Update PSA API specification to 1.0.1
Generated according to the instructions in update_psa_crypto_api.sh
using the tag psa-crypto-api-1.0.1.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/docs/html/.buildinfo b/docs/html/.buildinfo
index e0308de..f41ab23 100644
--- a/docs/html/.buildinfo
+++ b/docs/html/.buildinfo
@@ -1,4 +1,4 @@
# Sphinx build info version 1
# This file hashes the configuration used when building these files. When it is not found, a full rebuild will be done.
-config: ed1725312cdaeb274fa374ba1db47888
+config: ddd39c04efeda3fc3175113ad961f269
tags: 645f666f9bcd5a90fca523b33c5a78b7
diff --git a/docs/html/_images/Arm_logo_blue_150LG.png b/docs/html/_images/Arm_logo_blue_150LG.png
new file mode 100644
index 0000000..eab259b
--- /dev/null
+++ b/docs/html/_images/Arm_logo_blue_150LG.png
Binary files differ
diff --git a/docs/html/_sources/api/keys/algorithms.rst.txt b/docs/html/_sources/api/keys/algorithms.rst.txt
deleted file mode 100644
index ea18185..0000000
--- a/docs/html/_sources/api/keys/algorithms.rst.txt
+++ /dev/null
@@ -1,220 +0,0 @@
-.. _algorithms:
-
-Algorithms
-==========
-
-Algorithm categories
---------------------
-
-.. macro:: PSA_ALG_NONE
- :definition: ((psa_algorithm_t)0)
-
- .. summary::
- An invalid algorithm identifier value.
-
- Zero is not the encoding of any algorithm.
-
-.. macro:: PSA_ALG_IS_HASH
- :definition: /* specification-defined value */
-
- .. summary::
- Whether the specified algorithm is a hash algorithm.
-
- .. param:: alg
- An algorithm identifier (value of type `psa_algorithm_t`).
-
- .. return::
- ``1`` if ``alg`` is a hash algorithm, ``0`` otherwise. This macro can return either ``0`` or ``1`` if ``alg`` is not a supported algorithm identifier.
-
- See :title:`hash-algorithms` for a list of defined hash algorithms.
-
-.. macro:: PSA_ALG_IS_MAC
- :definition: /* specification-defined value */
-
- .. summary::
- Whether the specified algorithm is a MAC algorithm.
-
- .. param:: alg
- An algorithm identifier (value of type `psa_algorithm_t`).
-
- .. return::
- ``1`` if ``alg`` is a MAC algorithm, ``0`` otherwise. This macro can return either ``0`` or ``1`` if ``alg`` is not a supported algorithm identifier.
-
- See :title:`mac-algorithms` for a list of defined MAC algorithms.
-
-.. macro:: PSA_ALG_IS_CIPHER
- :definition: /* specification-defined value */
-
- .. summary::
- Whether the specified algorithm is a symmetric cipher algorithm.
-
- .. param:: alg
- An algorithm identifier (value of type `psa_algorithm_t`).
-
- .. return::
- ``1`` if ``alg`` is a symmetric cipher algorithm, ``0`` otherwise. This macro can return either ``0`` or ``1`` if ``alg`` is not a supported algorithm identifier.
-
- See :title:`cipher-algorithms` for a list of defined cipher algorithms.
-
-.. macro:: PSA_ALG_IS_AEAD
- :definition: /* specification-defined value */
-
- .. summary::
- Whether the specified algorithm is an authenticated encryption with associated data (AEAD) algorithm.
-
- .. param:: alg
- An algorithm identifier (value of type `psa_algorithm_t`).
-
- .. return::
- ``1`` if ``alg`` is an AEAD algorithm, ``0`` otherwise. This macro can return either ``0`` or ``1`` if ``alg`` is not a supported algorithm identifier.
-
- See :title:`aead-algorithms` for a list of defined AEAD algorithms.
-
-.. macro:: PSA_ALG_IS_SIGN
- :definition: /* specification-defined value */
-
- .. summary::
- Whether the specified algorithm is a public-key signature algorithm.
-
- .. param:: alg
- An algorithm identifier (value of type `psa_algorithm_t`).
-
- .. return::
- ``1`` if ``alg`` is a public-key signature algorithm, ``0`` otherwise. This macro can return either ``0`` or ``1`` if ``alg`` is not a supported algorithm identifier.
-
- See :title:`sign-algorithms` for a list of defined signature algorithms.
-
-.. macro:: PSA_ALG_IS_ASYMMETRIC_ENCRYPTION
- :definition: /* specification-defined value */
-
- .. summary::
- Whether the specified algorithm is a public-key encryption algorithm.
-
- .. param:: alg
- An algorithm identifier (value of type `psa_algorithm_t`).
-
- .. return::
- ``1`` if ``alg`` is a public-key encryption algorithm, ``0`` otherwise. This macro can return either ``0`` or ``1`` if ``alg`` is not a supported algorithm identifier.
-
- See :title:`asymmetric-encryption-algorithms` for a list of defined asymmetric encryption algorithms.
-
-.. macro:: PSA_ALG_IS_KEY_AGREEMENT
- :definition: /* specification-defined value */
-
- .. summary::
- Whether the specified algorithm is a key agreement algorithm.
-
- .. param:: alg
- An algorithm identifier (value of type `psa_algorithm_t`).
-
- .. return::
- ``1`` if ``alg`` is a key agreement algorithm, ``0`` otherwise. This macro can return either ``0`` or ``1`` if ``alg`` is not a supported algorithm identifier.
-
- See :title:`key-agreement-algorithms` for a list of defined key agreement algorithms.
-
-.. macro:: PSA_ALG_IS_KEY_DERIVATION
- :definition: /* specification-defined value */
-
- .. summary::
- Whether the specified algorithm is a key derivation algorithm.
-
- .. param:: alg
- An algorithm identifier (value of type `psa_algorithm_t`).
-
- .. return::
- ``1`` if ``alg`` is a key derivation algorithm, ``0`` otherwise. This macro can return either ``0`` or ``1`` if ``alg`` is not a supported algorithm identifier.
-
- See :title:`key-derivation-algorithms` for a list of defined key derivation algorithms.
-
-.. macro:: PSA_ALG_IS_WILDCARD
- :definition: /* specification-defined value */
-
- .. summary::
- Whether the specified algorithm encoding is a wildcard.
-
- .. param:: alg
- An algorithm identifier (value of type `psa_algorithm_t`).
-
- .. return::
- ``1`` if ``alg`` is a wildcard algorithm encoding.
-
- ``0`` if ``alg`` is a non-wildcard algorithm encoding that is suitable for an operation.
-
- This macro can return either ``0`` or ``1`` if ``alg`` is not a supported algorithm identifier.
-
- Wildcard algorithm values can only be used to set the usage algorithm field in a policy, wildcard values cannot be used to perform an operation.
-
- See `PSA_ALG_ANY_HASH` for example of how a wildcard algorithm can be used in a key policy.
-
-.. macro:: PSA_ALG_GET_HASH
- :definition: /* specification-defined value */
-
- .. summary::
- Get the hash used by a composite algorithm.
-
- .. param:: alg
- An algorithm identifier (value of type `psa_algorithm_t`).
-
- .. return::
- The underlying hash algorithm if ``alg`` is a composite algorithm that uses a hash algorithm.
-
- `PSA_ALG_NONE` if ``alg`` is not a composite algorithm that uses a hash.
-
- The following composite algorithms require a hash algorithm:
-
- - `PSA_ALG_ECDSA()`
- - `PSA_ALG_HKDF()`
- - `PSA_ALG_HMAC()`
- - `PSA_ALG_RSA_OAEP()`
- - `PSA_ALG_IS_RSA_PKCS1V15_SIGN()`
- - `PSA_ALG_RSA_PSS()`
- - `PSA_ALG_TLS12_PRF()`
- - `PSA_ALG_TLS12_PSK_TO_MS()`
-
-Attribute accessors
--------------------
-
-.. function:: psa_set_key_algorithm
-
- .. summary::
- Declare the permitted algorithm policy for a key.
-
- .. param:: psa_key_attributes_t * attributes
- The attribute object to write to.
- .. param:: psa_algorithm_t alg
- The permitted algorithm policy to write.
-
- .. return:: void
-
- The permitted algorithm policy of a key encodes which algorithm or algorithms are permitted to be used with this key. The following algorithm policies are supported:
-
- * `PSA_ALG_NONE` does not allow any cryptographic operation with the key. The key can still be used for non-cryptographic actions such as exporting, if permitted by the usage flags.
- * An algorithm value permits this particular algorithm.
- * An algorithm wildcard built from `PSA_ALG_ANY_HASH` allows the specified signature scheme with any hash algorithm.
-
- This function overwrites any algorithm policy previously set in ``attributes``.
-
- .. admonition:: Implementation note
-
- This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:
-
- - This function can be declared as ``static`` or ``inline``, instead of using the default external linkage.
- - This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.
-
-.. function:: psa_get_key_algorithm
-
- .. summary::
- Retrieve the algorithm policy from key attributes.
-
- .. param:: const psa_key_attributes_t * attributes
- The key attribute object to query.
-
- .. return:: psa_algorithm_t
- The algorithm stored in the attribute object.
-
- .. admonition:: Implementation note
-
- This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:
-
- - This function can be declared as ``static`` or ``inline``, instead of using the default external linkage.
- - This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.
diff --git a/docs/html/_sources/api/keys/attributes.rst.txt b/docs/html/_sources/api/keys/attributes.rst.txt
deleted file mode 100644
index 1f849cf..0000000
--- a/docs/html/_sources/api/keys/attributes.rst.txt
+++ /dev/null
@@ -1,237 +0,0 @@
-.. _key-attributes:
-
-Key attributes
-==============
-
-Attribute types
----------------
-
-.. typedef:: uint32_t psa_key_lifetime_t
-
- .. summary::
- Encoding of key lifetimes.
