrapper">
+        <div class="bodywrapper">
+          <div class="body" role="main">
+            
+  <div class="section" id="introduction">
+<h1>Introduction</h1>
+<p>Arm’s Platform Security Architecture (PSA) is a holistic set of threat models,
+security analyses, hardware and firmware architecture specifications, an
+open source firmware reference implementation, and an independent evaluation
+and certification scheme. PSA provides a recipe, based on
+industry best practice, that allows security to be consistently designed in, at
+both a hardware and firmware level.</p>
+<p>The PSA Cryptographic API (Crypto API) described in this document is an
+important PSA component that provides an interface to cryptographic operations
+on resource-constrained devices. The interface is user-friendly, while still
+providing access to the low-level primitives used in modern cryptography. It
+does not require that the user has access to the key material. Instead, it uses
+opaque key identifiers.</p>
+<p>This document is part of the PSA family of specifications. It defines an
+interface for cryptographic services, including cryptography primitives and a
+key storage functionality.</p>
+<p>This document includes:</p>
+<ul class="simple">
+<li>A <a class="reference internal" href="goals.html#design-goals"><span class="std std-ref">rationale</span></a> for the design.</li>
+<li>A <a class="reference internal" href="functionality.html#functionality-overview"><span class="std std-ref">high-level overview of the functionality</span></a>
+provided by the interface.</li>
+<li>A <a class="reference internal" href="sample-arch.html#architectures"><span class="std std-ref">description of typical architectures</span></a> of
+implementations for this specification.</li>
+<li>General considerations <a class="reference internal" href="implementation.html#implementation-considerations"><span class="std std-ref">for implementers</span></a>
+of this specification and <a class="reference internal" href="usage.html#usage-considerations"><span class="std std-ref">for applications</span></a> that
+use the interface defined in this specification.</li>
+<li>A <a class="reference internal" href="../api/library/index.html#api-reference"><span class="std std-ref">detailed definition</span></a> of the API.</li>
+</ul>
+<p>Companion documents will define <em>profiles</em> for this specification. A profile is
+a minimum mandatory subset of the interface that a compliant implementation must
+provide.</p>
+</div>
+
+
+          </div>
+        </div>
+      </div>
+      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
+        <div class="sphinxsidebarwrapper"><div class="relations">
+<h3>Related Topics</h3>
+<ul>
+  <li><a href="../index.html">Documentation overview</a><ul>
+      <li>Previous: <a href="../index.html" title="previous chapter">PSA Cryptography API 1.0</a></li>
+      <li>Next: <a href="goals.html" title="next chapter">Design goals</a></li>
+  </ul></li>
+</ul>
+</div>
+  <div role="note" aria-label="source link">
+    <h3>This Page</h3>
+    <ul class="this-page-menu">
+      <li><a href="../_sources/overview/intro.rst.txt"
+            rel="nofollow">Show Source</a></li>
+    </ul>
+   </div>
+<div id="searchbox" style="display: none" role="search">
+  <h3>Quick search</h3>
+    <form class="search" action="../search.html" method="get">
+      <div><input type="text" name="q" /></div>
+      <div><input type="submit" value="Go" /></div>
+      <input type="hidden" name="check_keywords" value="yes" />
+      <input type="hidden" name="area" value="default" />
+    </form>
+</div>
+<script type="text/javascript">$('#searchbox').show(0);</script>
+        </div>
+      </div>
+      <div class="clearer"></div>
+    </div>
+    <div class="footer">
+      &copy; 2019-2020, Arm Limited or its affiliates. All rights reserved.
+      
+      |
+      Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
+      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
+      
+      |
+      <a href="../_sources/overview/intro.rst.txt"
+          rel="nofollow">Page source</a>
+    </div>
+
+    
+
+    
+  </body>
+</html>
\ No newline at end of file
diff --git a/docs/html/overview/sample-arch.html b/docs/html/overview/sample-arch.html
new file mode 100644
index 0000000..855382d
--- /dev/null
+++ b/docs/html/overview/sample-arch.html
@@ -0,0 +1,212 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <title>Sample architectures &#8212; PSA Crypto API 1.0.0 documentation</title>
+    <link rel="stylesheet" href="../_static/alabaster.css" type="text/css" />
+    <link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
+    <script type="text/javascript">
+      var DOCUMENTATION_OPTIONS = {
+        URL_ROOT:    '../',
+        VERSION:     '1.0.0',
+        COLLAPSE_INDEX: false,
+        FILE_SUFFIX: '.html',
+        HAS_SOURCE:  true,
+        SOURCELINK_SUFFIX: '.txt'
+      };
+    </script>
+    <script type="text/javascript" src="../_static/jquery.js"></script>
+    <script type="text/javascript" src="../_static/underscore.js"></script>
+    <script type="text/javascript" src="../_static/doctools.js"></script>
+    <link rel="index" title="Index" href="../genindex.html" />
+    <link rel="search" title="Search" href="../search.html" />
+    <link rel="next" title="Library conventions" href="conventions.html" />
+    <link rel="prev" title="Functionality overview" href="functionality.html" />
+   
+  <link rel="stylesheet" href="../_static/custom.css" type="text/css" />
+  
+  <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
+
+  </head>
+  <body>
+  
+
+    <div class="document">
+      <div class="documentwrapper">
+        <div class="bodywrapper">
+          <div class="body" role="main">
+            
+  <div class="section" id="sample-architectures">
+<span id="architectures"></span><h1>Sample architectures</h1>
+<p>This section describes some example architectures that can be used for
+implementations of the interface described in this specification. This list is
+not exhaustive and the section is entirely non-normative.</p>
+<div class="section" id="single-partition-architecture">
+<h2>Single-partition architecture</h2>
+<p>In the single-partition architecture, there is no security boundary inside the system. The
+application code can access all the system memory, including the memory used by
+the cryptographic services described in this specification. Thus, the
+architecture provides <a class="reference internal" href="goals.html#isolation"><span class="std std-ref">no isolation</span></a>.</p>
+<p>This architecture does not conform to the Arm <em>Platform Security Architecture
+Security Model</em>. However, it is useful for providing cryptographic services
+that use the same interface, even on devices that cannot support any security
+boundary. So, while this architecture is not the primary design goal of the API
+defined in the present specification, it is supported.</p>
+<p>The functions in this specification simply execute the underlying algorithmic
+code. Security checks can be kept to a minimum, since the cryptoprocessor cannot
+defend against a malicious application. Key import and export copy data inside
+the same memory space.</p>
+<p>This architecture also describes a subset of some larger systems, where the
+cryptographic services are implemented inside a high-security partition,
+separate from the code of the main application, though it shares this
+high-security partition with other platform security services.</p>
+</div>
+<div class="section" id="cryptographic-token-and-single-application-processor">
+<span id="isolated-cryptoprocessor"></span><h2>Cryptographic token and single-application processor</h2>
+<p>This system is composed of two partitions: one is a cryptoprocessor and the
+other partition runs an application. There is a security boundary between the
+two partitions, so that the application cannot access the cryptoprocessor,
+except through its public interface. Thus, the architecture provides
+<a class="reference internal" href="goals.html#isolation"><span class="std std-ref">cryptoprocessor isolation</span></a>. The cryptoprocessor has
+some non-volatile storage, a TRNG, and possibly, some cryptographic accelerators.</p>
+<p>There are a number of potential physical realizations: the cryptoprocessor might
+be a separate chip, a separate processor on the same chip, or a logical
+partition using a combination of hardware and software to provide the isolation.
+These realizations are functionally equivalent in terms of the offered software
+interface, but they would typically offer different levels of security
+guarantees.</p>
+<p>The PSA crypto API in the application processor consists of a thin layer of code
+that translates function calls to remote procedure calls in the cryptoprocessor.
+All cryptographic computations are, therefore, performed inside the
+cryptoprocessor. Non-volatile keys are stored inside the cryptoprocessor.</p>
+</div>
+<div class="section" id="cryptoprocessor-with-no-key-storage">
+<h2>Cryptoprocessor with no key storage</h2>
+<p>As in the <em><a class="reference internal" href="#isolated-cryptoprocessor"><span class="std std-ref">Cryptographic token and single-application processor</span></a></em> architecture, this system
+is also composed of two partitions separated by a security boundary and also
+provides <a class="reference internal" href="goals.html#isolation"><span class="std std-ref">cryptoprocessor isolation</span></a>.
+However, unlike the previous architecture, in this system, the cryptoprocessor
+does not have any secure, persistent storage that could be used to store
+application keys.</p>
+<p>If the cryptoprocessor is not capable of storing cryptographic material, then
+there is little use for a separate cryptoprocessor, since all data would have to
+be imported by the application.</p>
+<p>The cryptoprocessor can provide useful services if it is able to store at least
+one key. This might be a hardware unique key that is burnt to one-time
+programmable memory during the manufacturing of the device. This key can be used
+for one or more purposes:</p>
+<ul class="simple">
+<li>Encrypt and authenticate data stored in the application processor.</li>
+<li>Communicate with a paired device.</li>
+<li>Allow the application to perform operations with keys that are derived from
+the hardware unique key.</li>
+</ul>
+</div>
+<div class="section" id="multi-client-cryptoprocessor">
+<h2>Multi-client cryptoprocessor</h2>
+<p>This is an expanded variant of the <a class="reference internal" href="#isolated-cryptoprocessor"><span class="std std-ref">cryptographic token plus application
+architecture</span></a>. In this
+variant, the cryptoprocessor serves multiple applications that are mutually
+untrustworthy. This architecture provides <a class="reference internal" href="goals.html#isolation"><span class="std std-ref">caller
+isolation</span></a>.</p>
+<p>In this architecture, API calls are translated to remote procedure calls, which
+encode the identity of the client application. The cryptoprocessor carefully
+segments its internal storage to ensure that a client’s data is never leaked to
+another client.</p>
+</div>
+<div class="section" id="multi-cryptoprocessor-architecture">
+<h2>Multi-cryptoprocessor architecture</h2>
+<p>This system includes multiple cryptoprocessors. There are several reasons to
+have multiple cryptoprocessors:</p>
+<ul class="simple">
+<li>Different compromises between security and performance for different keys.
+Typically, this means a cryptoprocessor that runs on the same hardware as the
+main application and processes short-term secrets, a secure element or a
+similar separate chip that retains long-term secrets.</li>
+<li>Independent provisioning of certain secrets.</li>
+<li>A combination of a non-removable cryptoprocessor and removable ones, for
+example, a smartcard or HSM.</li>
+<li>Cryptoprocessors managed by different stakeholders who do not trust each
+other.</li>
+</ul>
+<p>The keystore implementation needs to dispatch each request to the correct
+processor. For example:</p>
+<ul class="simple">
+<li>All requests involving a non-extractable key must be processed in the
+cryptoprocessor that holds that key.</li>
+<li>Requests involving a persistent key must be processed in the cryptoprocessor
+that corresponds to the key’s lifetime value.</li>
+<li>Requests involving a volatile key might target a cryptoprocessor based on
+parameters supplied by the application, or based on considerations such as
+performance inside the implementation.</li>
+</ul>
+</div>
+</div>
+
+
+          </div>
+        </div>
+      </div>
+      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
+        <div class="sphinxsidebarwrapper">
+  <h3><a href="../index.html">Table Of Contents</a></h3>
+  <ul>
+<li><a class="reference internal" href="#">Sample architectures</a><ul>
+<li><a class="reference internal" href="#single-partition-architecture">Single-partition architecture</a></li>
+<li><a class="reference internal" href="#cryptographic-token-and-single-application-processor">Cryptographic token and single-application processor</a></li>
+<li><a class="reference internal" href="#cryptoprocessor-with-no-key-storage">Cryptoprocessor with no key storage</a></li>
+<li><a class="reference internal" href="#multi-client-cryptoprocessor">Multi-client cryptoprocessor</a></li>
+<li><a class="reference internal" href="#multi-cryptoprocessor-architecture">Multi-cryptoprocessor architecture</a></li>
+</ul>
+</li>
+</ul>
+<div class="relations">
+<h3>Related Topics</h3>
+<ul>
+  <li><a href="../index.html">Documentation overview</a><ul>
+      <li>Previous: <a href="functionality.html" title="previous chapter">Functionality overview</a></li>
+      <li>Next: <a href="conventions.html" title="next chapter">Library conventions</a></li>
+  </ul></li>
+</ul>
+</div>
+  <div role="note" aria-label="source link">
+    <h3>This Page</h3>
+    <ul class="this-page-menu">
+      <li><a href="../_sources/overview/sample-arch.rst.txt"
+            rel="nofollow">Show Source</a></li>
+    </ul>
+   </div>
+<div id="searchbox" style="display: none" role="search">
+  <h3>Quick search</h3>
+    <form class="search" action="../search.html" method="get">
+      <div><input type="text" name="q" /></div>
+      <div><input type="submit" value="Go" /></div>
+      <input type="hidden" name="check_keywords" value="yes" />
+      <input type="hidden" name="area" value="default" />
+    </form>
+</div>
+<script type="text/javascript">$('#searchbox').show(0);</script>
+        </div>
+      </div>
+      <div class="clearer"></div>
+    </div>
+    <div class="footer">
+      &copy; 2019-2020, Arm Limited or its affiliates. All rights reserved.
+      
+      |
+      Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
+      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
+      
+      |
+      <a href="../_sources/overview/sample-arch.rst.txt"
+          rel="nofollow">Page source</a>
+    </div>
+
+    
+
+    
+  </body>
+</html>
\ No newline at end of file
diff --git a/docs/html/overview/usage.html b/docs/html/overview/usage.html
new file mode 100644
index 0000000..306bcee
--- /dev/null
+++ b/docs/html/overview/usage.html
@@ -0,0 +1,171 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <title>Usage considerations &#8212; PSA Crypto API 1.0.0 documentation</title>
+    <link rel="stylesheet" href="../_static/alabaster.css" type="text/css" />
+    <link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
+    <script type="text/javascript">
+      var DOCUMENTATION_OPTIONS = {
+        URL_ROOT:    '../',
+        VERSION:     '1.0.0',
+        COLLAPSE_INDEX: false,
+        FILE_SUFFIX: '.html',
+        HAS_SOURCE:  true,
+        SOURCELINK_SUFFIX: '.txt'
+      };
+    </script>
+    <script type="text/javascript" src="../_static/jquery.js"></script>
+    <script type="text/javascript" src="../_static/underscore.js"></script>
+    <script type="text/javascript" src="../_static/doctools.js"></script>
+    <link rel="index" title="Index" href="../genindex.html" />
+    <link rel="search" title="Search" href="../search.html" />
+    <link rel="next" title="Library management reference" href="../api/library/index.html" />
+    <link rel="prev" title="Implementation considerations" href="implementation.html" />
+   
+  <link rel="stylesheet" href="../_static/custom.css" type="text/css" />
+  
+  <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
+
+  </head>
+  <body>
+  
+
+    <div class="document">
+      <div class="documentwrapper">
+        <div class="bodywrapper">
+          <div class="body" role="main">
+            
+  <div class="section" id="usage-considerations">
+<span id="id1"></span><h1>Usage considerations</h1>
+<div class="section" id="security-recommendations">
+<h2>Security recommendations</h2>
+<div class="section" id="always-check-for-errors">
+<h3>Always check for errors</h3>
+<p>Most functions in this API can return errors. All functions that can fail have
+the return type <a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_status_t</span></code></a>. A few functions cannot fail, and thus, return
+<code class="docutils literal"><span class="pre">void</span></code> or some other type.</p>
+<p>If an error occurs, unless otherwise specified, the content of the output
+parameters is undefined and must not be used.</p>
+<p>Some common causes of errors include:</p>
+<ul class="simple">
+<li>In implementations where the keys are stored and processed in a separate
+environment from the application, all functions that need to access the
+cryptography processing environment might fail due to an error in the
+communication between the two environments.</li>
+<li>If an algorithm is implemented with a hardware accelerator, which is
+logically separate from the application processor, the accelerator might fail,
+even when the application processor keeps running normally.</li>
+<li>Most functions might fail due to a lack of resources. However, some
+implementations guarantee that certain functions always have sufficient
+memory.</li>
+<li>All functions that access persistent keys might fail due to a storage failure.</li>
+<li>All functions that require randomness might fail due to a lack of entropy.
+Implementations are encouraged to seed the random generator with sufficient
+entropy during the execution of <a class="reference internal" href="../api/library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. However, some security
+standards require periodic reseeding from a hardware random generator, which
+can fail.</li>
+</ul>
+</div>
+<div class="section" id="shared-memory-and-concurrency">
+<h3>Shared memory and concurrency</h3>
+<p>Some environments allow applications to be multithreaded, while others do not.
+In some environments, applications can share memory with a different security
+context. In environments with multithreaded applications or shared memory,
+applications must be written carefully to avoid data corruption or leakage. This
+specification requires the application to obey certain constraints.</p>
+<p>In general, this API allows either one writer or any number of simultaneous
+readers, on any given object. In other words, if two or more calls access the
+same object concurrently, then the behavior is only well-defined if all the
+calls are only reading from the object and do not modify it. Read accesses
+include reading memory by input parameters and reading keystore content by using
+a key. For more details, refer to the <a class="reference internal" href="conventions.html#concurrency"><span class="std std-ref">Concurrent calls</span></a>
+section.</p>
+<p>If an application shares memory with another security context, it can pass
+shared memory blocks as input buffers or output buffers, but not as non-buffer
+parameters. For more details, refer to the <em><a class="reference internal" href="conventions.html#stability-of-parameters"><span class="std std-ref">Stability of parameters</span></a></em> section.</p>
+</div>
+<div class="section" id="cleaning-up-after-use">
+<h3>Cleaning up after use</h3>
+<p>To minimize impact if the system is compromised, it is recommended that
+applications wipe all sensitive data from memory when it is no longer used. That
+way, only data that is currently in use can be leaked, and past data is not
+compromised.</p>
+<p>Wiping sensitive data includes:</p>
+<ul class="simple">
+<li>Clearing temporary buffers in the stack or on the heap.</li>
+<li>Aborting operations if they will not be finished.</li>
+<li>Destroying keys that are no longer used.</li>
+</ul>
+</div>
+</div>
+</div>
+
+
+          </div>
+        </div>
+      </div>
+      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
+        <div class="sphinxsidebarwrapper">
+  <h3><a href="../index.html">Table Of Contents</a></h3>
+  <ul>
+<li><a class="reference internal" href="#">Usage considerations</a><ul>
+<li><a class="reference internal" href="#security-recommendations">Security recommendations</a><ul>
+<li><a class="reference internal" href="#always-check-for-errors">Always check for errors</a></li>
+<li><a class="reference internal" href="#shared-memory-and-concurrency">Shared memory and concurrency</a></li>
+<li><a class="reference internal" href="#cleaning-up-after-use">Cleaning up after use</a></li>
+</ul>
+</li>
+</ul>
+</li>
+</ul>
+<div class="relations">
+<h3>Related Topics</h3>
+<ul>
+  <li><a href="../index.html">Documentation overview</a><ul>
+      <li>Previous: <a href="implementation.html" title="previous chapter">Implementation considerations</a></li>
+      <li>Next: <a href="../api/library/index.html" title="next chapter">Library management reference</a></li>
+  </ul></li>
+</ul>
+</div>
+  <div role="note" aria-label="source link">
+    <h3>This Page</h3>
+    <ul class="this-page-menu">
+      <li><a href="../_sources/overview/usage.rst.txt"
+            rel="nofollow">Show Source</a></li>
+    </ul>
+   </div>
+<div id="searchbox" style="display: none" role="search">
+  <h3>Quick search</h3>
+    <form class="search" action="../search.html" method="get">
+      <div><input type="text" name="q" /></div>
+      <div><input type="submit" value="Go" /></div>
+      <input type="hidden" name="check_keywords" value="yes" />
+      <input type="hidden" name="area" value="default" />
+    </form>
+</div>
+<script type="text/javascript">$('#searchbox').show(0);</script>
+        </div>
+      </div>
+      <div class="clearer"></div>
+    </div>
+    <div class="footer">
+      &copy; 2019-2020, Arm Limited or its affiliates. All rights reserved.
+      
+      |
+      Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
+      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
+      
+      |
+      <a href="../_sources/overview/usage.rst.txt"
+          rel="nofollow">Page source</a>
+    </div>
+
+    
+
+    
+  </body>
+</html>
\ No newline at end of file
diff --git a/docs/html/psa_c-identifiers.html b/docs/html/psa_c-identifiers.html
index ddc3b8e..5442410 100644
--- a/docs/html/psa_c-identifiers.html
+++ b/docs/html/psa_c-identifiers.html
@@ -4,35 +4,40 @@
 
 <html xmlns="http://www.w3.org/1999/xhtml">
   <head>
-    <meta http-equiv="X-UA-Compatible" content="IE=Edge" />
     <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-    <title>Index of C identifiers &#8212; psa_crypto_api 1.0 beta3 documentation</title>
+    <title>Index of C identifiers &#8212; PSA Crypto API 1.0.0 documentation</title>
     <link rel="stylesheet" href="_static/alabaster.css" type="text/css" />
     <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
-    <script type="text/javascript" id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
+    <script type="text/javascript">
+      var DOCUMENTATION_OPTIONS = {
+        URL_ROOT:    './',
+        VERSION:     '1.0.0',
+        COLLAPSE_INDEX: false,
+        FILE_SUFFIX: '.html',
+        HAS_SOURCE:  true,
+        SOURCELINK_SUFFIX: '.txt'
+      };
+    </script>
     <script type="text/javascript" src="_static/jquery.js"></script>
     <script type="text/javascript" src="_static/underscore.js"></script>
     <script type="text/javascript" src="_static/doctools.js"></script>
-    <script type="text/javascript" src="_static/language_data.js"></script>
     <link rel="index" title="Index" href="genindex.html" />
     <link rel="search" title="Search" href="search.html" />
 
    
   <link rel="stylesheet" href="_static/custom.css" type="text/css" />
   
-  
   <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
 
 
 
-  </head><body>
+  </head>
+  <body>
   
 
     <div class="document">
       <div class="documentwrapper">
         <div class="bodywrapper">
-          
-
           <div class="body" role="main">
             
 
@@ -49,11 +54,11 @@
    <a href="#cap-PSA_I"><strong>PSA_I</strong></a> | 
    <a href="#cap-PSA_K"><strong>PSA_K</strong></a> | 
    <a href="#cap-PSA_M"><strong>PSA_M</strong></a> | 
-   <a href="#cap-PSA_O"><strong>PSA_O</strong></a> | 
+   <a href="#cap-PSA_P"><strong>PSA_P</strong></a> | 
    <a href="#cap-PSA_R"><strong>PSA_R</strong></a> | 
    <a href="#cap-PSA_S"><strong>PSA_S</strong></a> | 
-   <a href="#cap-PSA_V"><strong>PSA_V</strong></a> | 
-   <a href="#cap-PSA__"><strong>PSA__</strong></a>
+   <a href="#cap-PSA_T"><strong>PSA_T</strong></a> | 
+   <a href="#cap-PSA_V"><strong>PSA_V</strong></a>
    </div>
 