-
- The lifetime of a key indicates where it is stored and which application and system actions will create and destroy it.
-
- Keys with the lifetime `PSA_KEY_LIFETIME_VOLATILE` are automatically destroyed when the application terminates or on a power reset.
-
- Keys with a lifetime other than `PSA_KEY_LIFETIME_VOLATILE` are said to be *persistent*. Persistent keys are preserved if the application or the system restarts. Persistent keys have a key identifier of type `psa_key_id_t`.
-
- See :title:`key-locations` for a list of defined key lifetimes.
-
-.. typedef:: uint32_t psa_key_id_t
-
- .. summary::
- Key identifier.
-
- A key identifiers can be a permanent name for a persistent key, or a transient reference to volatile key. The range of identifier values is divided as follows:
-
- :code:`PSA_KEY_ID_NULL`
- Reserved as an invalid key identifier.
- :code:`PSA_KEY_ID_USER_MIN - PSA_KEY_ID_USER_MAX`
- Applications can freely choose persistent key identifiers in this range.
- :code:`PSA_KEY_ID_VENDOR_MIN - PSA_KEY_ID_VENDOR_MAX`
- Implementations can define additional persistent key identifiers in this
- range, and allocate key identifiers for volatile keys from this range.
-
- Key identifiers outside these ranges are reserved for future use.
-
- See also :title:`key-ids`.
-
-.. typedef:: uint16_t psa_key_type_t
-
- .. summary::
- Encoding of a key type.
-
- This is a structured bitfield that identifies the category and type of key. The range of key type values is divided as follows:
-
- :code:`PSA_KEY_TYPE_NONE == 0`
- Reserved as an invalid key type.
- :code:`0x0001 - 0x7fff`
- Specification-defined key types.
- Key types defined by this standard always have bit 15 clear.
- Unallocated key type values in this range are reserved for future use.
- :code:`0x8000 - 0xffff`
- Implementation-defined key types.
- Implementations that define additional key types must use an encoding with bit 15 set.
- The related support macros will be easier to write if these key encodings also respect the bitwise structure used by standard encodings.
-
- See :title:`key-types` for a complete list of key types.
-
-.. typedef:: uint32_t psa_key_usage_t
-
- .. summary::
- Encoding of permitted usage on a key.
-
- See :title:`key-usage` for a full list of key usage policies.
-
-.. typedef:: uint32_t psa_algorithm_t
-
- .. summary::
- Encoding of a cryptographic algorithm.
-
- This is a structured bitfield that identifies the category and type of algorithm. The range of algorithm identifier values is divided as follows:
-
- :code:`0x00000000`
- Reserved as an invalid algorithm identifier.
- :code:`0x00000001 - 0x7fffffff`
- Specification-defined algorithm identifiers.
- Algorithm identifiers defined by this standard always have bit 31 clear.
- Unallocated algorithm identifier values in this range are reserved for future use.
- :code:`0x80000000 - 0xffffffff`
- Implementation-defined algorithm identifiers.
- Implementations that define additional algorithms must use an encoding with bit 31 set.
- The related support macros will be easier to write if these algorithm identifier encodings also respect the bitwise structure used by standard encodings.
-
- For algorithms that can be applied to multiple key types, this identifier does not encode the key type. For example, for symmetric ciphers based on a block cipher, `psa_algorithm_t` encodes the block cipher mode and the padding mode while the block cipher itself is encoded via `psa_key_type_t`.
-
- See :title:`algorithms` for a full list of algorithm identifiers.
-
-Managing attributes
--------------------
-
-.. typedef:: /* implementation-defined type */ psa_key_attributes_t
-
- .. summary::
- The type of an object containing key attributes.
-
- This is the object that represents the metadata of a key object. Metadata that can be stored in attributes includes:
-
- * The location of the key in storage, indicated by its key identifier and its lifetime.
- * The key's policy, comprising usage flags and a specification of the permitted algorithm(s).
- * Information about the key itself: the key type and its size.
- * Implementations can define additional attributes.
-
- The actual key material is not considered an attribute of a key. Key attributes do not contain information that is generally considered highly confidential.
-
- .. note::
- Implementations are recommended to define the attribute object as a simple data structure, with fields corresponding to the individual key attributes. In such an implementation, each function ``psa_set_key_xxx()`` sets a field and the corresponding function ``psa_get_key_xxx()`` retrieves the value of the field.
-
- An implementations can report attribute values that are equivalent to the original one, but have a different encoding. For example, an implementation can use a more compact representation for types where many bit-patterns are invalid or not supported, and store all values that it does not support as a special marker value. In such an implementation, after setting an invalid value, the corresponding get function returns an invalid value which might not be the one that was originally stored.
-
- This is an implementation-defined type. Applications that make assumptions about the content of this object will result in in implementation-specific behavior, and are non-portable.
-
- An attribute object can contain references to auxiliary resources, for example pointers to allocated memory or indirect references to pre-calculated values. In order to free such resources, the application must call `psa_reset_key_attributes()`. As an exception, calling `psa_reset_key_attributes()` on an attribute object is optional if the object has only been modified by the following functions since it was initialized or last reset with `psa_reset_key_attributes()`:
-
- * `psa_set_key_id()`
- * `psa_set_key_lifetime()`
- * `psa_set_key_type()`
- * `psa_set_key_bits()`
- * `psa_set_key_usage_flags()`
- * `psa_set_key_algorithm()`
-
- Before calling any function on a key attribute object, the application must initialize it by any of the following means:
-
- * Set the object to all-bits-zero, for example:
-
- .. autocode::
- psa_key_attributes_t attributes;
- memset(&attributes, 0, sizeof(attributes));
-
- * Initialize the object to logical zero values by declaring the object as static or global without an explicit initializer, for example:
-
- .. autocode::
- static psa_key_attributes_t attributes;
-
- * Initialize the object to the initializer `PSA_KEY_ATTRIBUTES_INIT`, for example:
-
- .. autocode::
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
-
- * Assign the result of the function `psa_key_attributes_init()` to the object, for example:
-
- .. autocode::
- psa_key_attributes_t attributes;
- attributes = psa_key_attributes_init();
-
- A freshly initialized attribute object contains the following values:
-
- .. tabularcolumns:: LL
-
- ============== =======
- Attribute Value
- ============== =======
- lifetime `PSA_KEY_LIFETIME_VOLATILE`.
- key identifier `PSA_KEY_ID_NULL` - which is not a valid key identifier.
- type `PSA_KEY_TYPE_NONE` - meaning that the type is unspecified.
- key size ``0`` - meaning that the size is unspecified.
- usage flags ``0`` - which allows no usage except exporting a public key.
- algorithm `PSA_ALG_NONE` - which does not allow cryptographic usage, but allows exporting.
- ============== =======
-
- .. rubric:: Usage
-
- A typical sequence to create a key is as follows:
-
- #. Create and initialize an attribute object.
- #. If the key is persistent, call `psa_set_key_id()`. Also call `psa_set_key_lifetime()` to place the key in a non-default location.
- #. Set the key policy with `psa_set_key_usage_flags()` and `psa_set_key_algorithm()`.
- #. Set the key type with `psa_set_key_type()`. Skip this step if copying an existing key with `psa_copy_key()`.
- #. When generating a random key with `psa_generate_key()` or deriving a key with `psa_key_derivation_output_key()`, set the desired key size with `psa_set_key_bits()`.
- #. Call a key creation function: `psa_import_key()`, `psa_generate_key()`, `psa_key_derivation_output_key()` or `psa_copy_key()`. This function reads the attribute object, creates a key with these attributes, and outputs an identifier for the newly created key.
- #. Optionally call `psa_reset_key_attributes()`, now that the attribute object is no longer needed. Currently this call is not required as the attributes defined in this specification do not require additional resources beyond the object itself.
-
- A typical sequence to query a key's attributes is as follows:
-
- #. Call `psa_get_key_attributes()`.
- #. Call ``psa_get_key_xxx()`` functions to retrieve the required attribute(s).
- #. Call `psa_reset_key_attributes()` to free any resources that can be used by the attribute object.
-
- Once a key has been created, it is impossible to change its attributes.
-
-.. macro:: PSA_KEY_ATTRIBUTES_INIT
- :definition: /* implementation-defined value */
-
- .. summary::
- This macro returns a suitable initializer for a key attribute object of type `psa_key_attributes_t`.
-
-.. function:: psa_key_attributes_init
-
- .. summary::
- Return an initial value for a key attribute object.
-
- .. return:: psa_key_attributes_t
-
-.. function:: psa_get_key_attributes
-
- .. summary::
- Retrieve the attributes of a key.
-
- .. param:: psa_key_id_t key
- Identifier of the key to query.
- .. param:: psa_key_attributes_t * attributes
- On entry, ``*attributes`` must be in a valid state. On successful return, it contains the attributes of the key. On failure, it is equivalent to a freshly-initialized attribute object.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- .. retval:: PSA_ERROR_INVALID_HANDLE
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_STORAGE_FAILURE
- .. retval:: PSA_ERROR_DATA_CORRUPT
- .. retval:: PSA_ERROR_DATA_INVALID
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- This function first resets the attribute object as with `psa_reset_key_attributes()`. It then copies the attributes of the given key into the given attribute object.
-
- .. note::
- This function clears any previous content from the attribute object and therefore expects it to be in a valid state. In particular, if this function is called on a newly allocated attribute object, the attribute object must be initialized before calling this function.
-
- .. note::
- This function might allocate memory or other resources. Once this function has been called on an attribute object, `psa_reset_key_attributes()` must be called to free these resources.
-
-.. function:: psa_reset_key_attributes
-
- .. summary::
- Reset a key attribute object to a freshly initialized state.
-
- .. param:: psa_key_attributes_t * attributes
- The attribute object to reset.
-
- .. return:: void
-
- The attribute object must be initialized as described in the documentation of the type `psa_key_attributes_t` before calling this function. Once the object has been initialized, this function can be called at any time.
-
- This function frees any auxiliary resources that the object might contain.
diff --git a/docs/html/_sources/api/keys/index.rst.txt b/docs/html/_sources/api/keys/index.rst.txt
deleted file mode 100644
index 934dac9..0000000
--- a/docs/html/_sources/api/keys/index.rst.txt
+++ /dev/null
@@ -1,14 +0,0 @@
-.. _key-management:
-
-~~~~~~~~~~~~~~~~~~~~~~~~
-Key management reference
-~~~~~~~~~~~~~~~~~~~~~~~~
-
-.. toctree::
-
- attributes
- locations
- types
- usage
- algorithms
- management
diff --git a/docs/html/_sources/api/keys/locations.rst.txt b/docs/html/_sources/api/keys/locations.rst.txt
deleted file mode 100644
index 9f71fef..0000000
--- a/docs/html/_sources/api/keys/locations.rst.txt
+++ /dev/null
@@ -1,149 +0,0 @@
-.. _key-locations:
-
-Key locations
-=============
-
-Key lifetimes
--------------
-
-.. macro:: PSA_KEY_LIFETIME_VOLATILE
- :definition: ((psa_key_lifetime_t)0x00000000)
-
- .. summary::
- A lifetime value that indicates a volatile key.
-
- A volatile key only exists as long as the identifier to it is not destroyed.
-
- The key material is guaranteed to be erased on a power reset.
-
-.. macro:: PSA_KEY_LIFETIME_PERSISTENT
- :definition: ((psa_key_lifetime_t)0x00000001)
-
- .. summary::
- The default storage area for persistent keys.
-
- A persistent key remains in storage until it is explicitly destroyed or until the corresponding storage area is wiped. This specification does not define any mechanism to wipe a storage area. Implementations are permitted to provide their own mechanism, for example, to perform a factory reset, to prepare for device refurbishment, or to uninstall an application.
-
- This lifetime value is the default storage area for the calling application. Implementations can offer other storage areas designated by other lifetime values as implementation-specific extensions.
-
-.. _key_identifiers:
-
-Key identifiers
----------------
-
-.. macro:: PSA_KEY_ID_NULL
- :definition: ((psa_key_id_t)0)
-
- .. summary::
- The null key identifier.
-
- The null key identifier is always invalid, except when used without in a call to `psa_destroy_key()` which will return `PSA_SUCCESS`.
-
-.. macro:: PSA_KEY_ID_USER_MIN
- :definition: ((psa_key_id_t)0x00000001)
-
- .. summary::
- The minimum value for a key identifier chosen by the application.
-
-.. macro:: PSA_KEY_ID_USER_MAX
- :definition: ((psa_key_id_t)0x3fffffff)
-
- .. summary::
- The maximum value for a key identifier chosen by the application.
-
-.. macro:: PSA_KEY_ID_VENDOR_MIN
- :definition: ((psa_key_id_t)0x40000000)
-
- .. summary::
- The minimum value for a key identifier chosen by the implementation.
-
-.. macro:: PSA_KEY_ID_VENDOR_MAX
- :definition: ((psa_key_id_t)0x7fffffff)
-
- .. summary::
- The maximum value for a key identifier chosen by the implementation.
-
-Attribute accessors
--------------------
-
-.. function:: psa_set_key_lifetime
-
- .. summary::
- Set the location of a persistent key.
-
- .. param:: psa_key_attributes_t * attributes
- The attribute object to write to.
- .. param:: psa_key_lifetime_t lifetime
- The lifetime for the key. If this is `PSA_KEY_LIFETIME_VOLATILE`, the key will be volatile, and the key identifier attribute is reset to `PSA_KEY_ID_NULL`.
-
- .. return:: void
-
- To make a key persistent, give it a persistent key identifier by using `psa_set_key_id()`. By default, a key that has a persistent identifier is stored in the default storage area identifier by `PSA_KEY_LIFETIME_PERSISTENT`. Call this function to choose a storage area, or to explicitly declare the key as volatile.
-
- This function does not access storage, it merely stores the given value in the attribute object. The persistent key will be written to storage when the attribute object is passed to a key creation function such as `psa_import_key()`, `psa_generate_key()`, `psa_key_derivation_output_key()` or `psa_copy_key()`.
-
- .. admonition:: Implementation note
-
- This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:
-
- - This function can be declared as ``static`` or ``inline``, instead of using the default external linkage.
- - This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.
-
-.. function:: psa_get_key_lifetime
-
- .. summary::
- Retrieve the lifetime from key attributes.
-
- .. param:: const psa_key_attributes_t * attributes
- The key attribute object to query.
-
- .. return:: psa_key_lifetime_t
- The lifetime value stored in the attribute object.
-
- .. admonition:: Implementation note
-
- This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:
-
- - This function can be declared as ``static`` or ``inline``, instead of using the default external linkage.
- - This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.
-
-.. function:: psa_set_key_id
-
- .. summary::
- Declare a key as persistent and set its key identifier.
-
- .. param:: psa_key_attributes_t * attributes
- The attribute object to write to.
- .. param:: psa_key_id_t id
- The persistent identifier for the key.
-
- .. return:: void
-
- If the attribute object currently declares the key as volatile, which is the default lifetime of an attribute object, this function sets the lifetime attribute to `PSA_KEY_LIFETIME_PERSISTENT`.
-
- This function does not access storage, it merely stores the given value in the attribute object. The persistent key will be written to storage when the attribute object is passed to a key creation function such as `psa_import_key()`, `psa_generate_key()`, `psa_key_derivation_output_key()` or `psa_copy_key()`.
-
- .. admonition:: Implementation note
-
- This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:
-
- - This function can be declared as ``static`` or ``inline``, instead of using the default external linkage.
- - This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.
-
-.. function:: psa_get_key_id
-
- .. summary::
- Retrieve the key identifier from key attributes.
-
- .. param:: const psa_key_attributes_t * attributes
- The key attribute object to query.
-
- .. return:: psa_key_id_t
- The persistent identifier stored in the attribute object. This value is unspecified if the attribute object declares the key as volatile.
-
- .. admonition:: Implementation note
-
- This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:
-
- - This function can be declared as ``static`` or ``inline``, instead of using the default external linkage.
- - This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.
diff --git a/docs/html/_sources/api/keys/management.rst.txt b/docs/html/_sources/api/keys/management.rst.txt
deleted file mode 100644
index e03e570..0000000
--- a/docs/html/_sources/api/keys/management.rst.txt
+++ /dev/null
@@ -1,496 +0,0 @@
-Key management functions
-========================
-
-.. _key-creation:
-
-Key creation
-------------
-
-.. function:: psa_import_key
-
- .. summary::
- Import a key in binary format.
-
- .. param:: const psa_key_attributes_t * attributes
- The attributes for the new key. The key size is always determined from the ``data`` buffer. If the key size in ``attributes`` is nonzero, it must be equal to the size from ``data``.
- .. param:: const uint8_t * data
- Buffer containing the key data.
- The content of this buffer is interpreted according to the type declared in ``attributes``.
- All implementations must support at least the format described in the documentation of `psa_export_key()` or `psa_export_public_key()` for the chosen type.
- Implementations can support other formats, but be conservative in interpreting the key data: it is recommended that implementations reject content if it might be erroneous, for example, if it is the wrong type or is truncated.
- .. param:: size_t data_length
- Size of the ``data`` buffer in bytes.
- .. param:: psa_key_id_t * key
- On success, an identifier for the newly created key. `PSA_KEY_ID_NULL` on failure.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- Success. If the key is persistent, the key material and the key's metadata have been saved to persistent storage.
- .. retval:: PSA_ERROR_ALREADY_EXISTS
- This is an attempt to create a persistent key, and there is already a persistent key with the given identifier.
- .. retval:: PSA_ERROR_NOT_SUPPORTED
- The key type or key size is not supported, either by the implementation in general or in this particular persistent location.
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- The key attributes, as a whole, are invalid.
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- The key data is not correctly formatted.
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- The size in ``attributes`` is nonzero and does not match the size of the key data.
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_INSUFFICIENT_STORAGE
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_STORAGE_FAILURE
- .. retval:: PSA_ERROR_DATA_CORRUPT
- .. retval:: PSA_ERROR_DATA_INVALID
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- This function supports any output from `psa_export_key()`. Refer to the documentation of `psa_export_public_key()` for the format of public keys and to the documentation of `psa_export_key()` for the format for other key types.
-
- The key data determines the key size. The attributes can optionally specify a key size; in this case it must match the size determined from the key data. A key size of ``0`` in ``attributes`` indicates that the key size is solely determined by the key data.
-
- Implementations must reject an attempt to import a key of size ``0``.
-
- This specification defines a single format for each key type. Implementations can optionally support other formats in addition to the standard format. It is recommended that implementations that support other formats ensure that the formats are clearly unambiguous, to minimize the risk that an invalid input is accidentally interpreted according to a different format.
-
-.. function:: psa_generate_key
-
- .. summary::
- Generate a key or key pair.
-
- .. param:: const psa_key_attributes_t * attributes
- The attributes for the new key.
- .. param:: psa_key_id_t * key
- On success, an identifier for the newly created key. `PSA_KEY_ID_NULL` on failure.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- Success. If the key is persistent, the key material and the key's metadata have been saved to persistent storage.
- .. retval:: PSA_ERROR_ALREADY_EXISTS
- This is an attempt to create a persistent key, and there is already a persistent key with the given identifier.