    <table class="indextable modindextable">
@@ -63,737 +68,582 @@
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_AEAD_DECRYPT_OUTPUT_SIZE"><code class="xref">PSA_AEAD_DECRYPT_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/aead.html#PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE"><code class="xref">PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_AEAD_ENCRYPT_OUTPUT_SIZE"><code class="xref">PSA_AEAD_ENCRYPT_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/aead.html#PSA_AEAD_DECRYPT_OUTPUT_SIZE"><code class="xref">PSA_AEAD_DECRYPT_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_AEAD_FINISH_OUTPUT_SIZE"><code class="xref">PSA_AEAD_FINISH_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/aead.html#PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE"><code class="xref">PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_AEAD_OPERATION_INIT"><code class="xref">PSA_AEAD_OPERATION_INIT</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/aead.html#PSA_AEAD_ENCRYPT_OUTPUT_SIZE"><code class="xref">PSA_AEAD_ENCRYPT_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_AEAD_TAG_LENGTH"><code class="xref">PSA_AEAD_TAG_LENGTH</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/aead.html#PSA_AEAD_FINISH_OUTPUT_MAX_SIZE"><code class="xref">PSA_AEAD_FINISH_OUTPUT_MAX_SIZE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_AEAD_TAG_LENGTH_OFFSET"><code class="xref">PSA_AEAD_TAG_LENGTH_OFFSET</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/aead.html#PSA_AEAD_FINISH_OUTPUT_SIZE"><code class="xref">PSA_AEAD_FINISH_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_AEAD_UPDATE_OUTPUT_SIZE"><code class="xref">PSA_AEAD_UPDATE_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/aead.html#PSA_AEAD_NONCE_LENGTH"><code class="xref">PSA_AEAD_NONCE_LENGTH</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_AEAD_VERIFY_OUTPUT_SIZE"><code class="xref">PSA_AEAD_VERIFY_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/aead.html#PSA_AEAD_NONCE_MAX_SIZE"><code class="xref">PSA_AEAD_NONCE_MAX_SIZE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_AEAD_FROM_BLOCK_FLAG"><code class="xref">PSA_ALG_AEAD_FROM_BLOCK_FLAG</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/aead.html#PSA_AEAD_OPERATION_INIT"><code class="xref">PSA_AEAD_OPERATION_INIT</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_AEAD_TAG_LENGTH_MASK"><code class="xref">PSA_ALG_AEAD_TAG_LENGTH_MASK</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/aead.html#PSA_AEAD_TAG_LENGTH"><code class="xref">PSA_AEAD_TAG_LENGTH</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH"><code class="xref">PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/aead.html#PSA_AEAD_TAG_MAX_SIZE"><code class="xref">PSA_AEAD_TAG_MAX_SIZE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_AEAD_WITH_TAG_LENGTH"><code class="xref">PSA_ALG_AEAD_WITH_TAG_LENGTH</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/aead.html#PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE"><code class="xref">PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_ANY_HASH"><code class="xref">PSA_ALG_ANY_HASH</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/aead.html#PSA_AEAD_UPDATE_OUTPUT_SIZE"><code class="xref">PSA_AEAD_UPDATE_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_ARC4"><code class="xref">PSA_ALG_ARC4</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/aead.html#PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE"><code class="xref">PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_CATEGORY_AEAD"><code class="xref">PSA_ALG_CATEGORY_AEAD</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/aead.html#PSA_AEAD_VERIFY_OUTPUT_SIZE"><code class="xref">PSA_AEAD_VERIFY_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION"><code class="xref">PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/aead.html#PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG"><code class="xref">PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_CATEGORY_CIPHER"><code class="xref">PSA_ALG_CATEGORY_CIPHER</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/aead.html#PSA_ALG_AEAD_WITH_SHORTENED_TAG"><code class="xref">PSA_ALG_AEAD_WITH_SHORTENED_TAG</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_CATEGORY_HASH"><code class="xref">PSA_ALG_CATEGORY_HASH</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/sign.html#PSA_ALG_ANY_HASH"><code class="xref">PSA_ALG_ANY_HASH</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_CATEGORY_KEY_AGREEMENT"><code class="xref">PSA_ALG_CATEGORY_KEY_AGREEMENT</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/macs.html#PSA_ALG_CBC_MAC"><code class="xref">PSA_ALG_CBC_MAC</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_CATEGORY_KEY_DERIVATION"><code class="xref">PSA_ALG_CATEGORY_KEY_DERIVATION</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/ciphers.html#PSA_ALG_CBC_NO_PADDING"><code class="xref">PSA_ALG_CBC_NO_PADDING</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_CATEGORY_MAC"><code class="xref">PSA_ALG_CATEGORY_MAC</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/ciphers.html#PSA_ALG_CBC_PKCS7"><code class="xref">PSA_ALG_CBC_PKCS7</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_CATEGORY_MASK"><code class="xref">PSA_ALG_CATEGORY_MASK</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/aead.html#PSA_ALG_CCM"><code class="xref">PSA_ALG_CCM</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_CATEGORY_SIGN"><code class="xref">PSA_ALG_CATEGORY_SIGN</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/ciphers.html#PSA_ALG_CFB"><code class="xref">PSA_ALG_CFB</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_CBC_MAC"><code class="xref">PSA_ALG_CBC_MAC</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/aead.html#PSA_ALG_CHACHA20_POLY1305"><code class="xref">PSA_ALG_CHACHA20_POLY1305</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_CBC_NO_PADDING"><code class="xref">PSA_ALG_CBC_NO_PADDING</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/macs.html#PSA_ALG_CMAC"><code class="xref">PSA_ALG_CMAC</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_CBC_PKCS7"><code class="xref">PSA_ALG_CBC_PKCS7</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/ciphers.html#PSA_ALG_CTR"><code class="xref">PSA_ALG_CTR</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_CCM"><code class="xref">PSA_ALG_CCM</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/sign.html#PSA_ALG_DETERMINISTIC_ECDSA"><code class="xref">PSA_ALG_DETERMINISTIC_ECDSA</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_CFB"><code class="xref">PSA_ALG_CFB</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/ciphers.html#PSA_ALG_ECB_NO_PADDING"><code class="xref">PSA_ALG_ECB_NO_PADDING</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_CHACHA20"><code class="xref">PSA_ALG_CHACHA20</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/ka.html#PSA_ALG_ECDH"><code class="xref">PSA_ALG_ECDH</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_CHACHA20_POLY1305"><code class="xref">PSA_ALG_CHACHA20_POLY1305</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/sign.html#PSA_ALG_ECDSA"><code class="xref">PSA_ALG_ECDSA</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_CIPHER_FROM_BLOCK_FLAG"><code class="xref">PSA_ALG_CIPHER_FROM_BLOCK_FLAG</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/sign.html#PSA_ALG_ECDSA_ANY"><code class="xref">PSA_ALG_ECDSA_ANY</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_CIPHER_MAC_BASE"><code class="xref">PSA_ALG_CIPHER_MAC_BASE</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/ka.html#PSA_ALG_FFDH"><code class="xref">PSA_ALG_FFDH</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_CIPHER_STREAM_FLAG"><code class="xref">PSA_ALG_CIPHER_STREAM_FLAG</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/macs.html#PSA_ALG_FULL_LENGTH_MAC"><code class="xref">PSA_ALG_FULL_LENGTH_MAC</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_CMAC"><code class="xref">PSA_ALG_CMAC</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/aead.html#PSA_ALG_GCM"><code class="xref">PSA_ALG_GCM</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_CTR"><code class="xref">PSA_ALG_CTR</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/algorithms.html#PSA_ALG_GET_HASH"><code class="xref">PSA_ALG_GET_HASH</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_DETERMINISTIC_ECDSA"><code class="xref">PSA_ALG_DETERMINISTIC_ECDSA</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/kdf.html#PSA_ALG_HKDF"><code class="xref">PSA_ALG_HKDF</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_DETERMINISTIC_ECDSA_BASE"><code class="xref">PSA_ALG_DETERMINISTIC_ECDSA_BASE</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/macs.html#PSA_ALG_HMAC"><code class="xref">PSA_ALG_HMAC</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_ECDH"><code class="xref">PSA_ALG_ECDH</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/algorithms.html#PSA_ALG_IS_AEAD"><code class="xref">PSA_ALG_IS_AEAD</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_ECDSA"><code class="xref">PSA_ALG_ECDSA</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/aead.html#PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER"><code class="xref">PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_ECDSA_ANY"><code class="xref">PSA_ALG_ECDSA_ANY</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/algorithms.html#PSA_ALG_IS_ASYMMETRIC_ENCRYPTION"><code class="xref">PSA_ALG_IS_ASYMMETRIC_ENCRYPTION</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_ECDSA_BASE"><code class="xref">PSA_ALG_ECDSA_BASE</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/macs.html#PSA_ALG_IS_BLOCK_CIPHER_MAC"><code class="xref">PSA_ALG_IS_BLOCK_CIPHER_MAC</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_ECDSA_IS_DETERMINISTIC"><code class="xref">PSA_ALG_ECDSA_IS_DETERMINISTIC</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/algorithms.html#PSA_ALG_IS_CIPHER"><code class="xref">PSA_ALG_IS_CIPHER</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_FFDH"><code class="xref">PSA_ALG_FFDH</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/sign.html#PSA_ALG_IS_DETERMINISTIC_ECDSA"><code class="xref">PSA_ALG_IS_DETERMINISTIC_ECDSA</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_FULL_LENGTH_MAC"><code class="xref">PSA_ALG_FULL_LENGTH_MAC</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/ka.html#PSA_ALG_IS_ECDH"><code class="xref">PSA_ALG_IS_ECDH</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_GCM"><code class="xref">PSA_ALG_GCM</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/sign.html#PSA_ALG_IS_ECDSA"><code class="xref">PSA_ALG_IS_ECDSA</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_GMAC"><code class="xref">PSA_ALG_GMAC</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/ka.html#PSA_ALG_IS_FFDH"><code class="xref">PSA_ALG_IS_FFDH</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_HASH_MASK"><code class="xref">PSA_ALG_HASH_MASK</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/algorithms.html#PSA_ALG_IS_HASH"><code class="xref">PSA_ALG_IS_HASH</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_HKDF"><code class="xref">PSA_ALG_HKDF</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/sign.html#PSA_ALG_IS_HASH_AND_SIGN"><code class="xref">PSA_ALG_IS_HASH_AND_SIGN</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_HKDF_BASE"><code class="xref">PSA_ALG_HKDF_BASE</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/kdf.html#PSA_ALG_IS_HKDF"><code class="xref">PSA_ALG_IS_HKDF</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_HKDF_GET_HASH"><code class="xref">PSA_ALG_HKDF_GET_HASH</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/macs.html#PSA_ALG_IS_HMAC"><code class="xref">PSA_ALG_IS_HMAC</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_HMAC"><code class="xref">PSA_ALG_HMAC</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/algorithms.html#PSA_ALG_IS_KEY_AGREEMENT"><code class="xref">PSA_ALG_IS_KEY_AGREEMENT</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_HMAC_BASE"><code class="xref">PSA_ALG_HMAC_BASE</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/algorithms.html#PSA_ALG_IS_KEY_DERIVATION"><code class="xref">PSA_ALG_IS_KEY_DERIVATION</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_HMAC_GET_HASH"><code class="xref">PSA_ALG_HMAC_GET_HASH</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/algorithms.html#PSA_ALG_IS_MAC"><code class="xref">PSA_ALG_IS_MAC</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_IS_AEAD"><code class="xref">PSA_ALG_IS_AEAD</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/sign.html#PSA_ALG_IS_RANDOMIZED_ECDSA"><code class="xref">PSA_ALG_IS_RANDOMIZED_ECDSA</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER"><code class="xref">PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/ka.html#PSA_ALG_IS_RAW_KEY_AGREEMENT"><code class="xref">PSA_ALG_IS_RAW_KEY_AGREEMENT</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_IS_ASYMMETRIC_ENCRYPTION"><code class="xref">PSA_ALG_IS_ASYMMETRIC_ENCRYPTION</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/pke.html#PSA_ALG_IS_RSA_OAEP"><code class="xref">PSA_ALG_IS_RSA_OAEP</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_IS_BLOCK_CIPHER_MAC"><code class="xref">PSA_ALG_IS_BLOCK_CIPHER_MAC</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/sign.html#PSA_ALG_IS_RSA_PKCS1V15_SIGN"><code class="xref">PSA_ALG_IS_RSA_PKCS1V15_SIGN</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_IS_CIPHER"><code class="xref">PSA_ALG_IS_CIPHER</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/sign.html#PSA_ALG_IS_RSA_PSS"><code class="xref">PSA_ALG_IS_RSA_PSS</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_IS_DETERMINISTIC_ECDSA"><code class="xref">PSA_ALG_IS_DETERMINISTIC_ECDSA</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/algorithms.html#PSA_ALG_IS_SIGN"><code class="xref">PSA_ALG_IS_SIGN</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_IS_ECDH"><code class="xref">PSA_ALG_IS_ECDH</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/sign.html#PSA_ALG_IS_SIGN_HASH"><code class="xref">PSA_ALG_IS_SIGN_HASH</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_IS_ECDSA"><code class="xref">PSA_ALG_IS_ECDSA</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/sign.html#PSA_ALG_IS_SIGN_MESSAGE"><code class="xref">PSA_ALG_IS_SIGN_MESSAGE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_IS_FFDH"><code class="xref">PSA_ALG_IS_FFDH</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/ciphers.html#PSA_ALG_IS_STREAM_CIPHER"><code class="xref">PSA_ALG_IS_STREAM_CIPHER</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_IS_HASH"><code class="xref">PSA_ALG_IS_HASH</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/kdf.html#PSA_ALG_IS_TLS12_PRF"><code class="xref">PSA_ALG_IS_TLS12_PRF</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_IS_HASH_AND_SIGN"><code class="xref">PSA_ALG_IS_HASH_AND_SIGN</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/kdf.html#PSA_ALG_IS_TLS12_PSK_TO_MS"><code class="xref">PSA_ALG_IS_TLS12_PSK_TO_MS</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_IS_HKDF"><code class="xref">PSA_ALG_IS_HKDF</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/algorithms.html#PSA_ALG_IS_WILDCARD"><code class="xref">PSA_ALG_IS_WILDCARD</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_IS_HMAC"><code class="xref">PSA_ALG_IS_HMAC</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/ka.html#PSA_ALG_KEY_AGREEMENT"><code class="xref">PSA_ALG_KEY_AGREEMENT</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_IS_KEY_AGREEMENT"><code class="xref">PSA_ALG_IS_KEY_AGREEMENT</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/ka.html#PSA_ALG_KEY_AGREEMENT_GET_BASE"><code class="xref">PSA_ALG_KEY_AGREEMENT_GET_BASE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_IS_KEY_DERIVATION"><code class="xref">PSA_ALG_IS_KEY_DERIVATION</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/ka.html#PSA_ALG_KEY_AGREEMENT_GET_KDF"><code class="xref">PSA_ALG_KEY_AGREEMENT_GET_KDF</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_IS_KEY_DERIVATION_OR_AGREEMENT"><code class="xref">PSA_ALG_IS_KEY_DERIVATION_OR_AGREEMENT</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/hashes.html#PSA_ALG_MD2"><code class="xref">PSA_ALG_MD2</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_IS_MAC"><code class="xref">PSA_ALG_IS_MAC</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/hashes.html#PSA_ALG_MD4"><code class="xref">PSA_ALG_MD4</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_IS_RANDOMIZED_ECDSA"><code class="xref">PSA_ALG_IS_RANDOMIZED_ECDSA</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/hashes.html#PSA_ALG_MD5"><code class="xref">PSA_ALG_MD5</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_IS_RAW_KEY_AGREEMENT"><code class="xref">PSA_ALG_IS_RAW_KEY_AGREEMENT</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/algorithms.html#PSA_ALG_NONE"><code class="xref">PSA_ALG_NONE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_IS_RSA_OAEP"><code class="xref">PSA_ALG_IS_RSA_OAEP</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/ciphers.html#PSA_ALG_OFB"><code class="xref">PSA_ALG_OFB</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_IS_RSA_PKCS1V15_SIGN"><code class="xref">PSA_ALG_IS_RSA_PKCS1V15_SIGN</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/hashes.html#PSA_ALG_RIPEMD160"><code class="xref">PSA_ALG_RIPEMD160</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_IS_RSA_PSS"><code class="xref">PSA_ALG_IS_RSA_PSS</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/pke.html#PSA_ALG_RSA_OAEP"><code class="xref">PSA_ALG_RSA_OAEP</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_IS_SIGN"><code class="xref">PSA_ALG_IS_SIGN</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/pke.html#PSA_ALG_RSA_PKCS1V15_CRYPT"><code class="xref">PSA_ALG_RSA_PKCS1V15_CRYPT</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_IS_STREAM_CIPHER"><code class="xref">PSA_ALG_IS_STREAM_CIPHER</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/sign.html#PSA_ALG_RSA_PKCS1V15_SIGN"><code class="xref">PSA_ALG_RSA_PKCS1V15_SIGN</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_IS_TLS12_PRF"><code class="xref">PSA_ALG_IS_TLS12_PRF</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/sign.html#PSA_ALG_RSA_PKCS1V15_SIGN_RAW"><code class="xref">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_IS_TLS12_PSK_TO_MS"><code class="xref">PSA_ALG_IS_TLS12_PSK_TO_MS</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/sign.html#PSA_ALG_RSA_PSS"><code class="xref">PSA_ALG_RSA_PSS</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_IS_VENDOR_DEFINED"><code class="xref">PSA_ALG_IS_VENDOR_DEFINED</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/hashes.html#PSA_ALG_SHA3_224"><code class="xref">PSA_ALG_SHA3_224</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_IS_WILDCARD"><code class="xref">PSA_ALG_IS_WILDCARD</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/hashes.html#PSA_ALG_SHA3_256"><code class="xref">PSA_ALG_SHA3_256</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_KEY_AGREEMENT"><code class="xref">PSA_ALG_KEY_AGREEMENT</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/hashes.html#PSA_ALG_SHA3_384"><code class="xref">PSA_ALG_SHA3_384</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_KEY_AGREEMENT_GET_BASE"><code class="xref">PSA_ALG_KEY_AGREEMENT_GET_BASE</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/hashes.html#PSA_ALG_SHA3_512"><code class="xref">PSA_ALG_SHA3_512</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_KEY_AGREEMENT_GET_KDF"><code class="xref">PSA_ALG_KEY_AGREEMENT_GET_KDF</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/hashes.html#PSA_ALG_SHA_1"><code class="xref">PSA_ALG_SHA_1</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_KEY_AGREEMENT_MASK"><code class="xref">PSA_ALG_KEY_AGREEMENT_MASK</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/hashes.html#PSA_ALG_SHA_224"><code class="xref">PSA_ALG_SHA_224</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_KEY_DERIVATION_MASK"><code class="xref">PSA_ALG_KEY_DERIVATION_MASK</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/hashes.html#PSA_ALG_SHA_256"><code class="xref">PSA_ALG_SHA_256</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_MAC_SUBCATEGORY_MASK"><code class="xref">PSA_ALG_MAC_SUBCATEGORY_MASK</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/hashes.html#PSA_ALG_SHA_384"><code class="xref">PSA_ALG_SHA_384</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_MAC_TRUNCATION_MASK"><code class="xref">PSA_ALG_MAC_TRUNCATION_MASK</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/hashes.html#PSA_ALG_SHA_512"><code class="xref">PSA_ALG_SHA_512</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_MD2"><code class="xref">PSA_ALG_MD2</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/hashes.html#PSA_ALG_SHA_512_224"><code class="xref">PSA_ALG_SHA_512_224</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_MD4"><code class="xref">PSA_ALG_MD4</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/hashes.html#PSA_ALG_SHA_512_256"><code class="xref">PSA_ALG_SHA_512_256</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_MD5"><code class="xref">PSA_ALG_MD5</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/ciphers.html#PSA_ALG_STREAM_CIPHER"><code class="xref">PSA_ALG_STREAM_CIPHER</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_OFB"><code class="xref">PSA_ALG_OFB</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/kdf.html#PSA_ALG_TLS12_PRF"><code class="xref">PSA_ALG_TLS12_PRF</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_RIPEMD160"><code class="xref">PSA_ALG_RIPEMD160</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/kdf.html#PSA_ALG_TLS12_PSK_TO_MS"><code class="xref">PSA_ALG_TLS12_PSK_TO_MS</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_RSA_OAEP"><code class="xref">PSA_ALG_RSA_OAEP</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/macs.html#PSA_ALG_TRUNCATED_MAC"><code class="xref">PSA_ALG_TRUNCATED_MAC</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_RSA_OAEP_BASE"><code class="xref">PSA_ALG_RSA_OAEP_BASE</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/ciphers.html#PSA_ALG_XTS"><code class="xref">PSA_ALG_XTS</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_RSA_OAEP_GET_HASH"><code class="xref">PSA_ALG_RSA_OAEP_GET_HASH</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/pke.html#PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE"><code class="xref">PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ALG_RSA_PKCS1V15_CRYPT"><code class="xref">PSA_ALG_RSA_PKCS1V15_CRYPT</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_ALG_RSA_PKCS1V15_SIGN"><code class="xref">PSA_ALG_RSA_PKCS1V15_SIGN</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_ALG_RSA_PKCS1V15_SIGN_BASE"><code class="xref">PSA_ALG_RSA_PKCS1V15_SIGN_BASE</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_ALG_RSA_PKCS1V15_SIGN_RAW"><code class="xref">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_ALG_RSA_PSS"><code class="xref">PSA_ALG_RSA_PSS</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_ALG_RSA_PSS_BASE"><code class="xref">PSA_ALG_RSA_PSS_BASE</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_ALG_SHA3_224"><code class="xref">PSA_ALG_SHA3_224</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_ALG_SHA3_256"><code class="xref">PSA_ALG_SHA3_256</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_ALG_SHA3_384"><code class="xref">PSA_ALG_SHA3_384</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_ALG_SHA3_512"><code class="xref">PSA_ALG_SHA3_512</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_ALG_SHA_1"><code class="xref">PSA_ALG_SHA_1</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_ALG_SHA_224"><code class="xref">PSA_ALG_SHA_224</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_ALG_SHA_256"><code class="xref">PSA_ALG_SHA_256</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_ALG_SHA_384"><code class="xref">PSA_ALG_SHA_384</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_ALG_SHA_512"><code class="xref">PSA_ALG_SHA_512</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_ALG_SHA_512_224"><code class="xref">PSA_ALG_SHA_512_224</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_ALG_SHA_512_256"><code class="xref">PSA_ALG_SHA_512_256</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_ALG_SIGN_GET_HASH"><code class="xref">PSA_ALG_SIGN_GET_HASH</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_ALG_TLS12_PRF"><code class="xref">PSA_ALG_TLS12_PRF</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_ALG_TLS12_PRF_BASE"><code class="xref">PSA_ALG_TLS12_PRF_BASE</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_ALG_TLS12_PRF_GET_HASH"><code class="xref">PSA_ALG_TLS12_PRF_GET_HASH</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_ALG_TLS12_PSK_TO_MS"><code class="xref">PSA_ALG_TLS12_PSK_TO_MS</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_ALG_TLS12_PSK_TO_MS_BASE"><code class="xref">PSA_ALG_TLS12_PSK_TO_MS_BASE</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_ALG_TLS12_PSK_TO_MS_GET_HASH"><code class="xref">PSA_ALG_TLS12_PSK_TO_MS_GET_HASH</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN"><code class="xref">PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_ALG_TRUNCATED_MAC"><code class="xref">PSA_ALG_TRUNCATED_MAC</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_ALG_VENDOR_FLAG"><code class="xref">PSA_ALG_VENDOR_FLAG</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_ALG_XTS"><code class="xref">PSA_ALG_XTS</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE"><code class="xref">PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE"><code class="xref">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE"><code class="xref">PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE"><code class="xref">PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/pke.html#PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE"><code class="xref">PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_aead_abort"><code class="xref">psa_aead_abort</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/pke.html#PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE"><code class="xref">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_aead_decrypt"><code class="xref">psa_aead_decrypt</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/pke.html#PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE"><code class="xref">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_aead_decrypt_setup"><code class="xref">psa_aead_decrypt_setup</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/aead.html#psa_aead_abort"><code class="xref">psa_aead_abort</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_aead_encrypt"><code class="xref">psa_aead_encrypt</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/aead.html#psa_aead_decrypt"><code class="xref">psa_aead_decrypt</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_aead_encrypt_setup"><code class="xref">psa_aead_encrypt_setup</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/aead.html#psa_aead_decrypt_setup"><code class="xref">psa_aead_decrypt_setup</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_aead_finish"><code class="xref">psa_aead_finish</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/aead.html#psa_aead_encrypt"><code class="xref">psa_aead_encrypt</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_aead_generate_nonce"><code class="xref">psa_aead_generate_nonce</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/aead.html#psa_aead_encrypt_setup"><code class="xref">psa_aead_encrypt_setup</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_aead_operation_init"><code class="xref">psa_aead_operation_init</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/aead.html#psa_aead_finish"><code class="xref">psa_aead_finish</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_aead_operation_t"><code class="xref">psa_aead_operation_t</code></a> <em>(type)</em></td><td>
+       <a href="api/ops/aead.html#psa_aead_generate_nonce"><code class="xref">psa_aead_generate_nonce</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_aead_set_lengths"><code class="xref">psa_aead_set_lengths</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/aead.html#psa_aead_operation_init"><code class="xref">psa_aead_operation_init</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_aead_set_nonce"><code class="xref">psa_aead_set_nonce</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/aead.html#psa_aead_operation_t"><code class="xref">psa_aead_operation_t</code></a> <em>(type)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_aead_update"><code class="xref">psa_aead_update</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/aead.html#psa_aead_set_lengths"><code class="xref">psa_aead_set_lengths</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_aead_update_ad"><code class="xref">psa_aead_update_ad</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/aead.html#psa_aead_set_nonce"><code class="xref">psa_aead_set_nonce</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_aead_verify"><code class="xref">psa_aead_verify</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/aead.html#psa_aead_update"><code class="xref">psa_aead_update</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_algorithm_t"><code class="xref">psa_algorithm_t</code></a> <em>(type)</em></td><td>
+       <a href="api/ops/aead.html#psa_aead_update_ad"><code class="xref">psa_aead_update_ad</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_asymmetric_decrypt"><code class="xref">psa_asymmetric_decrypt</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/aead.html#psa_aead_verify"><code class="xref">psa_aead_verify</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_asymmetric_encrypt"><code class="xref">psa_asymmetric_encrypt</code></a> <em>(function)</em></td><td>
+       <a href="api/keys/attributes.html#psa_algorithm_t"><code class="xref">psa_algorithm_t</code></a> <em>(type)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_asymmetric_sign"><code class="xref">psa_asymmetric_sign</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/pke.html#psa_asymmetric_decrypt"><code class="xref">psa_asymmetric_decrypt</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_asymmetric_verify"><code class="xref">psa_asymmetric_verify</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/pke.html#psa_asymmetric_encrypt"><code class="xref">psa_asymmetric_encrypt</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr class="pcap"><td></td><td>&#160;</td><td></td></tr>
      <tr class="cap" id="cap-PSA_B"><td></td><td>
@@ -801,17 +651,12 @@
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_BITS_TO_BYTES"><code class="xref">PSA_BITS_TO_BYTES</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/ciphers.html#PSA_BLOCK_CIPHER_BLOCK_LENGTH"><code class="xref">PSA_BLOCK_CIPHER_BLOCK_LENGTH</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_BLOCK_CIPHER_BLOCK_SIZE"><code class="xref">PSA_BLOCK_CIPHER_BLOCK_SIZE</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_BYTES_TO_BITS"><code class="xref">PSA_BYTES_TO_BITS</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/ciphers.html#PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE"><code class="xref">PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr class="pcap"><td></td><td>&#160;</td><td></td></tr>
      <tr class="cap" id="cap-PSA_C"><td></td><td>
@@ -819,77 +664,132 @@
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_CIPHER_OPERATION_INIT"><code class="xref">PSA_CIPHER_OPERATION_INIT</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/ciphers.html#PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE"><code class="xref">PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_cipher_abort"><code class="xref">psa_cipher_abort</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/ciphers.html#PSA_CIPHER_DECRYPT_OUTPUT_SIZE"><code class="xref">PSA_CIPHER_DECRYPT_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_cipher_decrypt"><code class="xref">psa_cipher_decrypt</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/ciphers.html#PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE"><code class="xref">PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_cipher_decrypt_setup"><code class="xref">psa_cipher_decrypt_setup</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/ciphers.html#PSA_CIPHER_ENCRYPT_OUTPUT_SIZE"><code class="xref">PSA_CIPHER_ENCRYPT_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_cipher_encrypt"><code class="xref">psa_cipher_encrypt</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/ciphers.html#PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE"><code class="xref">PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_cipher_encrypt_setup"><code class="xref">psa_cipher_encrypt_setup</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/ciphers.html#PSA_CIPHER_FINISH_OUTPUT_SIZE"><code class="xref">PSA_CIPHER_FINISH_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_cipher_finish"><code class="xref">psa_cipher_finish</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/ciphers.html#PSA_CIPHER_IV_LENGTH"><code class="xref">PSA_CIPHER_IV_LENGTH</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_cipher_generate_iv"><code class="xref">psa_cipher_generate_iv</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/ciphers.html#PSA_CIPHER_IV_MAX_SIZE"><code class="xref">PSA_CIPHER_IV_MAX_SIZE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_cipher_operation_init"><code class="xref">psa_cipher_operation_init</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/ciphers.html#PSA_CIPHER_OPERATION_INIT"><code class="xref">PSA_CIPHER_OPERATION_INIT</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_cipher_operation_t"><code class="xref">psa_cipher_operation_t</code></a> <em>(type)</em></td><td>
+       <a href="api/ops/ciphers.html#PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE"><code class="xref">PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_cipher_set_iv"><code class="xref">psa_cipher_set_iv</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/ciphers.html#PSA_CIPHER_UPDATE_OUTPUT_SIZE"><code class="xref">PSA_CIPHER_UPDATE_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_cipher_update"><code class="xref">psa_cipher_update</code></a> <em>(function)</em></td><td>
+       <a href="api/library/library.html#PSA_CRYPTO_API_VERSION_MAJOR"><code class="xref">PSA_CRYPTO_API_VERSION_MAJOR</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_close_key"><code class="xref">psa_close_key</code></a> <em>(function)</em></td><td>
+       <a href="api/library/library.html#PSA_CRYPTO_API_VERSION_MINOR"><code class="xref">PSA_CRYPTO_API_VERSION_MINOR</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_copy_key"><code class="xref">psa_copy_key</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/ciphers.html#psa_cipher_abort"><code class="xref">psa_cipher_abort</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_crypto_init"><code class="xref">psa_crypto_init</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/ciphers.html#psa_cipher_decrypt"><code class="xref">psa_cipher_decrypt</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="api/ops/ciphers.html#psa_cipher_decrypt_setup"><code class="xref">psa_cipher_decrypt_setup</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="api/ops/ciphers.html#psa_cipher_encrypt"><code class="xref">psa_cipher_encrypt</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="api/ops/ciphers.html#psa_cipher_encrypt_setup"><code class="xref">psa_cipher_encrypt_setup</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="api/ops/ciphers.html#psa_cipher_finish"><code class="xref">psa_cipher_finish</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="api/ops/ciphers.html#psa_cipher_generate_iv"><code class="xref">psa_cipher_generate_iv</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="api/ops/ciphers.html#psa_cipher_operation_init"><code class="xref">psa_cipher_operation_init</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="api/ops/ciphers.html#psa_cipher_operation_t"><code class="xref">psa_cipher_operation_t</code></a> <em>(type)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="api/ops/ciphers.html#psa_cipher_set_iv"><code class="xref">psa_cipher_set_iv</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="api/ops/ciphers.html#psa_cipher_update"><code class="xref">psa_cipher_update</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="api/keys/management.html#psa_copy_key"><code class="xref">psa_copy_key</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="api/library/library.html#psa_crypto_init"><code class="xref">psa_crypto_init</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr class="pcap"><td></td><td>&#160;</td><td></td></tr>
      <tr class="cap" id="cap-PSA_D"><td></td><td>
@@ -897,37 +797,17 @@
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_DH_GROUP_FFDHE2048"><code class="xref">PSA_DH_GROUP_FFDHE2048</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/types.html#PSA_DH_FAMILY_RFC7919"><code class="xref">PSA_DH_FAMILY_RFC7919</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_DH_GROUP_FFDHE3072"><code class="xref">PSA_DH_GROUP_FFDHE3072</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/management.html#psa_destroy_key"><code class="xref">psa_destroy_key</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_DH_GROUP_FFDHE4096"><code class="xref">PSA_DH_GROUP_FFDHE4096</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_DH_GROUP_FFDHE6144"><code class="xref">PSA_DH_GROUP_FFDHE6144</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_DH_GROUP_FFDHE8192"><code class="xref">PSA_DH_GROUP_FFDHE8192</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#psa_destroy_key"><code class="xref">psa_destroy_key</code></a> <em>(function)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#psa_dh_group_t"><code class="xref">psa_dh_group_t</code></a> <em>(type)</em></td><td>
+       <a href="api/keys/types.html#psa_dh_family_t"><code class="xref">psa_dh_family_t</code></a> <em>(type)</em></td><td>
        <em></em></td></tr>
      <tr class="pcap"><td></td><td>&#160;</td><td></td></tr>
      <tr class="cap" id="cap-PSA_E"><td></td><td>
@@ -935,272 +815,187 @@
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ECC_CURVE_BITS"><code class="xref">PSA_ECC_CURVE_BITS</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/types.html#PSA_ECC_FAMILY_BRAINPOOL_P_R1"><code class="xref">PSA_ECC_FAMILY_BRAINPOOL_P_R1</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ECC_CURVE_BRAINPOOL_P256R1"><code class="xref">PSA_ECC_CURVE_BRAINPOOL_P256R1</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/types.html#PSA_ECC_FAMILY_FRP"><code class="xref">PSA_ECC_FAMILY_FRP</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ECC_CURVE_BRAINPOOL_P384R1"><code class="xref">PSA_ECC_CURVE_BRAINPOOL_P384R1</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/types.html#PSA_ECC_FAMILY_MONTGOMERY"><code class="xref">PSA_ECC_FAMILY_MONTGOMERY</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ECC_CURVE_BRAINPOOL_P512R1"><code class="xref">PSA_ECC_CURVE_BRAINPOOL_P512R1</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/types.html#PSA_ECC_FAMILY_SECP_K1"><code class="xref">PSA_ECC_FAMILY_SECP_K1</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ECC_CURVE_CURVE25519"><code class="xref">PSA_ECC_CURVE_CURVE25519</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/types.html#PSA_ECC_FAMILY_SECP_R1"><code class="xref">PSA_ECC_FAMILY_SECP_R1</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ECC_CURVE_CURVE448"><code class="xref">PSA_ECC_CURVE_CURVE448</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/types.html#PSA_ECC_FAMILY_SECP_R2"><code class="xref">PSA_ECC_FAMILY_SECP_R2</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ECC_CURVE_SECP160K1"><code class="xref">PSA_ECC_CURVE_SECP160K1</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/types.html#PSA_ECC_FAMILY_SECT_K1"><code class="xref">PSA_ECC_FAMILY_SECT_K1</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ECC_CURVE_SECP160R1"><code class="xref">PSA_ECC_CURVE_SECP160R1</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/types.html#PSA_ECC_FAMILY_SECT_R1"><code class="xref">PSA_ECC_FAMILY_SECT_R1</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ECC_CURVE_SECP160R2"><code class="xref">PSA_ECC_CURVE_SECP160R2</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/types.html#PSA_ECC_FAMILY_SECT_R2"><code class="xref">PSA_ECC_FAMILY_SECT_R2</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ECC_CURVE_SECP192K1"><code class="xref">PSA_ECC_CURVE_SECP192K1</code></a> <em>(macro)</em></td><td>
+       <a href="api/library/status.html#PSA_ERROR_ALREADY_EXISTS"><code class="xref">PSA_ERROR_ALREADY_EXISTS</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ECC_CURVE_SECP192R1"><code class="xref">PSA_ECC_CURVE_SECP192R1</code></a> <em>(macro)</em></td><td>
+       <a href="api/library/status.html#PSA_ERROR_BAD_STATE"><code class="xref">PSA_ERROR_BAD_STATE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ECC_CURVE_SECP224K1"><code class="xref">PSA_ECC_CURVE_SECP224K1</code></a> <em>(macro)</em></td><td>
+       <a href="api/library/status.html#PSA_ERROR_BUFFER_TOO_SMALL"><code class="xref">PSA_ERROR_BUFFER_TOO_SMALL</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ECC_CURVE_SECP224R1"><code class="xref">PSA_ECC_CURVE_SECP224R1</code></a> <em>(macro)</em></td><td>
+       <a href="api/library/status.html#PSA_ERROR_COMMUNICATION_FAILURE"><code class="xref">PSA_ERROR_COMMUNICATION_FAILURE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ECC_CURVE_SECP256K1"><code class="xref">PSA_ECC_CURVE_SECP256K1</code></a> <em>(macro)</em></td><td>
+       <a href="api/library/status.html#PSA_ERROR_CORRUPTION_DETECTED"><code class="xref">PSA_ERROR_CORRUPTION_DETECTED</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ECC_CURVE_SECP256R1"><code class="xref">PSA_ECC_CURVE_SECP256R1</code></a> <em>(macro)</em></td><td>
+       <a href="api/library/status.html#PSA_ERROR_DATA_CORRUPT"><code class="xref">PSA_ERROR_DATA_CORRUPT</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ECC_CURVE_SECP384R1"><code class="xref">PSA_ECC_CURVE_SECP384R1</code></a> <em>(macro)</em></td><td>
+       <a href="api/library/status.html#PSA_ERROR_DATA_INVALID"><code class="xref">PSA_ERROR_DATA_INVALID</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ECC_CURVE_SECP521R1"><code class="xref">PSA_ECC_CURVE_SECP521R1</code></a> <em>(macro)</em></td><td>
+       <a href="api/library/status.html#PSA_ERROR_DOES_NOT_EXIST"><code class="xref">PSA_ERROR_DOES_NOT_EXIST</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ECC_CURVE_SECT163K1"><code class="xref">PSA_ECC_CURVE_SECT163K1</code></a> <em>(macro)</em></td><td>
+       <a href="api/library/status.html#PSA_ERROR_GENERIC_ERROR"><code class="xref">PSA_ERROR_GENERIC_ERROR</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ECC_CURVE_SECT163R1"><code class="xref">PSA_ECC_CURVE_SECT163R1</code></a> <em>(macro)</em></td><td>
+       <a href="api/library/status.html#PSA_ERROR_HARDWARE_FAILURE"><code class="xref">PSA_ERROR_HARDWARE_FAILURE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ECC_CURVE_SECT163R2"><code class="xref">PSA_ECC_CURVE_SECT163R2</code></a> <em>(macro)</em></td><td>
+       <a href="api/library/status.html#PSA_ERROR_INSUFFICIENT_DATA"><code class="xref">PSA_ERROR_INSUFFICIENT_DATA</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ECC_CURVE_SECT193R1"><code class="xref">PSA_ECC_CURVE_SECT193R1</code></a> <em>(macro)</em></td><td>
+       <a href="api/library/status.html#PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="xref">PSA_ERROR_INSUFFICIENT_ENTROPY</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ECC_CURVE_SECT193R2"><code class="xref">PSA_ECC_CURVE_SECT193R2</code></a> <em>(macro)</em></td><td>
+       <a href="api/library/status.html#PSA_ERROR_INSUFFICIENT_MEMORY"><code class="xref">PSA_ERROR_INSUFFICIENT_MEMORY</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ECC_CURVE_SECT233K1"><code class="xref">PSA_ECC_CURVE_SECT233K1</code></a> <em>(macro)</em></td><td>
+       <a href="api/library/status.html#PSA_ERROR_INSUFFICIENT_STORAGE"><code class="xref">PSA_ERROR_INSUFFICIENT_STORAGE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ECC_CURVE_SECT233R1"><code class="xref">PSA_ECC_CURVE_SECT233R1</code></a> <em>(macro)</em></td><td>
+       <a href="api/library/status.html#PSA_ERROR_INVALID_ARGUMENT"><code class="xref">PSA_ERROR_INVALID_ARGUMENT</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ECC_CURVE_SECT239K1"><code class="xref">PSA_ECC_CURVE_SECT239K1</code></a> <em>(macro)</em></td><td>
+       <a href="api/library/status.html#PSA_ERROR_INVALID_HANDLE"><code class="xref">PSA_ERROR_INVALID_HANDLE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ECC_CURVE_SECT283K1"><code class="xref">PSA_ECC_CURVE_SECT283K1</code></a> <em>(macro)</em></td><td>
+       <a href="api/library/status.html#PSA_ERROR_INVALID_PADDING"><code class="xref">PSA_ERROR_INVALID_PADDING</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ECC_CURVE_SECT283R1"><code class="xref">PSA_ECC_CURVE_SECT283R1</code></a> <em>(macro)</em></td><td>
+       <a href="api/library/status.html#PSA_ERROR_INVALID_SIGNATURE"><code class="xref">PSA_ERROR_INVALID_SIGNATURE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ECC_CURVE_SECT409K1"><code class="xref">PSA_ECC_CURVE_SECT409K1</code></a> <em>(macro)</em></td><td>
+       <a href="api/library/status.html#PSA_ERROR_NOT_PERMITTED"><code class="xref">PSA_ERROR_NOT_PERMITTED</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ECC_CURVE_SECT409R1"><code class="xref">PSA_ECC_CURVE_SECT409R1</code></a> <em>(macro)</em></td><td>
+       <a href="api/library/status.html#PSA_ERROR_NOT_SUPPORTED"><code class="xref">PSA_ERROR_NOT_SUPPORTED</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ECC_CURVE_SECT571K1"><code class="xref">PSA_ECC_CURVE_SECT571K1</code></a> <em>(macro)</em></td><td>
+       <a href="api/library/status.html#PSA_ERROR_STORAGE_FAILURE"><code class="xref">PSA_ERROR_STORAGE_FAILURE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ECC_CURVE_SECT571R1"><code class="xref">PSA_ECC_CURVE_SECT571R1</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/management.html#PSA_EXPORT_KEY_OUTPUT_SIZE"><code class="xref">PSA_EXPORT_KEY_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ECDSA_SIGNATURE_SIZE"><code class="xref">PSA_ECDSA_SIGNATURE_SIZE</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/management.html#PSA_EXPORT_KEY_PAIR_MAX_SIZE"><code class="xref">PSA_EXPORT_KEY_PAIR_MAX_SIZE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ERROR_ALREADY_EXISTS"><code class="xref">PSA_ERROR_ALREADY_EXISTS</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/management.html#PSA_EXPORT_PUBLIC_KEY_MAX_SIZE"><code class="xref">PSA_EXPORT_PUBLIC_KEY_MAX_SIZE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ERROR_BAD_STATE"><code class="xref">PSA_ERROR_BAD_STATE</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/management.html#PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE"><code class="xref">PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ERROR_BUFFER_TOO_SMALL"><code class="xref">PSA_ERROR_BUFFER_TOO_SMALL</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/types.html#psa_ecc_family_t"><code class="xref">psa_ecc_family_t</code></a> <em>(type)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ERROR_COMMUNICATION_FAILURE"><code class="xref">PSA_ERROR_COMMUNICATION_FAILURE</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/management.html#psa_export_key"><code class="xref">psa_export_key</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ERROR_CORRUPTION_DETECTED"><code class="xref">PSA_ERROR_CORRUPTION_DETECTED</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_ERROR_DOES_NOT_EXIST"><code class="xref">PSA_ERROR_DOES_NOT_EXIST</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_ERROR_GENERIC_ERROR"><code class="xref">PSA_ERROR_GENERIC_ERROR</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_ERROR_HARDWARE_FAILURE"><code class="xref">PSA_ERROR_HARDWARE_FAILURE</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_ERROR_INSUFFICIENT_DATA"><code class="xref">PSA_ERROR_INSUFFICIENT_DATA</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="xref">PSA_ERROR_INSUFFICIENT_ENTROPY</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_ERROR_INSUFFICIENT_MEMORY"><code class="xref">PSA_ERROR_INSUFFICIENT_MEMORY</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_ERROR_INSUFFICIENT_STORAGE"><code class="xref">PSA_ERROR_INSUFFICIENT_STORAGE</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_ERROR_INVALID_ARGUMENT"><code class="xref">PSA_ERROR_INVALID_ARGUMENT</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_ERROR_INVALID_HANDLE"><code class="xref">PSA_ERROR_INVALID_HANDLE</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_ERROR_INVALID_PADDING"><code class="xref">PSA_ERROR_INVALID_PADDING</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_ERROR_INVALID_SIGNATURE"><code class="xref">PSA_ERROR_INVALID_SIGNATURE</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_ERROR_NOT_PERMITTED"><code class="xref">PSA_ERROR_NOT_PERMITTED</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_ERROR_NOT_SUPPORTED"><code class="xref">PSA_ERROR_NOT_SUPPORTED</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_ERROR_STORAGE_FAILURE"><code class="xref">PSA_ERROR_STORAGE_FAILURE</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#psa_ecc_curve_t"><code class="xref">psa_ecc_curve_t</code></a> <em>(type)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#psa_export_key"><code class="xref">psa_export_key</code></a> <em>(function)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#psa_export_public_key"><code class="xref">psa_export_public_key</code></a> <em>(function)</em></td><td>
+       <a href="api/keys/management.html#psa_export_public_key"><code class="xref">psa_export_public_key</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr class="pcap"><td></td><td>&#160;</td><td></td></tr>
      <tr class="cap" id="cap-PSA_G"><td></td><td>
@@ -1208,47 +1003,47 @@
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_generate_key"><code class="xref">psa_generate_key</code></a> <em>(function)</em></td><td>
+       <a href="api/keys/management.html#psa_generate_key"><code class="xref">psa_generate_key</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_generate_random"><code class="xref">psa_generate_random</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/rng.html#psa_generate_random"><code class="xref">psa_generate_random</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_get_key_algorithm"><code class="xref">psa_get_key_algorithm</code></a> <em>(function)</em></td><td>
+       <a href="api/keys/algorithms.html#psa_get_key_algorithm"><code class="xref">psa_get_key_algorithm</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_get_key_attributes"><code class="xref">psa_get_key_attributes</code></a> <em>(function)</em></td><td>
+       <a href="api/keys/attributes.html#psa_get_key_attributes"><code class="xref">psa_get_key_attributes</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_get_key_bits"><code class="xref">psa_get_key_bits</code></a> <em>(function)</em></td><td>
+       <a href="api/keys/types.html#psa_get_key_bits"><code class="xref">psa_get_key_bits</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_get_key_id"><code class="xref">psa_get_key_id</code></a> <em>(function)</em></td><td>
+       <a href="api/keys/locations.html#psa_get_key_id"><code class="xref">psa_get_key_id</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_get_key_lifetime"><code class="xref">psa_get_key_lifetime</code></a> <em>(function)</em></td><td>
+       <a href="api/keys/locations.html#psa_get_key_lifetime"><code class="xref">psa_get_key_lifetime</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_get_key_type"><code class="xref">psa_get_key_type</code></a> <em>(function)</em></td><td>
+       <a href="api/keys/types.html#psa_get_key_type"><code class="xref">psa_get_key_type</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_get_key_usage_flags"><code class="xref">psa_get_key_usage_flags</code></a> <em>(function)</em></td><td>
+       <a href="api/keys/usage.html#psa_get_key_usage_flags"><code class="xref">psa_get_key_usage_flags</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr class="pcap"><td></td><td>&#160;</td><td></td></tr>
      <tr class="cap" id="cap-PSA_H"><td></td><td>
@@ -1256,72 +1051,107 @@
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_HASH_MAX_SIZE"><code class="xref">PSA_HASH_MAX_SIZE</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/hashes.html#PSA_HASH_BLOCK_LENGTH"><code class="xref">PSA_HASH_BLOCK_LENGTH</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_HASH_OPERATION_INIT"><code class="xref">PSA_HASH_OPERATION_INIT</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/hashes.html#PSA_HASH_LENGTH"><code class="xref">PSA_HASH_LENGTH</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_HASH_SIZE"><code class="xref">PSA_HASH_SIZE</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/hashes.html#PSA_HASH_MAX_SIZE"><code class="xref">PSA_HASH_MAX_SIZE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_HMAC_MAX_HASH_BLOCK_SIZE"><code class="xref">PSA_HMAC_MAX_HASH_BLOCK_SIZE</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/hashes.html#PSA_HASH_OPERATION_INIT"><code class="xref">PSA_HASH_OPERATION_INIT</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_hash_abort"><code class="xref">psa_hash_abort</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/hashes.html#PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH"><code class="xref">PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_hash_clone"><code class="xref">psa_hash_clone</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/hashes.html#PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH"><code class="xref">PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_hash_compare"><code class="xref">psa_hash_compare</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/hashes.html#PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH"><code class="xref">PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_hash_compute"><code class="xref">psa_hash_compute</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/hashes.html#PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE"><code class="xref">PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_hash_finish"><code class="xref">psa_hash_finish</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/hashes.html#PSA_HASH_SUSPEND_OUTPUT_SIZE"><code class="xref">PSA_HASH_SUSPEND_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_hash_operation_init"><code class="xref">psa_hash_operation_init</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/hashes.html#psa_hash_abort"><code class="xref">psa_hash_abort</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_hash_operation_t"><code class="xref">psa_hash_operation_t</code></a> <em>(type)</em></td><td>
+       <a href="api/ops/hashes.html#psa_hash_clone"><code class="xref">psa_hash_clone</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_hash_setup"><code class="xref">psa_hash_setup</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/hashes.html#psa_hash_compare"><code class="xref">psa_hash_compare</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_hash_update"><code class="xref">psa_hash_update</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/hashes.html#psa_hash_compute"><code class="xref">psa_hash_compute</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_hash_verify"><code class="xref">psa_hash_verify</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/hashes.html#psa_hash_finish"><code class="xref">psa_hash_finish</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="api/ops/hashes.html#psa_hash_operation_init"><code class="xref">psa_hash_operation_init</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="api/ops/hashes.html#psa_hash_operation_t"><code class="xref">psa_hash_operation_t</code></a> <em>(type)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="api/ops/hashes.html#psa_hash_resume"><code class="xref">psa_hash_resume</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="api/ops/hashes.html#psa_hash_setup"><code class="xref">psa_hash_setup</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="api/ops/hashes.html#psa_hash_suspend"><code class="xref">psa_hash_suspend</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="api/ops/hashes.html#psa_hash_update"><code class="xref">psa_hash_update</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="api/ops/hashes.html#psa_hash_verify"><code class="xref">psa_hash_verify</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr class="pcap"><td></td><td>&#160;</td><td></td></tr>
      <tr class="cap" id="cap-PSA_I"><td></td><td>
@@ -1329,7 +1159,7 @@
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_import_key"><code class="xref">psa_import_key</code></a> <em>(function)</em></td><td>
+       <a href="api/keys/management.html#psa_import_key"><code class="xref">psa_import_key</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr class="pcap"><td></td><td>&#160;</td><td></td></tr>
      <tr class="cap" id="cap-PSA_K"><td></td><td>
@@ -1337,462 +1167,372 @@
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_ATTRIBUTES_INIT"><code class="xref">PSA_KEY_ATTRIBUTES_INIT</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/attributes.html#PSA_KEY_ATTRIBUTES_INIT"><code class="xref">PSA_KEY_ATTRIBUTES_INIT</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_DERIVATION_INPUT_INFO"><code class="xref">PSA_KEY_DERIVATION_INPUT_INFO</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/kdf.html#PSA_KEY_DERIVATION_INPUT_CONTEXT"><code class="xref">PSA_KEY_DERIVATION_INPUT_CONTEXT</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_DERIVATION_INPUT_LABEL"><code class="xref">PSA_KEY_DERIVATION_INPUT_LABEL</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/kdf.html#PSA_KEY_DERIVATION_INPUT_INFO"><code class="xref">PSA_KEY_DERIVATION_INPUT_INFO</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_DERIVATION_INPUT_SALT"><code class="xref">PSA_KEY_DERIVATION_INPUT_SALT</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/kdf.html#PSA_KEY_DERIVATION_INPUT_LABEL"><code class="xref">PSA_KEY_DERIVATION_INPUT_LABEL</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_DERIVATION_INPUT_SECRET"><code class="xref">PSA_KEY_DERIVATION_INPUT_SECRET</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/kdf.html#PSA_KEY_DERIVATION_INPUT_SALT"><code class="xref">PSA_KEY_DERIVATION_INPUT_SALT</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_DERIVATION_INPUT_SEED"><code class="xref">PSA_KEY_DERIVATION_INPUT_SEED</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/kdf.html#PSA_KEY_DERIVATION_INPUT_SECRET"><code class="xref">PSA_KEY_DERIVATION_INPUT_SECRET</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_DERIVATION_OPERATION_INIT"><code class="xref">PSA_KEY_DERIVATION_OPERATION_INIT</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/kdf.html#PSA_KEY_DERIVATION_INPUT_SEED"><code class="xref">PSA_KEY_DERIVATION_INPUT_SEED</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_DERIVATION_UNLIMITED_CAPACITY"><code class="xref">PSA_KEY_DERIVATION_UNLIMITED_CAPACITY</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/kdf.html#PSA_KEY_DERIVATION_OPERATION_INIT"><code class="xref">PSA_KEY_DERIVATION_OPERATION_INIT</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE"><code class="xref">PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/kdf.html#PSA_KEY_DERIVATION_UNLIMITED_CAPACITY"><code class="xref">PSA_KEY_DERIVATION_UNLIMITED_CAPACITY</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE"><code class="xref">PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/locations.html#PSA_KEY_ID_NULL"><code class="xref">PSA_KEY_ID_NULL</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE"><code class="xref">PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/locations.html#PSA_KEY_ID_USER_MAX"><code class="xref">PSA_KEY_ID_USER_MAX</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE"><code class="xref">PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/locations.html#PSA_KEY_ID_USER_MIN"><code class="xref">PSA_KEY_ID_USER_MIN</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE"><code class="xref">PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/locations.html#PSA_KEY_ID_VENDOR_MAX"><code class="xref">PSA_KEY_ID_VENDOR_MAX</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_EXPORT_MAX_SIZE"><code class="xref">PSA_KEY_EXPORT_MAX_SIZE</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/locations.html#PSA_KEY_ID_VENDOR_MIN"><code class="xref">PSA_KEY_ID_VENDOR_MIN</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE"><code class="xref">PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/locations.html#PSA_KEY_LIFETIME_PERSISTENT"><code class="xref">PSA_KEY_LIFETIME_PERSISTENT</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE"><code class="xref">PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/locations.html#PSA_KEY_LIFETIME_VOLATILE"><code class="xref">PSA_KEY_LIFETIME_VOLATILE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_ID_USER_MAX"><code class="xref">PSA_KEY_ID_USER_MAX</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/types.html#PSA_KEY_TYPE_AES"><code class="xref">PSA_KEY_TYPE_AES</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_ID_USER_MIN"><code class="xref">PSA_KEY_ID_USER_MIN</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/types.html#PSA_KEY_TYPE_ARC4"><code class="xref">PSA_KEY_TYPE_ARC4</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_ID_VENDOR_MAX"><code class="xref">PSA_KEY_ID_VENDOR_MAX</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/types.html#PSA_KEY_TYPE_CAMELLIA"><code class="xref">PSA_KEY_TYPE_CAMELLIA</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_ID_VENDOR_MIN"><code class="xref">PSA_KEY_ID_VENDOR_MIN</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/types.html#PSA_KEY_TYPE_CHACHA20"><code class="xref">PSA_KEY_TYPE_CHACHA20</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_LIFETIME_PERSISTENT"><code class="xref">PSA_KEY_LIFETIME_PERSISTENT</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/types.html#PSA_KEY_TYPE_DERIVE"><code class="xref">PSA_KEY_TYPE_DERIVE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_LIFETIME_VOLATILE"><code class="xref">PSA_KEY_LIFETIME_VOLATILE</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/types.html#PSA_KEY_TYPE_DES"><code class="xref">PSA_KEY_TYPE_DES</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_TYPE_AES"><code class="xref">PSA_KEY_TYPE_AES</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/types.html#PSA_KEY_TYPE_DH_GET_FAMILY"><code class="xref">PSA_KEY_TYPE_DH_GET_FAMILY</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_TYPE_ARC4"><code class="xref">PSA_KEY_TYPE_ARC4</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/types.html#PSA_KEY_TYPE_DH_KEY_PAIR"><code class="xref">PSA_KEY_TYPE_DH_KEY_PAIR</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_TYPE_CAMELLIA"><code class="xref">PSA_KEY_TYPE_CAMELLIA</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/types.html#PSA_KEY_TYPE_DH_PUBLIC_KEY"><code class="xref">PSA_KEY_TYPE_DH_PUBLIC_KEY</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_TYPE_CATEGORY_FLAG_PAIR"><code class="xref">PSA_KEY_TYPE_CATEGORY_FLAG_PAIR</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/types.html#PSA_KEY_TYPE_ECC_GET_FAMILY"><code class="xref">PSA_KEY_TYPE_ECC_GET_FAMILY</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_TYPE_CATEGORY_KEY_PAIR"><code class="xref">PSA_KEY_TYPE_CATEGORY_KEY_PAIR</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/types.html#PSA_KEY_TYPE_ECC_KEY_PAIR"><code class="xref">PSA_KEY_TYPE_ECC_KEY_PAIR</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_TYPE_CATEGORY_MASK"><code class="xref">PSA_KEY_TYPE_CATEGORY_MASK</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/types.html#PSA_KEY_TYPE_ECC_PUBLIC_KEY"><code class="xref">PSA_KEY_TYPE_ECC_PUBLIC_KEY</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY"><code class="xref">PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/types.html#PSA_KEY_TYPE_HMAC"><code class="xref">PSA_KEY_TYPE_HMAC</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_TYPE_CATEGORY_RAW"><code class="xref">PSA_KEY_TYPE_CATEGORY_RAW</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/types.html#PSA_KEY_TYPE_IS_ASYMMETRIC"><code class="xref">PSA_KEY_TYPE_IS_ASYMMETRIC</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_TYPE_CATEGORY_SYMMETRIC"><code class="xref">PSA_KEY_TYPE_CATEGORY_SYMMETRIC</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/types.html#PSA_KEY_TYPE_IS_DH"><code class="xref">PSA_KEY_TYPE_IS_DH</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_TYPE_CHACHA20"><code class="xref">PSA_KEY_TYPE_CHACHA20</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/types.html#PSA_KEY_TYPE_IS_DH_KEY_PAIR"><code class="xref">PSA_KEY_TYPE_IS_DH_KEY_PAIR</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_TYPE_DERIVE"><code class="xref">PSA_KEY_TYPE_DERIVE</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/types.html#PSA_KEY_TYPE_IS_DH_PUBLIC_KEY"><code class="xref">PSA_KEY_TYPE_IS_DH_PUBLIC_KEY</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_TYPE_DES"><code class="xref">PSA_KEY_TYPE_DES</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/types.html#PSA_KEY_TYPE_IS_ECC"><code class="xref">PSA_KEY_TYPE_IS_ECC</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_TYPE_DH_GROUP_MASK"><code class="xref">PSA_KEY_TYPE_DH_GROUP_MASK</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/types.html#PSA_KEY_TYPE_IS_ECC_KEY_PAIR"><code class="xref">PSA_KEY_TYPE_IS_ECC_KEY_PAIR</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_TYPE_DH_KEY_PAIR"><code class="xref">PSA_KEY_TYPE_DH_KEY_PAIR</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/types.html#PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY"><code class="xref">PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_TYPE_DH_KEY_PAIR_BASE"><code class="xref">PSA_KEY_TYPE_DH_KEY_PAIR_BASE</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/types.html#PSA_KEY_TYPE_IS_KEY_PAIR"><code class="xref">PSA_KEY_TYPE_IS_KEY_PAIR</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_TYPE_DH_PUBLIC_KEY"><code class="xref">PSA_KEY_TYPE_DH_PUBLIC_KEY</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/types.html#PSA_KEY_TYPE_IS_PUBLIC_KEY"><code class="xref">PSA_KEY_TYPE_IS_PUBLIC_KEY</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE"><code class="xref">PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/types.html#PSA_KEY_TYPE_IS_RSA"><code class="xref">PSA_KEY_TYPE_IS_RSA</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_TYPE_ECC_CURVE_MASK"><code class="xref">PSA_KEY_TYPE_ECC_CURVE_MASK</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/types.html#PSA_KEY_TYPE_IS_UNSTRUCTURED"><code class="xref">PSA_KEY_TYPE_IS_UNSTRUCTURED</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_TYPE_ECC_KEY_PAIR"><code class="xref">PSA_KEY_TYPE_ECC_KEY_PAIR</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/types.html#PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY"><code class="xref">PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_TYPE_ECC_KEY_PAIR_BASE"><code class="xref">PSA_KEY_TYPE_ECC_KEY_PAIR_BASE</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/types.html#PSA_KEY_TYPE_NONE"><code class="xref">PSA_KEY_TYPE_NONE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_TYPE_ECC_PUBLIC_KEY"><code class="xref">PSA_KEY_TYPE_ECC_PUBLIC_KEY</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/types.html#PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR"><code class="xref">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE"><code class="xref">PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/types.html#PSA_KEY_TYPE_RAW_DATA"><code class="xref">PSA_KEY_TYPE_RAW_DATA</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_TYPE_GET_CURVE"><code class="xref">PSA_KEY_TYPE_GET_CURVE</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/types.html#PSA_KEY_TYPE_RSA_KEY_PAIR"><code class="xref">PSA_KEY_TYPE_RSA_KEY_PAIR</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_TYPE_GET_GROUP"><code class="xref">PSA_KEY_TYPE_GET_GROUP</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/types.html#PSA_KEY_TYPE_RSA_PUBLIC_KEY"><code class="xref">PSA_KEY_TYPE_RSA_PUBLIC_KEY</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_TYPE_HMAC"><code class="xref">PSA_KEY_TYPE_HMAC</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/usage.html#PSA_KEY_USAGE_CACHE"><code class="xref">PSA_KEY_USAGE_CACHE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_TYPE_IS_ASYMMETRIC"><code class="xref">PSA_KEY_TYPE_IS_ASYMMETRIC</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/usage.html#PSA_KEY_USAGE_COPY"><code class="xref">PSA_KEY_USAGE_COPY</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_TYPE_IS_DH"><code class="xref">PSA_KEY_TYPE_IS_DH</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/usage.html#PSA_KEY_USAGE_DECRYPT"><code class="xref">PSA_KEY_USAGE_DECRYPT</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_TYPE_IS_DH_KEY_PAIR"><code class="xref">PSA_KEY_TYPE_IS_DH_KEY_PAIR</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/usage.html#PSA_KEY_USAGE_DERIVE"><code class="xref">PSA_KEY_USAGE_DERIVE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_TYPE_IS_DH_PUBLIC_KEY"><code class="xref">PSA_KEY_TYPE_IS_DH_PUBLIC_KEY</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/usage.html#PSA_KEY_USAGE_ENCRYPT"><code class="xref">PSA_KEY_USAGE_ENCRYPT</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_TYPE_IS_ECC"><code class="xref">PSA_KEY_TYPE_IS_ECC</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/usage.html#PSA_KEY_USAGE_EXPORT"><code class="xref">PSA_KEY_USAGE_EXPORT</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_TYPE_IS_ECC_KEY_PAIR"><code class="xref">PSA_KEY_TYPE_IS_ECC_KEY_PAIR</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/usage.html#PSA_KEY_USAGE_SIGN_HASH"><code class="xref">PSA_KEY_USAGE_SIGN_HASH</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY"><code class="xref">PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/usage.html#PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref">PSA_KEY_USAGE_SIGN_MESSAGE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_TYPE_IS_KEY_PAIR"><code class="xref">PSA_KEY_TYPE_IS_KEY_PAIR</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/usage.html#PSA_KEY_USAGE_VERIFY_HASH"><code class="xref">PSA_KEY_USAGE_VERIFY_HASH</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_TYPE_IS_PUBLIC_KEY"><code class="xref">PSA_KEY_TYPE_IS_PUBLIC_KEY</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/usage.html#PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="xref">PSA_KEY_USAGE_VERIFY_MESSAGE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_TYPE_IS_RSA"><code class="xref">PSA_KEY_TYPE_IS_RSA</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/attributes.html#psa_key_attributes_init"><code class="xref">psa_key_attributes_init</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_TYPE_IS_UNSTRUCTURED"><code class="xref">PSA_KEY_TYPE_IS_UNSTRUCTURED</code></a> <em>(macro)</em></td><td>
+       <a href="api/keys/attributes.html#psa_key_attributes_t"><code class="xref">psa_key_attributes_t</code></a> <em>(type)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_TYPE_IS_VENDOR_DEFINED"><code class="xref">PSA_KEY_TYPE_IS_VENDOR_DEFINED</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/kdf.html#psa_key_derivation_abort"><code class="xref">psa_key_derivation_abort</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY"><code class="xref">PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_KEY_TYPE_NONE"><code class="xref">PSA_KEY_TYPE_NONE</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR"><code class="xref">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_KEY_TYPE_RAW_DATA"><code class="xref">PSA_KEY_TYPE_RAW_DATA</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_KEY_TYPE_RSA_KEY_PAIR"><code class="xref">PSA_KEY_TYPE_RSA_KEY_PAIR</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_KEY_TYPE_RSA_PUBLIC_KEY"><code class="xref">PSA_KEY_TYPE_RSA_PUBLIC_KEY</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_KEY_TYPE_VENDOR_FLAG"><code class="xref">PSA_KEY_TYPE_VENDOR_FLAG</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_KEY_USAGE_COPY"><code class="xref">PSA_KEY_USAGE_COPY</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_KEY_USAGE_DECRYPT"><code class="xref">PSA_KEY_USAGE_DECRYPT</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_KEY_USAGE_DERIVE"><code class="xref">PSA_KEY_USAGE_DERIVE</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_KEY_USAGE_ENCRYPT"><code class="xref">PSA_KEY_USAGE_ENCRYPT</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_KEY_USAGE_EXPORT"><code class="xref">PSA_KEY_USAGE_EXPORT</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_KEY_USAGE_SIGN"><code class="xref">PSA_KEY_USAGE_SIGN</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA_KEY_USAGE_VERIFY"><code class="xref">PSA_KEY_USAGE_VERIFY</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#psa_key_attributes_init"><code class="xref">psa_key_attributes_init</code></a> <em>(function)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#psa_key_attributes_t"><code class="xref">psa_key_attributes_t</code></a> <em>(type)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#psa_key_derivation_abort"><code class="xref">psa_key_derivation_abort</code></a> <em>(function)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#psa_key_derivation_get_capacity"><code class="xref">psa_key_derivation_get_capacity</code></a> <em>(function)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#psa_key_derivation_input_bytes"><code class="xref">psa_key_derivation_input_bytes</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/kdf.html#psa_key_derivation_get_capacity"><code class="xref">psa_key_derivation_get_capacity</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_key_derivation_input_key"><code class="xref">psa_key_derivation_input_key</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/kdf.html#psa_key_derivation_input_bytes"><code class="xref">psa_key_derivation_input_bytes</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_key_derivation_key_agreement"><code class="xref">psa_key_derivation_key_agreement</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/kdf.html#psa_key_derivation_input_key"><code class="xref">psa_key_derivation_input_key</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_key_derivation_operation_init"><code class="xref">psa_key_derivation_operation_init</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/ka.html#psa_key_derivation_key_agreement"><code class="xref">psa_key_derivation_key_agreement</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_key_derivation_operation_t"><code class="xref">psa_key_derivation_operation_t</code></a> <em>(type)</em></td><td>
+       <a href="api/ops/kdf.html#psa_key_derivation_operation_init"><code class="xref">psa_key_derivation_operation_init</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_key_derivation_output_bytes"><code class="xref">psa_key_derivation_output_bytes</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/kdf.html#psa_key_derivation_operation_t"><code class="xref">psa_key_derivation_operation_t</code></a> <em>(type)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_key_derivation_output_key"><code class="xref">psa_key_derivation_output_key</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/kdf.html#psa_key_derivation_output_bytes"><code class="xref">psa_key_derivation_output_bytes</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_key_derivation_set_capacity"><code class="xref">psa_key_derivation_set_capacity</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/kdf.html#psa_key_derivation_output_key"><code class="xref">psa_key_derivation_output_key</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_key_derivation_setup"><code class="xref">psa_key_derivation_setup</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/kdf.html#psa_key_derivation_set_capacity"><code class="xref">psa_key_derivation_set_capacity</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_key_derivation_step_t"><code class="xref">psa_key_derivation_step_t</code></a> <em>(type)</em></td><td>
+       <a href="api/ops/kdf.html#psa_key_derivation_setup"><code class="xref">psa_key_derivation_setup</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_key_handle_t"><code class="xref">psa_key_handle_t</code></a> <em>(type)</em></td><td>
+       <a href="api/ops/kdf.html#psa_key_derivation_step_t"><code class="xref">psa_key_derivation_step_t</code></a> <em>(type)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_key_id_t"><code class="xref">psa_key_id_t</code></a> <em>(type)</em></td><td>
+       <a href="api/keys/attributes.html#psa_key_id_t"><code class="xref">psa_key_id_t</code></a> <em>(type)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_key_lifetime_t"><code class="xref">psa_key_lifetime_t</code></a> <em>(type)</em></td><td>
+       <a href="api/keys/attributes.html#psa_key_lifetime_t"><code class="xref">psa_key_lifetime_t</code></a> <em>(type)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_key_type_t"><code class="xref">psa_key_type_t</code></a> <em>(type)</em></td><td>
+       <a href="api/keys/attributes.html#psa_key_type_t"><code class="xref">psa_key_type_t</code></a> <em>(type)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_key_usage_t"><code class="xref">psa_key_usage_t</code></a> <em>(type)</em></td><td>
+       <a href="api/keys/attributes.html#psa_key_usage_t"><code class="xref">psa_key_usage_t</code></a> <em>(type)</em></td><td>
        <em></em></td></tr>
      <tr class="pcap"><td></td><td>&#160;</td><td></td></tr>
      <tr class="cap" id="cap-PSA_M"><td></td><td>
@@ -1800,90 +1540,75 @@
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_MAC_FINAL_SIZE"><code class="xref">PSA_MAC_FINAL_SIZE</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/macs.html#PSA_MAC_LENGTH"><code class="xref">PSA_MAC_LENGTH</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_MAC_MAX_SIZE"><code class="xref">PSA_MAC_MAX_SIZE</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/macs.html#PSA_MAC_MAX_SIZE"><code class="xref">PSA_MAC_MAX_SIZE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_MAC_OPERATION_INIT"><code class="xref">PSA_MAC_OPERATION_INIT</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/macs.html#PSA_MAC_OPERATION_INIT"><code class="xref">PSA_MAC_OPERATION_INIT</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_MAC_TRUNCATED_LENGTH"><code class="xref">PSA_MAC_TRUNCATED_LENGTH</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/macs.html#psa_mac_abort"><code class="xref">psa_mac_abort</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_MAC_TRUNCATION_OFFSET"><code class="xref">PSA_MAC_TRUNCATION_OFFSET</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/macs.html#psa_mac_compute"><code class="xref">psa_mac_compute</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE"><code class="xref">PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/macs.html#psa_mac_operation_init"><code class="xref">psa_mac_operation_init</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_mac_abort"><code class="xref">psa_mac_abort</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/macs.html#psa_mac_operation_t"><code class="xref">psa_mac_operation_t</code></a> <em>(type)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_mac_compute"><code class="xref">psa_mac_compute</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/macs.html#psa_mac_sign_finish"><code class="xref">psa_mac_sign_finish</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_mac_operation_init"><code class="xref">psa_mac_operation_init</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/macs.html#psa_mac_sign_setup"><code class="xref">psa_mac_sign_setup</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_mac_operation_t"><code class="xref">psa_mac_operation_t</code></a> <em>(type)</em></td><td>
+       <a href="api/ops/macs.html#psa_mac_update"><code class="xref">psa_mac_update</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_mac_sign_finish"><code class="xref">psa_mac_sign_finish</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/macs.html#psa_mac_verify"><code class="xref">psa_mac_verify</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_mac_sign_setup"><code class="xref">psa_mac_sign_setup</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/macs.html#psa_mac_verify_finish"><code class="xref">psa_mac_verify_finish</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_mac_update"><code class="xref">psa_mac_update</code></a> <em>(function)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#psa_mac_verify"><code class="xref">psa_mac_verify</code></a> <em>(function)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#psa_mac_verify_finish"><code class="xref">psa_mac_verify_finish</code></a> <em>(function)</em></td><td>
-       <em></em></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#psa_mac_verify_setup"><code class="xref">psa_mac_verify_setup</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/macs.html#psa_mac_verify_setup"><code class="xref">psa_mac_verify_setup</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr class="pcap"><td></td><td>&#160;</td><td></td></tr>
-     <tr class="cap" id="cap-PSA_O"><td></td><td>
-       <strong>PSA_O</strong></td><td></td></tr>
+     <tr class="cap" id="cap-PSA_P"><td></td><td>
+       <strong>PSA_P</strong></td><td></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_open_key"><code class="xref">psa_open_key</code></a> <em>(function)</em></td><td>
+       <a href="api/keys/management.html#psa_purge_key"><code class="xref">psa_purge_key</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr class="pcap"><td></td><td>&#160;</td><td></td></tr>
      <tr class="cap" id="cap-PSA_R"><td></td><td>
@@ -1891,22 +1616,22 @@
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_ROUND_UP_TO_MULTIPLE"><code class="xref">PSA_ROUND_UP_TO_MULTIPLE</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/ka.html#PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE"><code class="xref">PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_RSA_MINIMUM_PADDING_SIZE"><code class="xref">PSA_RSA_MINIMUM_PADDING_SIZE</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/ka.html#PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE"><code class="xref">PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_raw_key_agreement"><code class="xref">psa_raw_key_agreement</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/ka.html#psa_raw_key_agreement"><code class="xref">psa_raw_key_agreement</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_reset_key_attributes"><code class="xref">psa_reset_key_attributes</code></a> <em>(function)</em></td><td>
+       <a href="api/keys/attributes.html#psa_reset_key_attributes"><code class="xref">psa_reset_key_attributes</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr class="pcap"><td></td><td>&#160;</td><td></td></tr>
      <tr class="cap" id="cap-PSA_S"><td></td><td>
@@ -1914,42 +1639,70 @@
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_SUCCESS"><code class="xref">PSA_SUCCESS</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/sign.html#PSA_SIGNATURE_MAX_SIZE"><code class="xref">PSA_SIGNATURE_MAX_SIZE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_set_key_algorithm"><code class="xref">psa_set_key_algorithm</code></a> <em>(function)</em></td><td>
+       <a href="api/ops/sign.html#PSA_SIGN_OUTPUT_SIZE"><code class="xref">PSA_SIGN_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_set_key_bits"><code class="xref">psa_set_key_bits</code></a> <em>(function)</em></td><td>
+       <a href="api/library/status.html#PSA_SUCCESS"><code class="xref">PSA_SUCCESS</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_set_key_id"><code class="xref">psa_set_key_id</code></a> <em>(function)</em></td><td>
+       <a href="api/keys/algorithms.html#psa_set_key_algorithm"><code class="xref">psa_set_key_algorithm</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_set_key_lifetime"><code class="xref">psa_set_key_lifetime</code></a> <em>(function)</em></td><td>
+       <a href="api/keys/types.html#psa_set_key_bits"><code class="xref">psa_set_key_bits</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_set_key_type"><code class="xref">psa_set_key_type</code></a> <em>(function)</em></td><td>
+       <a href="api/keys/locations.html#psa_set_key_id"><code class="xref">psa_set_key_id</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_set_key_usage_flags"><code class="xref">psa_set_key_usage_flags</code></a> <em>(function)</em></td><td>
+       <a href="api/keys/locations.html#psa_set_key_lifetime"><code class="xref">psa_set_key_lifetime</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#psa_status_t"><code class="xref">psa_status_t</code></a> <em>(type)</em></td><td>
+       <a href="api/keys/types.html#psa_set_key_type"><code class="xref">psa_set_key_type</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="api/keys/usage.html#psa_set_key_usage_flags"><code class="xref">psa_set_key_usage_flags</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="api/ops/sign.html#psa_sign_hash"><code class="xref">psa_sign_hash</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="api/ops/sign.html#psa_sign_message"><code class="xref">psa_sign_message</code></a> <em>(function)</em></td><td>
+       <em></em></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="api/library/status.html#psa_status_t"><code class="xref">psa_status_t</code></a> <em>(type)</em></td><td>
+       <em></em></td></tr>
+     <tr class="pcap"><td></td><td>&#160;</td><td></td></tr>
+     <tr class="cap" id="cap-PSA_T"><td></td><td>
+       <strong>PSA_T</strong></td><td></td></tr>
+     <tr>
+       <td></td>
+       <td>
+       <a href="api/ops/kdf.html#PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE"><code class="xref">PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE</code></a> <em>(macro)</em></td><td>
        <em></em></td></tr>
      <tr class="pcap"><td></td><td>&#160;</td><td></td></tr>
      <tr class="cap" id="cap-PSA_V"><td></td><td>
@@ -1957,69 +1710,21 @@
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_VENDOR_ECC_MAX_CURVE_BITS"><code class="xref">PSA_VENDOR_ECC_MAX_CURVE_BITS</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/sign.html#psa_verify_hash"><code class="xref">psa_verify_hash</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
      <tr>
        <td></td>
        <td>
-       <a href="from_doxygen.html#PSA_VENDOR_RSA_MAX_KEY_BITS"><code class="xref">PSA_VENDOR_RSA_MAX_KEY_BITS</code></a> <em>(macro)</em></td><td>
-       <em></em></td></tr>
-     <tr class="pcap"><td></td><td>&#160;</td><td></td></tr>
-     <tr class="cap" id="cap-PSA__"><td></td><td>
-       <strong>PSA__</strong></td><td></td></tr>
-     <tr>
-       <td></td>
-       <td>
-       <a href="from_doxygen.html#PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE"><code class="xref">PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE</code></a> <em>(macro)</em></td><td>
+       <a href="api/ops/sign.html#psa_verify_message"><code class="xref">psa_verify_message</code></a> <em>(function)</em></td><td>
        <em></em></td></tr>
    </table>
 
 
           </div>
-          
         </div>
       </div>
       <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
-        <div class="sphinxsidebarwrapper">
-<h1 class="logo"><a href="index.html">psa_crypto_api</a></h1>
-
-
-
-
-
-
-
-
-<h3>Navigation</h3>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="general.html">Introduction</a></li>
-<li class="toctree-l1"><a class="reference internal" href="general.html#design-goals">Design goals</a></li>
-<li class="toctree-l1"><a class="reference internal" href="general.html#functionality-overview">Functionality overview</a></li>
-<li class="toctree-l1"><a class="reference internal" href="general.html#sample-architectures">Sample architectures</a></li>
-<li class="toctree-l1"><a class="reference internal" href="general.html#library-conventions">Library conventions</a></li>
-<li class="toctree-l1"><a class="reference internal" href="general.html#implementation-considerations">Implementation considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="general.html#usage-considerations">Usage considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html">Implementation-specific definitions</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#library-initialization">Library initialization</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-attributes">Key attributes</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-management">Key management</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-import-and-export">Key import and export</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#message-digests">Message digests</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#message-authentication-codes">Message authentication codes</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#symmetric-ciphers">Symmetric ciphers</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#authenticated-encryption-with-associated-data-aead">Authenticated encryption with associated data (AEAD)</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#asymmetric-cryptography">Asymmetric cryptography</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-derivation-and-pseudorandom-generation">Key derivation and pseudorandom generation</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#random-generation">Random generation</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#error-codes">Error codes</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-and-algorithm-types">Key and algorithm types</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-lifetimes">Key lifetimes</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-policies">Key policies</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-derivation">Key derivation</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#other-definitions">Other definitions</a></li>
-</ul>
-
-<div class="relations">
+        <div class="sphinxsidebarwrapper"><div class="relations">
 <h3>Related Topics</h3>
 <ul>
   <li><a href="index.html">Documentation overview</a><ul>
@@ -2028,34 +1733,24 @@
 </div>
 <div id="searchbox" style="display: none" role="search">
   <h3>Quick search</h3>
-    <div class="searchformwrapper">
     <form class="search" action="search.html" method="get">
-      <input type="text" name="q" />
-      <input type="submit" value="Go" />
+      <div><input type="text" name="q" /></div>
+      <div><input type="submit" value="Go" /></div>
       <input type="hidden" name="check_keywords" value="yes" />
       <input type="hidden" name="area" value="default" />
     </form>
-    </div>
 </div>
 <script type="text/javascript">$('#searchbox').show(0);</script>
-
-
-
-
-
-
-
-
         </div>
       </div>
       <div class="clearer"></div>
     </div>
     <div class="footer">
-      &copy;2019, Arm.
+      &copy; 2019-2020, Arm Limited or its affiliates. All rights reserved.
       
       |
-      Powered by <a href="http://sphinx-doc.org/">Sphinx 1.8.5</a>
-      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.12</a>
+      Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
+      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
       
     </div>
 
diff --git a/docs/html/search.html b/docs/html/search.html
index 266bde5..9d9d60c 100644
--- a/docs/html/search.html
+++ b/docs/html/search.html
@@ -4,17 +4,23 @@
 
 <html xmlns="http://www.w3.org/1999/xhtml">
   <head>
-    <meta http-equiv="X-UA-Compatible" content="IE=Edge" />
     <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-    <title>Search &#8212; psa_crypto_api 1.0 beta3 documentation</title>
+    <title>Search &#8212; PSA Crypto API 1.0.0 documentation</title>
     <link rel="stylesheet" href="_static/alabaster.css" type="text/css" />
     <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
-    
-    <script type="text/javascript" id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
+    <script type="text/javascript">
+      var DOCUMENTATION_OPTIONS = {
+        URL_ROOT:    './',
+        VERSION:     '1.0.0',
+        COLLAPSE_INDEX: false,
+        FILE_SUFFIX: '.html',
+        HAS_SOURCE:  true,
+        SOURCELINK_SUFFIX: '.txt'
+      };
+    </script>
     <script type="text/javascript" src="_static/jquery.js"></script>
     <script type="text/javascript" src="_static/underscore.js"></script>
     <script type="text/javascript" src="_static/doctools.js"></script>
-    <script type="text/javascript" src="_static/language_data.js"></script>
     <script type="text/javascript" src="_static/searchtools.js"></script>
     <link rel="index" title="Index" href="genindex.html" />
     <link rel="search" title="Search" href="#" />
@@ -27,18 +33,16 @@
    
   <link rel="stylesheet" href="_static/custom.css" type="text/css" />
   
-  
   <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
 
 
-  </head><body>
+  </head>
+  <body>
   
 
     <div class="document">
       <div class="documentwrapper">
         <div class="bodywrapper">
-          
-
           <div class="body" role="main">
             
   <h1 id="search-documentation">Search</h1>
@@ -66,74 +70,26 @@
   </div>
 
           </div>
-          
         </div>
       </div>
       <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
-        <div class="sphinxsidebarwrapper">
-<h1 class="logo"><a href="index.html">psa_crypto_api</a></h1>
-
-
-
-
-
-
-
-
-<h3>Navigation</h3>
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="general.html">Introduction</a></li>
-<li class="toctree-l1"><a class="reference internal" href="general.html#design-goals">Design goals</a></li>
-<li class="toctree-l1"><a class="reference internal" href="general.html#functionality-overview">Functionality overview</a></li>
-<li class="toctree-l1"><a class="reference internal" href="general.html#sample-architectures">Sample architectures</a></li>
-<li class="toctree-l1"><a class="reference internal" href="general.html#library-conventions">Library conventions</a></li>
-<li class="toctree-l1"><a class="reference internal" href="general.html#implementation-considerations">Implementation considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="general.html#usage-considerations">Usage considerations</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html">Implementation-specific definitions</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#library-initialization">Library initialization</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-attributes">Key attributes</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-management">Key management</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-import-and-export">Key import and export</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#message-digests">Message digests</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#message-authentication-codes">Message authentication codes</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#symmetric-ciphers">Symmetric ciphers</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#authenticated-encryption-with-associated-data-aead">Authenticated encryption with associated data (AEAD)</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#asymmetric-cryptography">Asymmetric cryptography</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-derivation-and-pseudorandom-generation">Key derivation and pseudorandom generation</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#random-generation">Random generation</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#error-codes">Error codes</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-and-algorithm-types">Key and algorithm types</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-lifetimes">Key lifetimes</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-policies">Key policies</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#key-derivation">Key derivation</a></li>
-<li class="toctree-l1"><a class="reference internal" href="from_doxygen.html#other-definitions">Other definitions</a></li>
-</ul>
-
-<div class="relations">
+        <div class="sphinxsidebarwrapper"><div class="relations">
 <h3>Related Topics</h3>
 <ul>
   <li><a href="index.html">Documentation overview</a><ul>
   </ul></li>
 </ul>
 </div>
-
-
-
-
-
-
-
-
         </div>
       </div>
       <div class="clearer"></div>
     </div>
     <div class="footer">
-      &copy;2019, Arm.
+      &copy; 2019-2020, Arm Limited or its affiliates. All rights reserved.
       
       |
-      Powered by <a href="http://sphinx-doc.org/">Sphinx 1.8.5</a>
-      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.12</a>
+      Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
+      &amp; <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
       