- .. retval:: PSA_ERROR_NOT_SUPPORTED
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_INSUFFICIENT_ENTROPY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_INSUFFICIENT_STORAGE
- .. retval:: PSA_ERROR_STORAGE_FAILURE
- .. retval:: PSA_ERROR_DATA_CORRUPT
- .. retval:: PSA_ERROR_DATA_INVALID
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- The key is generated randomly. Its location, usage policy, type and size are taken from ``attributes``.
-
- Implementations must reject an attempt to generate a key of size ``0``.
-
- The following type-specific considerations apply:
-
- * For RSA keys (`PSA_KEY_TYPE_RSA_KEY_PAIR`), the public exponent is 65537. The modulus is a product of two probabilistic primes between 2^{n-1} and 2^n where n is the bit size specified in the attributes.
-
-.. function:: psa_copy_key
-
- .. summary::
- Make a copy of a key.
-
- .. param:: psa_key_id_t source_key
- The key to copy.
- It must allow the usage `PSA_KEY_USAGE_COPY`.
- If a private or secret key is being copied outside of a secure element it must also allow `PSA_KEY_USAGE_EXPORT`.
- .. param:: const psa_key_attributes_t * attributes
- The attributes for the new key. They are used as follows:
-
- * The key type and size can be ``0``. If either is nonzero, it must match the corresponding attribute of the source key.
- * The key location (the lifetime and, for persistent keys, the key identifier) is used directly.
- * The policy constraints (usage flags and algorithm policy) are combined from the source key and ``attributes`` so that both sets of restrictions apply, as described in the documentation of this function.
-
- .. param:: psa_key_id_t * target_key
- On success, an identifier for the newly created key. `PSA_KEY_ID_NULL` on failure.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- .. retval:: PSA_ERROR_INVALID_HANDLE
- ``source_key`` is invalid.
- .. retval:: PSA_ERROR_ALREADY_EXISTS
- This is an attempt to create a persistent key, and there is already a persistent key with the given identifier.
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- The lifetime or identifier in ``attributes`` are invalid.
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- The policy constraints on ``source_key`` and specified in ``attributes`` are incompatible.
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- ``attributes`` specifies a key type or key size which does not match the attributes of ``source key``.
- .. retval:: PSA_ERROR_NOT_PERMITTED
- ``source_key`` does not have the `PSA_KEY_USAGE_COPY` usage flag.
- .. retval:: PSA_ERROR_NOT_PERMITTED
- ``source_key`` does not have the `PSA_KEY_USAGE_EXPORT` usage flag and its lifetime does not allow copying it to the target's lifetime.
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_INSUFFICIENT_STORAGE
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_STORAGE_FAILURE
- .. retval:: PSA_ERROR_DATA_CORRUPT
- .. retval:: PSA_ERROR_DATA_INVALID
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- Copy key material from one location to another.
-
- This function is primarily useful to copy a key from one location to another, as it populates a key using the material from another key which can have a different lifetime.
-
- This function can be used to share a key with a different party, subject to implementation-defined restrictions on key sharing.
-
- The policy on the source key must have the usage flag `PSA_KEY_USAGE_COPY` set. This flag is sufficient to permit the copy if the key has the lifetime `PSA_KEY_LIFETIME_VOLATILE` or `PSA_KEY_LIFETIME_PERSISTENT`. Some secure elements do not provide a way to copy a key without making it extractable from the secure element. If a key is located in such a secure element, then the key must have both usage flags `PSA_KEY_USAGE_COPY` and `PSA_KEY_USAGE_EXPORT` in order to make a copy of the key outside the secure element.
-
- The resulting key can only be used in a way that conforms to both the policy of the original key and the policy specified in the ``attributes`` parameter:
-
- * The usage flags on the resulting key are the bitwise-and of the usage flags on the source policy and the usage flags in ``attributes``.
- * If both allow the same algorithm or wildcard-based algorithm policy, the resulting key has the same algorithm policy.
- * If either of the policies allows an algorithm and the other policy allows a wildcard-based algorithm policy that includes this algorithm, the resulting key allows the same algorithm.
- * If the policies do not allow any algorithm in common, this function fails with the status `PSA_ERROR_INVALID_ARGUMENT`.
-
- The effect of this function on implementation-defined attributes is implementation-defined.
-
-
-.. _key-destruction:
-
-Key destruction
----------------
-
-.. function:: psa_destroy_key
-
- .. summary::
- Destroy a key.
-
- .. param:: psa_key_id_t key
- Identifier of the key to erase.
- If this is `PSA_KEY_ID_NULL`, do nothing and return `PSA_SUCCESS`.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- ``key`` was a valid key identifier and the key material that it referred to has been erased.
- Alternatively, ``key`` is `PSA_KEY_ID_NULL`.
- .. retval:: PSA_ERROR_NOT_PERMITTED
- The key cannot be erased because it is read-only, either due to a policy or due to physical restrictions.
- .. retval:: PSA_ERROR_INVALID_HANDLE
- ``key`` is not a valid handle nor `PSA_KEY_ID_NULL`.
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- There was an failure in communication with the cryptoprocessor. The key material might still be present in the cryptoprocessor.
- .. retval:: PSA_ERROR_STORAGE_FAILURE
- The storage operation failed. Implementations must make a best effort to erase key material even in this situation, however, it might be impossible to guarantee that the key material is not recoverable in such cases.
- .. retval:: PSA_ERROR_DATA_CORRUPT
- The storage is corrupted. Implementations must make a best effort to erase key material even in this situation, however, it might be impossible to guarantee that the key material is not recoverable in such cases.
- .. retval:: PSA_ERROR_DATA_INVALID
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- An unexpected condition which is not a storage corruption or a communication failure occurred. The cryptoprocessor might have been compromised.
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- This function destroys a key from both volatile memory and, if applicable, non-volatile storage. Implementations must make a best effort to ensure that that the key material cannot be recovered.
-
- This function also erases any metadata such as policies and frees resources associated with the key.
-
- Destroying the key makes the key identifier invalid, and the key identifier must not be used again by the application.
-
- If a key is currently in use in a multi-part operation, then destroying the key will cause the multi-part operation to fail.
-
-.. function:: psa_purge_key
-
- .. summary::
- Remove non-essential copies of key material from memory.
-
- .. param:: psa_key_id_t key
- Identifier of the key to purge.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- The key material will have been removed from memory if it is not currently required.
- .. retval:: PSA_ERROR_INVALID_HANDLE
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_STORAGE_FAILURE
- .. retval:: PSA_ERROR_DATA_CORRUPT
- .. retval:: PSA_ERROR_DATA_INVALID
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- An implementation is permitted to make additional copies of key material
- For keys that have been created with the `PSA_KEY_USAGE_CACHE` policy, an implementation is permitted to make additional copies of the key material that are not in storage and not for the purpose of ongoing operations.
-
- This function will remove these extra copies of the key material from memory.
-
- This function is not required to remove key material from memory in any of the following situations:
-
- - The key is currently in use in a cryptographic operation.
- - The key is volatile.
-
- See also :title:`key-material`.
-
-
-.. _key-export:
-
-Key export
-----------
-
-.. function:: psa_export_key
-
- .. summary::
- Export a key in binary format.
-
- .. param:: psa_key_id_t key
- Identifier of the key to export.
- It must allow the usage `PSA_KEY_USAGE_EXPORT`, unless it is a public key.
- .. param:: uint8_t * data
- Buffer where the key data is to be written.
- .. param:: size_t data_size
- Size of the ``data`` buffer in bytes.
- This must be appropriate for the key:
-
- * The required output size is :code:`PSA_EXPORT_KEY_OUTPUT_SIZE(type, bits)` where ``type`` is the key type and ``bits`` is the key size in bits.
- * For asymmetric keys, `PSA_EXPORT_KEY_PAIR_MAX_SIZE` evaluates to the maximum output size of any supported public key or key pair.
-
- .. param:: size_t * data_length
- On success, the number of bytes that make up the key data.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- .. retval:: PSA_ERROR_INVALID_HANDLE
- .. retval:: PSA_ERROR_NOT_PERMITTED
- The key does not have the `PSA_KEY_USAGE_EXPORT` flag.
- .. retval:: PSA_ERROR_NOT_SUPPORTED
- .. retval:: PSA_ERROR_BUFFER_TOO_SMALL
- The size of the ``data`` buffer is too small.
- `PSA_EXPORT_KEY_OUTPUT_SIZE()` or `PSA_EXPORT_KEY_PAIR_MAX_SIZE` can be used to determine the required buffer size.
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_STORAGE_FAILURE
- .. retval:: PSA_ERROR_DATA_CORRUPT
- .. retval:: PSA_ERROR_DATA_INVALID
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- The output of this function can be passed to `psa_import_key()` to create an equivalent object.
-
- If the implementation of `psa_import_key()` supports other formats beyond the format specified here, the output from `psa_export_key()` must use the representation specified here, not the original representation.
-
- For standard key types, the output format is as follows:
-
- * For symmetric keys, including MAC keys, the format is the raw bytes of the key.
-
- * For DES, the key data consists of 8 bytes. The parity bits must be correct.
-
- * For Triple-DES, the format is the concatenation of the two or three DES keys.
-
- * For RSA key pairs, with key type `PSA_KEY_TYPE_RSA_KEY_PAIR`, the format is the non-encrypted DER encoding of the representation defined by PKCS#1 in :RFC:`8017` as ``RSAPrivateKey``, version ``0``.
-
- .. code:: none
-
- RSAPrivateKey ::= SEQUENCE {
- version INTEGER, -- must be 0
- modulus INTEGER, -- n
- publicExponent INTEGER, -- e
- privateExponent INTEGER, -- d
- prime1 INTEGER, -- p
- prime2 INTEGER, -- q
- exponent1 INTEGER, -- d mod (p-1)
- exponent2 INTEGER, -- d mod (q-1)
- coefficient INTEGER, -- (inverse of q) mod p
- }
-
- * For elliptic curve key pairs, with key types for which `PSA_KEY_TYPE_IS_ECC_KEY_PAIR()` is true, the format is a representation of the private value.
-
- - For Weierstrass curve families ``PSA_ECC_FAMILY_SECT_XX``, ``PSA_ECC_FAMILY_SECP_XX``, `PSA_ECC_FAMILY_FRP` and `PSA_ECC_FAMILY_BRAINPOOL_P_R1`, the content of the ``privateKey`` field of the ``ECPrivateKey`` format defined by :RFC:`5915`. This is a ``ceiling(m/8)``-byte string in big-endian order where ``m`` is the key size in bits.
-
- - For curve family `PSA_ECC_FAMILY_MONTGOMERY`, the scalar value of the 'private key' in little-endian order as defined by :RFC:`7748#6`. This is a ``ceiling(m/8)``-byte string where ``m`` is the key size in bits. This is 32 bytes for Curve25519, and 56 bytes for Curve448.
-
- * For Diffie-Hellman key exchange key pairs, with key types for which `PSA_KEY_TYPE_IS_DH_KEY_PAIR()` is true, the format is the representation of the private key ``x`` as a big-endian byte string. The length of the byte string is the private key size in bytes, and leading zeroes are not stripped.
-
- * For public keys, with key types for which `PSA_KEY_TYPE_IS_PUBLIC_KEY()` is true, the format is the same as for `psa_export_public_key()`.
-
- The policy on the key must have the usage flag `PSA_KEY_USAGE_EXPORT` set.
-
-.. function:: psa_export_public_key
-
- .. summary::
- Export a public key or the public part of a key pair in binary format.
-
- .. param:: psa_key_id_t key
- Identifier of the key to export.
- .. param:: uint8_t * data
- Buffer where the key data is to be written.
- .. param:: size_t data_size
- Size of the ``data`` buffer in bytes.
- This must be appropriate for the key:
-
- * The required output size is :code:`PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(type, bits)` where ``type`` is the key type and ``bits`` is the key size in bits.
- * `PSA_EXPORT_PUBLIC_KEY_MAX_SIZE` evaluates to the maximum output size of any supported public key or public part of a key pair.
-
- .. param:: size_t * data_length
- On success, the number of bytes that make up the key data.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- .. retval:: PSA_ERROR_INVALID_HANDLE
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- The key is neither a public key nor a key pair.
- .. retval:: PSA_ERROR_NOT_SUPPORTED
- .. retval:: PSA_ERROR_BUFFER_TOO_SMALL
- The size of the ``data`` buffer is too small.
- `PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE()` or `PSA_EXPORT_PUBLIC_KEY_MAX_SIZE` can be used to determine the required buffer size.
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_STORAGE_FAILURE
- .. retval:: PSA_ERROR_DATA_CORRUPT
- .. retval:: PSA_ERROR_DATA_INVALID
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- The output of this function can be passed to `psa_import_key()` to create an object that is equivalent to the public key.
-
- If the implementation of `psa_import_key()` supports other formats beyond the format specified here, the output from `psa_export_public_key()` must use the representation specified here, not the original representation.
-
- For standard key types, the output format is as follows:
-
- * For RSA public keys, with key type `PSA_KEY_TYPE_RSA_PUBLIC_KEY`, the DER encoding of the representation defined by :RFC:`3279#2.3.1` as ``RSAPublicKey``.
-
- .. code:: none
-
- RSAPublicKey ::= SEQUENCE {
- modulus INTEGER, -- n
- publicExponent INTEGER } -- e
-
- * For elliptic curve key pairs, with key types for which `PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY()` is true, the format depends on the key family:
-
- - For Weierstrass curve families ``PSA_ECC_FAMILY_SECT_XX``, ``PSA_ECC_FAMILY_SECP_XX``, `PSA_ECC_FAMILY_FRP` and `PSA_ECC_FAMILY_BRAINPOOL_P_R1`, the uncompressed representation defined by *Standards for Efficient Cryptography*, |SEC1|_ §2.3.3 as the content of an ``ECPoint``. If ``m`` is the bit size associated with the curve, i.e. the bit size of ``q`` for a curve over ``F_q``. The representation consists of:
-
- * The byte ``0x04``;
- * ``x_P`` as a ``ceiling(m/8)``-byte string, big-endian;
- * ``y_P`` as a ``ceiling(m/8)``-byte string, big-endian.
-
- .. |SEC1| replace:: *SEC 1: Elliptic Curve Cryptography*
- .. _SEC1: https://www.secg.org/sec1-v2.pdf
-
- - For curve family `PSA_ECC_FAMILY_MONTGOMERY`, the scalar value of the 'public key' in little-endian order as defined by :RFC:`7748#6`. This is a ``ceiling(m/8)``-byte string where ``m`` is the key size in bits.
-
- * This is 32 bytes for Curve25519, computed as ``X25519(private_key, 9)``.
- * This is 56 bytes for Curve448, computed as ``X448(private_key, 5)``.
-
- * For Diffie-Hellman key exchange public keys, with key types for which `PSA_KEY_TYPE_IS_DH_PUBLIC_KEY` is true, the format is the representation of the public key ``y = g^x mod p`` as a big-endian byte string. The length of the byte string is the length of the base prime ``p`` in bytes.
-
- Exporting a public key object or the public part of a key pair is always permitted, regardless of the key's usage flags.
-
-.. macro:: PSA_EXPORT_KEY_OUTPUT_SIZE
- :definition: /* implementation-defined value */
-
- .. summary::
- Sufficient output buffer size for `psa_export_key()`.
-
- .. param:: key_type
- A supported key type.
- .. param:: key_bits
- The size of the key in bits.
-
- .. return::
- If the parameters are valid and supported, return a buffer size in bytes that guarantees that `psa_export_key()` or `psa_export_public_key()` will not fail with `PSA_ERROR_BUFFER_TOO_SMALL`. If the parameters are a valid combination that is not supported by the implementation, this macro must return either a sensible size or ``0``. If the parameters are not valid, the return value is unspecified.
-
- This macro returns a compile-time constant if its arguments are compile-time constants.
-
- .. warning::
- This function can evaluate its arguments multiple times or zero times. Providing arguments that have side effects will result in implementation-specific behavior, and is non-portable.
-
- The following code illustrates how to allocate enough memory to export a key by querying the key type and size at runtime.
-
- .. autocode::
-
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_status_t status;
- status = psa_get_key_attributes(key, &attributes);
- if (status != PSA_SUCCESS)
- handle_error(...);
- psa_key_type_t key_type = psa_get_key_type(&attributes);
- size_t key_bits = psa_get_key_bits(&attributes);
- size_t buffer_size = PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits);
- psa_reset_key_attributes(&attributes);
- uint8_t *buffer = malloc(buffer_size);
- if (buffer == NULL)
- handle_error(...);
- size_t buffer_length;
- status = psa_export_key(key, buffer, buffer_size, &buffer_length);
- if (status != PSA_SUCCESS)
- handle_error(...);
-
- See also `PSA_EXPORT_KEY_PAIR_MAX_SIZE` and `PSA_EXPORT_PUBLIC_KEY_MAX_SIZE`.
-
-.. macro:: PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE
- :definition: /* implementation-defined value */
-
- .. summary::
- Sufficient output buffer size for `psa_export_public_key()`.
-
- .. param:: key_type
- A public key or key pair key type.
- .. param:: key_bits
- The size of the key in bits.
-
- .. return::
- If the parameters are valid and supported, return a buffer size in bytes that guarantees that `psa_export_public_key()` will not fail with `PSA_ERROR_BUFFER_TOO_SMALL`. If the parameters are a valid combination that is not supported by the implementation, this macro must return either a sensible size or ``0``. If the parameters are not valid, the return value is unspecified.
-
- If the parameters are valid and supported, it is recommended that this macro returns the same result as :code:`PSA_EXPORT_KEY_OUTPUT_SIZE(PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(key_type), key_bits)`.
-
- This macro returns a compile-time constant if its arguments are compile-time constants.
-
- .. warning::
- This function can evaluate its arguments multiple times or zero times. Providing arguments that have side effects will result in implementation-specific behavior, and is non-portable.
-
- The following code illustrates how to allocate enough memory to export a public key by querying the key type and size at runtime.
-
- .. autocode::
-
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_status_t status;
- status = psa_get_key_attributes(key, &attributes);
- if (status != PSA_SUCCESS)
- handle_error(...);
- psa_key_type_t key_type = psa_get_key_type(&attributes);
- size_t key_bits = psa_get_key_bits(&attributes);
- size_t buffer_size = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, key_bits);
- psa_reset_key_attributes(&attributes);
- uint8_t *buffer = malloc(buffer_size);
- if (buffer == NULL)
- handle_error(...);
- size_t buffer_length;
- status = psa_export_public_key(key, buffer, buffer_size, &buffer_length);
- if (status != PSA_SUCCESS)
- handle_error(...);
-
- See also `PSA_EXPORT_PUBLIC_KEY_MAX_SIZE`.
-
-.. macro:: PSA_EXPORT_KEY_PAIR_MAX_SIZE
- :definition: /* implementation-defined value */
-
- .. summary::
- Sufficient buffer size for exporting any asymmetric key pair.
-
- This macro must expand to a compile-time constant integer.
- This value must be a sufficient buffer size when calling `psa_export_key()` to export any asymmetric key pair that is supported by the implementation, regardless of the exact key type and key size.
-
- See also `PSA_EXPORT_KEY_OUTPUT_SIZE()`.