     </div>
 
diff --git a/docs/html/searchindex.js b/docs/html/searchindex.js
index 8f47bdc..674386f 100644
--- a/docs/html/searchindex.js
+++ b/docs/html/searchindex.js
@@ -1 +1 @@
-Search.setIndex({docnames:["from_doxygen","general","index"],envversion:{"sphinx.domains.c":1,"sphinx.domains.changeset":1,"sphinx.domains.cpp":1,"sphinx.domains.javascript":1,"sphinx.domains.math":2,"sphinx.domains.python":1,"sphinx.domains.rst":1,"sphinx.domains.std":1,"sphinx.ext.intersphinx":1,sphinx:55},filenames:["from_doxygen.rst","general.rst","index.rst"],objects:{"":{PSA_AEAD_DECRYPT_OUTPUT_SIZE:[0,0,1,"c.PSA_AEAD_DECRYPT_OUTPUT_SIZE"],PSA_AEAD_ENCRYPT_OUTPUT_SIZE:[0,0,1,"c.PSA_AEAD_ENCRYPT_OUTPUT_SIZE"],PSA_AEAD_FINISH_OUTPUT_SIZE:[0,0,1,"c.PSA_AEAD_FINISH_OUTPUT_SIZE"],PSA_AEAD_OPERATION_INIT:[0,0,1,"c.PSA_AEAD_OPERATION_INIT"],PSA_AEAD_TAG_LENGTH:[0,0,1,"c.PSA_AEAD_TAG_LENGTH"],PSA_AEAD_TAG_LENGTH_OFFSET:[0,0,1,"c.PSA_AEAD_TAG_LENGTH_OFFSET"],PSA_AEAD_UPDATE_OUTPUT_SIZE:[0,0,1,"c.PSA_AEAD_UPDATE_OUTPUT_SIZE"],PSA_AEAD_VERIFY_OUTPUT_SIZE:[0,0,1,"c.PSA_AEAD_VERIFY_OUTPUT_SIZE"],PSA_ALG_AEAD_FROM_BLOCK_FLAG:[0,0,1,"c.PSA_ALG_AEAD_FROM_BLOCK_FLAG"],PSA_ALG_AEAD_TAG_LENGTH_MASK:[0,0,1,"c.PSA_ALG_AEAD_TAG_LENGTH_MASK"],PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH:[0,0,1,"c.PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH"],PSA_ALG_AEAD_WITH_TAG_LENGTH:[0,0,1,"c.PSA_ALG_AEAD_WITH_TAG_LENGTH"],PSA_ALG_ANY_HASH:[0,0,1,"c.PSA_ALG_ANY_HASH"],PSA_ALG_ARC4:[0,0,1,"c.PSA_ALG_ARC4"],PSA_ALG_CATEGORY_AEAD:[0,0,1,"c.PSA_ALG_CATEGORY_AEAD"],PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:[0,0,1,"c.PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION"],PSA_ALG_CATEGORY_CIPHER:[0,0,1,"c.PSA_ALG_CATEGORY_CIPHER"],PSA_ALG_CATEGORY_HASH:[0,0,1,"c.PSA_ALG_CATEGORY_HASH"],PSA_ALG_CATEGORY_KEY_AGREEMENT:[0,0,1,"c.PSA_ALG_CATEGORY_KEY_AGREEMENT"],PSA_ALG_CATEGORY_KEY_DERIVATION:[0,0,1,"c.PSA_ALG_CATEGORY_KEY_DERIVATION"],PSA_ALG_CATEGORY_MAC:[0,0,1,"c.PSA_ALG_CATEGORY_MAC"],PSA_ALG_CATEGORY_MASK:[0,0,1,"c.PSA_ALG_CATEGORY_MASK"],PSA_ALG_CATEGORY_SIGN:[0,0,1,"c.PSA_ALG_CATEGORY_SIGN"],PSA_ALG_CBC_MAC:[0,0,1,"c.PSA_ALG_CBC_MAC"],PSA_ALG_CBC_NO_PADDING:[0,0,1,"c.PSA_ALG_CBC_NO_PADDING"],PSA_ALG_CBC_PKCS7:[0,0,1,"c.PSA_ALG_CBC_PKCS7"],PSA_ALG_CCM:[0,0,1,"c.PSA_ALG_CCM"],PSA_ALG_CFB:[0,0,1,"c.PSA_ALG_CFB"],PSA_ALG_CHACHA20:[0,0,1,"c.PSA_ALG_CHACHA20"],PSA_ALG_CHACHA20_POLY1305:[0,0,1,"c.PSA_ALG_CHACHA20_POLY1305"],PSA_ALG_CIPHER_FROM_BLOCK_FLAG:[0,0,1,"c.PSA_ALG_CIPHER_FROM_BLOCK_FLAG"],PSA_ALG_CIPHER_MAC_BASE:[0,0,1,"c.PSA_ALG_CIPHER_MAC_BASE"],PSA_ALG_CIPHER_STREAM_FLAG:[0,0,1,"c.PSA_ALG_CIPHER_STREAM_FLAG"],PSA_ALG_CMAC:[0,0,1,"c.PSA_ALG_CMAC"],PSA_ALG_CTR:[0,0,1,"c.PSA_ALG_CTR"],PSA_ALG_DETERMINISTIC_ECDSA:[0,0,1,"c.PSA_ALG_DETERMINISTIC_ECDSA"],PSA_ALG_DETERMINISTIC_ECDSA_BASE:[0,0,1,"c.PSA_ALG_DETERMINISTIC_ECDSA_BASE"],PSA_ALG_ECDH:[0,0,1,"c.PSA_ALG_ECDH"],PSA_ALG_ECDSA:[0,0,1,"c.PSA_ALG_ECDSA"],PSA_ALG_ECDSA_ANY:[0,0,1,"c.PSA_ALG_ECDSA_ANY"],PSA_ALG_ECDSA_BASE:[0,0,1,"c.PSA_ALG_ECDSA_BASE"],PSA_ALG_ECDSA_IS_DETERMINISTIC:[0,0,1,"c.PSA_ALG_ECDSA_IS_DETERMINISTIC"],PSA_ALG_FFDH:[0,0,1,"c.PSA_ALG_FFDH"],PSA_ALG_FULL_LENGTH_MAC:[0,0,1,"c.PSA_ALG_FULL_LENGTH_MAC"],PSA_ALG_GCM:[0,0,1,"c.PSA_ALG_GCM"],PSA_ALG_GMAC:[0,0,1,"c.PSA_ALG_GMAC"],PSA_ALG_HASH_MASK:[0,0,1,"c.PSA_ALG_HASH_MASK"],PSA_ALG_HKDF:[0,0,1,"c.PSA_ALG_HKDF"],PSA_ALG_HKDF_BASE:[0,0,1,"c.PSA_ALG_HKDF_BASE"],PSA_ALG_HKDF_GET_HASH:[0,0,1,"c.PSA_ALG_HKDF_GET_HASH"],PSA_ALG_HMAC:[0,0,1,"c.PSA_ALG_HMAC"],PSA_ALG_HMAC_BASE:[0,0,1,"c.PSA_ALG_HMAC_BASE"],PSA_ALG_HMAC_GET_HASH:[0,0,1,"c.PSA_ALG_HMAC_GET_HASH"],PSA_ALG_IS_AEAD:[0,0,1,"c.PSA_ALG_IS_AEAD"],PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER:[0,0,1,"c.PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER"],PSA_ALG_IS_ASYMMETRIC_ENCRYPTION:[0,0,1,"c.PSA_ALG_IS_ASYMMETRIC_ENCRYPTION"],PSA_ALG_IS_BLOCK_CIPHER_MAC:[0,0,1,"c.PSA_ALG_IS_BLOCK_CIPHER_MAC"],PSA_ALG_IS_CIPHER:[0,0,1,"c.PSA_ALG_IS_CIPHER"],PSA_ALG_IS_DETERMINISTIC_ECDSA:[0,0,1,"c.PSA_ALG_IS_DETERMINISTIC_ECDSA"],PSA_ALG_IS_ECDH:[0,0,1,"c.PSA_ALG_IS_ECDH"],PSA_ALG_IS_ECDSA:[0,0,1,"c.PSA_ALG_IS_ECDSA"],PSA_ALG_IS_FFDH:[0,0,1,"c.PSA_ALG_IS_FFDH"],PSA_ALG_IS_HASH:[0,0,1,"c.PSA_ALG_IS_HASH"],PSA_ALG_IS_HASH_AND_SIGN:[0,0,1,"c.PSA_ALG_IS_HASH_AND_SIGN"],PSA_ALG_IS_HKDF:[0,0,1,"c.PSA_ALG_IS_HKDF"],PSA_ALG_IS_HMAC:[0,0,1,"c.PSA_ALG_IS_HMAC"],PSA_ALG_IS_KEY_AGREEMENT:[0,0,1,"c.PSA_ALG_IS_KEY_AGREEMENT"],PSA_ALG_IS_KEY_DERIVATION:[0,0,1,"c.PSA_ALG_IS_KEY_DERIVATION"],PSA_ALG_IS_KEY_DERIVATION_OR_AGREEMENT:[0,0,1,"c.PSA_ALG_IS_KEY_DERIVATION_OR_AGREEMENT"],PSA_ALG_IS_MAC:[0,0,1,"c.PSA_ALG_IS_MAC"],PSA_ALG_IS_RANDOMIZED_ECDSA:[0,0,1,"c.PSA_ALG_IS_RANDOMIZED_ECDSA"],PSA_ALG_IS_RAW_KEY_AGREEMENT:[0,0,1,"c.PSA_ALG_IS_RAW_KEY_AGREEMENT"],PSA_ALG_IS_RSA_OAEP:[0,0,1,"c.PSA_ALG_IS_RSA_OAEP"],PSA_ALG_IS_RSA_PKCS1V15_SIGN:[0,0,1,"c.PSA_ALG_IS_RSA_PKCS1V15_SIGN"],PSA_ALG_IS_RSA_PSS:[0,0,1,"c.PSA_ALG_IS_RSA_PSS"],PSA_ALG_IS_SIGN:[0,0,1,"c.PSA_ALG_IS_SIGN"],PSA_ALG_IS_STREAM_CIPHER:[0,0,1,"c.PSA_ALG_IS_STREAM_CIPHER"],PSA_ALG_IS_TLS12_PRF:[0,0,1,"c.PSA_ALG_IS_TLS12_PRF"],PSA_ALG_IS_TLS12_PSK_TO_MS:[0,0,1,"c.PSA_ALG_IS_TLS12_PSK_TO_MS"],PSA_ALG_IS_VENDOR_DEFINED:[0,0,1,"c.PSA_ALG_IS_VENDOR_DEFINED"],PSA_ALG_IS_WILDCARD:[0,0,1,"c.PSA_ALG_IS_WILDCARD"],PSA_ALG_KEY_AGREEMENT:[0,0,1,"c.PSA_ALG_KEY_AGREEMENT"],PSA_ALG_KEY_AGREEMENT_GET_BASE:[0,0,1,"c.PSA_ALG_KEY_AGREEMENT_GET_BASE"],PSA_ALG_KEY_AGREEMENT_GET_KDF:[0,0,1,"c.PSA_ALG_KEY_AGREEMENT_GET_KDF"],PSA_ALG_KEY_AGREEMENT_MASK:[0,0,1,"c.PSA_ALG_KEY_AGREEMENT_MASK"],PSA_ALG_KEY_DERIVATION_MASK:[0,0,1,"c.PSA_ALG_KEY_DERIVATION_MASK"],PSA_ALG_MAC_SUBCATEGORY_MASK:[0,0,1,"c.PSA_ALG_MAC_SUBCATEGORY_MASK"],PSA_ALG_MAC_TRUNCATION_MASK:[0,0,1,"c.PSA_ALG_MAC_TRUNCATION_MASK"],PSA_ALG_MD2:[0,0,1,"c.PSA_ALG_MD2"],PSA_ALG_MD4:[0,0,1,"c.PSA_ALG_MD4"],PSA_ALG_MD5:[0,0,1,"c.PSA_ALG_MD5"],PSA_ALG_OFB:[0,0,1,"c.PSA_ALG_OFB"],PSA_ALG_RIPEMD160:[0,0,1,"c.PSA_ALG_RIPEMD160"],PSA_ALG_RSA_OAEP:[0,0,1,"c.PSA_ALG_RSA_OAEP"],PSA_ALG_RSA_OAEP_BASE:[0,0,1,"c.PSA_ALG_RSA_OAEP_BASE"],PSA_ALG_RSA_OAEP_GET_HASH:[0,0,1,"c.PSA_ALG_RSA_OAEP_GET_HASH"],PSA_ALG_RSA_PKCS1V15_CRYPT:[0,0,1,"c.PSA_ALG_RSA_PKCS1V15_CRYPT"],PSA_ALG_RSA_PKCS1V15_SIGN:[0,0,1,"c.PSA_ALG_RSA_PKCS1V15_SIGN"],PSA_ALG_RSA_PKCS1V15_SIGN_BASE:[0,0,1,"c.PSA_ALG_RSA_PKCS1V15_SIGN_BASE"],PSA_ALG_RSA_PKCS1V15_SIGN_RAW:[0,0,1,"c.PSA_ALG_RSA_PKCS1V15_SIGN_RAW"],PSA_ALG_RSA_PSS:[0,0,1,"c.PSA_ALG_RSA_PSS"],PSA_ALG_RSA_PSS_BASE:[0,0,1,"c.PSA_ALG_RSA_PSS_BASE"],PSA_ALG_SHA3_224:[0,0,1,"c.PSA_ALG_SHA3_224"],PSA_ALG_SHA3_256:[0,0,1,"c.PSA_ALG_SHA3_256"],PSA_ALG_SHA3_384:[0,0,1,"c.PSA_ALG_SHA3_384"],PSA_ALG_SHA3_512:[0,0,1,"c.PSA_ALG_SHA3_512"],PSA_ALG_SHA_1:[0,0,1,"c.PSA_ALG_SHA_1"],PSA_ALG_SHA_224:[0,0,1,"c.PSA_ALG_SHA_224"],PSA_ALG_SHA_256:[0,0,1,"c.PSA_ALG_SHA_256"],PSA_ALG_SHA_384:[0,0,1,"c.PSA_ALG_SHA_384"],PSA_ALG_SHA_512:[0,0,1,"c.PSA_ALG_SHA_512"],PSA_ALG_SHA_512_224:[0,0,1,"c.PSA_ALG_SHA_512_224"],PSA_ALG_SHA_512_256:[0,0,1,"c.PSA_ALG_SHA_512_256"],PSA_ALG_SIGN_GET_HASH:[0,0,1,"c.PSA_ALG_SIGN_GET_HASH"],PSA_ALG_TLS12_PRF:[0,0,1,"c.PSA_ALG_TLS12_PRF"],PSA_ALG_TLS12_PRF_BASE:[0,0,1,"c.PSA_ALG_TLS12_PRF_BASE"],PSA_ALG_TLS12_PRF_GET_HASH:[0,0,1,"c.PSA_ALG_TLS12_PRF_GET_HASH"],PSA_ALG_TLS12_PSK_TO_MS:[0,0,1,"c.PSA_ALG_TLS12_PSK_TO_MS"],PSA_ALG_TLS12_PSK_TO_MS_BASE:[0,0,1,"c.PSA_ALG_TLS12_PSK_TO_MS_BASE"],PSA_ALG_TLS12_PSK_TO_MS_GET_HASH:[0,0,1,"c.PSA_ALG_TLS12_PSK_TO_MS_GET_HASH"],PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN:[0,0,1,"c.PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN"],PSA_ALG_TRUNCATED_MAC:[0,0,1,"c.PSA_ALG_TRUNCATED_MAC"],PSA_ALG_VENDOR_FLAG:[0,0,1,"c.PSA_ALG_VENDOR_FLAG"],PSA_ALG_XTS:[0,0,1,"c.PSA_ALG_XTS"],PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE:[0,0,1,"c.PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE"],PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE:[0,0,1,"c.PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE"],PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE:[0,0,1,"c.PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE"],PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE:[0,0,1,"c.PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE"],PSA_BITS_TO_BYTES:[0,0,1,"c.PSA_BITS_TO_BYTES"],PSA_BLOCK_CIPHER_BLOCK_SIZE:[0,0,1,"c.PSA_BLOCK_CIPHER_BLOCK_SIZE"],PSA_BYTES_TO_BITS:[0,0,1,"c.PSA_BYTES_TO_BITS"],PSA_CIPHER_OPERATION_INIT:[0,0,1,"c.PSA_CIPHER_OPERATION_INIT"],PSA_DH_GROUP_FFDHE2048:[0,0,1,"c.PSA_DH_GROUP_FFDHE2048"],PSA_DH_GROUP_FFDHE3072:[0,0,1,"c.PSA_DH_GROUP_FFDHE3072"],PSA_DH_GROUP_FFDHE4096:[0,0,1,"c.PSA_DH_GROUP_FFDHE4096"],PSA_DH_GROUP_FFDHE6144:[0,0,1,"c.PSA_DH_GROUP_FFDHE6144"],PSA_DH_GROUP_FFDHE8192:[0,0,1,"c.PSA_DH_GROUP_FFDHE8192"],PSA_ECC_CURVE_BITS:[0,0,1,"c.PSA_ECC_CURVE_BITS"],PSA_ECC_CURVE_BRAINPOOL_P256R1:[0,0,1,"c.PSA_ECC_CURVE_BRAINPOOL_P256R1"],PSA_ECC_CURVE_BRAINPOOL_P384R1:[0,0,1,"c.PSA_ECC_CURVE_BRAINPOOL_P384R1"],PSA_ECC_CURVE_BRAINPOOL_P512R1:[0,0,1,"c.PSA_ECC_CURVE_BRAINPOOL_P512R1"],PSA_ECC_CURVE_CURVE25519:[0,0,1,"c.PSA_ECC_CURVE_CURVE25519"],PSA_ECC_CURVE_CURVE448:[0,0,1,"c.PSA_ECC_CURVE_CURVE448"],PSA_ECC_CURVE_SECP160K1:[0,0,1,"c.PSA_ECC_CURVE_SECP160K1"],PSA_ECC_CURVE_SECP160R1:[0,0,1,"c.PSA_ECC_CURVE_SECP160R1"],PSA_ECC_CURVE_SECP160R2:[0,0,1,"c.PSA_ECC_CURVE_SECP160R2"],PSA_ECC_CURVE_SECP192K1:[0,0,1,"c.PSA_ECC_CURVE_SECP192K1"],PSA_ECC_CURVE_SECP192R1:[0,0,1,"c.PSA_ECC_CURVE_SECP192R1"],PSA_ECC_CURVE_SECP224K1:[0,0,1,"c.PSA_ECC_CURVE_SECP224K1"],PSA_ECC_CURVE_SECP224R1:[0,0,1,"c.PSA_ECC_CURVE_SECP224R1"],PSA_ECC_CURVE_SECP256K1:[0,0,1,"c.PSA_ECC_CURVE_SECP256K1"],PSA_ECC_CURVE_SECP256R1:[0,0,1,"c.PSA_ECC_CURVE_SECP256R1"],PSA_ECC_CURVE_SECP384R1:[0,0,1,"c.PSA_ECC_CURVE_SECP384R1"],PSA_ECC_CURVE_SECP521R1:[0,0,1,"c.PSA_ECC_CURVE_SECP521R1"],PSA_ECC_CURVE_SECT163K1:[0,0,1,"c.PSA_ECC_CURVE_SECT163K1"],PSA_ECC_CURVE_SECT163R1:[0,0,1,"c.PSA_ECC_CURVE_SECT163R1"],PSA_ECC_CURVE_SECT163R2:[0,0,1,"c.PSA_ECC_CURVE_SECT163R2"],PSA_ECC_CURVE_SECT193R1:[0,0,1,"c.PSA_ECC_CURVE_SECT193R1"],PSA_ECC_CURVE_SECT193R2:[0,0,1,"c.PSA_ECC_CURVE_SECT193R2"],PSA_ECC_CURVE_SECT233K1:[0,0,1,"c.PSA_ECC_CURVE_SECT233K1"],PSA_ECC_CURVE_SECT233R1:[0,0,1,"c.PSA_ECC_CURVE_SECT233R1"],PSA_ECC_CURVE_SECT239K1:[0,0,1,"c.PSA_ECC_CURVE_SECT239K1"],PSA_ECC_CURVE_SECT283K1:[0,0,1,"c.PSA_ECC_CURVE_SECT283K1"],PSA_ECC_CURVE_SECT283R1:[0,0,1,"c.PSA_ECC_CURVE_SECT283R1"],PSA_ECC_CURVE_SECT409K1:[0,0,1,"c.PSA_ECC_CURVE_SECT409K1"],PSA_ECC_CURVE_SECT409R1:[0,0,1,"c.PSA_ECC_CURVE_SECT409R1"],PSA_ECC_CURVE_SECT571K1:[0,0,1,"c.PSA_ECC_CURVE_SECT571K1"],PSA_ECC_CURVE_SECT571R1:[0,0,1,"c.PSA_ECC_CURVE_SECT571R1"],PSA_ECDSA_SIGNATURE_SIZE:[0,0,1,"c.PSA_ECDSA_SIGNATURE_SIZE"],PSA_ERROR_ALREADY_EXISTS:[0,0,1,"c.PSA_ERROR_ALREADY_EXISTS"],PSA_ERROR_BAD_STATE:[0,0,1,"c.PSA_ERROR_BAD_STATE"],PSA_ERROR_BUFFER_TOO_SMALL:[0,0,1,"c.PSA_ERROR_BUFFER_TOO_SMALL"],PSA_ERROR_COMMUNICATION_FAILURE:[0,0,1,"c.PSA_ERROR_COMMUNICATION_FAILURE"],PSA_ERROR_CORRUPTION_DETECTED:[0,0,1,"c.PSA_ERROR_CORRUPTION_DETECTED"],PSA_ERROR_DOES_NOT_EXIST:[0,0,1,"c.PSA_ERROR_DOES_NOT_EXIST"],PSA_ERROR_GENERIC_ERROR:[0,0,1,"c.PSA_ERROR_GENERIC_ERROR"],PSA_ERROR_HARDWARE_FAILURE:[0,0,1,"c.PSA_ERROR_HARDWARE_FAILURE"],PSA_ERROR_INSUFFICIENT_DATA:[0,0,1,"c.PSA_ERROR_INSUFFICIENT_DATA"],PSA_ERROR_INSUFFICIENT_ENTROPY:[0,0,1,"c.PSA_ERROR_INSUFFICIENT_ENTROPY"],PSA_ERROR_INSUFFICIENT_MEMORY:[0,0,1,"c.PSA_ERROR_INSUFFICIENT_MEMORY"],PSA_ERROR_INSUFFICIENT_STORAGE:[0,0,1,"c.PSA_ERROR_INSUFFICIENT_STORAGE"],PSA_ERROR_INVALID_ARGUMENT:[0,0,1,"c.PSA_ERROR_INVALID_ARGUMENT"],PSA_ERROR_INVALID_HANDLE:[0,0,1,"c.PSA_ERROR_INVALID_HANDLE"],PSA_ERROR_INVALID_PADDING:[0,0,1,"c.PSA_ERROR_INVALID_PADDING"],PSA_ERROR_INVALID_SIGNATURE:[0,0,1,"c.PSA_ERROR_INVALID_SIGNATURE"],PSA_ERROR_NOT_PERMITTED:[0,0,1,"c.PSA_ERROR_NOT_PERMITTED"],PSA_ERROR_NOT_SUPPORTED:[0,0,1,"c.PSA_ERROR_NOT_SUPPORTED"],PSA_ERROR_STORAGE_FAILURE:[0,0,1,"c.PSA_ERROR_STORAGE_FAILURE"],PSA_HASH_MAX_SIZE:[0,0,1,"c.PSA_HASH_MAX_SIZE"],PSA_HASH_OPERATION_INIT:[0,0,1,"c.PSA_HASH_OPERATION_INIT"],PSA_HASH_SIZE:[0,0,1,"c.PSA_HASH_SIZE"],PSA_HMAC_MAX_HASH_BLOCK_SIZE:[0,0,1,"c.PSA_HMAC_MAX_HASH_BLOCK_SIZE"],PSA_KEY_ATTRIBUTES_INIT:[0,0,1,"c.PSA_KEY_ATTRIBUTES_INIT"],PSA_KEY_DERIVATION_INPUT_INFO:[0,0,1,"c.PSA_KEY_DERIVATION_INPUT_INFO"],PSA_KEY_DERIVATION_INPUT_LABEL:[0,0,1,"c.PSA_KEY_DERIVATION_INPUT_LABEL"],PSA_KEY_DERIVATION_INPUT_SALT:[0,0,1,"c.PSA_KEY_DERIVATION_INPUT_SALT"],PSA_KEY_DERIVATION_INPUT_SECRET:[0,0,1,"c.PSA_KEY_DERIVATION_INPUT_SECRET"],PSA_KEY_DERIVATION_INPUT_SEED:[0,0,1,"c.PSA_KEY_DERIVATION_INPUT_SEED"],PSA_KEY_DERIVATION_OPERATION_INIT:[0,0,1,"c.PSA_KEY_DERIVATION_OPERATION_INIT"],PSA_KEY_DERIVATION_UNLIMITED_CAPACITY:[0,0,1,"c.PSA_KEY_DERIVATION_UNLIMITED_CAPACITY"],PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE:[0,0,1,"c.PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE"],PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE:[0,0,1,"c.PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE"],PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE:[0,0,1,"c.PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE"],PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE:[0,0,1,"c.PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE"],PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE:[0,0,1,"c.PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE"],PSA_KEY_EXPORT_MAX_SIZE:[0,0,1,"c.PSA_KEY_EXPORT_MAX_SIZE"],PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE:[0,0,1,"c.PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE"],PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE:[0,0,1,"c.PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE"],PSA_KEY_ID_USER_MAX:[0,0,1,"c.PSA_KEY_ID_USER_MAX"],PSA_KEY_ID_USER_MIN:[0,0,1,"c.PSA_KEY_ID_USER_MIN"],PSA_KEY_ID_VENDOR_MAX:[0,0,1,"c.PSA_KEY_ID_VENDOR_MAX"],PSA_KEY_ID_VENDOR_MIN:[0,0,1,"c.PSA_KEY_ID_VENDOR_MIN"],PSA_KEY_LIFETIME_PERSISTENT:[0,0,1,"c.PSA_KEY_LIFETIME_PERSISTENT"],PSA_KEY_LIFETIME_VOLATILE:[0,0,1,"c.PSA_KEY_LIFETIME_VOLATILE"],PSA_KEY_TYPE_AES:[0,0,1,"c.PSA_KEY_TYPE_AES"],PSA_KEY_TYPE_ARC4:[0,0,1,"c.PSA_KEY_TYPE_ARC4"],PSA_KEY_TYPE_CAMELLIA:[0,0,1,"c.PSA_KEY_TYPE_CAMELLIA"],PSA_KEY_TYPE_CATEGORY_FLAG_PAIR:[0,0,1,"c.PSA_KEY_TYPE_CATEGORY_FLAG_PAIR"],PSA_KEY_TYPE_CATEGORY_KEY_PAIR:[0,0,1,"c.PSA_KEY_TYPE_CATEGORY_KEY_PAIR"],PSA_KEY_TYPE_CATEGORY_MASK:[0,0,1,"c.PSA_KEY_TYPE_CATEGORY_MASK"],PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY:[0,0,1,"c.PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY"],PSA_KEY_TYPE_CATEGORY_RAW:[0,0,1,"c.PSA_KEY_TYPE_CATEGORY_RAW"],PSA_KEY_TYPE_CATEGORY_SYMMETRIC:[0,0,1,"c.PSA_KEY_TYPE_CATEGORY_SYMMETRIC"],PSA_KEY_TYPE_CHACHA20:[0,0,1,"c.PSA_KEY_TYPE_CHACHA20"],PSA_KEY_TYPE_DERIVE:[0,0,1,"c.PSA_KEY_TYPE_DERIVE"],PSA_KEY_TYPE_DES:[0,0,1,"c.PSA_KEY_TYPE_DES"],PSA_KEY_TYPE_DH_GROUP_MASK:[0,0,1,"c.PSA_KEY_TYPE_DH_GROUP_MASK"],PSA_KEY_TYPE_DH_KEY_PAIR:[0,0,1,"c.PSA_KEY_TYPE_DH_KEY_PAIR"],PSA_KEY_TYPE_DH_KEY_PAIR_BASE:[0,0,1,"c.PSA_KEY_TYPE_DH_KEY_PAIR_BASE"],PSA_KEY_TYPE_DH_PUBLIC_KEY:[0,0,1,"c.PSA_KEY_TYPE_DH_PUBLIC_KEY"],PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE:[0,0,1,"c.PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE"],PSA_KEY_TYPE_ECC_CURVE_MASK:[0,0,1,"c.PSA_KEY_TYPE_ECC_CURVE_MASK"],PSA_KEY_TYPE_ECC_KEY_PAIR:[0,0,1,"c.PSA_KEY_TYPE_ECC_KEY_PAIR"],PSA_KEY_TYPE_ECC_KEY_PAIR_BASE:[0,0,1,"c.PSA_KEY_TYPE_ECC_KEY_PAIR_BASE"],PSA_KEY_TYPE_ECC_PUBLIC_KEY:[0,0,1,"c.PSA_KEY_TYPE_ECC_PUBLIC_KEY"],PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE:[0,0,1,"c.PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE"],PSA_KEY_TYPE_GET_CURVE:[0,0,1,"c.PSA_KEY_TYPE_GET_CURVE"],PSA_KEY_TYPE_GET_GROUP:[0,0,1,"c.PSA_KEY_TYPE_GET_GROUP"],PSA_KEY_TYPE_HMAC:[0,0,1,"c.PSA_KEY_TYPE_HMAC"],PSA_KEY_TYPE_IS_ASYMMETRIC:[0,0,1,"c.PSA_KEY_TYPE_IS_ASYMMETRIC"],PSA_KEY_TYPE_IS_DH:[0,0,1,"c.PSA_KEY_TYPE_IS_DH"],PSA_KEY_TYPE_IS_DH_KEY_PAIR:[0,0,1,"c.PSA_KEY_TYPE_IS_DH_KEY_PAIR"],PSA_KEY_TYPE_IS_DH_PUBLIC_KEY:[0,0,1,"c.PSA_KEY_TYPE_IS_DH_PUBLIC_KEY"],PSA_KEY_TYPE_IS_ECC:[0,0,1,"c.PSA_KEY_TYPE_IS_ECC"],PSA_KEY_TYPE_IS_ECC_KEY_PAIR:[0,0,1,"c.PSA_KEY_TYPE_IS_ECC_KEY_PAIR"],PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY:[0,0,1,"c.PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY"],PSA_KEY_TYPE_IS_KEY_PAIR:[0,0,1,"c.PSA_KEY_TYPE_IS_KEY_PAIR"],PSA_KEY_TYPE_IS_PUBLIC_KEY:[0,0,1,"c.PSA_KEY_TYPE_IS_PUBLIC_KEY"],PSA_KEY_TYPE_IS_RSA:[0,0,1,"c.PSA_KEY_TYPE_IS_RSA"],PSA_KEY_TYPE_IS_UNSTRUCTURED:[0,0,1,"c.PSA_KEY_TYPE_IS_UNSTRUCTURED"],PSA_KEY_TYPE_IS_VENDOR_DEFINED:[0,0,1,"c.PSA_KEY_TYPE_IS_VENDOR_DEFINED"],PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY:[0,0,1,"c.PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY"],PSA_KEY_TYPE_NONE:[0,0,1,"c.PSA_KEY_TYPE_NONE"],PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR:[0,0,1,"c.PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR"],PSA_KEY_TYPE_RAW_DATA:[0,0,1,"c.PSA_KEY_TYPE_RAW_DATA"],PSA_KEY_TYPE_RSA_KEY_PAIR:[0,0,1,"c.PSA_KEY_TYPE_RSA_KEY_PAIR"],PSA_KEY_TYPE_RSA_PUBLIC_KEY:[0,0,1,"c.PSA_KEY_TYPE_RSA_PUBLIC_KEY"],PSA_KEY_TYPE_VENDOR_FLAG:[0,0,1,"c.PSA_KEY_TYPE_VENDOR_FLAG"],PSA_KEY_USAGE_COPY:[0,0,1,"c.PSA_KEY_USAGE_COPY"],PSA_KEY_USAGE_DECRYPT:[0,0,1,"c.PSA_KEY_USAGE_DECRYPT"],PSA_KEY_USAGE_DERIVE:[0,0,1,"c.PSA_KEY_USAGE_DERIVE"],PSA_KEY_USAGE_ENCRYPT:[0,0,1,"c.PSA_KEY_USAGE_ENCRYPT"],PSA_KEY_USAGE_EXPORT:[0,0,1,"c.PSA_KEY_USAGE_EXPORT"],PSA_KEY_USAGE_SIGN:[0,0,1,"c.PSA_KEY_USAGE_SIGN"],PSA_KEY_USAGE_VERIFY:[0,0,1,"c.PSA_KEY_USAGE_VERIFY"],PSA_MAC_FINAL_SIZE:[0,0,1,"c.PSA_MAC_FINAL_SIZE"],PSA_MAC_MAX_SIZE:[0,0,1,"c.PSA_MAC_MAX_SIZE"],PSA_MAC_OPERATION_INIT:[0,0,1,"c.PSA_MAC_OPERATION_INIT"],PSA_MAC_TRUNCATED_LENGTH:[0,0,1,"c.PSA_MAC_TRUNCATED_LENGTH"],PSA_MAC_TRUNCATION_OFFSET:[0,0,1,"c.PSA_MAC_TRUNCATION_OFFSET"],PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE:[0,0,1,"c.PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE"],PSA_ROUND_UP_TO_MULTIPLE:[0,0,1,"c.PSA_ROUND_UP_TO_MULTIPLE"],PSA_RSA_MINIMUM_PADDING_SIZE:[0,0,1,"c.PSA_RSA_MINIMUM_PADDING_SIZE"],PSA_SUCCESS:[0,0,1,"c.PSA_SUCCESS"],PSA_VENDOR_ECC_MAX_CURVE_BITS:[0,0,1,"c.PSA_VENDOR_ECC_MAX_CURVE_BITS"],PSA_VENDOR_RSA_MAX_KEY_BITS:[0,0,1,"c.PSA_VENDOR_RSA_MAX_KEY_BITS"],PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE:[0,0,1,"c.PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE"],psa_aead_abort:[0,1,1,"c.psa_aead_abort"],psa_aead_decrypt:[0,1,1,"c.psa_aead_decrypt"],psa_aead_decrypt_setup:[0,1,1,"c.psa_aead_decrypt_setup"],psa_aead_encrypt:[0,1,1,"c.psa_aead_encrypt"],psa_aead_encrypt_setup:[0,1,1,"c.psa_aead_encrypt_setup"],psa_aead_finish:[0,1,1,"c.psa_aead_finish"],psa_aead_generate_nonce:[0,1,1,"c.psa_aead_generate_nonce"],psa_aead_operation_init:[0,1,1,"c.psa_aead_operation_init"],psa_aead_operation_t:[0,2,1,"c.psa_aead_operation_t"],psa_aead_set_lengths:[0,1,1,"c.psa_aead_set_lengths"],psa_aead_set_nonce:[0,1,1,"c.psa_aead_set_nonce"],psa_aead_update:[0,1,1,"c.psa_aead_update"],psa_aead_update_ad:[0,1,1,"c.psa_aead_update_ad"],psa_aead_verify:[0,1,1,"c.psa_aead_verify"],psa_algorithm_t:[0,2,1,"c.psa_algorithm_t"],psa_asymmetric_decrypt:[0,1,1,"c.psa_asymmetric_decrypt"],psa_asymmetric_encrypt:[0,1,1,"c.psa_asymmetric_encrypt"],psa_asymmetric_sign:[0,1,1,"c.psa_asymmetric_sign"],psa_asymmetric_verify:[0,1,1,"c.psa_asymmetric_verify"],psa_cipher_abort:[0,1,1,"c.psa_cipher_abort"],psa_cipher_decrypt:[0,1,1,"c.psa_cipher_decrypt"],psa_cipher_decrypt_setup:[0,1,1,"c.psa_cipher_decrypt_setup"],psa_cipher_encrypt:[0,1,1,"c.psa_cipher_encrypt"],psa_cipher_encrypt_setup:[0,1,1,"c.psa_cipher_encrypt_setup"],psa_cipher_finish:[0,1,1,"c.psa_cipher_finish"],psa_cipher_generate_iv:[0,1,1,"c.psa_cipher_generate_iv"],psa_cipher_operation_init:[0,1,1,"c.psa_cipher_operation_init"],psa_cipher_operation_t:[0,2,1,"c.psa_cipher_operation_t"],psa_cipher_set_iv:[0,1,1,"c.psa_cipher_set_iv"],psa_cipher_update:[0,1,1,"c.psa_cipher_update"],psa_close_key:[0,1,1,"c.psa_close_key"],psa_copy_key:[0,1,1,"c.psa_copy_key"],psa_crypto_init:[0,1,1,"c.psa_crypto_init"],psa_destroy_key:[0,1,1,"c.psa_destroy_key"],psa_dh_group_t:[0,2,1,"c.psa_dh_group_t"],psa_ecc_curve_t:[0,2,1,"c.psa_ecc_curve_t"],psa_export_key:[0,1,1,"c.psa_export_key"],psa_export_public_key:[0,1,1,"c.psa_export_public_key"],psa_generate_key:[0,1,1,"c.psa_generate_key"],psa_generate_random:[0,1,1,"c.psa_generate_random"],psa_get_key_algorithm:[0,1,1,"c.psa_get_key_algorithm"],psa_get_key_attributes:[0,1,1,"c.psa_get_key_attributes"],psa_get_key_bits:[0,1,1,"c.psa_get_key_bits"],psa_get_key_id:[0,1,1,"c.psa_get_key_id"],psa_get_key_lifetime:[0,1,1,"c.psa_get_key_lifetime"],psa_get_key_type:[0,1,1,"c.psa_get_key_type"],psa_get_key_usage_flags:[0,1,1,"c.psa_get_key_usage_flags"],psa_hash_abort:[0,1,1,"c.psa_hash_abort"],psa_hash_clone:[0,1,1,"c.psa_hash_clone"],psa_hash_compare:[0,1,1,"c.psa_hash_compare"],psa_hash_compute:[0,1,1,"c.psa_hash_compute"],psa_hash_finish:[0,1,1,"c.psa_hash_finish"],psa_hash_operation_init:[0,1,1,"c.psa_hash_operation_init"],psa_hash_operation_t:[0,2,1,"c.psa_hash_operation_t"],psa_hash_setup:[0,1,1,"c.psa_hash_setup"],psa_hash_update:[0,1,1,"c.psa_hash_update"],psa_hash_verify:[0,1,1,"c.psa_hash_verify"],psa_import_key:[0,1,1,"c.psa_import_key"],psa_key_attributes_init:[0,1,1,"c.psa_key_attributes_init"],psa_key_attributes_t:[0,2,1,"c.psa_key_attributes_t"],psa_key_derivation_abort:[0,1,1,"c.psa_key_derivation_abort"],psa_key_derivation_get_capacity:[0,1,1,"c.psa_key_derivation_get_capacity"],psa_key_derivation_input_bytes:[0,1,1,"c.psa_key_derivation_input_bytes"],psa_key_derivation_input_key:[0,1,1,"c.psa_key_derivation_input_key"],psa_key_derivation_key_agreement:[0,1,1,"c.psa_key_derivation_key_agreement"],psa_key_derivation_operation_init:[0,1,1,"c.psa_key_derivation_operation_init"],psa_key_derivation_operation_t:[0,2,1,"c.psa_key_derivation_operation_t"],psa_key_derivation_output_bytes:[0,1,1,"c.psa_key_derivation_output_bytes"],psa_key_derivation_output_key:[0,1,1,"c.psa_key_derivation_output_key"],psa_key_derivation_set_capacity:[0,1,1,"c.psa_key_derivation_set_capacity"],psa_key_derivation_setup:[0,1,1,"c.psa_key_derivation_setup"],psa_key_derivation_step_t:[0,2,1,"c.psa_key_derivation_step_t"],psa_key_handle_t:[0,2,1,"c.psa_key_handle_t"],psa_key_id_t:[0,2,1,"c.psa_key_id_t"],psa_key_lifetime_t:[0,2,1,"c.psa_key_lifetime_t"],psa_key_type_t:[0,2,1,"c.psa_key_type_t"],psa_key_usage_t:[0,2,1,"c.psa_key_usage_t"],psa_mac_abort:[0,1,1,"c.psa_mac_abort"],psa_mac_compute:[0,1,1,"c.psa_mac_compute"],psa_mac_operation_init:[0,1,1,"c.psa_mac_operation_init"],psa_mac_operation_t:[0,2,1,"c.psa_mac_operation_t"],psa_mac_sign_finish:[0,1,1,"c.psa_mac_sign_finish"],psa_mac_sign_setup:[0,1,1,"c.psa_mac_sign_setup"],psa_mac_update:[0,1,1,"c.psa_mac_update"],psa_mac_verify:[0,1,1,"c.psa_mac_verify"],psa_mac_verify_finish:[0,1,1,"c.psa_mac_verify_finish"],psa_mac_verify_setup:[0,1,1,"c.psa_mac_verify_setup"],psa_open_key:[0,1,1,"c.psa_open_key"],psa_raw_key_agreement:[0,1,1,"c.psa_raw_key_agreement"],psa_reset_key_attributes:[0,1,1,"c.psa_reset_key_attributes"],psa_set_key_algorithm:[0,1,1,"c.psa_set_key_algorithm"],psa_set_key_bits:[0,1,1,"c.psa_set_key_bits"],psa_set_key_id:[0,1,1,"c.psa_set_key_id"],psa_set_key_lifetime:[0,1,1,"c.psa_set_key_lifetime"],psa_set_key_type:[0,1,1,"c.psa_set_key_type"],psa_set_key_usage_flags:[0,1,1,"c.psa_set_key_usage_flags"],psa_status_t:[0,2,1,"c.psa_status_t"]}},objnames:{"0":["c","macro","C macro"],"1":["c","function","C function"],"2":["c","type","C type"]},objtypes:{"0":"c:macro","1":"c:function","2":"c:type"},terms:{"0x04":0,"3de":0,"56a":0,"byte":[0,1],"case":[0,2],"char":0,"const":[0,1],"default":[0,1],"export":[1,2],"function":2,"import":[1,2],"long":[0,1,2],"new":[0,1,2],"null":[0,1],"public":[0,1],"return":[0,2],"short":[0,1],"static":[0,1],"transient":0,"true":[0,1],"try":1,"void":[0,1],"while":[0,1,2],AES:[0,1],DES:0,For:[0,1],Its:0,NOT:0,Such:[0,1],TLS:[0,2],That:[0,1],The:[0,1,2],Then:0,There:[0,1],These:1,Use:[0,2],Using:1,XTS:0,_unsigned_integral_type_:0,abil:1,abl:[0,1],abort:[0,1],about:[0,1],abov:1,acceler:1,accept:0,access:[0,1,2],accessor:1,accident:0,accord:[0,1],accordingli:[0,1],account:[0,1],across:0,act:1,action:[0,1],activ:[0,1],actual:0,ad_length:0,add:[0,2],addit:[0,2],addition:1,additional_data:0,additional_data_length:0,adequ:1,adversari:0,aead:[1,2],aead_alg:0,affect:[0,1,2],aforement:1,after:[0,2],again:[0,1],against:[0,1],agil:1,agreement:[0,2],alarm:0,alg:[0,2],algorithm:2,align:[0,2],all:[0,1],alloc:[0,1,2],allow:[0,1,2],almost:1,alreadi:[0,1],also:[0,1,2],altern:1,although:0,altogeth:1,alwai:[0,2],among:1,amount:[0,1],analys:1,analysi:1,ani:[0,1],anoth:[0,1],ansi:0,anywher:0,apart:1,api:1,append:0,appli:[0,1],applic:[0,2],approach:1,appropri:[0,1],arbitrari:[0,1],arc4:0,architectur:[0,2],area:[0,1],argument:[0,1,2],arm:1,around:1,arrai:[0,1],ask:0,aspect:2,assembl:1,asset:1,assign:[0,1],associ:[1,2],assum:1,assumpt:[0,2],asymmetr:2,atom:1,attack:[0,2],attempt:[0,1],attest:2,attibut:1,attribut:[1,2],authent:2,author:1,automat:0,auxiliari:[0,2],avail:[0,1],avoid:[0,1,2],awar:[0,1],back:1,backend:1,bad:1,base:[0,1],becaus:[0,1],becom:[0,1],been:[0,1],befor:[0,1,2],begin:0,behav:1,behavior:[0,2],being:[0,1],below:1,benefit:0,bernstein:0,best:[0,1],beta:2,between:[0,2],bewar:0,beyond:[0,1],bias:[0,1],big:0,binari:0,bit:[0,1],bitmask:1,bitwis:0,block:[0,1,2],block_siz:0,bluetooth:1,bodi:1,boot:2,both:[0,1,2],bound:[0,1],boundari:[0,1],branch:1,breach:0,breakdown:0,broken:1,buffer:[0,2],buffer_length:0,buffer_s:0,build:[0,1,2],built:[0,1],burnt:1,bypass:0,c89:1,c99:1,cach:1,calcul:[0,1,2],call:[0,2],caller:[0,1],camellia:0,can:[0,1],candid:0,cannot:[0,1],capabl:1,capac:[0,1],care:[0,1],carefulli:1,carri:[0,1],categori:1,caus:[0,1],cbc:0,ccm:[0,1],ceil:0,certain:[0,1,2],chacha20:0,chacha20_poly1305:0,chain:0,chanc:1,chang:[0,1],channel:1,characterist:1,check:[0,2],chip:1,choic:[0,2],choos:[0,1],chosen:0,chunk:1,cipher:[1,2],ciphersuit:0,ciphertext:0,ciphertext_length:0,ciphertext_s:0,circumst:1,clarif:2,clarifi:2,clariti:2,clean:[0,2],cleanup:2,clear:1,clearli:0,cleartext:1,client:2,clienthello:0,clone:0,close:[0,1],code:[1,2],coeffici:0,collect:1,combin:[0,1],common:[0,1],commonli:1,commun:[0,1],compact:0,companion:1,compar:[0,1],comparison:0,compat:0,compil:[0,1],complet:[0,1],complex:1,complianc:0,compliant:1,compon:1,compos:[0,1],compris:0,compromis:[0,1],comput:[0,1],concaten:0,concatent:0,conceptu:1,concern:[0,1],concurr:2,condit:[0,1,2],confidenti:[0,1],conflict:1,conform:[0,1],connect:1,consequ:[0,1],consequenti:1,conserv:[0,1],consid:[0,1],consider:[0,2],consist:[0,1,2],constant:[0,1],constrain:2,constraint:[0,1],construct:[0,1],consum:0,consumpt:1,contain:[0,1,2],content:[0,1],context:1,continu:0,control:[0,1],convei:1,convent:2,convers:1,convert:[0,2],coordin:0,copi:[0,1],copyabl:1,corner:2,correct:[0,1,2],correctli:[0,1],correspond:[0,1],corrupt:[0,1],could:[0,1],counter:[0,1],countermeasur:0,cover:1,creat:[0,1,2],creation:[0,2],credenti:2,crypto:1,crypto_platform:1,crypto_struct:1,cryptograph:[0,2],cryptoprocessor:[0,2],csprng:1,ctr:0,current:[0,1,2],curv:[0,2],curve25519:0,curve448:0,curve_bit:0,custom:[0,1],d_a:0,d_b:0,danger:1,data:[1,2],data_length:0,data_s:0,date:2,debug:1,declar:[0,1,2],decreas:0,decrypt:[0,1],defend:1,defin:[0,1,2],definit:[1,2],delai:0,deliveri:1,deni:0,depend:[0,1],deploi:1,deprec:0,der:0,derefer:1,deriv:2,describ:[0,1],descript:[0,1,2],design:[0,2],desir:[0,1],destroi:[0,1,2],destruct:[0,1],detail:[0,1],detect:[0,2],detector:0,determin:[0,1],determinist:[0,1],develop:1,devic:[0,2],diagnos:1,did:1,dies:0,differ:[0,1],diffi:[0,1],difficult:1,digest:[1,2],digestinfo:0,direct:[0,1],directli:[0,1,2],discard:0,disclosur:1,discoveri:1,dispatch:1,distinguish:0,document:[0,1],doe:[0,1,2],doesn:0,domain:0,don:1,done:1,down:[0,1],draft:1,draw:0,drawn:0,driver:1,dsa:0,due:[0,1],dure:[0,1],dynam:1,each:[0,1],eas:2,easi:1,ecc:0,ecdh:0,ecdsa:0,eci:1,ecpoint:0,ecprivatekei:0,ed448:0,eddsa:1,edit:1,effect:0,effort:0,either:[0,1],element:[0,1,2],ellipt:0,emiss:1,empti:0,enabl:1,encod:[0,1],encompass:0,encourag:[0,1],encrypt:2,end:[0,1],endian:0,enforc:[0,1],english:2,enough:[0,1],ensur:[0,1],enter:0,enterpris:1,entir:1,entri:0,entropi:[0,1],enumer:[0,1],environ:1,equal:0,equival:[0,1],eras:0,err:0,erron:0,error:2,especi:1,essenti:0,establish:1,etc:[0,1],evalu:0,even:[0,1],event:0,eventu:0,everi:1,everyth:1,exactli:[0,1],exampl:[0,2],except:[0,1],exchang:[0,1],exclus:[0,1],execut:[0,1],exhaust:1,exist:[0,1,2],expand:[0,1],expans:[0,1],expect:[0,1],explain:1,explicitli:[0,1],expon:0,exponent1:0,exponent2:0,expos:[0,1],express:1,extend:0,extens:[0,1],extent:1,extern:[0,1],extract:[0,1],f_p:0,f_q:0,facilit:1,fact:0,factori:[0,2],fail:[0,1],failur:[0,1],fals:0,famili:[0,1],far:[0,1],fashion:1,favor:1,featur:1,few:1,fewer:0,field:[0,1],file:1,fill:2,finish:[0,1],finit:[0,1],fip:0,firmwar:1,first:[0,1,2],fit:0,flag:[0,1],flaw:1,flow:1,follow:[0,1,2],foo:1,foo_length:1,foo_siz:1,forbid:2,forbidden:0,forc:0,forcibl:0,form:[0,1],format:[0,1,2],forward:0,fragment:0,free:[0,1,2],freed:1,freedom:1,freeli:0,freshli:0,friendli:1,from:[0,1],frontend:1,full:[0,1],fulli:1,further:1,furthermor:0,futur:[0,2],gcm:[0,1],gener:2,get:0,give:[0,1,2],given:[0,1,2],glitch:1,global:0,goal:[0,2],goldilock:0,good:1,group:0,guarante:[0,1],guess:0,habitu:1,had:[0,1],half:2,halt:1,hamburg:0,handl:[0,2],handle_error:0,handshak:0,happen:[0,1],harder:1,hardwar:[0,2],has:[0,1],hash:[0,2],hash_alg:0,hash_length:0,hash_siz:0,have:[0,1,2],header:1,heap:1,hellman:[0,1],here:[0,1,2],high:1,higher:1,highest:1,highli:[0,1],hkdf:0,hkdf_alg:0,hmac:[0,1],hmac_alg:0,hold:[0,1],holist:1,host:0,how:[0,1,2],howev:[0,1],hsm:1,hybrid:1,ident:[0,1],identifi:[0,1,2],illustr:0,immedi:1,impact:1,implement:2,implic:0,imposs:[0,1],improp:0,improv:2,inact:[0,1],includ:[0,1],incompat:0,incorrect:0,independ:[0,1],index:2,indic:[0,1,2],indiffer:0,indirect:0,indirectli:1,indistinguish:0,individu:[0,1],industri:1,inescap:1,info:0,inform:[0,1],initi:[1,2],input:[0,2],input_length:0,insecur:1,insid:[0,1],instanc:1,instanti:1,instead:[0,1,2],insuffici:[0,1],int32_t:0,integ:[0,1],integr:[0,1],intend:0,interchang:1,interest:0,interfac:[0,2],intermedi:[0,1],intern:1,interoper:1,interpret:0,interrupt:1,introduct:2,invalid:[0,1],invers:0,involv:[0,1],iot:1,isn:1,isol:[0,2],issu:1,item:0,its:[0,1,2],itself:0,iv_length:0,iv_siz:0,just:0,ka_alg:0,kdf:2,kdf_alg:0,keep:[0,1],kei:2,kept:1,kernel:1,key_bit:0,key_typ:0,keystor:[0,2],kind:[0,1],known:1,label:0,lack:[0,1],land:1,languag:[1,2],larg:0,larger:[0,1],last:[0,1],later:0,latest:1,latter:0,layer:1,lead:0,leak:[0,1],leakag:1,least:[0,1],leav:1,led:0,left:0,legaci:[0,1],length:[0,1,2],less:0,let:0,level:1,librari:2,lifecycl:1,lifetim:[1,2],like:0,limit:1,link:1,linkag:0,list:[0,1,2],literatur:1,littl:[0,1],lnc:0,local:1,locat:[0,1],log:[0,1],log_2:0,logic:[0,1],longer:[0,1,2],loss:0,low:1,lowest:1,mac:[0,1],mac_alg:0,mac_length:0,mac_siz:0,machin:1,macro:2,made:0,mai:[0,1,2],main:1,major:1,make:[0,1,2],malici:1,malloc:0,manag:2,mandat:2,mandatori:[0,1],mani:[0,1,2],manipul:1,manner:1,manufactur:1,marker:0,mask:0,master:[0,1],mastersecret:0,match:0,materi:[0,1,2],maximum:[0,1,2],mean:[0,1],meant:1,mechan:[0,1],media:0,meet:[1,2],memcmp:0,memori:[0,2],memset:0,mention:1,mere:[0,1],messag:[1,2],metadata:[0,1,2],method:[0,1,2],mgf1:0,microcontrol:1,middl:0,might:0,mind:0,minim:[0,1],minimum:[0,2],miss:2,mistak:1,misus:1,mod:0,mode:[0,1],model:1,modern:1,modifi:[0,1],modul:0,modular:1,modulu:0,montgomeri:[0,2],more:[0,1,2],most:[0,1,2],much:[0,1],multi:2,multipart:[0,2],multipl:[0,1,2],multiprocess:1,multistep:2,multitask:1,multithread:1,must:[0,1],mutual:1,name:[0,1,2],nearest:0,necessari:[0,1],need:[0,1],neg:0,neither:0,network:2,never:[0,1],newli:0,next:[0,1],nfc:1,nist:0,non:[0,1],nonc:[0,1,2],nonce_length:0,nonce_s:0,none:0,nonvolatil:1,nonzero:0,nor:[0,1],norm:1,normal:[0,1],note:[0,1],now:[0,1,2],number:[0,1,2],oaep:0,obei:1,object:[0,1,2],observ:[0,1],obsolet:2,obtain:1,occur:[0,1],octet:[0,1],offer:[0,1],offset:1,often:1,omit:[0,1],onc:[0,1],one:[0,1],ones:1,ongo:0,onli:[0,1],onward:0,opaqu:[0,1],open:[0,1,2],oper:[0,2],opposit:1,optim:1,option:[0,2],oracl:0,order:[0,1],origin:[0,1],other:2,otherwis:[0,1],out:[0,1],outcom:1,output:[0,2],output_length:0,output_s:0,outsid:[0,1],over:[0,1],overal:1,overflow:0,overlap:2,overview:2,overwrit:0,own:[0,1],ownership:1,pad:0,pai:1,pair:[0,2],paramet:[0,2],parametr:[0,1],pariti:0,part:[0,1,2],parti:[0,1],partial:1,particular:[0,1],partit:2,pass:[0,1,2],past:1,pattern:[0,1],peer:[0,1],peer_kei:0,peer_key_length:0,per:0,perfom:0,perform:[0,1],period:1,perman:0,permiss:[0,1],permit:[0,1,2],persist:[0,2],phase:[0,1],philosophi:2,physic:[0,1],pkc:0,pkcs1:0,place:[0,1],plain:0,plaintext:[0,1],plaintext_length:[0,2],plaintext_s:0,plan:1,platform:2,pleas:1,plu:1,point:[0,1],pointer:[0,2],polici:2,poly1305:0,popul:[0,1],port:2,possibl:[0,1],potenti:1,power:[0,1],practic:[0,1],pre:[0,1],preced:0,precis:[0,1],predefin:1,predict:1,prefer:0,prepar:0,prepend:0,present:[0,1],preserv:0,presharedkei:0,prevent:1,previou:[0,1,2],previous:0,prf:0,primari:1,primarili:0,prime1:0,prime2:0,prime:0,primit:1,privat:[0,1],private_kei:0,privateexpon:0,privatekei:0,privileg:1,prng:0,probabilist:0,procedur:1,process:[0,1],processor:2,produc:[0,1],product:0,profil:2,programm:1,proper:0,properli:1,proprietari:[0,1],protect:[0,1],protocol:[0,1],prove:1,provid:[0,1],provis:[0,2],psa:[0,1],psa__alg_aead_with_default_tag_length__cas:2,psa_abort_xxx:1,psa_aead_abort:2,psa_aead_decrypt:[1,2],psa_aead_decrypt_output_s:2,psa_aead_decrypt_setup:[1,2],psa_aead_encrypt:[1,2],psa_aead_encrypt_output_s:2,psa_aead_encrypt_setup:[1,2],psa_aead_finish:[1,2],psa_aead_finish_output_s:2,psa_aead_generate_iv:1,psa_aead_generate_nonc:[1,2],psa_aead_operation_:0,psa_aead_operation_init:2,psa_aead_operation_t:2,psa_aead_set_length:[1,2],psa_aead_set_nonc:[1,2],psa_aead_tag_length:2,psa_aead_tag_length_offset:2,psa_aead_upd:[1,2],psa_aead_update_ad:[1,2],psa_aead_update_output_s:2,psa_aead_verifi:[1,2],psa_aead_verify_output_s:2,psa_aead_xxx:0,psa_alg_aead_from_block_flag:2,psa_alg_aead_tag_length_mask:2,psa_alg_aead_with_default_tag_length:2,psa_alg_aead_with_tag_length:2,psa_alg_any_hash:2,psa_alg_arc4:2,psa_alg_category_aead:2,psa_alg_category_asymmetric_encrypt:2,psa_alg_category_ciph:2,psa_alg_category_hash:2,psa_alg_category_key_agr:2,psa_alg_category_key_deriv:2,psa_alg_category_mac:2,psa_alg_category_mask:2,psa_alg_category_sign:2,psa_alg_cbc_mac:2,psa_alg_cbc_no_pad:2,psa_alg_cbc_pkcs7:2,psa_alg_ccm:2,psa_alg_cfb:2,psa_alg_chacha20:2,psa_alg_chacha20_poly1305:2,psa_alg_cipher_from_block_flag:2,psa_alg_cipher_mac_bas:2,psa_alg_cipher_stream_flag:2,psa_alg_cmac:2,psa_alg_ctr:2,psa_alg_deterministic_ecdsa:2,psa_alg_deterministic_ecdsa_bas:2,psa_alg_dsa_deterministic_flag:0,psa_alg_ecdh:2,psa_alg_ecdsa:2,psa_alg_ecdsa_ani:2,psa_alg_ecdsa_bas:2,psa_alg_ecdsa_is_determinist:2,psa_alg_ffdh:2,psa_alg_full_length_mac:2,psa_alg_gcm:[1,2],psa_alg_gmac:2,psa_alg_hash_mask:2,psa_alg_hkdf:[1,2],psa_alg_hkdf_bas:2,psa_alg_hkdf_get_hash:2,psa_alg_hmac:2,psa_alg_hmac_bas:2,psa_alg_hmac_get_hash:2,psa_alg_is_aead:2,psa_alg_is_aead_on_block_ciph:2,psa_alg_is_asymmetric_encrypt:2,psa_alg_is_block_cipher_mac:2,psa_alg_is_ciph:2,psa_alg_is_deterministic_ecdsa:2,psa_alg_is_ecdh:2,psa_alg_is_ecdsa:2,psa_alg_is_ffdh:2,psa_alg_is_hash:2,psa_alg_is_hash_and_sign:2,psa_alg_is_hkdf:2,psa_alg_is_hmac:2,psa_alg_is_key_agr:2,psa_alg_is_key_deriv:2,psa_alg_is_key_derivation_or_agr:2,psa_alg_is_key_select:2,psa_alg_is_mac:2,psa_alg_is_randomized_ecdsa:2,psa_alg_is_raw_key_agr:2,psa_alg_is_rsa_oaep:2,psa_alg_is_rsa_pkcs1v15_sign:2,psa_alg_is_rsa_pss:2,psa_alg_is_sign:2,psa_alg_is_stream_ciph:2,psa_alg_is_tls12_prf:2,psa_alg_is_tls12_psk_to_m:2,psa_alg_is_vendor_defin:2,psa_alg_is_wildcard:2,psa_alg_key_agr:2,psa_alg_key_agreement_get_bas:2,psa_alg_key_agreement_get_kdf:2,psa_alg_key_agreement_mask:2,psa_alg_key_derivation_mask:2,psa_alg_mac_subcategory_mask:2,psa_alg_mac_truncation_mask:2,psa_alg_md2:2,psa_alg_md4:2,psa_alg_md5:2,psa_alg_ofb:2,psa_alg_ripemd160:2,psa_alg_rsa_oaep:2,psa_alg_rsa_oaep_bas:2,psa_alg_rsa_oaep_get_hash:2,psa_alg_rsa_pkcs1v15_crypt:2,psa_alg_rsa_pkcs1v15_sign:2,psa_alg_rsa_pkcs1v15_sign_bas:2,psa_alg_rsa_pkcs1v15_sign_raw:2,psa_alg_rsa_pss:2,psa_alg_rsa_pss_bas:2,psa_alg_sha256:0,psa_alg_sha3_224:2,psa_alg_sha3_256:2,psa_alg_sha3_384:2,psa_alg_sha3_512:2,psa_alg_sha_1:2,psa_alg_sha_224:2,psa_alg_sha_256:2,psa_alg_sha_384:2,psa_alg_sha_512:2,psa_alg_sha_512_224:2,psa_alg_sha_512_256:2,psa_alg_sign_get_hash:[1,2],psa_alg_tls12_prf:2,psa_alg_tls12_prf_bas:2,psa_alg_tls12_prf_get_hash:2,psa_alg_tls12_psk_to_m:2,psa_alg_tls12_psk_to_ms_bas:2,psa_alg_tls12_psk_to_ms_get_hash:2,psa_alg_tls12_psk_to_ms_max_psk_len:2,psa_alg_truncated_mac:2,psa_alg_vendor_flag:2,psa_alg_xt:2,psa_alg_xxx:0,psa_algorithm_t:[1,2],psa_asymmetric_decrypt:[1,2],psa_asymmetric_decrypt_output_s:2,psa_asymmetric_encrypt:[1,2],psa_asymmetric_encrypt_output_s:2,psa_asymmetric_sign:[1,2],psa_asymmetric_sign_output_s:2,psa_asymmetric_signature_max_s:2,psa_asymmetric_verifi:[1,2],psa_bits_to_byt:2,psa_block_cipher_block_s:2,psa_bytes_to_bit:2,psa_cipher_abort:2,psa_cipher_decrypt:[1,2],psa_cipher_decrypt_setup:[1,2],psa_cipher_encrypt:[1,2],psa_cipher_encrypt_setup:[1,2],psa_cipher_finish:[1,2],psa_cipher_generate_iv:[1,2],psa_cipher_operation_:0,psa_cipher_operation_init:[1,2],psa_cipher_operation_t:[1,2],psa_cipher_set_iv:[1,2],psa_cipher_upd:[1,2],psa_cipher_xxx:0,psa_close_kei:[1,2],psa_copy_kei:[1,2],psa_create_kei:2,psa_crypto_generator_init:2,psa_crypto_generator_t:2,psa_crypto_init:[1,2],psa_destroy_kei:[1,2],psa_dh_group_ffdhe2048:2,psa_dh_group_ffdhe3072:2,psa_dh_group_ffdhe4096:2,psa_dh_group_ffdhe6144:2,psa_dh_group_ffdhe8192:2,psa_dh_group_t:2,psa_ecc_curve_bit:2,psa_ecc_curve_brainpool_p256r1:2,psa_ecc_curve_brainpool_p384r1:2,psa_ecc_curve_brainpool_p512r1:2,psa_ecc_curve_brainpool_pxxx:0,psa_ecc_curve_curve25519:2,psa_ecc_curve_curve448:2,psa_ecc_curve_curvexxx:0,psa_ecc_curve_secp160k1:2,psa_ecc_curve_secp160r1:2,psa_ecc_curve_secp160r2:2,psa_ecc_curve_secp192k1:2,psa_ecc_curve_secp192r1:2,psa_ecc_curve_secp224k1:2,psa_ecc_curve_secp224r1:2,psa_ecc_curve_secp256k1:2,psa_ecc_curve_secp256r1:2,psa_ecc_curve_secp384r1:2,psa_ecc_curve_secp521r1:2,psa_ecc_curve_secpxxx:0,psa_ecc_curve_sect163k1:2,psa_ecc_curve_sect163r1:2,psa_ecc_curve_sect163r2:2,psa_ecc_curve_sect193r1:2,psa_ecc_curve_sect193r2:2,psa_ecc_curve_sect233k1:2,psa_ecc_curve_sect233r1:2,psa_ecc_curve_sect239k1:2,psa_ecc_curve_sect283k1:2,psa_ecc_curve_sect283r1:2,psa_ecc_curve_sect409k1:2,psa_ecc_curve_sect409r1:2,psa_ecc_curve_sect571k1:2,psa_ecc_curve_sect571r1:2,psa_ecc_curve_sectxxx:0,psa_ecc_curve_t:2,psa_ecdsa_signature_s:2,psa_encrypt_generate_iv:1,psa_error_already_exist:2,psa_error_bad_st:[1,2],psa_error_buffer_too_smal:[1,2],psa_error_communication_failur:[1,2],psa_error_corruption_detect:2,psa_error_does_not_exist:2,psa_error_empty_slot:2,psa_error_generic_error:2,psa_error_hardware_failur:[1,2],psa_error_insufficient_capac:[1,2],psa_error_insufficient_data:2,psa_error_insufficient_entropi:2,psa_error_insufficient_memori:[1,2],psa_error_insufficient_storag:2,psa_error_invalid_argu:2,psa_error_invalid_handl:2,psa_error_invalid_pad:2,psa_error_invalid_signatur:2,psa_error_not_permit:2,psa_error_not_support:2,psa_error_occupied_slot:2,psa_error_storage_failur:[1,2],psa_error_tampering_detect:[1,2],psa_error_unknown_error:2,psa_error_xxx:0,psa_export_kei:[1,2],psa_export_public_kei:[1,2],psa_generate_derived_kei:2,psa_generate_kei:[1,2],psa_generate_random:[1,2],psa_generator_abort:2,psa_generator_import_kei:2,psa_generator_read:2,psa_generator_unbridled_capac:2,psa_get_generator_capac:2,psa_get_key_algorithm:2,psa_get_key_attribut:[1,2],psa_get_key_bit:2,psa_get_key_id:2,psa_get_key_inform:2,psa_get_key_lifetim:2,psa_get_key_typ:2,psa_get_key_usage_flag:2,psa_get_key_xxx:[0,1],psa_hash_abort:2,psa_hash_clon:2,psa_hash_compar:[1,2],psa_hash_comput:[1,2],psa_hash_finish:[1,2],psa_hash_max_s:2,psa_hash_operation_:0,psa_hash_operation_init:2,psa_hash_operation_t:2,psa_hash_s:2,psa_hash_setup:[1,2],psa_hash_upd:[1,2],psa_hash_verifi:[1,2],psa_hmac_max_hash_block_s:2,psa_import_kei:[1,2],psa_kdf_step_xxx:2,psa_key_agr:2,psa_key_agreement_raw_shared_secret:2,psa_key_attributes_:0,psa_key_attributes_init:2,psa_key_attributes_t:[1,2],psa_key_derivation_:0,psa_key_derivation_abort:[1,2],psa_key_derivation_get_capac:2,psa_key_derivation_input_byt:[1,2],psa_key_derivation_input_info:[1,2],psa_key_derivation_input_kei:[1,2],psa_key_derivation_input_label:2,psa_key_derivation_input_salt:2,psa_key_derivation_input_se:2,psa_key_derivation_input_secret:[1,2],psa_key_derivation_input_xxx:2,psa_key_derivation_key_agr:[1,2],psa_key_derivation_operaiton_init:1,psa_key_derivation_operation_init:[1,2],psa_key_derivation_operation_t:[1,2],psa_key_derivation_output_byt:[1,2],psa_key_derivation_output_kei:[1,2],psa_key_derivation_set_capac:2,psa_key_derivation_setup:[1,2],psa_key_derivation_step_t:2,psa_key_derivation_unlimited_capac:2,psa_key_export_asn1_integer_max_s:2,psa_key_export_dsa_key_pair_max_s:2,psa_key_export_dsa_public_key_max_s:2,psa_key_export_ecc_key_pair_max_s:2,psa_key_export_ecc_public_key_max_s:2,psa_key_export_max_s:2,psa_key_export_rsa_key_pair_max_s:2,psa_key_export_rsa_public_key_max_s:2,psa_key_handle_t:[1,2],psa_key_id_t:2,psa_key_id_user_max:2,psa_key_id_user_min:2,psa_key_id_vendor_max:2,psa_key_id_vendor_min:2,psa_key_lifetime_persist:[1,2],psa_key_lifetime_t:2,psa_key_lifetime_volatil:[1,2],psa_key_policy_t:2,psa_key_type_a:[1,2],psa_key_type_arc4:2,psa_key_type_camellia:2,psa_key_type_category_flag_pair:2,psa_key_type_category_key_pair:2,psa_key_type_category_mask:2,psa_key_type_category_public_kei:2,psa_key_type_category_raw:2,psa_key_type_category_symmetr:2,psa_key_type_chacha20:2,psa_key_type_d:2,psa_key_type_der:2,psa_key_type_dh_group_mask:2,psa_key_type_dh_key_pair:2,psa_key_type_dh_key_pair_bas:2,psa_key_type_dh_public_kei:2,psa_key_type_dh_public_key_bas:2,psa_key_type_dsa_key_pair:0,psa_key_type_dsa_public_kei:0,psa_key_type_ecc_curve_mask:2,psa_key_type_ecc_key_pair:2,psa_key_type_ecc_key_pair_bas:2,psa_key_type_ecc_public_kei:2,psa_key_type_ecc_public_key_bas:2,psa_key_type_get_curv:2,psa_key_type_get_group:2,psa_key_type_hmac:2,psa_key_type_is_asymmetr:2,psa_key_type_is_dh:2,psa_key_type_is_dh_key_pair:2,psa_key_type_is_dh_public_kei:2,psa_key_type_is_ecc:2,psa_key_type_is_ecc_key_pair:2,psa_key_type_is_ecc_public_kei:2,psa_key_type_is_key_pair:2,psa_key_type_is_public_kei:2,psa_key_type_is_rsa:2,psa_key_type_is_unstructur:2,psa_key_type_is_vendor_defin:2,psa_key_type_key_pair_of_public_kei:2,psa_key_type_non:2,psa_key_type_public_key_of_key_pair:2,psa_key_type_raw_data:2,psa_key_type_rsa_key_pair:2,psa_key_type_rsa_public_kei:2,psa_key_type_t:[1,2],psa_key_type_vendor_flag:2,psa_key_usage_copi:[1,2],psa_key_usage_decrypt:2,psa_key_usage_der:2,psa_key_usage_encrypt:[1,2],psa_key_usage_export:[1,2],psa_key_usage_sign:[1,2],psa_key_usage_t:[1,2],psa_key_usage_verifi:2,psa_mac_abort:2,psa_mac_comput:[1,2],psa_mac_final_s:2,psa_mac_max_s:2,psa_mac_operation_:0,psa_mac_operation_init:2,psa_mac_operation_t:2,psa_mac_sign_finish:[1,2],psa_mac_sign_setup:[1,2],psa_mac_truncated_length:2,psa_mac_truncation_offset:2,psa_mac_upd:[1,2],psa_mac_verifi:[1,2],psa_mac_verify_finish:[1,2],psa_mac_verify_setup:[1,2],psa_max_block_cipher_block_s:2,psa_open_kei:[1,2],psa_raw_key_agr:[1,2],psa_reset_key_attribut:2,psa_round_up_to_multipl:2,psa_rsa_minimum_padding_s:2,psa_set_generator_capac:2,psa_set_key_algorithm:2,psa_set_key_bit:2,psa_set_key_id:2,psa_set_key_lifetim:2,psa_set_key_polici:2,psa_set_key_typ:2,psa_set_key_usage_flag:2,psa_set_key_xxx:0,psa_status_t:[1,2],psa_success:[1,2],psa_vendor_ecc_max_curve_bit:2,psa_vendor_rsa_max_key_bit:2,psa_xxx_abort:1,psa_xxx_init:1,psa_xxx_key_pair:2,psa_xxx_keypair:2,psa_xxx_signatur:0,psa_xxx_siz:0,pseudo:1,pseudorandom:[1,2],psk:0,pss:0,public_key_typ:0,publicexpon:0,pure:0,purpos:[0,1],q_a:0,q_b:0,qualiti:1,queri:[0,1],quot:0,radio:1,rais:1,ram:1,random:2,randomli:0,rang:[0,1,2],rate:1,rather:[0,1],rational:1,raw:0,rc4:0,reach:1,read:[0,1],readabl:[0,1],reader:1,readi:0,realiz:1,realm:0,reason:1,receiv:[0,1],recip:1,recogn:0,recommend:[0,2],record:0,recov:[0,1],recover:0,reduc:[0,1],ref:0,refer:[0,1],refurbish:0,regard:2,regardless:0,regul:1,reject:0,relat:[1,2],releas:[0,1,2],relev:1,remain:0,remot:1,remov:[1,2],renam:2,repeat:0,replac:2,report:[0,1],repres:[0,1],represent:[0,1],request:[0,1],requir:[0,2],research:1,reseed:[0,1],reserv:0,reset:[0,1],resid:1,resist:2,resort:0,resourc:[0,2],respect:[0,1],rest:0,restart:0,restrict:[0,1],result:[0,1],retain:1,retent:1,retriev:[0,1,2],reus:0,reveal:[0,1],rewound:1,rfc:[0,1],risk:[0,1],riski:0,robust:1,roll:1,round:0,rsa:0,rsae:0,rsaprivatekei:0,rsapublickei:0,rsassa:0,run:1,runtim:0,safe:[0,2],safeti:0,said:0,salt:[0,1],salt_length:0,same:[0,1,2],sampl:2,save:0,scalabl:1,schedul:0,scheme:0,scope:1,search:2,sec1:0,secret:[0,1],sect:0,section:[0,1],secur:[0,2],see:0,seed:[0,1],segment:1,select:[0,1],sens:2,sensibl:0,sensit:1,separ:[0,1,2],sequenc:[0,1],seri:1,serv:1,server:1,serverhello:0,servic:1,session:1,set:[0,1,2],setup:[0,1],sever:[1,2],sha2:0,sha3:0,sha:0,shall:0,share:[0,2],shorten:0,shot:1,should:[0,1],shouldn:1,side:[0,1],sign:[0,2],signatur:[0,1],signature_length:0,signature_s:0,signific:0,similar:[0,1],simpl:0,simpler:1,simpli:1,simultan:1,sinc:[0,1],singl:[0,2],siv:1,size:[0,2],size_t:[0,1],sizeof:0,skip:0,small:0,smaller:0,smartcard:1,softwar:1,some:[0,1,2],sometim:1,soon:1,sourc:[0,1],source_handl:0,source_oper:0,space:[0,1],special:[0,1],specifi:[0,1,2],speed:0,split:1,spuriou:2,stabil:2,stack:1,stage:0,stakehold:1,standalon:1,standard:[0,2],start:[0,1],state:[0,1,2],statu:[0,2],status:1,stdint:1,step:[0,1],steup:0,still:[0,1],storag:[0,2],store:[0,1],strategi:1,stream:[0,1],string:0,strip:0,strive:[0,1],strongli:[0,1],struct:[0,1],structur:[0,2],style:1,subject:0,subprim:0,subsequ:0,subset:[0,1],subtl:1,succe:0,succeed:0,success:[0,1],successfulli:[0,1],suffici:[0,1],suitabl:[0,2],summari:[1,2],suppli:1,support:[0,2],suppos:0,symmetr:2,synonym:1,system:[0,1],systemat:1,tag:[0,1],tag_length:0,tag_siz:0,take:[0,1,2],taken:0,tamper:0,target:[0,1],target_handl:0,target_oper:0,task:1,technolog:1,temporari:1,tend:1,tent:0,term:1,termin:[0,1],terminolog:2,test:[0,1],than:[0,1],thei:[0,1],them:[0,1,2],themselv:1,theoret:1,therebi:0,therefor:[0,1],thi:[0,1,2],thin:1,those:[0,1],though:1,thread:1,threat:1,three:[0,1],through:[0,1],thu:[0,1],time:[0,1,2],titl:0,tls1:2,token:2,too:0,took:0,top:[0,1],total:0,trail:0,translat:1,treat:0,tripl:0,trng:1,truncat:0,trust:1,turn:0,twice:0,two:[0,1],type:2,typedef:0,typic:[0,1],uint16_t:[0,1],uint32_t:[0,1],uint8_t:[0,1],unambigu:0,unauthent:[0,1],unbound:1,unchang:[0,1],uncompress:0,undefin:[0,1],under:[0,1],underli:[0,1],undetermin:[0,1],undo:0,undon:0,unexpect:0,uninstal:0,uniqu:1,unless:[0,1],unlik:1,unlock:1,unmodifi:1,unsign:[0,1],unspecifi:[0,1],unstructur:0,unsupport:[0,1],unsur:0,until:[0,1],untrunc:0,untrust:0,untrustworthi:1,unusu:2,updat:1,upon:1,usabl:1,usag:[0,2],usage_flag:0,use:[0,2],used:[0,1,2],useful:[0,1,2],user:1,uses:[0,1],using:[0,1],usual:[0,1],v1_5:0,valid:[0,1],valu:[0,1,2],variabl:0,variant:1,variou:[1,2],vast:1,vector:[0,1],vendor:[0,1],veri:1,verif:[0,1],verifi:[0,1],versa:1,version:[0,1],via:[0,1],vice:1,view:0,violat:1,virtual:1,visibl:1,volatil:[0,2],wai:[0,1,2],want:0,warn:1,weak:[0,1],weierstrass:0,well:[0,1],were:1,what:[0,1],when:[0,1,2],whenev:0,whenver:0,where:[0,1,2],whether:[0,1,2],which:[0,1],who:[0,1],whole:[0,1],whose:[0,1],wide:1,wildcard:0,wipe:[0,1],wireless:1,wish:1,within:1,without:[0,1],word:[0,1],work:1,workflow:0,workshop:0,world:1,would:[0,1],wrap:[0,1],writabl:1,write:[0,1],writer:[0,1],written:[0,1],wrong:0,wrote:1,x00000000:0,x00000001:0,x00000002:0,x000000ff:0,x00000100:0,x00000200:0,x00000400:0,x00000800:0,x00001000:0,x00003f00:0,x0000ffff:0,x0001:0,x0002:0,x0003:0,x0004:0,x0005:0,x0006:0,x0007:0,x0008:0,x0009:0,x000a:0,x000b:0,x000c:0,x000d:0,x000e:0,x000f:0,x0010:0,x0011:0,x0012:0,x0013:0,x0014:0,x0015:0,x0016:0,x0017:0,x0018:0,x0019:0,x001a:0,x001b:0,x001c:0,x001d:0,x001e:0,x00400000:0,x00800000:0,x00c00000:0,x01000000:0,x01000001:0,x01000002:0,x01000003:0,x01000004:0,x01000005:0,x01000008:0,x01000009:0,x0100000a:0,x0100000b:0,x0100000c:0,x0100000d:0,x01000010:0,x01000011:0,x01000012:0,x01000013:0,x010000ff:0,x0100:0,x0101:0,x0102:0,x0103:0,x0104:0,x02000000:0,x0201:0,x0202:0,x0203:0,x0204:0,x02800000:0,x02c00000:0,x02c00001:0,x02c00002:0,x02c00003:0,x04000000:0,x044000ff:0,x04600100:0,x04600101:0,x04800001:0,x04800005:0,x04c00001:0,x04c00002:0,x04c00003:0,x06000000:0,x06001005:0,x06401001:0,x06401002:0,x0803ffff:0,x10000000:0,x10020000:0,x10030000:0,x10060000:0,x10070000:0,x10fc0000:0,x12000000:0,x12020000:0,x12030000:0,x20000000:0,x20000100:0,x20000200:0,x20000300:0,x25519:0,x30000000:0,x30100000:0,x30200000:0,x3fffffff:0,x40000000:0,x40000001:0,x40000002:0,x40000003:0,x40000004:0,x40000005:0,x448:0,x50000000:0,x50000001:0,x51000000:0,x52000000:0,x60000000:0,x60010000:0,x60030000:0,x60040000:0,x70000000:0,x70010000:0,x70030000:0,x70040000:0,x7f000000:0,x7fffffff:0,x80000000:0,x_p:0,xor:0,y_p:0,yet:[0,1],you:[0,1],zero:[0,1,2]},titles:["Implementation-specific definitions","Introduction","PSA Cryptography API Specification"],titleterms:{"case":1,"export":0,"function":[0,1],"import":0,"return":1,TLS:1,addit:1,aead:0,after:1,agreement:1,algorithm:[0,1],alwai:1,api:2,applic:1,architectur:1,aspect:1,associ:0,assumpt:1,asymmetr:[0,1],attack:1,attest:1,attribut:0,authent:[0,1],behavior:1,between:1,boot:1,buffer:1,call:1,chang:2,check:1,choic:1,cipher:0,clean:1,cleanup:1,client:1,code:0,concurr:1,consider:1,constrain:1,convent:1,credenti:1,cryptograph:1,cryptographi:[0,1,2],cryptoprocessor:1,data:0,definit:0,deriv:[0,1],design:1,detect:1,devic:1,digest:0,document:2,eas:1,encrypt:[0,1],error:[0,1],exampl:1,factori:1,futur:1,gener:[0,1],goal:1,handl:1,hardwar:1,hash:1,histori:2,implement:[0,1],initi:0,input:1,interfac:1,introduct:1,isol:1,kei:[0,1],keystor:1,librari:[0,1],lifetim:0,macro:[0,1],manag:[0,1],memori:1,messag:0,minimum:1,multi:1,multipart:1,network:1,oper:1,option:1,other:[0,1],output:1,overlap:1,overview:1,pair:1,paramet:1,partit:1,persist:1,philosophi:1,plan:2,platform:1,pointer:1,polici:[0,1],port:1,processor:1,profil:1,provis:1,psa:2,psa__alg_aead_with_default_tag_length__cas:0,psa_aead_abort:0,psa_aead_decrypt:0,psa_aead_decrypt_output_s:0,psa_aead_decrypt_setup:0,psa_aead_encrypt:0,psa_aead_encrypt_output_s:0,psa_aead_encrypt_setup:0,psa_aead_finish:0,psa_aead_finish_output_s:0,psa_aead_generate_nonc:0,psa_aead_operation_init:0,psa_aead_operation_t:0,psa_aead_set_length:0,psa_aead_set_nonc:0,psa_aead_tag_length:0,psa_aead_tag_length_offset:0,psa_aead_upd:0,psa_aead_update_ad:0,psa_aead_update_output_s:0,psa_aead_verifi:0,psa_aead_verify_output_s:0,psa_alg_aead_from_block_flag:0,psa_alg_aead_tag_length_mask:0,psa_alg_aead_with_default_tag_length:0,psa_alg_aead_with_tag_length:0,psa_alg_any_hash:0,psa_alg_arc4:0,psa_alg_category_aead:0,psa_alg_category_asymmetric_encrypt:0,psa_alg_category_ciph:0,psa_alg_category_hash:0,psa_alg_category_key_agr:0,psa_alg_category_key_deriv:0,psa_alg_category_mac:0,psa_alg_category_mask:0,psa_alg_category_sign:0,psa_alg_cbc_mac:0,psa_alg_cbc_no_pad:0,psa_alg_cbc_pkcs7:0,psa_alg_ccm:0,psa_alg_cfb:0,psa_alg_chacha20:0,psa_alg_chacha20_poly1305:0,psa_alg_cipher_from_block_flag:0,psa_alg_cipher_mac_bas:0,psa_alg_cipher_stream_flag:0,psa_alg_cmac:0,psa_alg_ctr:0,psa_alg_deterministic_ecdsa:0,psa_alg_deterministic_ecdsa_bas:0,psa_alg_ecdh:0,psa_alg_ecdsa:0,psa_alg_ecdsa_ani:0,psa_alg_ecdsa_bas:0,psa_alg_ecdsa_is_determinist:0,psa_alg_ffdh:0,psa_alg_full_length_mac:0,psa_alg_gcm:0,psa_alg_gmac:0,psa_alg_hash_mask:0,psa_alg_hkdf:0,psa_alg_hkdf_bas:0,psa_alg_hkdf_get_hash:0,psa_alg_hmac:0,psa_alg_hmac_bas:0,psa_alg_hmac_get_hash:0,psa_alg_is_aead:0,psa_alg_is_aead_on_block_ciph:0,psa_alg_is_asymmetric_encrypt:0,psa_alg_is_block_cipher_mac:0,psa_alg_is_ciph:0,psa_alg_is_deterministic_ecdsa:0,psa_alg_is_ecdh:0,psa_alg_is_ecdsa:0,psa_alg_is_ffdh:0,psa_alg_is_hash:0,psa_alg_is_hash_and_sign:0,psa_alg_is_hkdf:0,psa_alg_is_hmac:0,psa_alg_is_key_agr:0,psa_alg_is_key_deriv:0,psa_alg_is_key_derivation_or_agr:0,psa_alg_is_mac:0,psa_alg_is_randomized_ecdsa:0,psa_alg_is_raw_key_agr:0,psa_alg_is_rsa_oaep:0,psa_alg_is_rsa_pkcs1v15_sign:0,psa_alg_is_rsa_pss:0,psa_alg_is_sign:0,psa_alg_is_stream_ciph:0,psa_alg_is_tls12_prf:0,psa_alg_is_tls12_psk_to_m:0,psa_alg_is_vendor_defin:0,psa_alg_is_wildcard:0,psa_alg_key_agr:0,psa_alg_key_agreement_get_bas:0,psa_alg_key_agreement_get_kdf:0,psa_alg_key_agreement_mask:0,psa_alg_key_derivation_mask:0,psa_alg_mac_subcategory_mask:0,psa_alg_mac_truncation_mask:0,psa_alg_md2:0,psa_alg_md4:0,psa_alg_md5:0,psa_alg_ofb:0,psa_alg_ripemd160:0,psa_alg_rsa_oaep:0,psa_alg_rsa_oaep_bas:0,psa_alg_rsa_oaep_get_hash:0,psa_alg_rsa_pkcs1v15_crypt:0,psa_alg_rsa_pkcs1v15_sign:0,psa_alg_rsa_pkcs1v15_sign_bas:0,psa_alg_rsa_pkcs1v15_sign_raw:0,psa_alg_rsa_pss:0,psa_alg_rsa_pss_bas:0,psa_alg_sha3_224:0,psa_alg_sha3_256:0,psa_alg_sha3_384:0,psa_alg_sha3_512:0,psa_alg_sha_1:0,psa_alg_sha_224:0,psa_alg_sha_256:0,psa_alg_sha_384:0,psa_alg_sha_512:0,psa_alg_sha_512_224:0,psa_alg_sha_512_256:0,psa_alg_sign_get_hash:0,psa_alg_tls12_prf:0,psa_alg_tls12_prf_bas:0,psa_alg_tls12_prf_get_hash:0,psa_alg_tls12_psk_to_m:0,psa_alg_tls12_psk_to_ms_bas:0,psa_alg_tls12_psk_to_ms_get_hash:0,psa_alg_tls12_psk_to_ms_max_psk_len:0,psa_alg_truncated_mac:0,psa_alg_vendor_flag:0,psa_alg_xt:0,psa_algorithm_t:0,psa_asymmetric_decrypt:0,psa_asymmetric_decrypt_output_s:0,psa_asymmetric_encrypt:0,psa_asymmetric_encrypt_output_s:0,psa_asymmetric_sign:0,psa_asymmetric_sign_output_s:0,psa_asymmetric_signature_max_s:0,psa_asymmetric_verifi:0,psa_bits_to_byt:0,psa_block_cipher_block_s:0,psa_bytes_to_bit:0,psa_cipher_abort:0,psa_cipher_decrypt:0,psa_cipher_decrypt_setup:0,psa_cipher_encrypt:0,psa_cipher_encrypt_setup:0,psa_cipher_finish:0,psa_cipher_generate_iv:0,psa_cipher_operation_init:0,psa_cipher_operation_t:0,psa_cipher_set_iv:0,psa_cipher_upd:0,psa_close_kei:0,psa_copy_kei:0,psa_crypto_init:0,psa_destroy_kei:0,psa_dh_group_ffdhe2048:0,psa_dh_group_ffdhe3072:0,psa_dh_group_ffdhe4096:0,psa_dh_group_ffdhe6144:0,psa_dh_group_ffdhe8192:0,psa_dh_group_t:0,psa_ecc_curve_bit:0,psa_ecc_curve_brainpool_p256r1:0,psa_ecc_curve_brainpool_p384r1:0,psa_ecc_curve_brainpool_p512r1:0,psa_ecc_curve_curve25519:0,psa_ecc_curve_curve448:0,psa_ecc_curve_secp160k1:0,psa_ecc_curve_secp160r1:0,psa_ecc_curve_secp160r2:0,psa_ecc_curve_secp192k1:0,psa_ecc_curve_secp192r1:0,psa_ecc_curve_secp224k1:0,psa_ecc_curve_secp224r1:0,psa_ecc_curve_secp256k1:0,psa_ecc_curve_secp256r1:0,psa_ecc_curve_secp384r1:0,psa_ecc_curve_secp521r1:0,psa_ecc_curve_sect163k1:0,psa_ecc_curve_sect163r1:0,psa_ecc_curve_sect163r2:0,psa_ecc_curve_sect193r1:0,psa_ecc_curve_sect193r2:0,psa_ecc_curve_sect233k1:0,psa_ecc_curve_sect233r1:0,psa_ecc_curve_sect239k1:0,psa_ecc_curve_sect283k1:0,psa_ecc_curve_sect283r1:0,psa_ecc_curve_sect409k1:0,psa_ecc_curve_sect409r1:0,psa_ecc_curve_sect571k1:0,psa_ecc_curve_sect571r1:0,psa_ecc_curve_t:0,psa_ecdsa_signature_s:0,psa_error_already_exist:0,psa_error_bad_st:0,psa_error_buffer_too_smal:0,psa_error_communication_failur:0,psa_error_corruption_detect:0,psa_error_does_not_exist:0,psa_error_generic_error:0,psa_error_hardware_failur:0,psa_error_insufficient_data:0,psa_error_insufficient_entropi:0,psa_error_insufficient_memori:0,psa_error_insufficient_storag:0,psa_error_invalid_argu:0,psa_error_invalid_handl:0,psa_error_invalid_pad:0,psa_error_invalid_signatur:0,psa_error_not_permit:0,psa_error_not_support:0,psa_error_storage_failur:0,psa_export_kei:0,psa_export_public_kei:0,psa_generate_kei:0,psa_generate_random:0,psa_get_key_algorithm:0,psa_get_key_attribut:0,psa_get_key_bit:0,psa_get_key_id:0,psa_get_key_lifetim:0,psa_get_key_typ:0,psa_get_key_usage_flag:0,psa_hash_abort:0,psa_hash_clon:0,psa_hash_compar:0,psa_hash_comput:0,psa_hash_finish:0,psa_hash_max_s:0,psa_hash_operation_init:0,psa_hash_operation_t:0,psa_hash_s:0,psa_hash_setup:0,psa_hash_upd:0,psa_hash_verifi:0,psa_hmac_max_hash_block_s:0,psa_import_kei:0,psa_key_attributes_init:0,psa_key_attributes_t:0,psa_key_derivation_abort:0,psa_key_derivation_get_capac:0,psa_key_derivation_input_byt:0,psa_key_derivation_input_info:0,psa_key_derivation_input_kei:0,psa_key_derivation_input_label:0,psa_key_derivation_input_salt:0,psa_key_derivation_input_se:0,psa_key_derivation_input_secret:0,psa_key_derivation_key_agr:0,psa_key_derivation_operation_init:0,psa_key_derivation_operation_t:0,psa_key_derivation_output_byt:0,psa_key_derivation_output_kei:0,psa_key_derivation_set_capac:0,psa_key_derivation_setup:0,psa_key_derivation_step_t:0,psa_key_derivation_unlimited_capac:0,psa_key_export_asn1_integer_max_s:0,psa_key_export_dsa_key_pair_max_s:0,psa_key_export_dsa_public_key_max_s:0,psa_key_export_ecc_key_pair_max_s:0,psa_key_export_ecc_public_key_max_s:0,psa_key_export_max_s:0,psa_key_export_rsa_key_pair_max_s:0,psa_key_export_rsa_public_key_max_s:0,psa_key_handle_t:0,psa_key_id_t:0,psa_key_id_user_max:0,psa_key_id_user_min:0,psa_key_id_vendor_max:0,psa_key_id_vendor_min:0,psa_key_lifetime_persist:0,psa_key_lifetime_t:0,psa_key_lifetime_volatil:0,psa_key_type_a:0,psa_key_type_arc4:0,psa_key_type_camellia:0,psa_key_type_category_flag_pair:0,psa_key_type_category_key_pair:0,psa_key_type_category_mask:0,psa_key_type_category_public_kei:0,psa_key_type_category_raw:0,psa_key_type_category_symmetr:0,psa_key_type_chacha20:0,psa_key_type_d:0,psa_key_type_der:0,psa_key_type_dh_group_mask:0,psa_key_type_dh_key_pair:0,psa_key_type_dh_key_pair_bas:0,psa_key_type_dh_public_kei:0,psa_key_type_dh_public_key_bas:0,psa_key_type_ecc_curve_mask:0,psa_key_type_ecc_key_pair:0,psa_key_type_ecc_key_pair_bas:0,psa_key_type_ecc_public_kei:0,psa_key_type_ecc_public_key_bas:0,psa_key_type_get_curv:0,psa_key_type_get_group:0,psa_key_type_hmac:0,psa_key_type_is_asymmetr:0,psa_key_type_is_dh:0,psa_key_type_is_dh_key_pair:0,psa_key_type_is_dh_public_kei:0,psa_key_type_is_ecc:0,psa_key_type_is_ecc_key_pair:0,psa_key_type_is_ecc_public_kei:0,psa_key_type_is_key_pair:0,psa_key_type_is_public_kei:0,psa_key_type_is_rsa:0,psa_key_type_is_unstructur:0,psa_key_type_is_vendor_defin:0,psa_key_type_key_pair_of_public_kei:0,psa_key_type_non:0,psa_key_type_public_key_of_key_pair:0,psa_key_type_raw_data:0,psa_key_type_rsa_key_pair:0,psa_key_type_rsa_public_kei:0,psa_key_type_t:0,psa_key_type_vendor_flag:0,psa_key_usage_copi:0,psa_key_usage_decrypt:0,psa_key_usage_der:0,psa_key_usage_encrypt:0,psa_key_usage_export:0,psa_key_usage_sign:0,psa_key_usage_t:0,psa_key_usage_verifi:0,psa_mac_abort:0,psa_mac_comput:0,psa_mac_final_s:0,psa_mac_max_s:0,psa_mac_operation_init:0,psa_mac_operation_t:0,psa_mac_sign_finish:0,psa_mac_sign_setup:0,psa_mac_truncated_length:0,psa_mac_truncation_offset:0,psa_mac_upd:0,psa_mac_verifi:0,psa_mac_verify_finish:0,psa_mac_verify_setup:0,psa_max_block_cipher_block_s:0,psa_open_kei:0,psa_raw_key_agr:0,psa_reset_key_attribut:0,psa_round_up_to_multipl:0,psa_rsa_minimum_padding_s:0,psa_set_key_algorithm:0,psa_set_key_bit:0,psa_set_key_id:0,psa_set_key_lifetim:0,psa_set_key_typ:0,psa_set_key_usage_flag:0,psa_status_t:0,psa_success:0,psa_vendor_ecc_max_curve_bit:0,psa_vendor_rsa_max_key_bit:0,pseudorandom:0,random:[0,1],recommend:1,requir:1,resist:1,resourc:1,safe:1,sampl:1,secur:1,share:1,sign:1,singl:1,size:1,specif:[0,1,2],stabil:1,standard:1,statu:1,storag:1,structur:1,suitabl:1,support:1,symmetr:[0,1],token:1,type:[0,1],usag:1,use:1,version:2,volatil:1}})
\ No newline at end of file
+Search.setIndex({docnames:["api/keys/algorithms","api/keys/attributes","api/keys/index","api/keys/locations","api/keys/management","api/keys/types","api/keys/usage","api/library/index","api/library/library","api/library/status","api/ops/aead","api/ops/ciphers","api/ops/hashes","api/ops/index","api/ops/ka","api/ops/kdf","api/ops/macs","api/ops/pke","api/ops/rng","api/ops/sign","appendix/example_header","appendix/history","appendix/specdef_values","index","overview/conventions","overview/functionality","overview/goals","overview/implementation","overview/intro","overview/sample-arch","overview/usage"],envversion:53,filenames:["api/keys/algorithms.rst","api/keys/attributes.rst","api/keys/index.rst","api/keys/locations.rst","api/keys/management.rst","api/keys/types.rst","api/keys/usage.rst","api/library/index.rst","api/library/library.rst","api/library/status.rst","api/ops/aead.rst","api/ops/ciphers.rst","api/ops/hashes.rst","api/ops/index.rst","api/ops/ka.rst","api/ops/kdf.rst","api/ops/macs.rst","api/ops/pke.rst","api/ops/rng.rst","api/ops/sign.rst","appendix/example_header.rst","appendix/history.rst","appendix/specdef_values.rst","index.rst","overview/conventions.rst","overview/functionality.rst","overview/goals.rst","overview/implementation.rst","overview/intro.rst","overview/sample-arch.rst","overview/usage.rst"],objects:{"":{PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE:[10,0,1,"c.PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE"],PSA_AEAD_DECRYPT_OUTPUT_SIZE:[10,0,1,"c.PSA_AEAD_DECRYPT_OUTPUT_SIZE"],PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE:[10,0,1,"c.PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE"],PSA_AEAD_ENCRYPT_OUTPUT_SIZE:[10,0,1,"c.PSA_AEAD_ENCRYPT_OUTPUT_SIZE"],PSA_AEAD_FINISH_OUTPUT_MAX_SIZE:[10,0,1,"c.PSA_AEAD_FINISH_OUTPUT_MAX_SIZE"],PSA_AEAD_FINISH_OUTPUT_SIZE:[10,0,1,"c.PSA_AEAD_FINISH_OUTPUT_SIZE"],PSA_AEAD_NONCE_LENGTH:[10,0,1,"c.PSA_AEAD_NONCE_LENGTH"],PSA_AEAD_NONCE_MAX_SIZE:[10,0,1,"c.PSA_AEAD_NONCE_MAX_SIZE"],PSA_AEAD_OPERATION_INIT:[10,0,1,"c.PSA_AEAD_OPERATION_INIT"],PSA_AEAD_TAG_LENGTH:[10,0,1,"c.PSA_AEAD_TAG_LENGTH"],PSA_AEAD_TAG_MAX_SIZE:[10,0,1,"c.PSA_AEAD_TAG_MAX_SIZE"],PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE:[10,0,1,"c.PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE"],PSA_AEAD_UPDATE_OUTPUT_SIZE:[10,0,1,"c.PSA_AEAD_UPDATE_OUTPUT_SIZE"],PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE:[10,0,1,"c.PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE"],PSA_AEAD_VERIFY_OUTPUT_SIZE:[10,0,1,"c.PSA_AEAD_VERIFY_OUTPUT_SIZE"],PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG:[10,0,1,"c.PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG"],PSA_ALG_AEAD_WITH_SHORTENED_TAG:[10,0,1,"c.PSA_ALG_AEAD_WITH_SHORTENED_TAG"],PSA_ALG_ANY_HASH:[19,0,1,"c.PSA_ALG_ANY_HASH"],PSA_ALG_CBC_MAC:[16,0,1,"c.PSA_ALG_CBC_MAC"],PSA_ALG_CBC_NO_PADDING:[11,0,1,"c.PSA_ALG_CBC_NO_PADDING"],PSA_ALG_CBC_PKCS7:[11,0,1,"c.PSA_ALG_CBC_PKCS7"],PSA_ALG_CCM:[10,0,1,"c.PSA_ALG_CCM"],PSA_ALG_CFB:[11,0,1,"c.PSA_ALG_CFB"],PSA_ALG_CHACHA20_POLY1305:[10,0,1,"c.PSA_ALG_CHACHA20_POLY1305"],PSA_ALG_CMAC:[16,0,1,"c.PSA_ALG_CMAC"],PSA_ALG_CTR:[11,0,1,"c.PSA_ALG_CTR"],PSA_ALG_DETERMINISTIC_ECDSA:[19,0,1,"c.PSA_ALG_DETERMINISTIC_ECDSA"],PSA_ALG_ECB_NO_PADDING:[11,0,1,"c.PSA_ALG_ECB_NO_PADDING"],PSA_ALG_ECDH:[14,0,1,"c.PSA_ALG_ECDH"],PSA_ALG_ECDSA:[19,0,1,"c.PSA_ALG_ECDSA"],PSA_ALG_ECDSA_ANY:[19,0,1,"c.PSA_ALG_ECDSA_ANY"],PSA_ALG_FFDH:[14,0,1,"c.PSA_ALG_FFDH"],PSA_ALG_FULL_LENGTH_MAC:[16,0,1,"c.PSA_ALG_FULL_LENGTH_MAC"],PSA_ALG_GCM:[10,0,1,"c.PSA_ALG_GCM"],PSA_ALG_GET_HASH:[0,0,1,"c.PSA_ALG_GET_HASH"],PSA_ALG_HKDF:[15,0,1,"c.PSA_ALG_HKDF"],PSA_ALG_HMAC:[16,0,1,"c.PSA_ALG_HMAC"],PSA_ALG_IS_AEAD:[0,0,1,"c.PSA_ALG_IS_AEAD"],PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER:[10,0,1,"c.PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER"],PSA_ALG_IS_ASYMMETRIC_ENCRYPTION:[0,0,1,"c.PSA_ALG_IS_ASYMMETRIC_ENCRYPTION"],PSA_ALG_IS_BLOCK_CIPHER_MAC:[16,0,1,"c.PSA_ALG_IS_BLOCK_CIPHER_MAC"],PSA_ALG_IS_CIPHER:[0,0,1,"c.PSA_ALG_IS_CIPHER"],PSA_ALG_IS_DETERMINISTIC_ECDSA:[19,0,1,"c.PSA_ALG_IS_DETERMINISTIC_ECDSA"],PSA_ALG_IS_ECDH:[14,0,1,"c.PSA_ALG_IS_ECDH"],PSA_ALG_IS_ECDSA:[19,0,1,"c.PSA_ALG_IS_ECDSA"],PSA_ALG_IS_FFDH:[14,0,1,"c.PSA_ALG_IS_FFDH"],PSA_ALG_IS_HASH:[0,0,1,"c.PSA_ALG_IS_HASH"],PSA_ALG_IS_HASH_AND_SIGN:[19,0,1,"c.PSA_ALG_IS_HASH_AND_SIGN"],PSA_ALG_IS_HKDF:[15,0,1,"c.PSA_ALG_IS_HKDF"],PSA_ALG_IS_HMAC:[16,0,1,"c.PSA_ALG_IS_HMAC"],PSA_ALG_IS_KEY_AGREEMENT:[0,0,1,"c.PSA_ALG_IS_KEY_AGREEMENT"],PSA_ALG_IS_KEY_DERIVATION:[0,0,1,"c.PSA_ALG_IS_KEY_DERIVATION"],PSA_ALG_IS_MAC:[0,0,1,"c.PSA_ALG_IS_MAC"],PSA_ALG_IS_RANDOMIZED_ECDSA:[19,0,1,"c.PSA_ALG_IS_RANDOMIZED_ECDSA"],PSA_ALG_IS_RAW_KEY_AGREEMENT:[14,0,1,"c.PSA_ALG_IS_RAW_KEY_AGREEMENT"],PSA_ALG_IS_RSA_OAEP:[17,0,1,"c.PSA_ALG_IS_RSA_OAEP"],PSA_ALG_IS_RSA_PKCS1V15_SIGN:[19,0,1,"c.PSA_ALG_IS_RSA_PKCS1V15_SIGN"],PSA_ALG_IS_RSA_PSS:[19,0,1,"c.PSA_ALG_IS_RSA_PSS"],PSA_ALG_IS_SIGN:[0,0,1,"c.PSA_ALG_IS_SIGN"],PSA_ALG_IS_SIGN_HASH:[19,0,1,"c.PSA_ALG_IS_SIGN_HASH"],PSA_ALG_IS_SIGN_MESSAGE:[19,0,1,"c.PSA_ALG_IS_SIGN_MESSAGE"],PSA_ALG_IS_STREAM_CIPHER:[11,0,1,"c.PSA_ALG_IS_STREAM_CIPHER"],PSA_ALG_IS_TLS12_PRF:[15,0,1,"c.PSA_ALG_IS_TLS12_PRF"],PSA_ALG_IS_TLS12_PSK_TO_MS:[15,0,1,"c.PSA_ALG_IS_TLS12_PSK_TO_MS"],PSA_ALG_IS_WILDCARD:[0,0,1,"c.PSA_ALG_IS_WILDCARD"],PSA_ALG_KEY_AGREEMENT:[14,0,1,"c.PSA_ALG_KEY_AGREEMENT"],PSA_ALG_KEY_AGREEMENT_GET_BASE:[14,0,1,"c.PSA_ALG_KEY_AGREEMENT_GET_BASE"],PSA_ALG_KEY_AGREEMENT_GET_KDF:[14,0,1,"c.PSA_ALG_KEY_AGREEMENT_GET_KDF"],PSA_ALG_MD2:[12,0,1,"c.PSA_ALG_MD2"],PSA_ALG_MD4:[12,0,1,"c.PSA_ALG_MD4"],PSA_ALG_MD5:[12,0,1,"c.PSA_ALG_MD5"],PSA_ALG_NONE:[0,0,1,"c.PSA_ALG_NONE"],PSA_ALG_OFB:[11,0,1,"c.PSA_ALG_OFB"],PSA_ALG_RIPEMD160:[12,0,1,"c.PSA_ALG_RIPEMD160"],PSA_ALG_RSA_OAEP:[17,0,1,"c.PSA_ALG_RSA_OAEP"],PSA_ALG_RSA_PKCS1V15_CRYPT:[17,0,1,"c.PSA_ALG_RSA_PKCS1V15_CRYPT"],PSA_ALG_RSA_PKCS1V15_SIGN:[19,0,1,"c.PSA_ALG_RSA_PKCS1V15_SIGN"],PSA_ALG_RSA_PKCS1V15_SIGN_RAW:[19,0,1,"c.PSA_ALG_RSA_PKCS1V15_SIGN_RAW"],PSA_ALG_RSA_PSS:[19,0,1,"c.PSA_ALG_RSA_PSS"],PSA_ALG_SHA3_224:[12,0,1,"c.PSA_ALG_SHA3_224"],PSA_ALG_SHA3_256:[12,0,1,"c.PSA_ALG_SHA3_256"],PSA_ALG_SHA3_384:[12,0,1,"c.PSA_ALG_SHA3_384"],PSA_ALG_SHA3_512:[12,0,1,"c.PSA_ALG_SHA3_512"],PSA_ALG_SHA_1:[12,0,1,"c.PSA_ALG_SHA_1"],PSA_ALG_SHA_224:[12,0,1,"c.PSA_ALG_SHA_224"],PSA_ALG_SHA_256:[12,0,1,"c.PSA_ALG_SHA_256"],PSA_ALG_SHA_384:[12,0,1,"c.PSA_ALG_SHA_384"],PSA_ALG_SHA_512:[12,0,1,"c.PSA_ALG_SHA_512"],PSA_ALG_SHA_512_224:[12,0,1,"c.PSA_ALG_SHA_512_224"],PSA_ALG_SHA_512_256:[12,0,1,"c.PSA_ALG_SHA_512_256"],PSA_ALG_STREAM_CIPHER:[11,0,1,"c.PSA_ALG_STREAM_CIPHER"],PSA_ALG_TLS12_PRF:[15,0,1,"c.PSA_ALG_TLS12_PRF"],PSA_ALG_TLS12_PSK_TO_MS:[15,0,1,"c.PSA_ALG_TLS12_PSK_TO_MS"],PSA_ALG_TRUNCATED_MAC:[16,0,1,"c.PSA_ALG_TRUNCATED_MAC"],PSA_ALG_XTS:[11,0,1,"c.PSA_ALG_XTS"],PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE:[17,0,1,"c.PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE"],PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE:[17,0,1,"c.PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE"],PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE:[17,0,1,"c.PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE"],PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE:[17,0,1,"c.PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE"],PSA_BLOCK_CIPHER_BLOCK_LENGTH:[11,0,1,"c.PSA_BLOCK_CIPHER_BLOCK_LENGTH"],PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE:[11,0,1,"c.PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE"],PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE:[11,0,1,"c.PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE"],PSA_CIPHER_DECRYPT_OUTPUT_SIZE:[11,0,1,"c.PSA_CIPHER_DECRYPT_OUTPUT_SIZE"],PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE:[11,0,1,"c.PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE"],PSA_CIPHER_ENCRYPT_OUTPUT_SIZE:[11,0,1,"c.PSA_CIPHER_ENCRYPT_OUTPUT_SIZE"],PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE:[11,0,1,"c.PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE"],PSA_CIPHER_FINISH_OUTPUT_SIZE:[11,0,1,"c.PSA_CIPHER_FINISH_OUTPUT_SIZE"],PSA_CIPHER_IV_LENGTH:[11,0,1,"c.PSA_CIPHER_IV_LENGTH"],PSA_CIPHER_IV_MAX_SIZE:[11,0,1,"c.PSA_CIPHER_IV_MAX_SIZE"],PSA_CIPHER_OPERATION_INIT:[11,0,1,"c.PSA_CIPHER_OPERATION_INIT"],PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE:[11,0,1,"c.PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE"],PSA_CIPHER_UPDATE_OUTPUT_SIZE:[11,0,1,"c.PSA_CIPHER_UPDATE_OUTPUT_SIZE"],PSA_CRYPTO_API_VERSION_MAJOR:[8,0,1,"c.PSA_CRYPTO_API_VERSION_MAJOR"],PSA_CRYPTO_API_VERSION_MINOR:[8,0,1,"c.PSA_CRYPTO_API_VERSION_MINOR"],PSA_DH_FAMILY_RFC7919:[5,0,1,"c.PSA_DH_FAMILY_RFC7919"],PSA_ECC_FAMILY_BRAINPOOL_P_R1:[5,0,1,"c.PSA_ECC_FAMILY_BRAINPOOL_P_R1"],PSA_ECC_FAMILY_FRP:[5,0,1,"c.PSA_ECC_FAMILY_FRP"],PSA_ECC_FAMILY_MONTGOMERY:[5,0,1,"c.PSA_ECC_FAMILY_MONTGOMERY"],PSA_ECC_FAMILY_SECP_K1:[5,0,1,"c.PSA_ECC_FAMILY_SECP_K1"],PSA_ECC_FAMILY_SECP_R1:[5,0,1,"c.PSA_ECC_FAMILY_SECP_R1"],PSA_ECC_FAMILY_SECP_R2:[5,0,1,"c.PSA_ECC_FAMILY_SECP_R2"],PSA_ECC_FAMILY_SECT_K1:[5,0,1,"c.PSA_ECC_FAMILY_SECT_K1"],PSA_ECC_FAMILY_SECT_R1:[5,0,1,"c.PSA_ECC_FAMILY_SECT_R1"],PSA_ECC_FAMILY_SECT_R2:[5,0,1,"c.PSA_ECC_FAMILY_SECT_R2"],PSA_ERROR_ALREADY_EXISTS:[9,0,1,"c.PSA_ERROR_ALREADY_EXISTS"],PSA_ERROR_BAD_STATE:[9,0,1,"c.PSA_ERROR_BAD_STATE"],PSA_ERROR_BUFFER_TOO_SMALL:[9,0,1,"c.PSA_ERROR_BUFFER_TOO_SMALL"],PSA_ERROR_COMMUNICATION_FAILURE:[9,0,1,"c.PSA_ERROR_COMMUNICATION_FAILURE"],PSA_ERROR_CORRUPTION_DETECTED:[9,0,1,"c.PSA_ERROR_CORRUPTION_DETECTED"],PSA_ERROR_DATA_CORRUPT:[9,0,1,"c.PSA_ERROR_DATA_CORRUPT"],PSA_ERROR_DATA_INVALID:[9,0,1,"c.PSA_ERROR_DATA_INVALID"],PSA_ERROR_DOES_NOT_EXIST:[9,0,1,"c.PSA_ERROR_DOES_NOT_EXIST"],PSA_ERROR_GENERIC_ERROR:[9,0,1,"c.PSA_ERROR_GENERIC_ERROR"],PSA_ERROR_HARDWARE_FAILURE:[9,0,1,"c.PSA_ERROR_HARDWARE_FAILURE"],PSA_ERROR_INSUFFICIENT_DATA:[9,0,1,"c.PSA_ERROR_INSUFFICIENT_DATA"],PSA_ERROR_INSUFFICIENT_ENTROPY:[9,0,1,"c.PSA_ERROR_INSUFFICIENT_ENTROPY"],PSA_ERROR_INSUFFICIENT_MEMORY:[9,0,1,"c.PSA_ERROR_INSUFFICIENT_MEMORY"],PSA_ERROR_INSUFFICIENT_STORAGE:[9,0,1,"c.PSA_ERROR_INSUFFICIENT_STORAGE"],PSA_ERROR_INVALID_ARGUMENT:[9,0,1,"c.PSA_ERROR_INVALID_ARGUMENT"],PSA_ERROR_INVALID_HANDLE:[9,0,1,"c.PSA_ERROR_INVALID_HANDLE"],PSA_ERROR_INVALID_PADDING:[9,0,1,"c.PSA_ERROR_INVALID_PADDING"],PSA_ERROR_INVALID_SIGNATURE:[9,0,1,"c.PSA_ERROR_INVALID_SIGNATURE"],PSA_ERROR_NOT_PERMITTED:[9,0,1,"c.PSA_ERROR_NOT_PERMITTED"],PSA_ERROR_NOT_SUPPORTED:[9,0,1,"c.PSA_ERROR_NOT_SUPPORTED"],PSA_ERROR_STORAGE_FAILURE:[9,0,1,"c.PSA_ERROR_STORAGE_FAILURE"],PSA_EXPORT_KEY_OUTPUT_SIZE:[4,0,1,"c.PSA_EXPORT_KEY_OUTPUT_SIZE"],PSA_EXPORT_KEY_PAIR_MAX_SIZE:[4,0,1,"c.PSA_EXPORT_KEY_PAIR_MAX_SIZE"],PSA_EXPORT_PUBLIC_KEY_MAX_SIZE:[4,0,1,"c.PSA_EXPORT_PUBLIC_KEY_MAX_SIZE"],PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE:[4,0,1,"c.PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE"],PSA_HASH_BLOCK_LENGTH:[12,0,1,"c.PSA_HASH_BLOCK_LENGTH"],PSA_HASH_LENGTH:[12,0,1,"c.PSA_HASH_LENGTH"],PSA_HASH_MAX_SIZE:[12,0,1,"c.PSA_HASH_MAX_SIZE"],PSA_HASH_OPERATION_INIT:[12,0,1,"c.PSA_HASH_OPERATION_INIT"],PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH:[12,0,1,"c.PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH"],PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH:[12,0,1,"c.PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH"],PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH:[12,0,1,"c.PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH"],PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE:[12,0,1,"c.PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE"],PSA_HASH_SUSPEND_OUTPUT_SIZE:[12,0,1,"c.PSA_HASH_SUSPEND_OUTPUT_SIZE"],PSA_KEY_ATTRIBUTES_INIT:[1,0,1,"c.PSA_KEY_ATTRIBUTES_INIT"],PSA_KEY_DERIVATION_INPUT_CONTEXT:[15,0,1,"c.PSA_KEY_DERIVATION_INPUT_CONTEXT"],PSA_KEY_DERIVATION_INPUT_INFO:[15,0,1,"c.PSA_KEY_DERIVATION_INPUT_INFO"],PSA_KEY_DERIVATION_INPUT_LABEL:[15,0,1,"c.PSA_KEY_DERIVATION_INPUT_LABEL"],PSA_KEY_DERIVATION_INPUT_SALT:[15,0,1,"c.PSA_KEY_DERIVATION_INPUT_SALT"],PSA_KEY_DERIVATION_INPUT_SECRET:[15,0,1,"c.PSA_KEY_DERIVATION_INPUT_SECRET"],PSA_KEY_DERIVATION_INPUT_SEED:[15,0,1,"c.PSA_KEY_DERIVATION_INPUT_SEED"],PSA_KEY_DERIVATION_OPERATION_INIT:[15,0,1,"c.PSA_KEY_DERIVATION_OPERATION_INIT"],PSA_KEY_DERIVATION_UNLIMITED_CAPACITY:[15,0,1,"c.PSA_KEY_DERIVATION_UNLIMITED_CAPACITY"],PSA_KEY_ID_NULL:[3,0,1,"c.PSA_KEY_ID_NULL"],PSA_KEY_ID_USER_MAX:[3,0,1,"c.PSA_KEY_ID_USER_MAX"],PSA_KEY_ID_USER_MIN:[3,0,1,"c.PSA_KEY_ID_USER_MIN"],PSA_KEY_ID_VENDOR_MAX:[3,0,1,"c.PSA_KEY_ID_VENDOR_MAX"],PSA_KEY_ID_VENDOR_MIN:[3,0,1,"c.PSA_KEY_ID_VENDOR_MIN"],PSA_KEY_LIFETIME_PERSISTENT:[3,0,1,"c.PSA_KEY_LIFETIME_PERSISTENT"],PSA_KEY_LIFETIME_VOLATILE:[3,0,1,"c.PSA_KEY_LIFETIME_VOLATILE"],PSA_KEY_TYPE_AES:[5,0,1,"c.PSA_KEY_TYPE_AES"],PSA_KEY_TYPE_ARC4:[5,0,1,"c.PSA_KEY_TYPE_ARC4"],PSA_KEY_TYPE_CAMELLIA:[5,0,1,"c.PSA_KEY_TYPE_CAMELLIA"],PSA_KEY_TYPE_CHACHA20:[5,0,1,"c.PSA_KEY_TYPE_CHACHA20"],PSA_KEY_TYPE_DERIVE:[5,0,1,"c.PSA_KEY_TYPE_DERIVE"],PSA_KEY_TYPE_DES:[5,0,1,"c.PSA_KEY_TYPE_DES"],PSA_KEY_TYPE_DH_GET_FAMILY:[5,0,1,"c.PSA_KEY_TYPE_DH_GET_FAMILY"],PSA_KEY_TYPE_DH_KEY_PAIR:[5,0,1,"c.PSA_KEY_TYPE_DH_KEY_PAIR"],PSA_KEY_TYPE_DH_PUBLIC_KEY:[5,0,1,"c.PSA_KEY_TYPE_DH_PUBLIC_KEY"],PSA_KEY_TYPE_ECC_GET_FAMILY:[5,0,1,"c.PSA_KEY_TYPE_ECC_GET_FAMILY"],PSA_KEY_TYPE_ECC_KEY_PAIR:[5,0,1,"c.PSA_KEY_TYPE_ECC_KEY_PAIR"],PSA_KEY_TYPE_ECC_PUBLIC_KEY:[5,0,1,"c.PSA_KEY_TYPE_ECC_PUBLIC_KEY"],PSA_KEY_TYPE_HMAC:[5,0,1,"c.PSA_KEY_TYPE_HMAC"],PSA_KEY_TYPE_IS_ASYMMETRIC:[5,0,1,"c.PSA_KEY_TYPE_IS_ASYMMETRIC"],PSA_KEY_TYPE_IS_DH:[5,0,1,"c.PSA_KEY_TYPE_IS_DH"],PSA_KEY_TYPE_IS_DH_KEY_PAIR:[5,0,1,"c.PSA_KEY_TYPE_IS_DH_KEY_PAIR"],PSA_KEY_TYPE_IS_DH_PUBLIC_KEY:[5,0,1,"c.PSA_KEY_TYPE_IS_DH_PUBLIC_KEY"],PSA_KEY_TYPE_IS_ECC:[5,0,1,"c.PSA_KEY_TYPE_IS_ECC"],PSA_KEY_TYPE_IS_ECC_KEY_PAIR:[5,0,1,"c.PSA_KEY_TYPE_IS_ECC_KEY_PAIR"],PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY:[5,0,1,"c.PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY"],PSA_KEY_TYPE_IS_KEY_PAIR:[5,0,1,"c.PSA_KEY_TYPE_IS_KEY_PAIR"],PSA_KEY_TYPE_IS_PUBLIC_KEY:[5,0,1,"c.PSA_KEY_TYPE_IS_PUBLIC_KEY"],PSA_KEY_TYPE_IS_RSA:[5,0,1,"c.PSA_KEY_TYPE_IS_RSA"],PSA_KEY_TYPE_IS_UNSTRUCTURED:[5,0,1,"c.PSA_KEY_TYPE_IS_UNSTRUCTURED"],PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY:[5,0,1,"c.PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY"],PSA_KEY_TYPE_NONE:[5,0,1,"c.PSA_KEY_TYPE_NONE"],PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR:[5,0,1,"c.PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR"],PSA_KEY_TYPE_RAW_DATA:[5,0,1,"c.PSA_KEY_TYPE_RAW_DATA"],PSA_KEY_TYPE_RSA_KEY_PAIR:[5,0,1,"c.PSA_KEY_TYPE_RSA_KEY_PAIR"],PSA_KEY_TYPE_RSA_PUBLIC_KEY:[5,0,1,"c.PSA_KEY_TYPE_RSA_PUBLIC_KEY"],PSA_KEY_USAGE_CACHE:[6,0,1,"c.PSA_KEY_USAGE_CACHE"],PSA_KEY_USAGE_COPY:[6,0,1,"c.PSA_KEY_USAGE_COPY"],PSA_KEY_USAGE_DECRYPT:[6,0,1,"c.PSA_KEY_USAGE_DECRYPT"],PSA_KEY_USAGE_DERIVE:[6,0,1,"c.PSA_KEY_USAGE_DERIVE"],PSA_KEY_USAGE_ENCRYPT:[6,0,1,"c.PSA_KEY_USAGE_ENCRYPT"],PSA_KEY_USAGE_EXPORT:[6,0,1,"c.PSA_KEY_USAGE_EXPORT"],PSA_KEY_USAGE_SIGN_HASH:[6,0,1,"c.PSA_KEY_USAGE_SIGN_HASH"],PSA_KEY_USAGE_SIGN_MESSAGE:[6,0,1,"c.PSA_KEY_USAGE_SIGN_MESSAGE"],PSA_KEY_USAGE_VERIFY_HASH:[6,0,1,"c.PSA_KEY_USAGE_VERIFY_HASH"],PSA_KEY_USAGE_VERIFY_MESSAGE:[6,0,1,"c.PSA_KEY_USAGE_VERIFY_MESSAGE"],PSA_MAC_LENGTH:[16,0,1,"c.PSA_MAC_LENGTH"],PSA_MAC_MAX_SIZE:[16,0,1,"c.PSA_MAC_MAX_SIZE"],PSA_MAC_OPERATION_INIT:[16,0,1,"c.PSA_MAC_OPERATION_INIT"],PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE:[14,0,1,"c.PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE"],PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE:[14,0,1,"c.PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE"],PSA_SIGNATURE_MAX_SIZE:[19,0,1,"c.PSA_SIGNATURE_MAX_SIZE"],PSA_SIGN_OUTPUT_SIZE:[19,0,1,"c.PSA_SIGN_OUTPUT_SIZE"],PSA_SUCCESS:[9,0,1,"c.PSA_SUCCESS"],PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE:[15,0,1,"c.PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE"],psa_aead_abort:[10,1,1,"c.psa_aead_abort"],psa_aead_decrypt:[10,1,1,"c.psa_aead_decrypt"],psa_aead_decrypt_setup:[10,1,1,"c.psa_aead_decrypt_setup"],psa_aead_encrypt:[10,1,1,"c.psa_aead_encrypt"],psa_aead_encrypt_setup:[10,1,1,"c.psa_aead_encrypt_setup"],psa_aead_finish:[10,1,1,"c.psa_aead_finish"],psa_aead_generate_nonce:[10,1,1,"c.psa_aead_generate_nonce"],psa_aead_operation_init:[10,1,1,"c.psa_aead_operation_init"],psa_aead_operation_t:[10,2,1,"c.psa_aead_operation_t"],psa_aead_set_lengths:[10,1,1,"c.psa_aead_set_lengths"],psa_aead_set_nonce:[10,1,1,"c.psa_aead_set_nonce"],psa_aead_update:[10,1,1,"c.psa_aead_update"],psa_aead_update_ad:[10,1,1,"c.psa_aead_update_ad"],psa_aead_verify:[10,1,1,"c.psa_aead_verify"],psa_algorithm_t:[1,2,1,"c.psa_algorithm_t"],psa_asymmetric_decrypt:[17,1,1,"c.psa_asymmetric_decrypt"],psa_asymmetric_encrypt:[17,1,1,"c.psa_asymmetric_encrypt"],psa_cipher_abort:[11,1,1,"c.psa_cipher_abort"],psa_cipher_decrypt:[11,1,1,"c.psa_cipher_decrypt"],psa_cipher_decrypt_setup:[11,1,1,"c.psa_cipher_decrypt_setup"],psa_cipher_encrypt:[11,1,1,"c.psa_cipher_encrypt"],psa_cipher_encrypt_setup:[11,1,1,"c.psa_cipher_encrypt_setup"],psa_cipher_finish:[11,1,1,"c.psa_cipher_finish"],psa_cipher_generate_iv:[11,1,1,"c.psa_cipher_generate_iv"],psa_cipher_operation_init:[11,1,1,"c.psa_cipher_operation_init"],psa_cipher_operation_t:[11,2,1,"c.psa_cipher_operation_t"],psa_cipher_set_iv:[11,1,1,"c.psa_cipher_set_iv"],psa_cipher_update:[11,1,1,"c.psa_cipher_update"],psa_copy_key:[4,1,1,"c.psa_copy_key"],psa_crypto_init:[8,1,1,"c.psa_crypto_init"],psa_destroy_key:[4,1,1,"c.psa_destroy_key"],psa_dh_family_t:[5,2,1,"c.psa_dh_family_t"],psa_ecc_family_t:[5,2,1,"c.psa_ecc_family_t"],psa_export_key:[4,1,1,"c.psa_export_key"],psa_export_public_key:[4,1,1,"c.psa_export_public_key"],psa_generate_key:[4,1,1,"c.psa_generate_key"],psa_generate_random:[18,1,1,"c.psa_generate_random"],psa_get_key_algorithm:[0,1,1,"c.psa_get_key_algorithm"],psa_get_key_attributes:[1,1,1,"c.psa_get_key_attributes"],psa_get_key_bits:[5,1,1,"c.psa_get_key_bits"],psa_get_key_id:[3,1,1,"c.psa_get_key_id"],psa_get_key_lifetime:[3,1,1,"c.psa_get_key_lifetime"],psa_get_key_type:[5,1,1,"c.psa_get_key_type"],psa_get_key_usage_flags:[6,1,1,"c.psa_get_key_usage_flags"],psa_hash_abort:[12,1,1,"c.psa_hash_abort"],psa_hash_clone:[12,1,1,"c.psa_hash_clone"],psa_hash_compare:[12,1,1,"c.psa_hash_compare"],psa_hash_compute:[12,1,1,"c.psa_hash_compute"],psa_hash_finish:[12,1,1,"c.psa_hash_finish"],psa_hash_operation_init:[12,1,1,"c.psa_hash_operation_init"],psa_hash_operation_t:[12,2,1,"c.psa_hash_operation_t"],psa_hash_resume:[12,1,1,"c.psa_hash_resume"],psa_hash_setup:[12,1,1,"c.psa_hash_setup"],psa_hash_suspend:[12,1,1,"c.psa_hash_suspend"],psa_hash_update:[12,1,1,"c.psa_hash_update"],psa_hash_verify:[12,1,1,"c.psa_hash_verify"],psa_import_key:[4,1,1,"c.psa_import_key"],psa_key_attributes_init:[1,1,1,"c.psa_key_attributes_init"],psa_key_attributes_t:[1,2,1,"c.psa_key_attributes_t"],psa_key_derivation_abort:[15,1,1,"c.psa_key_derivation_abort"],psa_key_derivation_get_capacity:[15,1,1,"c.psa_key_derivation_get_capacity"],psa_key_derivation_input_bytes:[15,1,1,"c.psa_key_derivation_input_bytes"],psa_key_derivation_input_key:[15,1,1,"c.psa_key_derivation_input_key"],psa_key_derivation_key_agreement:[14,1,1,"c.psa_key_derivation_key_agreement"],psa_key_derivation_operation_init:[15,1,1,"c.psa_key_derivation_operation_init"],psa_key_derivation_operation_t:[15,2,1,"c.psa_key_derivation_operation_t"],psa_key_derivation_output_bytes:[15,1,1,"c.psa_key_derivation_output_bytes"],psa_key_derivation_output_key:[15,1,1,"c.psa_key_derivation_output_key"],psa_key_derivation_set_capacity:[15,1,1,"c.psa_key_derivation_set_capacity"],psa_key_derivation_setup:[15,1,1,"c.psa_key_derivation_setup"],psa_key_derivation_step_t:[15,2,1,"c.psa_key_derivation_step_t"],psa_key_id_t:[1,2,1,"c.psa_key_id_t"],psa_key_lifetime_t:[1,2,1,"c.psa_key_lifetime_t"],psa_key_type_t:[1,2,1,"c.psa_key_type_t"],psa_key_usage_t:[1,2,1,"c.psa_key_usage_t"],psa_mac_abort:[16,1,1,"c.psa_mac_abort"],psa_mac_compute:[16,1,1,"c.psa_mac_compute"],psa_mac_operation_init:[16,1,1,"c.psa_mac_operation_init"],psa_mac_operation_t:[16,2,1,"c.psa_mac_operation_t"],psa_mac_sign_finish:[16,1,1,"c.psa_mac_sign_finish"],psa_mac_sign_setup:[16,1,1,"c.psa_mac_sign_setup"],psa_mac_update:[16,1,1,"c.psa_mac_update"],psa_mac_verify:[16,1,1,"c.psa_mac_verify"],psa_mac_verify_finish:[16,1,1,"c.psa_mac_verify_finish"],psa_mac_verify_setup:[16,1,1,"c.psa_mac_verify_setup"],psa_purge_key:[4,1,1,"c.psa_purge_key"],psa_raw_key_agreement:[14,1,1,"c.psa_raw_key_agreement"],psa_reset_key_attributes:[1,1,1,"c.psa_reset_key_attributes"],psa_set_key_algorithm:[0,1,1,"c.psa_set_key_algorithm"],psa_set_key_bits:[5,1,1,"c.psa_set_key_bits"],psa_set_key_id:[3,1,1,"c.psa_set_key_id"],psa_set_key_lifetime:[3,1,1,"c.psa_set_key_lifetime"],psa_set_key_type:[5,1,1,"c.psa_set_key_type"],psa_set_key_usage_flags:[6,1,1,"c.psa_set_key_usage_flags"],psa_sign_hash:[19,1,1,"c.psa_sign_hash"],psa_sign_message:[19,1,1,"c.psa_sign_message"],psa_status_t:[9,2,1,"c.psa_status_t"],psa_verify_hash:[19,1,1,"c.psa_verify_hash"],psa_verify_message:[19,1,1,"c.psa_verify_message"]}},objnames:{"0":["c","macro","C macro"],"1":["c","function","C function"],"2":["c","type","C