-
-.. macro:: PSA_EXPORT_PUBLIC_KEY_MAX_SIZE
- :definition: /* implementation-defined value */
-
- .. summary::
- Sufficient buffer size for exporting any asymmetric public key.
-
- This macro must expand to a compile-time constant integer.
- This value must be a sufficient buffer size when calling `psa_export_key()` or `psa_export_public_key()` to export any asymmetric public key that is supported by the implementation, regardless of the exact key type and key size.
-
- See also `PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE()`.
diff --git a/docs/html/_sources/api/keys/types.rst.txt b/docs/html/_sources/api/keys/types.rst.txt
deleted file mode 100644
index d33b32f..0000000
--- a/docs/html/_sources/api/keys/types.rst.txt
+++ /dev/null
@@ -1,610 +0,0 @@
-.. _key-types:
-
-Key types
-=========
-
-Key categories
---------------
-
-.. macro:: PSA_KEY_TYPE_NONE
- :definition: ((psa_key_type_t)0x0000)
-
- .. summary::
- An invalid key type value.
-
- Zero is not the encoding of any key type.
-
-.. macro:: PSA_KEY_TYPE_IS_UNSTRUCTURED
- :definition: /* specification-defined value */
-
- .. summary::
- Whether a key type is an unstructured array of bytes.
-
- .. param:: type
- A key type (value of type `psa_key_type_t`).
-
- This encompasses both symmetric keys and non-key data.
-
- See :title:`symmetric-keys` for a list of symmetric key types.
-
-.. macro:: PSA_KEY_TYPE_IS_ASYMMETRIC
- :definition: /* specification-defined value */
-
- .. summary::
- Whether a key type is asymmetric: either a key pair or a public key.
-
- .. param:: type
- A key type (value of type `psa_key_type_t`).
-
- See :title:`asymmetric-keys` for a list of asymmetric key types.
-
-.. macro:: PSA_KEY_TYPE_IS_PUBLIC_KEY
- :definition: /* specification-defined value */
-
- .. summary::
- Whether a key type is the public part of a key pair.
-
- .. param:: type
- A key type (value of type `psa_key_type_t`).
-
-.. macro:: PSA_KEY_TYPE_IS_KEY_PAIR
- :definition: /* specification-defined value */
-
- .. summary::
- Whether a key type is a key pair containing a private part and a public part.
-
- .. param:: type
- A key type (value of type `psa_key_type_t`).
-
-
-.. _symmetric-keys:
-
-Symmetric keys
---------------
-
-.. macro:: PSA_KEY_TYPE_RAW_DATA
- :definition: ((psa_key_type_t)0x1001)
-
- .. summary::
- Raw data.
-
- A "key" of this type cannot be used for any cryptographic operation. Applications can use this type to store arbitrary data in the keystore.
-
-.. macro:: PSA_KEY_TYPE_HMAC
- :definition: ((psa_key_type_t)0x1100)
-
- .. summary::
- HMAC key.
-
- The key policy determines which underlying hash algorithm the key can be used for.
-
- HMAC keys typically have the same size as the underlying hash. This size can be calculated with :code:`PSA_HASH_LENGTH(alg)` where ``alg`` is the HMAC algorithm or the underlying hash algorithm.
-
-.. macro:: PSA_KEY_TYPE_DERIVE
- :definition: ((psa_key_type_t)0x1200)
-
- .. summary::
- A secret for key derivation.
-
- The key policy determines which key derivation algorithm the key can be used for.
-
-.. macro:: PSA_KEY_TYPE_AES
- :definition: ((psa_key_type_t)0x2400)
-
- .. summary::
- Key for a cipher, AEAD or MAC algorithm based on the AES block cipher.
-
- The size of the key can be 16 bytes (AES-128), 24 bytes (AES-192) or 32 bytes (AES-256).
-
-.. macro:: PSA_KEY_TYPE_DES
- :definition: ((psa_key_type_t)0x2301)
-
- .. summary::
- Key for a cipher or MAC algorithm based on DES or 3DES (Triple-DES).
-
- The size of the key can be 8 bytes (single DES), 16 bytes (2-key 3DES) or 24 bytes (3-key 3DES).
-
- .. warning::
- Single DES and 2-key 3DES are weak and strongly deprecated and are only recommended for decrypting legacy data.
-
- 3-key 3DES is weak and deprecated and is only recommended for use in legacy protocols.
-
-.. macro:: PSA_KEY_TYPE_CAMELLIA
- :definition: ((psa_key_type_t)0x2403)
-
- .. summary::
- Key for a cipher, AEAD or MAC algorithm based on the Camellia block cipher.
-
-.. macro:: PSA_KEY_TYPE_ARC4
- :definition: ((psa_key_type_t)0x2002)
-
- .. summary::
- Key for the RC4 stream cipher.
-
- Use algorithm `PSA_ALG_STREAM_CIPHER` to use this key with the ARC4 cipher.
-
- .. warning::
- The RC4 cipher is weak and deprecated and is only recommended for use in legacy protocols.
-
- The ARC4 cipher does not use an initialization vector (IV). When using a multi-part cipher operation with the `PSA_ALG_STREAM_CIPHER` algorithm and an ARC4 key, `psa_cipher_generate_iv()` and `psa_cipher_set_iv()` must not be called.
-
-.. macro:: PSA_KEY_TYPE_CHACHA20
- :definition: ((psa_key_type_t)0x2004)
-
- .. summary::
- Key for the ChaCha20 stream cipher or the Chacha20-Poly1305 AEAD algorithm.
-
- ChaCha20 and the ChaCha20_Poly1305 construction are defined in :RFC:`7539`.
-
- Variants of these algorithms are defined by the length of the nonce:
-
- - Implementations must support a 12-byte nonce, as defined in :RFC:`7539`.
- - Implementations can optionally support an 8-byte nonce, the original variant.
- - It is recommended that implementations do not support other sizes of nonce.
-
- Use algorithm `PSA_ALG_STREAM_CIPHER` to use this key with the ChaCha20 cipher for unauthenticated encryption.
-
-
-.. _asymmetric-keys:
-
-RSA keys
---------
-
-.. macro:: PSA_KEY_TYPE_RSA_PUBLIC_KEY
- :definition: ((psa_key_type_t)0x4001)
-
- .. summary::
- RSA public key.
-
-.. macro:: PSA_KEY_TYPE_RSA_KEY_PAIR
- :definition: ((psa_key_type_t)0x7001)
-
- .. summary::
- RSA key pair: both the private and public key.
-
-.. macro:: PSA_KEY_TYPE_IS_RSA
- :definition: /* specification-defined value */
-
- .. summary::
- Whether a key type is an RSA key. This includes both key pairs and public keys.
-
- .. param:: type
- A key type (value of type `psa_key_type_t`).
-
-Elliptic Curve keys
--------------------
-
-.. typedef:: uint8_t psa_ecc_family_t
-
- .. summary::
- The type of PSA elliptic curve family identifiers.
-
- The curve identifier is required to create an ECC key using the `PSA_KEY_TYPE_ECC_KEY_PAIR()` or `PSA_KEY_TYPE_ECC_PUBLIC_KEY()` macros.
-
- The specific ECC curve within a family is identified by the ``key_bits`` attribute of the key.
-
- The range of Elliptic curve family identifier values is divided as follows:
-
- :code:`0x00 - 0x7f`
- ECC family identifiers defined by this standard.
- Unallocated values in this range are reserved for future use.
- :code:`0x80 - 0xff`
- Implementations that define additional families must use an encoding in this range.
-
-.. macro:: PSA_KEY_TYPE_ECC_KEY_PAIR
- :definition: /* specification-defined value */
-
- .. summary::
- Elliptic curve key pair: both the private and public key.
-
- .. param:: curve
- A value of type `psa_ecc_family_t` that identifies the ECC curve family to be used.
-
-.. macro:: PSA_KEY_TYPE_ECC_PUBLIC_KEY
- :definition: /* specification-defined value */
-
- .. summary::
- Elliptic curve public key.
-
- .. param:: curve
- A value of type `psa_ecc_family_t` that identifies the ECC curve family to be used.
-
-
-.. macro:: PSA_ECC_FAMILY_SECP_K1
- :definition: ((psa_ecc_family_t) 0x17)
-
- .. summary::
- SEC Koblitz curves over prime fields.
-
- This family comprises the following curves:
-
- - secp192k1 : ``key_bits = 192``
- - secp224k1 : ``key_bits = 225``
- - secp256k1 : ``key_bits = 256``
-
- They are defined in *Standards for Efficient Cryptography*, |SEC2|_.
-
- .. |SEC2| replace:: *SEC 2: Recommended Elliptic Curve Domain Parameters*
- .. _SEC2: https://www.secg.org/sec2-v2.pdf
-
-.. macro:: PSA_ECC_FAMILY_SECP_R1
- :definition: ((psa_ecc_family_t) 0x12)
-
- .. summary::
- SEC random curves over prime fields.
-
- This family comprises the following curves:
-
- - secp192r1 : ``key_bits = 192``
- - secp224r1 : ``key_bits = 224``
- - secp256r1 : ``key_bits = 256``
- - secp384r1 : ``key_bits = 384``
- - secp521r1 : ``key_bits = 512``
-
- They are defined in *Standards for Efficient Cryptography*, |SEC2|_
-
-.. macro:: PSA_ECC_FAMILY_SECP_R2
- :definition: ((psa_ecc_family_t) 0x1b)
-
- .. summary::
- .. warning::
- This family of curves is weak and deprecated.
-
- This family comprises the following curves:
-
- - secp160r2 : ``key_bits = 160`` *(Deprecated)*
-
- It is defined in the superseded |SEC2v1|_.
-
- .. |SEC2v1| replace:: *SEC 2: Recommended Elliptic Curve Domain Parameters, Version 1.0*
- .. _SEC2v1: https://www.secg.org/SEC2-Ver-1.0.pdf
-
-.. macro:: PSA_ECC_FAMILY_SECT_K1
- :definition: ((psa_ecc_family_t) 0x27)
-
- .. summary::
- SEC Koblitz curves over binary fields.
-
- This family comprises the following curves:
-
- - sect163k1 : ``key_bits = 163`` *(Deprecated)*
- - sect233k1 : ``key_bits = 233``
- - sect239k1 : ``key_bits = 239``
- - sect283k1 : ``key_bits = 283``
- - sect409k1 : ``key_bits = 409``
- - sect571k1 : ``key_bits = 571``
-
- They are defined in *Standards for Efficient Cryptography*, |SEC2|_
-
- .. warning::
- The 163-bit curve sect163k1 is weak and deprecated and is only recommended for use in legacy protocols.
-
-.. macro:: PSA_ECC_FAMILY_SECT_R1
- :definition: ((psa_ecc_family_t) 0x22)
-
- .. summary::
- SEC random curves over binary fields.
-
- This family comprises the following curves:
-
- - sect163r1 : ``key_bits = 163`` *(Deprecated)*
- - sect233r1 : ``key_bits = 233``
- - sect283r1 : ``key_bits = 283``
- - sect409r1 : ``key_bits = 409``
- - sect571r1 : ``key_bits = 571``
-
- They are defined in *Standards for Efficient Cryptography*, |SEC2|_
-
- .. warning::
- The 163-bit curve sect163r1 is weak and deprecated and is only recommended for use in legacy protocols.
-
-.. macro:: PSA_ECC_FAMILY_SECT_R2
- :definition: ((psa_ecc_family_t) 0x2b)
-
- .. summary::
- SEC additional random curves over binary fields.
-
- This family comprises the following curves:
-
- - sect163r2 : ``key_bits = 163`` *(Deprecated)*
-
- It is defined in *Standards for Efficient Cryptography*, |SEC2|_
-
- .. warning::
- The 163-bit curve sect163r2 is weak and deprecated and is only recommended for use in legacy protocols.
-
-.. macro:: PSA_ECC_FAMILY_BRAINPOOL_P_R1
- :definition: ((psa_ecc_family_t) 0x30)
-
- .. summary::
- Brainpool P random curves.
-
- This family comprises the following curves:
-
- - brainpoolP160r1 : ``key_bits = 160`` *(Deprecated)*
- - brainpoolP192r1 : ``key_bits = 192``
- - brainpoolP224r1 : ``key_bits = 224``
- - brainpoolP256r1 : ``key_bits = 256``
- - brainpoolP320r1 : ``key_bits = 320``
- - brainpoolP384r1 : ``key_bits = 384``
- - brainpoolP512r1 : ``key_bits = 512``
-
- They are defined in :rfc:`5639`.
-
- .. warning::
- The 160-bit curve brainpoolP160r1 is weak and deprecated and is only recommended for use in legacy protocols.
-
-.. macro:: PSA_ECC_FAMILY_FRP
- :definition: ((psa_ecc_family_t) 0x33)
-
- .. summary::
- Curve used primarily in France and elsewhere in Europe.
-
- This family comprises one 256-bit curve:
-
- - FRP256v1 : ``key_bits = 256``
-
- This is defined by *Agence nationale de la sécurité des systèmes d'information* in |FRP|_, 21 November 2011.
-
- .. |FRP| replace:: *Publication d'un paramétrage de courbe elliptique visant des applications de passeport électronique et de l'administration électronique française*
- .. _FRP: https://www.ssi.gouv.fr/agence/publication/publication-dun-parametrage-de-courbe-elliptique-visant-des-applications-de-passeport-electronique-et-de-ladministration-electronique-francaise/
-
-.. macro:: PSA_ECC_FAMILY_MONTGOMERY
- :definition: ((psa_ecc_family_t) 0x41)
-
- .. summary::
- Montgomery curves.
-
- This family comprises the following Montgomery curves:
-
- - Curve25519 : ``key_bits = 255``
-
- This curve is defined in Bernstein et al., |Curve25519|_, LNCS 3958, 2006.
-
- .. |Curve25519| replace:: *Curve25519: new Diffie-Hellman speed records*
- .. _Curve25519: https://www.iacr.org/archive/pkc2006/39580209/39580209.pdf
-
- The algorithm `PSA_ALG_ECDH` performs X25519 when used with this curve.
-
- - Curve448 : ``key_bits = 448``
-
- This curve is defined in Hamburg, |Ed448|_, NIST ECC Workshop, 2015.
-
- .. |Ed448| replace:: *Ed448-Goldilocks, a new elliptic curve*
- .. _Ed448: https://eprint.iacr.org/2015/625.pdf
-
- The algorithm `PSA_ALG_ECDH` performs X448 when used with this curve.
-
-.. macro:: PSA_KEY_TYPE_IS_ECC
- :definition: /* specification-defined value */
-
- .. summary::
- Whether a key type is an elliptic curve key, either a key pair or a public key.
-
- .. param:: type
- A key type (value of type `psa_key_type_t`).
-
-.. macro:: PSA_KEY_TYPE_IS_ECC_KEY_PAIR
- :definition: /* specification-defined value */
-
- .. summary::
- Whether a key type is an elliptic curve key pair.
-
- .. param:: type
- A key type (value of type `psa_key_type_t`).
-
-.. macro:: PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY
- :definition: /* specification-defined value */
-
- .. summary::
- Whether a key type is an elliptic curve public key.
-
- .. param:: type
- A key type (value of type `psa_key_type_t`).
-
-.. macro:: PSA_KEY_TYPE_ECC_GET_FAMILY
- :definition: /* specification-defined value */
-
- .. summary::
- Extract the curve family from an elliptic curve key type.
-
- .. param:: type
- An elliptic curve key type (value of type `psa_key_type_t` such that :code:`PSA_KEY_TYPE_IS_ECC(type)` is true).
-
- .. return:: psa_ecc_family_t
- The elliptic curve family id, if ``type`` is a supported elliptic curve key. Unspecified if ``type`` is not a supported elliptic curve key.
-
-Diffie Hellman keys
--------------------
-
-.. typedef:: uint8_t psa_dh_family_t
-
- .. summary::
- The type of PSA Diffie-Hellman group family identifiers.
-
- The group family identifier is required to create an Diffie-Hellman key using the `PSA_KEY_TYPE_DH_KEY_PAIR()` or `PSA_KEY_TYPE_DH_PUBLIC_KEY()` macros.
-
- The specific Diffie-Hellman group within a family is identified by the ``key_bits`` attribute of the key.
-
- The range of Diffie-Hellman group family identifier values is divided as follows:
-
- :code:`0x00 - 0x7f`
- DH group family identifiers defined by this standard.
- Unallocated values in this range are reserved for future use.
- :code:`0x80 - 0xff`
- Implementations that define additional families must use an encoding in this range.
-
-.. macro:: PSA_KEY_TYPE_DH_KEY_PAIR
- :definition: /* specification-defined value */
-
- .. summary::
- Diffie-Hellman key pair: both the private key and public key.
-
- .. param:: group
- A value of type `psa_dh_family_t` that identifies the Diffie-Hellman group family to be used.
-
-.. macro:: PSA_KEY_TYPE_DH_PUBLIC_KEY
- :definition: /* specification-defined value */
-
- .. summary::
- Diffie-Hellman public key.
-
- .. param:: group
- A value of type `psa_dh_family_t` that identifies the Diffie-Hellman group family to be used.
-
-.. macro:: PSA_DH_FAMILY_RFC7919
- :definition: ((psa_dh_family_t) 0x03)
-
- .. summary::
- Diffie-Hellman groups defined in :rfc:`7919#A`.
-
- This family includes groups with the following key sizes (in bits): 2048, 3072, 4096, 6144, 8192.
- An implementation can support all of these sizes or only a subset.
-
-.. macro:: PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY
- :definition: /* specification-defined value */
-
- .. summary::
- The key pair type corresponding to a public key type.
-
- .. param:: type
- A public key type or key pair type.
-
- .. return::
- The corresponding key pair type. If ``type`` is not a public key or a key pair, the return value is undefined.
-
- If ``type`` is a key pair type, it will be left unchanged.
-
-.. macro:: PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR
- :definition: /* specification-defined value */
-
- .. summary::
- The public key type corresponding to a key pair type.
-
- .. param:: type
- A public key type or key pair type.
-
- .. return::
- The corresponding public key type. If ``type`` is not a public key or a key pair, the return value is undefined.
-
- If ``type`` is a public key type, it will be left unchanged.
-
-.. macro:: PSA_KEY_TYPE_IS_DH
- :definition: /* specification-defined value */
-
- .. summary::
- Whether a key type is a Diffie-Hellman key, either a key pair or a public key.
-
- .. param:: type
- A key type (value of type `psa_key_type_t`).
-
-.. macro:: PSA_KEY_TYPE_IS_DH_KEY_PAIR
- :definition: /* specification-defined value */
-
- .. summary::
- Whether a key type is a Diffie-Hellman key pair.
-
- .. param:: type
- A key type (value of type `psa_key_type_t`).
-
-.. macro:: PSA_KEY_TYPE_IS_DH_PUBLIC_KEY
- :definition: /* specification-defined value */
-
- .. summary::
- Whether a key type is a Diffie-Hellman public key.
-
- .. param:: type
- A key type (value of type `psa_key_type_t`).
-
-.. macro:: PSA_KEY_TYPE_DH_GET_FAMILY
- :definition: /* specification-defined value */
-
- .. summary::
- Extract the group family from a Diffie-Hellman key type.
-
- .. param:: type
- A Diffie-Hellman key type (value of type `psa_key_type_t` such that :code:`PSA_KEY_TYPE_IS_DH(type)` is true).