type"]},objtypes:{"0":"c:macro","1":"c:function","2":"c:type"},terms:{"0x04":4,"3de":5,"56a":15,"\u00e9lectroniqu":5,"byte":[4,5,10,11,12,14,15,16,17,18,19,24,25,26,27],"case":[4,9,11,15,16,19,21,23,24,25,27],"const":[0,3,4,5,6,10,11,12,14,15,16,17,19,20,24],"default":[0,1,3,5,6,10,11,24,25],"export":[0,1,2,6,23,25,29],"final":[12,21,25],"fran\u00e7ais":5,"function":[2,7,9,13,21,22,23,24,26,27,28,29,30],"import":[4,19,21,27,28,29],"long":[3,14,25,26,29],"new":[4,5,12,15,21,25],"null":[3,4,17,24],"param\u00e9trag":5,"public":[0,1,4,5,6,14,15,17,19,21,25,29],"return":[0,1,3,4,5,6,8,9,10,11,12,14,15,16,17,18,19,21,23,25,26,27,30],"s\u00e9curit\u00e9":5,"short":[17,19,25,29],"static":[0,1,3,5,6,10,11,12,15,16,24,25,26],"syst\u00e8m":5,"transient":[1,9,25],"true":[4,5,10,11,12,14,15,16,17,19,25],"try":27,"void":[0,1,3,5,6,8,10,11,12,15,16,20,24,30],"while":[1,9,14,24,25,26,28,29,30],AES:[5,11,24],Added:21,DES:[4,5,15],For:[1,4,6,9,10,11,12,14,15,16,17,19,21,24,25,26,27,29,30],IVs:21,Its:4,NOT:18,Such:24,TLS:[15,21,23],That:[14,15,25,30],The:[0,1,3,4,5,6,8,9,10,11,12,14,15,16,17,18,19,21,22,24,25,26,27,28,29],There:[4,9,15,24,25,26,27,29],These:[21,24,25,27,29],Use:[5,11,15,25],Using:[15,24,25],With:19,XTS:11,abil:26,abl:[10,21,24,25,27,29],abort:[10,11,12,14,15,16,24,25,27,30],about:[1,10,11,12,15,16,21,24,25],abov:25,abus:27,acceler:[27,29,30],accept:[10,11,14,15,19,21],access:[3,6,9,11,21,24,25,26,27,28,29,30],accessor:[2,23,25],accident:4,accord:[4,26],accordingli:[15,27],account:[11,27],achiev:[9,27],across:[9,21],act:25,action:[0,1,9,10,24,27],activ:[10,11,12,15,16,25,26],actual:[1,10,11,12,16,17,19,21],ad_length:[10,20],add:[12,15,16,21,25],added:21,addit:[1,4,5,6,9,10,15,23,24,25],addition:24,additional_data:[10,20],additional_data_length:[10,20],adequ:25,administr:5,adversari:10,aead:[0,5,6,11,13,21,23,24],aead_alg:[10,20,22],affect:[10,12,21,24],aforement:26,after:[1,9,10,11,12,15,16,23,24,25,27],again:[4,10,11,12,15,16,25],against:[9,12,16,25,29],agenc:5,agil:26,agreement:[0,6,13,15,21,23,26],aim:9,alarm:9,alg:[0,5,10,11,12,14,15,16,17,19,20,21,22],algorithm:[1,2,4,5,9,13,21,23,25,27,29,30],align:[10,21],all:[1,4,5,6,10,11,12,15,16,20,21,22,24,25,26,27,29,30],alloc:[1,4,10,11,12,16,21,24,25,27],allow:[0,1,4,6,10,11,12,14,15,16,17,19,21,24,25,26,27,28,29,30],almost:[24,25],alreadi:[4,9,15,19,21],also:[1,4,6,9,10,11,12,14,15,16,17,19,21,24,25,26,27,29],altern:[4,19,22,25,27],although:21,altogeth:27,alwai:[1,3,4,6,11,12,14,15,16,21,23,24,25],ambigu:21,among:26,amount:[10,25,26],analys:28,analysi:24,ani:[0,1,3,4,5,6,8,9,10,11,12,14,15,16,17,19,21,24,25,26,27,29,30],anoth:[4,6,9,10,11,12,15,16,24,26,27,29,30],ansi:19,apart:26,api:[6,7,9,11,12,20,22,24,26,27,28,29,30],appear:27,append:10,appendix:[5,20,22,27],appli:[1,4,10,11,19,21,24,25,26],applic:[1,3,4,5,6,8,9,10,11,12,15,16,21,22,23,24,25,26,27,28,30],approach:[0,3,5,6,25],appropri:[4,10,11,12,14,15,16,17,19,24,25],arbitrari:[5,15,25],arc4:[5,11],architectur:[9,23,28],area:[3,25,26],argument:[0,3,4,5,6,9,11,14,15,17,19,21,24,27],arm:[27,28,29],around:[6,24],arrai:[5,12,24,26],ask:9,aspect:23,assembl:25,asset:26,assign:[1,10,11,12,15,16,25],associ:[0,4,11,12,13,14,15,16,23,24,25,27],assum:[24,27],assumpt:[1,10,11,12,15,16,23,24],asymmetr:[0,4,5,6,13,21,23,24],atom:24,attack:[9,12,16,23],attempt:[4,9,15,21,24],attest:23,attribut:[2,4,14,15,16,19,20,21,23,25],authent:[0,6,9,11,12,13,21,23,26,29],author:[24,27],automat:[1,6,25],auxiliari:1,avail:[9,25,27],avoid:[21,24,26,27,30],awar:24,back:[6,24],backend:[26,27],bad:27,base:[1,4,5,10,11,15,16,19,26,27,28,29],becaus:[4,12,15,16,24,25],becom:[5,10,11,12,15,16,27],been:[1,4,8,9,10,11,12,14,15,16,17,18,19,21,24,25,26],befor:[1,8,9,10,11,12,15,16,19,21,24,25,27],behav:24,behavior:[1,4,6,8,9,10,11,12,14,15,16,17,19,21,23,25,30],being:[4,10,11,12,15,21,24,25,26],below:24,benefit:15,bernstein:5,best:[4,10,12,16,26,28],beta:23,between:[4,9,10,12,16,23,26,27,29,30],bewar:16,beyond:[1,4,11,26],bias:[14,25],big:[4,12,14,15,19],binari:[4,5,14],bit:[1,4,5,10,11,12,14,15,16,17,19,20,21,24,25,27],bitfield:1,bitmask:[24,25],bitwis:[1,4,11,25],block:[1,5,10,11,12,15,16,21,24,26,30],bluetooth:26,bodi:27,book:11,boot:23,both:[4,5,21,24,25,26,28],bound:[10,25],boundari:[10,15,25,26,29],brainpool:5,brainpoolp160r1:5,brainpoolp192r1:5,brainpoolp224r1:5,brainpoolp256r1:5,brainpoolp320r1:5,brainpoolp384r1:5,brainpoolp512r1:5,branch:27,breach:9,breakdown:9,broken:24,buffer:[4,9,10,11,12,14,15,16,17,18,19,21,23,27,30],buffer_length:4,buffer_s:4,build:[10,11,14,15,16,19,24],built:[0,11,19,26],burnt:29,bypass:[12,16],c89:21,c99:[21,27],cach:[6,21,25,27],cacheabl:25,calcul:[1,5,6,9,10,12,15,16,19,21,24,25,26],call:[0,1,3,4,5,6,8,9,10,11,12,14,15,16,19,21,23,25,26,27,29,30],caller:[15,18,24,25,26,27,29],calloc:25,camellia:5,can:[0,1,3,4,5,6,9,10,11,12,14,15,16,17,18,19,20,21,22,24,25,26,27,29,30],candid:15,cannot:[0,4,5,9,11,15,24,25,26,29,30],capabl:[21,29],capac:[15,20,24,25],care:[9,24],carefulli:[9,24,29,30],carri:[9,24,27],categori:[1,2,21,23,24,27],caus:[4,9,21,25,27,30],cbc:[11,16],ccm:[10,25],ceil:[4,14,15],certain:[9,21,27,29,30],certif:28,cfb:11,chacha20:[5,10,11],chacha20_poly1305:[5,10],chain:[11,14],chang:[1,15,23,24,25],channel:[26,27],characterist:25,check:[9,18,21,23,25,29],checksum:12,chip:[26,29],choic:[10,11,23,24],choos:[1,3,25,26],chosen:[3,4,10,11],chunk:25,cipher:[0,1,5,10,13,16,21,23,24,25],ciphersuit:15,ciphertext:[10,11,17,20,25],ciphertext_length:[10,20],ciphertext_s:[10,20],circumst:[11,26],clarif:21,clarifi:21,clariti:21,clean:[15,23,27],cleanup:23,clear:[1,24,25,27,30],clearli:4,client:[21,23,27],clienthello:15,clone:[12,25],close:27,cmac:16,code:[1,4,7,10,11,12,13,14,15,17,18,19,21,22,23,24,26,27,29],collect:25,collector:25,combin:[4,9,13,17,19,23,25,29],comment:[21,27],common:[4,21,25,27,30],commonli:[25,26],commun:[4,9,24,26,29,30],compact:1,companion:[26,27,28],compar:[12,16,25],comparison:[10,12,16],compat:[9,10,11,14,15,16,17,19,21,27],compil:[4,11,12,14,16,19,24,27],complement:21,complet:[1,9,15,21,24,25,27],complex:27,complianc:15,compliant:28,compon:[9,10,14,25,26,28],compos:29,composit:0,compris:[1,5],compromis:[4,9,25,27,29,30],comput:[4,9,10,11,12,14,15,16,21,22,25,27,29],concaten:[4,10,11,12,15,16,19],concept:21,conceptu:25,concern:[6,24],concurr:[21,23,25],condit:[4,21,24,25],confidenti:[1,9,10,11,21,24,25,27],configur:25,conflict:24,conform:[4,29],connect:26,consequ:[9,15,26],consequenti:26,conserv:[4,27],consid:[1,9,16,21,24,26,27],consider:[4,23,28,29],consist:[4,10,11,16,19,21,25,28,29],constant:[4,10,11,12,14,16,19,24,27],constrain:[23,25,27,28],constraint:[4,15,21,24,26,30],construct:[5,10,11,14,15,16,21,25],consum:[10,15],consumpt:27,contain:[1,4,5,10,11,12,14,16,19,21,24,25],content:[1,4,10,11,12,15,16,18,24,26,27,30],context:[15,24,27,30],continu:[15,21],control:[12,16,21,24,25,27],convei:[6,24],convent:23,convers:27,convert:[21,27],coordin:14,copi:[1,4,6,10,12,21,24,25,27,29],copyabl:25,corner:21,correct:[4,9,10,11,12,15,16,21,22,29],correctli:[4,24],correspond:[1,3,4,5,9,10,12,14,15,16,17,19,24,25,26,27,29],corrupt:[4,9,24,30],could:[9,10,12,16,29],counter:[11,25],countermeasur:9,courb:5,creat:[1,4,5,6,15,19,21,24,25,26],creation:[1,2,3,21,23,25],credenti:23,cross:21,crypto:[7,12,21,23,24,26,27,28,29],cryptograph:[0,1,4,5,9,11,14,15,21,23,24,25,26,28],cryptographi:[4,5,15,17,19,21,26,27,28,30],cryptoprocessor:[4,6,9,23,24,25,26,27],csprng:25,ctr:11,current:[1,3,4,9,12,15,19,21,24,27,30],curv:[2,4,14,15,19,20,21,22,23],curve25519:[4,5,14,15],curve448:[4,5,14,15],custom:[15,26],cyrpto:21,d_a:14,d_b:14,danger:26,data:[0,1,4,5,9,11,12,13,14,15,16,18,20,21,23,24,25,26,27,29,30],data_length:[4,15,20],data_s:[4,20],date:21,dbrg:15,debug:24,declar:[0,1,3,4,5,6,10,11,12,15,16,21],decreas:15,decrypt:[5,6,9,10,11,14,17,23],defend:29,defin:[0,1,3,4,5,6,8,9,10,11,12,14,15,16,17,19,20,21,22,24,25,26,27,28,29,30],definit:[12,21,22,25,27,28],delai:10,delet:27,deliveri:25,deni:9,depend:[1,4,9,10,11,12,14,15,16,17,18,19,24,25,27],deploi:26,deprec:[5,12],der:4,derefer:24,deriv:[0,1,5,6,13,21,23,24,27,29],des:5,describ:[1,4,10,11,12,15,16,21,24,25,27,28,29],descript:[0,1,3,4,5,6,8,9,10,11,12,14,15,16,17,18,19,21,22,24,25,26,27,28],design:[3,15,23,25,27,28,29],desir:[1,10,15,16,25,27],destroi:[1,3,4,21,24,25,27,30],destruct:[2,23,25],detail:[6,10,15,19,21,25,28,30],detect:[9,23,24],detector:9,determin:[4,5,9,10,11,12,14,15,16,17,19,21,24,25,26],determinist:[15,19,25],dev:21,develop:[24,26],devic:[3,23,25,28,29],dh_famili:15,diagnos:25,did:24,differ:[1,4,11,12,15,16,19,21,24,25,26,27,29,30],diffi:[2,4,14,15,21,23,25],difficult:25,digest:[13,23,26],digestinfo:19,digit:[15,19],direct:[11,15,24,25,26],directli:[4,14,25],discard:15,disclosur:27,discoveri:21,discret:15,dispatch:29,distinct:25,distinguish:[9,10,21],divid:[1,5,25],document:[1,4,6,10,11,12,14,15,16,23,24,25,26,27,28],doe:[0,1,3,4,5,6,9,10,11,12,14,15,16,17,19,21,22,24,25,26,27,28,29],doesn:9,domain:[5,15,27],done:[15,19],down:[9,24],draft:21,draw:15,drawn:15,driver:27,dss:15,due:[4,8,10,11,12,25,30],duplic:25,dure:[9,24,25,26,27,29,30],dynam:[26,27],each:[0,1,3,4,5,6,10,11,12,15,16,19,20,21,22,24,25,26,27,29],eas:[23,24],easi:25,easier:1,easiest:25,ecb:[11,21],ecc:[5,15,21],ecc_famili:15,ecdh:14,ecdsa:19,eci:21,ecpoint:4,ecprivatekei:4,ed448:5,eddsa:21,edit:21,effect:[4,10,11,12,14,16,17,19,25,27],effici:[0,3,4,5,6],effort:[4,10,12,16],either:[0,4,5,8,9,10,11,12,14,15,16,17,19,24,25,26,30],electron:11,element:[4,6,20,21,25,27,29],ellipt:[2,4,14,15,19,21,23],elliptiqu:5,elsewher:5,emiss:27,empti:15,enabl:[21,25,26],encod:[0,1,4,5,6,9,12,15,19,21,24,25,29],encompass:5,encourag:[8,11,24,27,30],encrypt:[0,4,5,6,9,11,13,21,23,24,26,29],end:[10,16,25],endian:[4,12,14,15,19],enforc:[6,10,26],enough:[4,9,12,15,24],ensur:[4,6,9,10,12,16,21,25,26,27,29],enter:[9,10,11,12,14,15,16,25],enterpris:26,entir:29,entri:[1,9],entropi:[9,25,30],enumer:[9,24],environ:[21,24,26,27,30],equal:[4,15,19],equival:[1,4,12,14,15,29],eras:[3,4],erron:4,error:[1,4,6,7,8,10,11,12,14,15,16,17,18,19,21,23,25],essenti:[4,9,25,27],establish:[15,26],etc:[9,25],europ:5,evalu:[0,3,4,5,6,10,11,12,14,16,17,19,21,28],even:[4,9,15,24,27,29,30],event:[10,11,12,24],eventu:[10,11,12,16],everi:25,exact:[4,10,16,19,27],exactli:[0,3,5,6,15,19,24,27],exampl:[0,1,3,4,8,9,10,11,12,14,15,16,19,21,23,24,27,29],except:[1,3,10,11,12,15,16,24,25,26,29],exchang:[4,21,26],exclud:19,exclus:24,execut:[9,24,27,29,30],exhaust:[25,26,29],exist:[1,3,9,21,25],expand:[4,12,14,15,16,19,25,29],expans:[15,25],expect:[1,10,11,12,16,24,25,27],explain:24,explicit:[1,10,11,12,15,16,25],explicitli:[3,9,24,25,26],exploit:27,expon:4,expos:[15,25,26],express:[11,12,25,27],extend:[15,22],extens:[3,26],extent:26,extern:[0,3,5,6,9,27],extra:4,extract:[4,5,12,14,15,21,25,26,29],extrem:11,f_p:14,f_q:4,facilit:26,fact:10,factori:[3,23],fail:[4,9,10,11,12,14,17,18,19,24,25,27,30],failur:[1,4,9,10,11,12,14,15,16,17,18,19,21,24,25,26,30],fals:14,famili:[4,5,12,14,15,16,21,24,28],far:[10,24],fashion:25,favor:24,featur:[21,25],feb:21,feedback:11,few:[24,30],fewer:10,field:[0,1,4,5,12,14,15,19,26],file:[21,23,26,27],fill:[12,21],fine:25,finish:[10,11,12,16,24,25,27,30],finit:[14,15,25],fip:15,firmwar:[26,28],first:[1,12,15,16,19,21,24,25,26],fit:[19,25],flag:[0,1,2,4,10,11,14,15,16,17,19,23,24,25],flaw:27,flow:[21,26],follow:[0,1,3,4,5,6,9,10,11,12,14,15,16,19,21,24,25,27],foo:24,foo_length:24,foo_siz:24,forbidden:[9,15],forc:15,forcibl:9,form:[0,3,5,6,10,11,12,15,16,19,21,26],formal:21,format:[4,9,11,12,14,21,25,26],forward:15,four:25,fragment:[10,11,12,16,25],franc:5,free:[1,4,10,11,12,15,16,24,26],freedom:[26,27],freeli:[1,25],freshli:1,friendli:[26,28],from:[0,1,3,4,5,6,9,10,11,12,14,15,16,19,21,24,25,26,27,29,30],frontend:26,frp256v1:[5,21],full:[1,9,11,14,16,24],fulli:27,further:[9,21,24,26],furthermor:10,futur:[1,5,11,15,22,23,24,25,27],garbag:25,gcm:[10,24],gener:[1,4,8,9,10,11,13,15,17,19,21,23,24,26,28,30],get:[0,1,14],give:[3,25,26,27],given:[1,3,4,10,11,12,14,15,21,26,30],glitch:27,global:[1,9,10,11,12,15,16,25],goal:[9,23,29],goldilock:5,good:25,greater:15,group:[5,20,21,22],guarante:[3,4,8,9,10,11,12,14,17,19,21,24,25,27,29,30],guess:[12,16,27],had:[8,24],half:21,halt:[12,21,24],hamburg:5,handl:[4,9,21,23,25],handle_error:4,handshak:15,happen:[9,24],harder:26,hardwar:[9,23,25,28,29,30],has:[1,3,4,6,9,10,11,12,14,15,16,17,18,19,21,24,25,26,27,28,29],hash:[0,5,6,9,13,15,16,17,19,20,21,23,24,26],hash_alg:[12,15,16,17,19,20,22],hash_length:[12,19,20],hash_siz:[12,20],hash_stat:[12,20],hash_state_length:[12,20],hash_state_s:[12,20],have:[1,4,5,6,8,9,10,11,12,14,15,16,17,19,21,22,24,25,26,27,29,30],header:[21,23,27],heap:[25,30],hellman:[2,4,14,15,21,23,25],here:[4,9,10,11,12,15,16,22,25],high:[25,27,28,29],higher:26,highest:24,highli:[1,25],hint:[6,27],histori:23,hkdf:15,hmac:[5,12,15,16],hold:[9,29],holist:28,host:9,how:[0,4,12,15,19,24,27],howev:[4,9,15,24,25,26,29,30],hsm:29,hybrid:21,iana:21,ident:[12,15,16,26,29],identif:[17,26],identifi:[0,1,2,4,5,9,10,11,12,14,15,16,17,19,21,23,24,26,27,28],ids:21,illeg:21,illustr:4,immedi:27,impact:[27,30],implement:[1,4,8,9,10,11,12,14,15,16,17,18,19,20,21,23,24,25,26,28,29,30],implic:8,imposs:[1,4,9,21,24],improp:8,improv:21,inact:[10,11,12,15,16,25,27],includ:[1,4,5,11,12,14,15,19,21,24,25,26,27,28,29,30],incompat:[4,10,11],incorrect:9,increas:21,independ:[11,12,21,27,28,29],index:23,indic:[1,3,4,9,10,14,17,21,23,24,25,26,27],indirect:[1,23],indirectli:[25,26],individu:[1,15,19,24],industri:28,ineffici:27,inescap:26,info:15,inform:[1,5,12,15,16,23,24,25],initi:[1,4,5,7,9,10,11,12,14,15,16,17,18,19,23,25],inlin:[0,3,5,6],input:[0,3,4,5,6,10,11,12,13,14,16,17,19,20,21,22,23,25,27,30],input_length:[10,11,12,16,17,19,20],insecur:[16,26],insid:[6,9,26,27,29],inspect:21,instanc:[24,26],instanti:[24,27],instead:[0,3,5,6,9,10,11,12,14,15,16,18,21,25,28],insuffici:[9,10,11,12,24],int32_t:[9,20],integ:[4,12,14,15,16,19,21,24,27],integr:[9,11,12,16,24,25,26],intend:[9,21,24],interchang:26,interfac:[6,11,14,21,23,24,25,28,29],intermedi:[9,12,21,25,26],intern:[9,12,21,24,25,26,29],interoper:26,interpret:[4,14,15],interrupt:[24,27],introduc:21,introduct:23,invalid:[0,1,3,4,5,9,10,24,25,26,27],involv:[12,25,26,29],iot:26,isol:[15,23,25,27,29],issu:[24,25,26],item:9,its:[0,1,3,4,5,6,9,10,11,14,15,17,19,21,24,25,29],itself:[1,9,10,11,12,15,16],iv_length:[11,20],iv_siz:[11,20],jan:21,just:6,ka_alg:[14,20,22],kdf:21,kdf_alg:[14,20,22],keep:[6,9,24,27,30],kei:[0,9,10,11,13,16,17,18,19,20,21,23,26,28,30],kept:[15,26,29],kernel:24,key_bit:[4,5,10,14,16,17,19,20],key_typ:[4,10,11,14,16,17,19,20],keystor:[5,9,23,29,30],kind:[6,25],known:[25,26,27],koblitz:5,label:[15,17],lack:[8,26,30],land:24,languag:26,larg:[10,11,12,16,25],larger:[9,15,16,26,27,29],last:[1,9,10,24],later:12,latest:27,latter:15,layer:29,lead:4,leak:[12,16,21,24,25,26,27,29,30],leakag:30,least:[4,10,11,12,15,16,21,29],leav:[24,27],led:9,left:[5,19],legaci:[5,11,12,25,26],length:[4,5,10,11,12,15,16,19,21,24,25],less:[10,15],level:[25,26,28,29],librari:[1,4,10,11,12,14,15,16,17,18,19,23,26],lie:27,lifetim:[1,2,4,6,20,21,23,25,29],like:[0,3,5,6,22,27],limit:[24,25,26,27],link:26,linkag:[0,3,5,6],list:[0,1,5,9,10,11,12,16,21,26,29],literatur:27,littl:[4,12,14,29],lnc:5,load:27,local:25,locat:[1,2,4,6,9,10,15,21,23,24,25,26,27],log:[9,24],log_2:14,logarithm:15,logic:[1,10,11,12,15,16,25,29,30],longer:[1,9,15,21,25,27,30],look:27,loss:9,low:[26,28],lowest:24,mac:[0,4,5,6,9,13,20,23,24],mac_alg:[16,20,22],mac_length:[16,20,22],mac_siz:[16,20],machin:26,macro:[2,7,13,21,23,24,25],made:[19,21],mai:21,main:[25,29],maintain:[25,27],mainten:6,major:[8,21,26],make:[1,3,4,6,9,10,11,12,14,15,16,17,19,21,24,26,27],malici:[10,29],malloc:4,manag:[6,11,21,23,24,26,29],mandat:21,mandatori:[9,15,25,28],mani:[1,9,16,21,25],manipul:27,manner:[24,26],manufactur:29,map:[21,27],marker:1,mask:19,master:[15,25,26],mastersecret:15,match:[4,11,12,25,27],materi:[1,3,4,6,14,15,19,21,23,25,26,28,29],maximum:[3,4,10,11,12,14,15,16,17,19,21,24],mbed:21,md2:12,md4:12,md5:12,mean:[1,10,11,12,14,15,16,24,25,26,27,29],meant:25,mechan:[3,19,21,26,27],media:9,meet:26,memcmp:[12,16],memori:[1,4,6,9,10,21,23,24,25,26,29],memset:[1,10,11,12,15,16],mention:24,mere:[3,9],merg:21,messag:[6,10,11,13,14,17,19,21,23,26],metadata:[1,4,15,21,25],method:[10,11,12,15,16,21,25,27],mgf1:[17,19],microcontrol:26,middl:15,might:[1,4,6,8,9,10,11,12,14,15,16,17,19,24,25,26,27,29,30],mind:9,minim:[4,27,30],minimum:[3,11,16,23,27,28,29],minor:[8,21],mistak:26,misus:[26,27],mod:4,mode:[1,10,11,16,21,24,25],model:[28,29],modern:28,modif:21,modifi:[1,9,15,19,24,30],modul:8,modular:[25,26],modulu:4,montgomeri:[5,14,15],more:[1,6,8,10,11,12,15,16,21,25,26,27,29,30],most:[14,16,19,21,24,25,26,27,30],move:25,much:[15,24],multi:[4,5,9,13,19,21,23,24,26,27],multipl:[1,4,9,10,11,14,17,19,24,25,26,27,29],multiprocess:26,multistep:21,multitask:24,multithread:[24,30],must:[0,1,3,4,5,6,8,9,10,11,12,14,15,16,17,18,19,20,21,24,25,26,27,28,29,30],mutual:29,name:[1,17,19,20,21,25],namespac:27,narrow:11,national:5,natur:21,necessari:[21,26],need:[1,9,10,11,12,15,16,21,22,24,25,26,27,29,30],neg:9,neither:4,network:23,never:[21,24,29],newer:[11,25],newli:[1,4,15],next:[15,24,27],nfc:26,nist:[5,15],non:[0,1,4,5,6,10,11,12,14,15,16,17,19,21,24,25,27,29,30],nonc:[5,9,10,11,20,21,25],nonce_length:[10,20],nonce_s:[10,20],none:9,nonzero:4,nor:[4,26],norm:29,normal:[9,15,24,30],note:[9,15,17,19,24,25],noth:4,novemb:5,now:[1,9,21,24,25],number:[4,8,10,11,12,13,14,15,16,17,19,21,23,24,25,26,27,29,30],oaep:17,obei:[24,27,30],object:[0,1,3,4,5,6,10,11,12,14,15,16,21,23,24,25,30],observ:[9,10,24],obsolet:21,obtain:[15,24,25,27],obviou:21,occur:[4,9,10,11,12,15,16,25,27,30],octet:[15,19,27],ofb:11,offer:[3,9,29],offset:24,often:[24,25,26],omit:[15,25],onc:[0,1,3,5,6,8,10,11,12,15,16,24,25,26],one:[1,4,5,9,10,11,12,14,16,19,21,24,25,26,27,29,30],ones:[26,29],ongo:[4,6,12,15,27],onli:[0,1,3,4,5,9,10,11,12,15,16,19,21,24,25,26,27,30],onward:15,opaqu:28,open:[27,28],oper:[0,4,5,6,8,9,14,15,17,19,20,21,23,24,26,27,28,29,30],opposit:24,optim:[24,26],option:[1,4,5,10,15,17,21,23,25,27],oracl:10,order:[1,4,12,14,15,16,19,24,25],origin:[1,4,5,10,24,25],other:[1,3,4,5,6,8,9,10,11,12,13,14,15,19,21,23,24,25,26,29,30],otherwis:[0,6,9,10,11,14,15,16,17,19,24,30],out:[9,10,24,27],outcom:24,output:[1,4,9,10,11,12,14,15,16,17,18,20,21,23,25,30],output_length:[10,11,14,15,17,20],output_s:[10,11,14,17,18,20],outsid:[1,4,6,15,25,26,27],over:[4,5,14,16,19,24,25,26,27],overal:27,overflow:10,overlap:23,overview:[23,28],overwrit:[0,5,6],own:[3,25],owner:27,ownership:21,pad:[1,9,11,14,15,19,21,25],pair:[4,5,6,15,17,19,23,25,29],paradigm:19,paramet:[0,1,3,4,5,6,9,10,11,12,14,15,16,17,18,19,21,23,25,26,27,29,30],parameter:21,parametr:[19,24],pariti:[4,15,21],part:[4,5,6,9,13,14,19,21,23,24,26,27,28],parti:[4,25],partial:[12,24,25,27],particular:[0,1,4,9,10,11,12,15,16,24,26,27],particularli:27,partit:[23,26],pass:[3,4,9,10,11,12,14,15,16,17,19,21,24,25,27,30],passeport:5,past:[27,30],pattern:[1,21,25,27],peer:[14,25],peer_kei:[14,20],peer_key_length:[14,20],per:[10,11,12,16,19],perform:[0,3,5,8,9,10,12,14,16,19,24,25,26,27,29],period:30,perman:[1,9,25],permiss:[6,24],permit:[0,1,3,4,6,8,9,10,11,14,15,16,17,19,21,24,25,26,27],persist:[1,3,4,9,15,23,27,29,30],person:15,phase:25,philosophi:23,physic:[4,26,29],pkc:[4,11,17,19],pkcs1:19,place:[1,10,27],plain:[6,9],plaintext:[10,11,20,25],plaintext_length:[10,20,21],plaintext_s:[10,20],plan:[23,26],platform:[23,24,28,29],pleas:27,plu:29,point:[14,15,19,20,24],pointer:[1,21,23],polici:[0,1,2,4,5,9,15,16,19,21,23,26,27],poly1305:[5,10],popul:[4,25,26],port:23,portabl:[1,4,10,11,12,14,15,16,17,19,27],possibl:[9,11,15,24,26,27,29],potenti:[21,24,29],power:[1,3,27],practic:[25,28],pre:[1,15,25,26,27],preced:[10,11,12,16],precis:[9,26,27],predefin:27,predict:27,prefer:11,prepar:[3,25],presenc:6,present:[4,6,9,26,29],preserv:[1,6],prevent:[24,26],previou:[1,10,21,24,29],previous:[0,1,4,5,6,9,10,11,12,14,15,16,17,18,19,21,25],prf:15,primari:29,primarili:[4,5],prime:[4,5,14,15],primit:[26,28],privat:[4,5,6,14,15,17,19,25,26],private_kei:[4,14,20],privatekei:4,privileg:21,prng:9,probabilist:4,procedur:29,process:[10,11,12,15,25,26,27,29,30],processor:[23,26,30],produc:[14,15,17,19,25],product:4,profil:[23,28],programm:29,progress:[24,25],proper:11,properli:24,proprietari:[6,25],protect:[9,11,25,26,27],protocol:[5,9,10,11,12,25,26],prototyp:21,prove:26,provid:[0,3,4,5,6,10,11,12,14,15,17,19,20,21,22,24,25,26,27,28,29],provis:[23,25,29],psa:[5,7,12,21,24,26,27,28,29],psa__alg_aead_with_default_tag_length__cas:21,psa_abort_xxx:24,psa_aead_abort:[13,20,25],psa_aead_decrypt:[6,13,20,25],psa_aead_decrypt_output_max_s:[13,20,21],psa_aead_decrypt_output_s:[13,20,21],psa_aead_decrypt_setup:[6,13,20,25],psa_aead_encrypt:[6,13,20,25],psa_aead_encrypt_output_max_s:[13,20,21],psa_aead_encrypt_output_s:[13,20,21],psa_aead_encrypt_setup:[6,13,20,25],psa_aead_finish:[13,20,25],psa_aead_finish_output_max_s:[13,20,21],psa_aead_finish_output_s:[13,20,21],psa_aead_generate_nonc:[13,20,25],psa_aead_nonce_length:[13,20,21],psa_aead_nonce_max_s:[13,20,21],psa_aead_operation_init:[13,20,25],psa_aead_operation_t:[13,20,25],psa_aead_set_length:[13,20,25],psa_aead_set_nonc:[13,20,25],psa_aead_tag_length:[13,20,21],psa_aead_tag_length_offset:21,psa_aead_tag_max_s:[13,20,21],psa_aead_upd:[13,20,21,25],psa_aead_update_ad:[13,20,25],psa_aead_update_output_max_s:[13,20,21],psa_aead_update_output_s:[13,20,21],psa_aead_verifi:[13,20,25],psa_aead_verify_output_max_s:[13,20,21],psa_aead_verify_output_s:[13,20,21],psa_alg_aead_from_block_flag:21,psa_alg_aead_tag_length_mask:21,psa_alg_aead_with_default_length_tag:[13,20,21,22],psa_alg_aead_with_default_tag_length:21,psa_alg_aead_with_shortened_tag:[13,20,21,22],psa_alg_aead_with_tag_length:21,psa_alg_any_hash:[0,13,20,21],psa_alg_arc4:21,psa_alg_category_aead:21,psa_alg_category_asymmetric_encrypt:21,psa_alg_category_ciph:21,psa_alg_category_hash:21,psa_alg_category_key_agr:21,psa_alg_category_key_deriv:21,psa_alg_category_mac:21,psa_alg_category_mask:21,psa_alg_category_sign:21,psa_alg_cbc_mac:[13,20,21],psa_alg_cbc_no_pad:[13,20,21],psa_alg_cbc_pkcs7:[13,20,21],psa_alg_ccm:[13,20,21,22],psa_alg_cfb:[13,20,21],psa_alg_chacha20:21,psa_alg_chacha20_poly1305:[13,20,21,22],psa_alg_cipher_from_block_flag:21,psa_alg_cipher_mac_bas:21,psa_alg_cipher_stream_flag:21,psa_alg_cmac:[13,20,21],psa_alg_ctr:[13,20,21],psa_alg_deterministic_ecdsa:[13,20,21,22],psa_alg_deterministic_ecdsa_bas:21,psa_alg_ecb_no_pad:[13,20,21],psa_alg_ecdh:[5,13,20,21],psa_alg_ecdsa:[0,13,20,21,22],psa_alg_ecdsa_ani:[13,20,21,22],psa_alg_ecdsa_bas:21,psa_alg_ecdsa_is_determinist:21,psa_alg_ffdh:[13,20,21],psa_alg_full_length_mac:[13,20,21,22],psa_alg_gcm:[13,20,21,22,24],psa_alg_get_hash:[2,19,20,21,22,25],psa_alg_gmac:21,psa_alg_hash_ani:22,psa_alg_hash_mask:21,psa_alg_hkdf:[0,13,20,21,22,25],psa_alg_hkdf_bas:21,psa_alg_hkdf_get_hash:21,psa_alg_hmac:[0,12,13,20,21,22],psa_alg_hmac_bas:21,psa_alg_hmac_get_hash:21,psa_alg_is_aead:[2,10,20,21,22],psa_alg_is_aead_on_block_ciph:[13,20,21,22],psa_alg_is_asymmetric_encrypt:[2,20,21,22],psa_alg_is_block_cipher_mac:[13,20,21,22],psa_alg_is_ciph:[2,11,20,21,22],psa_alg_is_deterministic_ecdsa:[13,20,21,22],psa_alg_is_ecdh:[13,20,21,22],psa_alg_is_ecdsa:[13,20,21,22],psa_alg_is_ffdh:[13,20,21,22],psa_alg_is_hash:[2,12,15,16,17,19,20,21,22],psa_alg_is_hash_and_sign:[13,20,21,22],psa_alg_is_hkdf:[13,20,21,22],psa_alg_is_hmac:[13,20,21,22],psa_alg_is_key_agr:[2,14,20,21,22],psa_alg_is_key_deriv:[2,14,15,20,21,22],psa_alg_is_key_derivation_or_agr:21,psa_alg_is_key_select:21,psa_alg_is_mac:[2,16,20,21,22],psa_alg_is_randomized_ecdsa:[13,20,21,22],psa_alg_is_raw_key_agr:[13,20,21,22],psa_alg_is_rsa_oaep:[13,20,21,22],psa_alg_is_rsa_pkcs1v15_sign:[0,13,20,21,22],psa_alg_is_rsa_pss:[13,20,21,22],psa_alg_is_sign:[2,20,21,22],psa_alg_is_sign_hash:[13,20,21,22],psa_alg_is_sign_messag:[13,20,21,22],psa_alg_is_stream_ciph:[13,20,21,22],psa_alg_is_tls12_prf:[13,20,21,22],psa_alg_is_tls12_psk_to_m:[13,20,21,22],psa_alg_is_vendor_defin:21,psa_alg_is_wildcard:[2,19,20,21,22],psa_alg_key_agr:[13,20,21,22],psa_alg_key_agreement_get_bas:[13,20,21,22],psa_alg_key_agreement_get_kdf:[13,20,21,22],psa_alg_key_agreement_mask:21,psa_alg_key_derivation_mask:21,psa_alg_mac_subcategory_mask:21,psa_alg_mac_truncation_mask:21,psa_alg_md2:[13,20,21,22],psa_alg_md4:[13,20,21,22],psa_alg_md5:[13,20,21,22],psa_alg_non:[1,2,20,22],psa_alg_ofb:[13,20,21],psa_alg_ripemd160:[13,20,21,22],psa_alg_rsa_oaep:[0,13,20,21,22],psa_alg_rsa_oaep_bas:21,psa_alg_rsa_oaep_get_hash:21,psa_alg_rsa_pkcs1v15_crypt:[13,20,21],psa_alg_rsa_pkcs1v15_sign:[13,20,21,22],psa_alg_rsa_pkcs1v15_sign_bas:21,psa_alg_rsa_pkcs1v15_sign_raw:[13,20,21,22],psa_alg_rsa_pss:[0,13,20,21,22],psa_alg_rsa_pss_bas:21,psa_alg_sha3_224:[13,20,21],psa_alg_sha3_256:[13,19,20,21],psa_alg_sha3_384:[13,20,21],psa_alg_sha3_512:[13,20,21],psa_alg_sha_1:[13,20,21,22],psa_alg_sha_224:[13,20,21,22],psa_alg_sha_256:[13,15,16,19,20,21,22],psa_alg_sha_384:[13,20,21,22],psa_alg_sha_512:[13,19,20,21,22],psa_alg_sha_512_224:[13,20,21],psa_alg_sha_512_256:[13,20,21,22],psa_alg_sign_get_hash:21,psa_alg_stream_ciph:[5,13,20,21],psa_alg_tls12_prf:[0,13,20,21,22],psa_alg_tls12_prf_bas:21,psa_alg_tls12_prf_get_hash:21,psa_alg_tls12_psk_to_m:[0,13,20,21,22],psa_alg_tls12_psk_to_ms_bas:21,psa_alg_tls12_psk_to_ms_get_hash:21,psa_alg_tls12_psk_to_ms_max_psk_len:21,psa_alg_truncated_mac:[13,20,21,22],psa_alg_vendor_flag:21,psa_alg_xt:[13,20,21],psa_alg_xxx:[10,11,12,14,15,16,17,19,21],psa_alg_xxxx_get_hash:21,psa_algorithm_t:[0,2,10,11,12,14,15,16,17,19,20,21,22,24],psa_asymmetric_decrypt:[6,13,20,25],psa_asymmetric_decrypt_output_max_s:[13,20,21],psa_asymmetric_decrypt_output_s:[13,20],psa_asymmetric_encrypt:[6,13,20,25],psa_asymmetric_encrypt_output_max_s:[13,20,21],psa_asymmetric_encrypt_output_s:[13,20],psa_asymmetric_sign:21,psa_asymmetric_sign_output_s:21,psa_asymmetric_signature_max_s:21,psa_asymmetric_verifi:21,psa_bits_to_byt:21,psa_block_cipher_block_length:[13,20,21,22],psa_block_cipher_block_max_s:[13,20,21],psa_block_cipher_block_s:21,psa_bytes_to_bit:21,psa_cipher_abort:[13,20,25],psa_cipher_decrypt:[6,13,20,21,25],psa_cipher_decrypt_output_max_s:[13,20,21],psa_cipher_decrypt_output_s:[13,20,21],psa_cipher_decrypt_setup:[6,13,20,25],psa_cipher_encrypt:[6,13,20,21,25],psa_cipher_encrypt_output_max_s:[13,20,21],psa_cipher_encrypt_output_s:[13,20,21],psa_cipher_encrypt_setup:[6,13,20,25],psa_cipher_finish:[13,20,25],psa_cipher_finish_output_max_s:[13,20,21],psa_cipher_finish_output_s:[13,20,21],psa_cipher_generate_iv:[5,13,20,25],psa_cipher_iv_length:[13,20,21],psa_cipher_iv_max_s:[13,20,21],psa_cipher_operation_init:[13,20,25],psa_cipher_operation_t:[13,20,25],psa_cipher_set_iv:[5,13,20,21,25],psa_cipher_upd:[13,20,21,25],psa_cipher_update_output_max_s:[13,20,21],psa_cipher_update_output_s:[13,20,21],psa_close_kei:21,psa_copy_kei:[1,2,3,6,20,21,25],psa_create_kei:21,psa_crypto_api_version_major:[7,20,21],psa_crypto_api_version_minor:[7,20,21],psa_crypto_generator_init:21,psa_crypto_generator_t:21,psa_crypto_init:[1,4,7,9,10,11,12,14,15,16,17,18,19,20,25,30],psa_destroy_kei:[2,3,20,21,25],psa_dh_family_rfc7919:[2,20,21],psa_dh_family_t:[2,20,21,22],psa_dh_group_ffdhe2048:21,psa_dh_group_ffdhe3072:21,psa_dh_group_ffdhe4096:21,psa_dh_group_ffdhe6144:21,psa_dh_group_ffdhe8192:21,psa_dh_group_t:21,psa_ecc_curve_bit:21,psa_ecc_curve_brainpool_p256r1:21,psa_ecc_curve_brainpool_p384r1:21,psa_ecc_curve_brainpool_p512r1:21,psa_ecc_curve_curve25519:21,psa_ecc_curve_curve448:21,psa_ecc_curve_secp160k1:21,psa_ecc_curve_secp160r1:21,psa_ecc_curve_secp160r2:21,psa_ecc_curve_secp192k1:21,psa_ecc_curve_secp192r1:21,psa_ecc_curve_secp224k1:21,psa_ecc_curve_secp224r1:21,psa_ecc_curve_secp256k1:21,psa_ecc_curve_secp256r1:21,psa_ecc_curve_secp384r1:21,psa_ecc_curve_secp521r1:21,psa_ecc_curve_sect163k1:21,psa_ecc_curve_sect163r1:21,psa_ecc_curve_sect163r2:21,psa_ecc_curve_sect193r1:21,psa_ecc_curve_sect193r2:21,psa_ecc_curve_sect233k1:21,psa_ecc_curve_sect233r1:21,psa_ecc_curve_sect239k1:21,psa_ecc_curve_sect283k1:21,psa_ecc_curve_sect283r1:21,psa_ecc_curve_sect409k1:21,psa_ecc_curve_sect409r1:21,psa_ecc_curve_sect571k1:21,psa_ecc_curve_sect571r1:21,psa_ecc_curve_t:21,psa_ecc_family_brainpool_p_r1:[2,4,14,20,21],psa_ecc_family_frp:[2,4,14,20,21],psa_ecc_family_montgomeri:[2,4,14,15,20,21],psa_ecc_family_secp_k1:[2,20,21],psa_ecc_family_secp_r1:[2,20,21],psa_ecc_family_secp_r2:[2,20,21],psa_ecc_family_secp_xx:[4,14],psa_ecc_family_sect_k1:[2,20,21],psa_ecc_family_sect_r1:[2,20,21],psa_ecc_family_sect_r2:[2,20,21],psa_ecc_family_sect_xx:[4,14],psa_ecc_family_t:[2,20,21,22],psa_ecdsa_signature_s:21,psa_error_already_exist:[4,7,15,20,21],psa_error_bad_st:[1,4,7,8,10,11,12,14,15,16,17,18,19,20,24,25],psa_error_buffer_too_smal:[4,7,10,11,12,14,16,17,19,20,24],psa_error_communication_failur:[1,4,7,8,10,11,12,14,15,16,17,18,19,20,24],psa_error_corruption_detect:[1,4,7,8,10,11,12,14,15,16,17,18,19,20,21,24,25],psa_error_data_corrupt:[1,4,7,10,11,14,15,16,17,19,20,21,24],psa_error_data_invalid:[1,4,7,10,11,14,15,16,17,19,20,21],psa_error_does_not_exist:[7,20,21],psa_error_empty_slot:21,psa_error_generic_error:[7,20,21],psa_error_hardware_failur:[4,7,8,10,11,12,14,15,16,17,18,19,20,24],psa_error_insufficient_capac:21,psa_error_insufficient_data:[7,15,20,21,24],psa_error_insufficient_entropi:[4,7,8,17,18,19,20],psa_error_insufficient_memori:[1,4,7,8,10,11,12,14,15,16,17,18,19,20,27],psa_error_insufficient_storag:[4,7,15,20],psa_error_invalid_argu:[4,7,10,11,12,14,15,16,17,19,20],psa_error_invalid_handl:[1,4,7,10,11,14,15,16,17,19,20,25],psa_error_invalid_pad:[7,11,17,20],psa_error_invalid_signatur:[7,10,12,16,19,20],psa_error_not_permit:[4,7,10,11,14,15,16,17,19,20],psa_error_not_support:[4,7,10,11,12,14,15,16,17,18,19,20],psa_error_occupied_slot:21,psa_error_storage_failur:[1,4,7,10,11,14,15,16,17,19,20,21,24],psa_error_tampering_detect:21,psa_error_unknown_error:21,psa_error_xxx:9,psa_export_kei:[2,6,15,20,25],psa_export_key_output_s:[2,20,21],psa_export_key_pair_max_s:[2,20,21],psa_export_public_kei:[2,14,20,25],psa_export_public_key_max_s:[2,20,21],psa_export_public_key_output_s:[2,20,21],psa_generate_derived_kei:21,psa_generate_kei:[1,2,3,18,20,21,25],psa_generate_random:[11,13,20,25],psa_generator_abort:21,psa_generator_import_kei:21,psa_generator_read:21,psa_generator_unbridled_capac:21,psa_get_generator_capac:21,psa_get_key_algorithm:[2,20],psa_get_key_attribut:[2,4,20,21,25],psa_get_key_bit:[2,4,20],psa_get_key_id:[2,20],psa_get_key_inform:21,psa_get_key_lifetim:[2,20],psa_get_key_typ:[2,4,20],psa_get_key_usage_flag:[2,20],psa_get_key_xxx:[1,25],psa_hash_abort:[13,20,25],psa_hash_block_length:[13,20,21,22],psa_hash_clon:[13,20,25],psa_hash_compar:[13,20,25],psa_hash_comput:[13,19,20,25],psa_hash_finish:[13,20,25],psa_hash_length:[5,13,20,21],psa_hash_max_s:[13,20],psa_hash_operation_init:[13,20,25],psa_hash_operation_t:[13,20,25],psa_hash_resum:[13,20,21,25],psa_hash_s:21,psa_hash_setup:[13,20,25],psa_hash_suspend:[13,20,21,25],psa_hash_suspend_algorithm_field_length:[13,20,21,22],psa_hash_suspend_hash_state_field_length:[13,20,21,22],psa_hash_suspend_input_length_field_length:[13,20,21,22],psa_hash_suspend_output_max_s:[13,20,21],psa_hash_suspend_output_s:[13,20,21,22],psa_hash_upd:[13,20,25],psa_hash_verifi:[13,20,25],psa_hmac_max_hash_block_s:21,psa_import_kei:[1,2,3,14,15,20,21,25],psa_kdf_step_xxx:21,psa_key_agr:21,psa_key_agreement_raw_shared_secret:21,psa_key_attributes_init:[2,4,20],psa_key_attributes_t:[0,2,3,4,5,6,15,20,21,25],psa_key_derivation_abort:[13,14,20,21,25],psa_key_derivation_get_capac:[13,20,21],psa_key_derivation_input_byt:[13,20,21,25],psa_key_derivation_input_context:[13,20,21],psa_key_derivation_input_info:[13,20,25],psa_key_derivation_input_kei:[6,13,20,21,25],psa_key_derivation_input_label:[13,20],psa_key_derivation_input_salt:[13,20],psa_key_derivation_input_se:[13,20],psa_key_derivation_input_secret:[13,20,25],psa_key_derivation_input_xxx:[15,21],psa_key_derivation_key_agr:[6,13,15,20,21,25],psa_key_derivation_operation_init:[13,20,21,25],psa_key_derivation_operation_t:[13,14,20,21,25],psa_key_derivation_output_byt:[13,20,21,25],psa_key_derivation_output_kei:[1,3,13,20,21,25],psa_key_derivation_set_capac:[13,20,21,25],psa_key_derivation_setup:[13,14,20,25],psa_key_derivation_step_t:[13,14,20],psa_key_derivation_unlimited_capac:[13,20,21],psa_key_export_asn1_integer_max_s:21,psa_key_export_dsa_key_pair_max_s:21,psa_key_export_dsa_public_key_max_s:21,psa_key_export_ecc_key_pair_max_s:21,psa_key_export_ecc_public_key_max_s:21,psa_key_export_max_s:21,psa_key_export_rsa_key_pair_max_s:21,psa_key_export_rsa_public_key_max_s:21,psa_key_handle_t:21,psa_key_id_nul:[1,2,4,15,20,21,25],psa_key_id_t:[2,3,4,10,11,14,15,16,17,19,20,21,25],psa_key_id_user_max:[1,2,20,25],psa_key_id_user_min:[1,2,20,25],psa_key_id_vendor_max:[1,2,20,25],psa_key_id_vendor_min:[1,2,20,25],psa_key_lifetime_persist:[2,4,6,20,25],psa_key_lifetime_t:[2,3,20],psa_key_lifetime_volatil:[1,2,4,6,20,25],psa_key_policy_t:21,psa_key_type_a:[2,11,15,20,21,24],psa_key_type_arc4:[2,11,15,20,21],psa_key_type_camellia:[2,15,20,21],psa_key_type_category_flag_pair:21,psa_key_type_category_key_pair:21,psa_key_type_category_mask:21,psa_key_type_category_public_kei:21,psa_key_type_category_raw:21,psa_key_type_category_symmetr:21,psa_key_type_chacha20:[2,11,20,21],psa_key_type_d:[2,15,20,21],psa_key_type_der:[2,15,20,21],psa_key_type_dh_get_famili:[2,20,21,22],psa_key_type_dh_group_mask:21,psa_key_type_dh_key_pair:[2,15,20,21,22],psa_key_type_dh_key_pair_bas:21,psa_key_type_dh_public_kei:[2,20,21,22],psa_key_type_dh_public_key_bas:21,psa_key_type_ecc_curve_mask:21,psa_key_type_ecc_get_famili:[2,20,21,22],psa_key_type_ecc_key_pair:[2,15,20,21,22],psa_key_type_ecc_key_pair_bas:21,psa_key_type_ecc_public_kei:[2,20,21,22],psa_key_type_ecc_public_key_bas:21,psa_key_type_get_curv:21,psa_key_type_get_group:21,psa_key_type_hmac:[2,15,20,21],psa_key_type_is_asymmetr:[2,20,21,22],psa_key_type_is_dh:[2,20,21,22],psa_key_type_is_dh_key_pair:[2,4,20,21,22],psa_key_type_is_dh_public_kei:[2,4,20,21,22],psa_key_type_is_ecc:[2,20,21,22],psa_key_type_is_ecc_key_pair:[2,4,20,21,22],psa_key_type_is_ecc_public_kei:[2,4,20,21,22],psa_key_type_is_key_pair:[2,20,21,22],psa_key_type_is_public_kei:[2,4,20,21,22],psa_key_type_is_rsa:[2,20,21,22],psa_key_type_is_unstructur:[2,20,21,22],psa_key_type_is_vendor_defin:21,psa_key_type_key_pair_of_public_kei:[2,20,21,22],psa_key_type_non:[1,2,20,21],psa_key_type_public_key_of_key_pair:[2,4,20,21,22],psa_key_type_raw_data:[2,15,20,21],psa_key_type_rsa_key_pair:[2,4,15,20,21],psa_key_type_rsa_public_kei:[2,4,20,21],psa_key_type_t:[2,4,5,11,20,21,22,24],psa_key_type_vendor_flag:21,psa_key_usage_cach:[2,4,20,21,25,27],psa_key_usage_copi:[2,4,20,25],psa_key_usage_decrypt:[2,10,11,17,20],psa_key_usage_der:[2,14,15,20,21],psa_key_usage_encrypt:[2,10,11,17,20,25],psa_key_usage_export:[2,4,20,25],psa_key_usage_sign:21,psa_key_usage_sign_hash:[2,19,20,21],psa_key_usage_sign_messag:[2,16,19,20,21,25],psa_key_usage_t:[2,6,20,25],psa_key_usage_verifi:21,psa_key_usage_verify_hash:[2,19,20,21],psa_key_usage_verify_messag:[2,16,19,20,21],psa_mac_abort:[13,20,25],psa_mac_comput:[6,13,20,25],psa_mac_final_s:[16,21],psa_mac_length:[13,20,21],psa_mac_max_s:[13,20],psa_mac_operation_init:[13,20,25],psa_mac_operation_t:[13,20,25],psa_mac_sign_finish:[13,20,25],psa_mac_sign_setup:[6,13,20,25],psa_mac_truncated_length:21,psa_mac_truncation_offset:21,psa_mac_upd:[13,20,25],psa_mac_verifi:[6,13,20,25],psa_mac_verify_finish:[13,20,25],psa_mac_verify_setup:[6,13,20,25],psa_max_block_cipher_block_s:21,psa_open_kei:21,psa_purge_kei:[2,6,20,21,25,27],psa_raw_key_agr:[6,13,20,21,25],psa_raw_key_agreement_output_max_s:[13,20,21],psa_raw_key_agreement_output_s:[13,20,21],psa_reset_key_attribut:[2,4,20],psa_round_up_to_multipl:21,psa_rsa_minimum_padding_s:21,psa_set_generator_capac:21,psa_set_key_algorithm:[1,2,19,20],psa_set_key_bit:[1,2,20],psa_set_key_id:[1,2,20],psa_set_key_lifetim:[1,2,20],psa_set_key_polici:21,psa_set_key_typ:[1,2,20],psa_set_key_usage_flag:[1,2,19,20],psa_set_key_xxx:1,psa_sign_hash:[6,13,20,21,25],psa_sign_messag:[6,13,20,21,25],psa_sign_output_s:[13,20,21],psa_signature_max_s:[13,20,21],psa_status_t:[1,4,7,8,10,11,12,14,15,16,17,18,19,20,24,30],psa_success:[1,3,4,7,8,10,11,12,14,15,16,17,18,19,20,21,24,25],psa_tls12_psk_to_ms_psk_max_s:[13,20,21],psa_vendor_ecc_max_curve_bit:21,psa_vendor_rsa_max_key_bit:21,psa_verify_hash:[6,13,20,21,25],psa_verify_messag:[6,13,20,21,25],psa_xxx_abort:[21,25],psa_xxx_init:25,psa_xxx_key_pair:21,psa_xxx_keypair:21,psa_xxx_signatur:19,psa_xxx_siz:9,pseudo:[22,25,27],pseudorandom:[9,15,25],psk:[15,21],pss:19,publish:21,pure:15,purg:4,purpos:[4,6,9,15,16,25,26,29],put:25,q_a:14,q_b:14,qualiti:[24,25],queri:[0,1,3,4,5,6,15,25],quot:15,radio:27,rais:25,ram:25,random:[1,5,8,9,10,11,13,15,19,23,24,26,30],randomli:4,rang:[1,5,15,21,25,26,27],rate:25,rather:[9,26],rational:[27,28],raw:[4,5,14,19],rc4:5,reach:[24,25],read:[1,4,6,9,14,15,21,24,25,30],readabl:[9,24],reader:30,readi:14,realiz:29,realloc:21,realm:9,reason:[9,29],reassign:21,receiv:[9,24,26],recip:28,recod:21,recogn:[9,10,11,12,16],recommend:[1,4,5,9,10,11,12,14,15,16,19,23,24],record:5,recov:[4,10,16,25],recover:4,reduc:[15,26,27],refer:[1,4,6,9,10,12,15,16,20,21,23,24,25,28,30],referenc:21,refurbish:3,regard:21,regardless:[4,6],registri:21,regul:25,reject:[4,10,15],relat:[1,21,26,27],relax:21,releas:[23,25],relev:27,reli:27,reload:27,remain:[3,9,10,11,15,16,25],remot:29,remov:[4,6,21,25,29],renam:21,reorgan:21,repeat:[6,15],replac:[21,22],report:[1,6,9,10,21,24],repres:[1,15,19,26,27],represent:[1,4,19,22,26],request:[6,9,10,11,14,15,16,17,19,24,27,29],requir:[0,1,3,4,5,6,9,10,11,12,14,15,16,17,19,21,23,25,26,28,30],research:26,reseed:[9,30],reserv:[1,5,25],reset:[1,3,10,11,12,15,16,21,25],resid:26,resist:23,resort:9,resourc:[1,4,9,10,11,12,15,16,21,23,25,28,30],respect:[1,10,11,16,17,19,24,27],rest:[10,12],restart:[1,25],restrict:[4,6,15,25,27],restructur:21,result:[1,4,9,10,11,12,14,15,16,17,18,19,21,22,24,25,26,27],resum:[12,21,25],retain:[12,25,26,29],retent:25,retriev:[0,1,3,5,6,15,16,21,25],reus:[10,11,12,15,16,21,25,27],reveal:[9,25],rewound:25,rfc:[4,5,10,11,15,17,19,25],ripemd:12,risk:[4,24,26,27],riski:[12,16],robust:27,roll:24,rsa:[2,4,17,19,23],rsae:17,rsaprivatekei:4,rsapublickei:4,rsassa:19,rule:[10,21,27],run:[26,29,30],runtim:[4,9],safe:[9,10,11,12,16,23,24,25],safeti:9,said:1,salt:[15,17,19,20],salt_length:[17,20],same:[4,5,6,10,12,14,16,19,21,24,25,26,27,29,30],sampl:23,save:[4,15],scalabl:26,scalar:4,schedul:15,scheme:[0,15,17,19,28],scope:26,search:23,sec:[4,5],secp160r2:5,secp192k1:5,secp192r1:5,secp224k1:5,secp224r1:5,secp256k1:5,secp256r1:5,secp384r1:5,secp521r1:5,secret:[4,5,14,15,19,21,25,27,29],sect163k1:5,sect163r1:5,sect163r2:5,sect233k1:5,sect233r1:5,sect239k1:5,sect283k1:5,sect283r1:5,sect409k1:5,sect409r1:5,sect571k1:5,sect571r1:5,section:[21,24,25,26,27,29,30],secur:[4,6,8,9,12,15,16,23,24,25,28,29],see:[0,1,4,5,6,9,10,11,12,14,15,16,17,19,25,27],seed:[8,15,25,30],segment:29,select:[10,11,12,15,16,17,19,25],semant:21,sensibl:[4,14,17,19],sensit:[27,30],separ:[10,19,21,24,25,26,29,30],sequenc:[1,9,10,11,12,15,16,19,24,25],sequenti:27,seri:25,serv:[26,29],server:26,serverhello:15,servic:[13,23,26,28,29],session:21,set:[0,1,3,4,5,6,10,11,12,14,15,16,19,21,24,25,28],setup:[10,11,15,25],sever:[26,27,29],sha3:12,sha:[12,15,16],share:[4,10,14,15,23,24,25,26,27,29],shorten:10,show:19,side:[4,14,17,19,27],sign:[6,16,19,21,23,26],signatur:[0,6,9,13,15,17,20,21,23,25],signature_length:[19,20],signature_s:[19,20],signific:[14,19],similar:[10,21,25,29],simpl:[0,1,3,5,6,24],simpler:[22,27],simpli:29,simultan:30,sinc:[1,25,29],singl:[4,5,13,15,19,21,23,26,27],situat:[4,8,9,15,25],siv:25,size:[1,4,5,9,10,11,12,14,15,16,17,19,21,23,25,26,27],size_t:[4,5,10,11,12,14,15,16,17,18,19,20,24],sizeof:[1,10,11,12,15,16],skip:1,slg:12,small:[4,9,10,11,12,14,16,17,19],smaller:[10,11,12,14,15,16,17,19],smartcard:29,snippet:21,softwar:29,sole:4,some:[4,8,9,15,19,21,24,25,26,27,29,30],someth:21,sometim:25,soon:[6,27],sourc:[4,25,28],source_kei:[4,20],source_oper:[12,20],space:[9,10,29],special:[1,15,25,26],specif:[0,1,3,4,5,9,10,11,12,14,15,16,17,19,20,21,22,23,24,25,26,28,29,30],specifi:[0,4,10,11,12,14,15,16,17,19,21,24,25,26,27,30],speed:5,split:25,spuriou:21,stabil:[23,27,30],stack:[24,25,27,30],stage:25,stakehold:29,standalon:[13,23],standard:[1,4,5,9,14,15,21,23,27,30],start:[15,20,25],startup:27,state:[1,9,10,11,13,14,15,16,21,23,24,25,26,27],statu:[4,7,8,10,11,12,14,15,16,18,23,25],status:24,stdint:27,stem:27,step:[1,10,11,12,13,14,16,19,20,21,23,25,27],still:[0,4,6,9,28],storag:[1,3,4,6,9,10,15,16,21,23,25,27,28,30],store:[0,1,3,5,6,9,10,11,15,25,26,27,29,30],strategi:[25,27],stream:[5,11,15,21,25,26],strength:15,strict:27,string:[4,15,16,19],strip:4,strongli:[5,25],struct:[21,27],structur:[1,19,21,23],style:25,subject:4,subsequ:[8,9,10,12,15,25],subset:[5,9,26,27,28,29],subtl:26,succe:[8,9,10,15],succeed:9,success:[1,4,7,8,10,11,12,14,15,16,17,19,23,24,25],successfulli:[9,10,11,12,16,19,24],suffer:9,suffici:[4,6,9,10,11,12,14,17,19,24,27,30],suitabl:[0,1,10,11,12,14,15,16,23,24,25],summari:26,supersed:5,suppli:[25,29],support:[0,1,4,5,6,9,13,21,22,23,25,26,29],suppos:19,suspend:[13,21,23,25,27],symmetr:[0,1,2,4,6,10,11,23,24],synonym:27,system:[1,24,26,27,29,30],systemat:24,tabl:[12,21],tag:[10,20,25],tag_length:[10,20,22],tag_siz:[10,20],take:[9,10,11,14,15,21,25,26,27],taken:[4,12,15,16],tamper:9,target:[4,27,29],target_kei:[4,20],target_oper:[12,20],task:24,technolog:26,temporari:[24,27,30],tend:27,tent:10,term:[25,27,29],termin:[1,9,10,11,12,16,24,25],terminolog:21,test:[15,26],text:25,than:[1,8,9,10,12,14,15,16,19,24,26,27],thei:[4,5,6,9,10,11,12,24,25,26,27,29,30],them:[15,21,25,27],themselv:26,theoret:27,therebi:[12,16],therefor:[1,15,25,29],thi:[0,1,3,4,5,6,8,9,10,11,12,14,15,16,17,18,19,20,21,22,24,25,26,27,28,29,30],thin:29,those:[15,26,27],though:[24,29],thread:24,threat:[27,28],three:[4,15,26],through:[6,10,15,16,25,26,29],thu:[15,29,30],time:[1,4,9,10,11,12,14,15,16,17,19,24,25,26,27,29],titl:15,tls1:21,token:[23,26],too:[4,9,10,11,12,14,16,17,19,25],took:10,top:[11,26],total:[10,11,12],trail:10,transfer:12,translat:29,tripl:[4,5,15],trng:[25,29],truncat:[4,10,16,19],trust:[9,10,24,26,29],turn:10,twice:15,two:[4,10,12,14,15,25,29,30],type:[0,2,4,6,7,13,14,17,19,20,21,23,25,26,30],typedef:[1,5,9,10,11,12,15,16,20,27],typic:[1,5,9,15,26,27,28,29],uint16_t:[1,15,20,27],uint32_t:[1,20,27],uint8_t:[4,5,10,11,12,14,15,16,17,18,19,20,24,27],unalloc:[1,5],unambigu:4,unauthent:[5,9,13,23,25],unbound:26,unchang:[5,15,24,27],uncompress:4,undefin:[5,8,11,24,25,30],under:[17,19,24],underli:[0,5,10,11,14,24,27,29],undetermin:[9,24],undon:10,unexpect:4,uninstal:3,uniqu:[25,26,29],unless:[4,10,11,24,25,30],unlik:29,unlock:27,unmodifi:24,unpack:12,unprocess:12,unsign:[12,27],unspecifi:[1,3,4,5,9,10,14,15,16,17,19,24],unstructur:5,unsupport:[9,27],unsur:9,until:[3,10,11,12,15,16,24,25],untrunc:16,untrustworthi:29,unusu:21,updat:[21,25],upon:26,usabl:25,usag:[0,1,2,4,10,11,12,14,15,16,17,19,21,23],usage_flag:[6,20],use:[1,4,5,6,9,10,11,12,14,15,16,17,18,19,21,23,24,25,27,28,29],used:[0,1,3,4,5,6,9,10,11,12,14,15,16,17,19,20,21,24,25,26,27,28,29,30],useful:[4,25,29],user:[24,26,28],uses:[0,15,21,24,27,28],using:[0,3,4,5,6,9,10,11,12,14,15,16,17,19,21,24,25,27,29,30],usual:[14,15,19,25],v1_5:19,valid:[0,1,3,4,5,6,9,10,11,12,14,15,16,17,19,21,22,24,25,26,27],valu:[0,1,3,4,5,6,9,10,11,12,14,15,16,17,19,20,21,22,24,25,27,29],variabl:[19,25],variant:[5,10,24,29],variou:[21,26],vast:[26,27],vector:[5,11,25],vendor:[10,22,24,27],veri:26,verif:[6,9,16,19,25],verifi:[6,9,12,16,19,24,25,27],verify_messag:19,versa:24,version:[4,5,7,15,19,22,23,24,25,27],via:[1,15,25],vice:24,view:15,violat:24,virtual:26,visant:5,visibl:[25,26],volatil:[1,3,4,6,9,21,23,27,29],vulner:[10,27],wai:[4,10,15,21,24,25,27,30],warn:[10,26],weak:[5,12,15,26],weierstrass:[4,14,15],well:[9,14,21,26,30],were:[10,11,24,26],what:[6,15,24,25],when:[1,3,4,5,6,9,10,11,12,14,15,16,19,21,24,25,26,27,30],whenev:9,where:[1,4,5,6,9,10,11,12,14,15,16,17,19,24,25,26,27,29,30],whether:[0,1,4,5,6,9,10,11,12,14,15,16,17,18,19,24,25],which:[0,1,3,4,5,6,9,10,11,12,14,15,16,20,21,24,25,26,27,29,30],whilst:21,who:29,whole:[4,10,11,15,25,26],whose:[9,11,15,19,27],wide:26,wildcard:[0,4,19],wipe:[3,25,27,30],wireless:26,wise:15,wish:24,within:[5,21,25,27],without:[1,3,4,10,11,12,15,16,19,21,25,27],word:[12,19,30],work:25,workshop:5,world:24,would:[9,21,29],wrap:[6,21],writabl:24,write:[0,1,3,5,6,9,24,25],writer:[9,30],written:[3,4,9,10,11,12,14,15,16,17,19,27,30],wrong:[4,25],wrote:24,x00000000:[1,3,20],x00000001:[1,3,6,20],x00000002:[6,20],x00000004:[6,20],x000000ff:22,x00000100:[6,20],x000001ff:22,x00000200:[6,20],x00000400:[6,20],x00000800:[6,20],x00001000:[6,20],x00002000:[6,20],x00004000:[6,20],x0000:[5,20],x0001:1,x003f0000:22,x00:5,x00ff:22,x02000000:22,x02000001:[12,20],x02000002:[12,20],x02000003:[12,20],x02000004:[12,20],x02000005:[12,20],x02000008:[12,20],x02000009:[12,20],x0200000a:[12,20],x0200000b:[12,20],x0200000c:[12,20],x0200000d:[12,20],x02000010:[12,20],x02000011:[12,20],x02000012:[12,20],x02000013:[12,20],x020000ff:[19,20],x03000000:22,x03800000:22,x03:[5,20],x03c00000:22,x03c00100:[16,20],x03c00200:[16,20],x04404000:[11,20],x04404100:[11,20],x04404400:[11,20],x0440ff00:[11,20],x04800000:22,x04800100:[11,20],x04c01000:[11,20],x04c01100:[11,20],x04c01200:[11,20],x05000000:22,x05000500:22,x05100500:[10,20],x05400000:22,x05400100:22,x05400200:22,x05500100:[10,20],x05500200:[10,20],x06000000:22,x06000200:[19,20,22],x06000300:22,x06000600:[19,20,22],x06000700:22,x07000000:22,x07000200:[17,20],x07000300:22,x08000000:22,x08000100:22,x08000200:22,x08000300:22,x09000000:22,x09010000:[14,20,22],x09020000:[14,20,22],x1000:22,x1001:[5,20],x1100:[5,20],x1200:[5,20],x12:[5,20],x17:[5,20],x1b:[5,20],x2000:22,x2002:[5,20],x2004:[5,20],x22:[5,20],x2301:[5,20],x2400:[5,20],x2403:[5,20],x25519:[4,5],x27:[5,20],x2b:[5,20],x3000:22,x30:[5,20],x33:[5,20],x3f:22,x3fffffff:[3,20],x40000000:[3,20],x4000:22,x4001:[5,20,22],x4100:22,x41:[5,20],x4200:22,x448:[4,5],x7000:22,x7001:[5,20],x7100:22,x7200:22,x7f000000:22,x7f00ffff:22,x7f400000:22,x7f800000:22,x7f:5,x7fc00000:22,x7fc0ff00:22,x7fff0000:22,x7fff:1,x7fffffff:[1,3,20],x80000000:1,x8000:1,x80:5,x_p:4,xfe00ffff:22,xff00:22,xff:5,xffff0000:22,xffff:1,xffffffff:1,xor:11,y_p:4,yet:[10,11,12,15,16,24],zero:[0,1,4,5,9,10,11,12,14,15,16,17,19,21,25,27]},titles:["Algorithms","Key attributes","Key management reference","Key locations","Key management functions","Key types","Key policies","Library management reference","PSA Crypto library","PSA status codes","Authenticated encryption with associated data (AEAD)","Unauthenticated ciphers","Message digests","Cryptographic operation reference","Key agreement","Key derivation","Message authentication codes (MAC)","Asymmetric encryption","Other cryptographic services","Asymmetric signature","Example header file","Changes to the API","Example macro implementations","PSA Cryptography API 1.0","Library conventions","Functionality overview","Design goals","Implementation considerations","Introduction","Sample architectures","Usage considerations"],titleterms:{"case":26,"export":4,"function":[0,1,3,4,5,6,8,10,11,12,14,15,16,17,18,19,25],"return":24,TLS:26,accessor:[0,3,5,6],addit:21,aead:[10,25],after:30,agreement:[14,25],algorithm:[0,10,11,12,14,15,16,17,19,22,24,26],alwai:30,api:[8,21,23,25],applic:29,architectur:29,aspect:27,associ:10,assumpt:27,asymmetr:[17,19,25],attack:27,attest:26,attribut:[0,1,3,5,6],authent:[10,16,25],behavior:24,beta:21,between:[21,24],boot:26,buffer:24,call:24,categori:[0,5],chang:21,check:30,choic:26,cipher:11,clean:30,cleanup:27,client:29,code:[9,16,25],combin:14,concurr:[24,30],consider:[27,30],constrain:26,convent:24,creation:4,credenti:26,crypto:[8,20],cryptograph:[13,18,27,29],cryptographi:[23,25],cryptoprocessor:29,curv:5,data:10,decrypt:25,deriv:[14,15,25],design:26,destruct:4,detect:27,devic:26,diffi:5,digest:[12,25],document:21,eas:26,ellipt:5,encrypt:[10,17,25],error:[9,24,27,30],exampl:[20,22,25,26],factori:26,file:20,flag:6,futur:21,gener:[18,25],goal:26,handl:24,hardwar:27,hash:[12,22,25],header:20,hellman:5,histori:21,identifi:[3,25],implement:[0,3,5,6,22,27],indirect:27,inform:21,initi:8,input:[15,24],interfac:[26,27],introduct:28,isol:26,kei:[1,2,3,4,5,6,14,15,22,24,25,27,29],keystor:26,librari:[7,8,24,25],lifetim:3,locat:3,mac:[16,25],macro:[0,1,3,4,5,6,8,9,10,11,12,14,15,16,17,19,22,27],manag:[1,2,4,7,25,27],materi:27,memori:[27,30],messag:[12,16,25],minimum:25,multi:[10,11,12,16,25,29],network:26,note:[0,3,5,6],number:18,object:27,oper:[10,11,12,13,16,25],option:26,other:[18,27],output:[24,27],overlap:24,overview:25,pair:26,paramet:24,part:[10,11,12,16,25],partit:29,persist:25,philosophi:27,plan:21,platform:27,pointer:24,polici:[6,25],port:27,processor:29,profil:27,provis:26,psa:[8,9,20,23],psa_aead_abort:10,psa_aead_decrypt:10,psa_aead_decrypt_output_max_s:10,psa_aead_decrypt_output_s:10,psa_aead_decrypt_setup:10,psa_aead_encrypt:10,psa_aead_encrypt_output_max_s:10,psa_aead_encrypt_output_s:10,psa_aead_encrypt_setup:10,psa_aead_finish:10,psa_aead_finish_output_max_s:10,psa_aead_finish_output_s:10,psa_aead_generate_nonc:10,psa_aead_nonce_length:10,psa_aead_nonce_max_s:10,psa_aead_operation_init:10,psa_aead_operation_t:10,psa_aead_set_length:10,psa_aead_set_nonc:10,psa_aead_tag_length:10,psa_aead_tag_max_s:10,psa_aead_upd:10,psa_aead_update_ad:10,psa_aead_update_output_max_s:10,psa_aead_update_output_s:10,psa_aead_verifi:10,psa_aead_verify_output_max_s:10,psa_aead_verify_output_s:10,psa_alg_aead_with_default_length_tag:10,psa_alg_aead_with_shortened_tag:10,psa_alg_any_hash:19,psa_alg_cbc_mac:16,psa_alg_cbc_no_pad:11,psa_alg_cbc_pkcs7:11,psa_alg_ccm:10,psa_alg_cfb:11,psa_alg_chacha20_poly1305:10,psa_alg_cmac:16,psa_alg_ctr:11,psa_alg_deterministic_ecdsa:19,psa_alg_ecb_no_pad:11,psa_alg_ecdh:14,psa_alg_ecdsa:19,psa_alg_ecdsa_ani:19,psa_alg_ffdh:14,psa_alg_full_length_mac:16,psa_alg_gcm:10,psa_alg_get_hash:0,psa_alg_hkdf:15,psa_alg_hmac:16,psa_alg_is_aead:0,psa_alg_is_aead_on_block_ciph:10,psa_alg_is_asymmetric_encrypt:0,psa_alg_is_block_cipher_mac:16,psa_alg_is_ciph:0,psa_alg_is_deterministic_ecdsa:19,psa_alg_is_ecdh:14,psa_alg_is_ecdsa:19,psa_alg_is_ffdh:14,psa_alg_is_hash:0,psa_alg_is_hash_and_sign:19,psa_alg_is_hkdf:15,psa_alg_is_hmac:16,psa_alg_is_key_agr:0,psa_alg_is_key_deriv:0,psa_alg_is_mac:0,psa_alg_is_randomized_ecdsa:19,psa_alg_is_raw_key_agr:14,psa_alg_is_rsa_oaep:17,psa_alg_is_rsa_pkcs1v15_sign:19,psa_alg_is_rsa_pss:19,psa_alg_is_sign:0,psa_alg_is_sign_hash:19,psa_alg_is_sign_messag:19,psa_alg_is_stream_ciph:11,psa_alg_is_tls12_prf:15,psa_alg_is_tls12_psk_to_m:15,psa_alg_is_wildcard:0,psa_alg_key_agr:14,psa_alg_key_agreement_get_bas:14,psa_alg_key_agreement_get_kdf:14,psa_alg_md2:12,psa_alg_md4:12,psa_alg_md5:12,psa_alg_non:0,psa_alg_ofb:11,psa_alg_ripemd160:12,psa_alg_rsa_oaep:17,psa_alg_rsa_pkcs1v15_crypt:17,psa_alg_rsa_pkcs1v15_sign:19,psa_alg_rsa_pkcs1v15_sign_raw:19,psa_alg_rsa_pss:19,psa_alg_sha3_224:12,psa_alg_sha3_256:12,psa_alg_sha3_384:12,psa_alg_sha3_512:12,psa_alg_sha_1:12,psa_alg_sha_224:12,psa_alg_sha_256:12,psa_alg_sha_384:12,psa_alg_sha_512:12,psa_alg_sha_512_224:12,psa_alg_sha_512_256:12,psa_alg_stream_ciph:11,psa_alg_tls12_prf:15,psa_alg_tls12_psk_to_m:15,psa_alg_truncated_mac:16,psa_alg_xt:11,psa_algorithm_t:1,psa_asymmetric_decrypt:17,psa_asymmetric_decrypt_output_max_s:17,psa_asymmetric_decrypt_output_s:17,psa_asymmetric_encrypt:17,psa_asymmetric_encrypt_output_max_s:17,psa_asymmetric_encrypt_output_s:17,psa_block_cipher_block_length:11,psa_block_cipher_block_max_s:11,psa_cipher_abort:11,psa_cipher_decrypt:11,psa_cipher_decrypt_output_max_s:11,psa_cipher_decrypt_output_s:11,psa_cipher_decrypt_setup:11,psa_cipher_encrypt:11,psa_cipher_encrypt_output_max_s:11,psa_cipher_encrypt_output_s:11,psa_cipher_encrypt_setup:11,psa_cipher_finish:11,psa_cipher_finish_output_max_s:11,psa_cipher_finish_output_s:11,psa_cipher_generate_iv:11,psa_cipher_iv_length:11,psa_cipher_iv_max_s:11,psa_cipher_operation_init:11,psa_cipher_operation_t:11,psa_cipher_set_iv:11,psa_cipher_upd:11,psa_cipher_update_output_max_s:11,psa_cipher_update_output_s:11,psa_copy_kei:4,psa_crypto_api_version_major:8,psa_crypto_api_version_minor:8,psa_crypto_init:8,psa_destroy_kei:4,psa_dh_family_rfc7919:5,psa_dh_family_t:5,psa_ecc_family_brainpool_p_r1:5,psa_ecc_family_frp:5,psa_ecc_family_montgomeri:5,psa_ecc_family_secp_k1:5,psa_ecc_family_secp_r1:5,psa_ecc_family_secp_r2:5,psa_ecc_family_sect_k1:5,psa_ecc_family_sect_r1:5,psa_ecc_family_sect_r2:5,psa_ecc_family_t:5,psa_error_already_exist:9,psa_error_bad_st:9,psa_error_buffer_too_smal:9,psa_error_communication_failur:9,psa_error_corruption_detect:9,psa_error_data_corrupt:9,psa_error_data_invalid:9,psa_error_does_not_exist:9,psa_error_generic_error:9,psa_error_hardware_failur:9,psa_error_insufficient_data:9,psa_error_insufficient_entropi:9,psa_error_insufficient_memori:9,psa_error_insufficient_storag:9,psa_error_invalid_argu:9,psa_error_invalid_handl:9,psa_error_invalid_pad:9,psa_error_invalid_signatur:9,psa_error_not_permit:9,psa_error_not_support:9,psa_error_storage_failur:9,psa_export_kei:4,psa_export_key_output_s:4,psa_export_key_pair_max_s:4,psa_export_public_kei:4,psa_export_public_key_max_s:4,psa_export_public_key_output_s:4,psa_generate_kei:4,psa_generate_random:18,psa_get_key_algorithm:0,psa_get_key_attribut:1,psa_get_key_bit:5,psa_get_key_id:3,psa_get_key_lifetim:3,psa_get_key_typ:5,psa_get_key_usage_flag:6,psa_hash_abort:12,psa_hash_block_length:12,psa_hash_clon:12,psa_hash_compar:12,psa_hash_comput:12,psa_hash_finish:12,psa_hash_length:12,psa_hash_max_s:12,psa_hash_operation_init:12,psa_hash_operation_t:12,psa_hash_resum:12,psa_hash_setup:12,psa_hash_suspend:12,psa_hash_suspend_algorithm_field_length:12,psa_hash_suspend_hash_state_field_length:12,psa_hash_suspend_input_length_field_length:12,psa_hash_suspend_output_max_s:12,psa_hash_suspend_output_s:12,psa_hash_upd:12,psa_hash_verifi:12,psa_import_kei:4,psa_key_attributes_init:1,psa_key_attributes_t:1,psa_key_derivation_abort:15,psa_key_derivation_get_capac:15,psa_key_derivation_input_byt:15,psa_key_derivation_input_context:15,psa_key_derivation_input_info:15,psa_key_derivation_input_kei:15,psa_key_derivation_input_label:15,psa_key_derivation_input_salt:15,psa_key_derivation_input_se:15,psa_key_derivation_input_secret:15,psa_key_derivation_key_agr:14,psa_key_derivation_operation_init:15,psa_key_derivation_operation_t:15,psa_key_derivation_output_byt:15,psa_key_derivation_output_kei:15,psa_key_derivation_set_capac:15,psa_key_derivation_setup:15,psa_key_derivation_step_t:15,psa_key_derivation_unlimited_capac:15,psa_key_id_nul:3,psa_key_id_t:1,psa_key_id_user_max:3,psa_key_id_user_min:3,psa_key_id_vendor_max:3,psa_key_id_vendor_min:3,psa_key_lifetime_persist:3,psa_key_lifetime_t:1,psa_key_lifetime_volatil:3,psa_key_type_a:5,psa_key_type_arc4:5,psa_key_type_camellia:5,psa_key_type_chacha20:5,psa_key_type_d:5,psa_key_type_der:5,psa_key_type_dh_get_famili:5,psa_key_type_dh_key_pair:5,psa_key_type_dh_public_kei:5,psa_key_type_ecc_get_famili:5,psa_key_type_ecc_key_pair:5,psa_key_type_ecc_public_kei:5,psa_key_type_hmac:5,psa_key_type_is_asymmetr:5,psa_key_type_is_dh:5,psa_key_type_is_dh_key_pair:5,psa_key_type_is_dh_public_kei:5,psa_key_type_is_ecc:5,psa_key_type_is_ecc_key_pair:5,psa_key_type_is_ecc_public_kei:5,psa_key_type_is_key_pair:5,psa_key_type_is_public_kei:5,psa_key_type_is_rsa:5,psa_key_type_is_unstructur:5,psa_key_type_key_pair_of_public_kei:5,psa_key_type_non:5,psa_key_type_public_key_of_key_pair:5,psa_key_type_raw_data:5,psa_key_type_rsa_key_pair:5,psa_key_type_rsa_public_kei:5,psa_key_type_t:1,psa_key_usage_cach:6,psa_key_usage_copi:6,psa_key_usage_decrypt:6,psa_key_usage_der:6,psa_key_usage_encrypt:6,psa_key_usage_export:6,psa_key_usage_sign_hash:6,psa_key_usage_sign_messag:6,psa_key_usage_t:1,psa_key_usage_verify_hash:6,psa_key_usage_verify_messag:6,psa_mac_abort:16,psa_mac_comput:16,psa_mac_length:16,psa_mac_max_s:16,psa_mac_operation_init:16,psa_mac_operation_t:16,psa_mac_sign_finish:16,psa_mac_sign_setup:16,psa_mac_upd:16,psa_mac_verifi:16,psa_mac_verify_finish:16,psa_mac_verify_setup:16,psa_purge_kei:4,psa_raw_key_agr:14,psa_raw_key_agreement_output_max_s:14,psa_raw_key_agreement_output_s:14,psa_reset_key_attribut:1,psa_set_key_algorithm:0,psa_set_key_bit:5,psa_set_key_id:3,psa_set_key_lifetim:3,psa_set_key_typ:5,psa_set_key_usage_flag:6,psa_sign_hash:19,psa_sign_messag:19,psa_sign_output_s:19,psa_signature_max_s:19,psa_status_t:9,psa_success:9,psa_tls12_psk_to_ms_psk_max_s:15,psa_verify_hash:19,psa_verify_messag:19,random:[18,25],recommend:[25,27,30],refer:[2,7,13,27],releas:21,requir:27,resist:27,resourc:27,rsa:5,safe:27,sampl:29,secur:[26,27,30],servic:18,share:30,sign:25,signatur:19,singl:[10,11,12,16,25,29],size:24,specif:27,stabil:24,standalon:14,standard:25,state:[12,22],statu:[9,24],step:15,storag:[26,29],structur:24,success:9,suitabl:26,support:[10,11,12,14,15,16,17,19,27],suspend:[12,22],symmetr:[5,25],token:29,type:[1,5,9,10,11,12,15,16,22,24,27],unauthent:11,usag:[6,25,30],use:[26,30],version:[8,21],volatil:25}})
\ No newline at end of file