-
- .. return:: psa_dh_family_t
- The Diffie-Hellman group family id, if ``type`` is a supported Diffie-Hellman key. Unspecified if ``type`` is not a supported Diffie-Hellman key.
-
-Attribute accessors
--------------------
-
-.. function:: psa_set_key_type
-
- .. summary::
- Declare the type of a key.
-
- .. param:: psa_key_attributes_t * attributes
- The attribute object to write to.
- .. param:: psa_key_type_t type
- The key type to write. If this is `PSA_KEY_TYPE_NONE`, the key type in ``attributes`` becomes unspecified.
-
- .. return:: void
-
- This function overwrites any key type previously set in ``attributes``.
-
- .. admonition:: Implementation note
-
- This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:
-
- - This function can be declared as ``static`` or ``inline``, instead of using the default external linkage.
- - This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.
-
-.. function:: psa_get_key_type
-
- .. summary::
- Retrieve the key type from key attributes.
-
- .. param:: const psa_key_attributes_t * attributes
- The key attribute object to query.
-
- .. return:: psa_key_type_t
- The key type stored in the attribute object.
-
- .. admonition:: Implementation note
-
- This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:
-
- - This function can be declared as ``static`` or ``inline``, instead of using the default external linkage.
- - This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.
-
-.. function:: psa_get_key_bits
-
- .. summary::
- Retrieve the key size from key attributes.
-
- .. param:: const psa_key_attributes_t * attributes
- The key attribute object to query.
-
- .. return:: size_t
- The key size stored in the attribute object, in bits.
-
- .. admonition:: Implementation note
-
- This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:
-
- - This function can be declared as ``static`` or ``inline``, instead of using the default external linkage.
- - This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.
-
-.. function:: psa_set_key_bits
-
- .. summary::
- Declare the size of a key.
-
- .. param:: psa_key_attributes_t * attributes
- The attribute object to write to.
- .. param:: size_t bits
- The key size in bits. If this is ``0``, the key size in ``attributes`` becomes unspecified. Keys of size ``0`` are not supported.
-
- .. return:: void
-
- This function overwrites any key size previously set in ``attributes``.
-
- .. admonition:: Implementation note
-
- This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:
-
- - This function can be declared as ``static`` or ``inline``, instead of using the default external linkage.
- - This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.
diff --git a/docs/html/_sources/api/keys/usage.rst.txt b/docs/html/_sources/api/keys/usage.rst.txt
deleted file mode 100644
index e41d6ab..0000000
--- a/docs/html/_sources/api/keys/usage.rst.txt
+++ /dev/null
@@ -1,190 +0,0 @@
-.. _key-usage:
-
-Key policies
-============
-
-Key usage flags
----------------
-
-.. macro:: PSA_KEY_USAGE_EXPORT
- :definition: ((psa_key_usage_t)0x00000001)
-
- .. summary::
- Permission to export the key.
-
- This flag allows the use of `psa_export_key()` to export a key from the cryptoprocessor. A public key or the public part of a key pair can always be exported regardless of the value of this permission flag.
-
- This flag can also be required to copy a key using `psa_copy_key()` outside of a secure element. See also `PSA_KEY_USAGE_COPY`.
-
- If a key does not have export permission, implementations must not allow the key to be exported in plain form from the cryptoprocessor, whether through `psa_export_key()` or through a proprietary interface. The key might still be exportable in a wrapped form, i.e. in a form where it is encrypted by another key.
-
-.. macro:: PSA_KEY_USAGE_COPY
- :definition: ((psa_key_usage_t)0x00000002)
-
- .. summary::
- Permission to copy the key.
-
- This flag allows the use of `psa_copy_key()` to make a copy of the key with the same policy or a more restrictive policy.
-
- For lifetimes for which the key is located in a secure element which enforce the non-exportability of keys, copying a key outside the secure element also requires the usage flag `PSA_KEY_USAGE_EXPORT`. Copying the key inside the secure element is permitted with just `PSA_KEY_USAGE_COPY` if the secure element supports it. For keys with the lifetime `PSA_KEY_LIFETIME_VOLATILE` or `PSA_KEY_LIFETIME_PERSISTENT`, the usage flag `PSA_KEY_USAGE_COPY` is sufficient to permit the copy.
-
-.. macro:: PSA_KEY_USAGE_CACHE
- :definition: ((psa_key_usage_t)0x00000004)
-
- .. summary::
- Permission for the implementation to cache the key.
-
- This flag allows the implementation to make additional copies of the key material that are not in storage and not for the purpose of an ongoing operation. Applications can use it as a hint to keep the key around for repeated access.
-
- An application can request that cached key material is removed from memory by calling `psa_purge_key()`.
-
- The presence of this key policy when creating a key is a hint:
-
- - An implementation is not required to cache keys that have this policy.
- - An implementation must not report an error if it does not cache keys.
-
- If this key policy is not present, the implementation must ensure key material is removed from memory as soon as it is not required for an operation or for maintenance of a volatile key.
-
- This flag must be preserved when reading back the attributes for all keys, regardless of key type or implementation behavior.
-
- See also :title:`key-material`.
-
-.. macro:: PSA_KEY_USAGE_ENCRYPT
- :definition: ((psa_key_usage_t)0x00000100)
-
- .. summary::
- Permission to encrypt a message with the key.
-
- This flag allows the key to be used for a symmetric encryption operation, for an AEAD encryption-and-authentication operation, or for an asymmetric encryption operation, if otherwise permitted by the key's type and policy. The flag must be present on keys used with the following APIs:
-
- * `psa_cipher_encrypt()`
- * `psa_cipher_encrypt_setup()`
- * `psa_aead_encrypt()`
- * `psa_aead_encrypt_setup()`
- * `psa_asymmetric_encrypt()`
-
- For a key pair, this concerns the public key.
-
-.. macro:: PSA_KEY_USAGE_DECRYPT
- :definition: ((psa_key_usage_t)0x00000200)
-
- .. summary::
- Permission to decrypt a message with the key.
-
- This flag allows the key to be used for a symmetric decryption operation, for an AEAD decryption-and-verification operation, or for an asymmetric decryption operation, if otherwise permitted by the key's type and policy. The flag must be present on keys used with the following APIs:
-
- * `psa_cipher_decrypt()`
- * `psa_cipher_decrypt_setup()`
- * `psa_aead_decrypt()`
- * `psa_aead_decrypt_setup()`
- * `psa_asymmetric_decrypt()`
-
- For a key pair, this concerns the private key.
-
-.. macro:: PSA_KEY_USAGE_SIGN_MESSAGE
- :definition: ((psa_key_usage_t)0x00000400)
-
- .. summary::
- Permission to sign a message with the key.
-
- This flag allows the key to be used for a MAC calculation operation or for an asymmetric message signature operation, if otherwise permitted by the key's type and policy. The flag must be present on keys used with the following APIs:
-
- * `psa_mac_compute()`
- * `psa_mac_sign_setup()`
- * `psa_sign_message()`
-
- For a key pair, this concerns the private key.
-
-.. macro:: PSA_KEY_USAGE_VERIFY_MESSAGE
- :definition: ((psa_key_usage_t)0x00000800)
-
- .. summary::
- Permission to verify a message signature with the key.
-
- This flag allows the key to be used for a MAC verification operation or for an asymmetric message signature verification operation, if otherwise permitted by the key's type and policy. The flag must be present on keys used with the following APIs:
-
- * `psa_mac_verify()`
- * `psa_mac_verify_setup()`
- * `psa_verify_message()`
-
- For a key pair, this concerns the public key.
-
-.. macro:: PSA_KEY_USAGE_SIGN_HASH
- :definition: ((psa_key_usage_t)0x00001000)
-
- .. summary::
- Permission to sign a message hash with the key.
-
- This flag allows the key to be used to sign a message hash as part of an asymmetric signature operation, if otherwise permitted by the key's type and policy. The flag must be present on keys used when calling `psa_sign_hash()`.
-
- This flag automatically sets `PSA_KEY_USAGE_SIGN_MESSAGE`: if an application sets the flag `PSA_KEY_USAGE_SIGN_HASH` when creating a key, then the key always has the permissions conveyed by `PSA_KEY_USAGE_SIGN_MESSAGE`, and the flag `PSA_KEY_USAGE_SIGN_MESSAGE` will also be present when the application queries the usage policy of the key.
-
- For a key pair, this concerns the private key.
-
-.. macro:: PSA_KEY_USAGE_VERIFY_HASH
- :definition: ((psa_key_usage_t)0x00002000)
-
- .. summary::
- Permission to verify a message hash with the key.
-
- This flag allows the key to be used to verify a message hash as part of an asymmetric signature verification operation, if otherwise permitted by the key's type and policy. The flag must be present on keys used when calling `psa_verify_hash()`.
-
- This flag automatically sets `PSA_KEY_USAGE_VERIFY_MESSAGE`: if an application sets the flag `PSA_KEY_USAGE_VERIFY_HASH` when creating a key, then the key always has the permissions conveyed by `PSA_KEY_USAGE_VERIFY_MESSAGE`, and the flag `PSA_KEY_USAGE_VERIFY_MESSAGE` will also be present when the application queries the usage policy of the key.
-
- For a key pair, this concerns the public key.
-
-.. macro:: PSA_KEY_USAGE_DERIVE
- :definition: ((psa_key_usage_t)0x00004000)
-
- .. summary::
- Permission to derive other keys from this key.
-
- This flag allows the key to be used for a key derivation operation or for a key agreement operation, if otherwise permitted by by the key's type and policy. The flag must be present on keys used with the following APIs:
-
- * `psa_key_derivation_input_key()`
- * `psa_key_derivation_key_agreement()`
- * `psa_raw_key_agreement()`
-
-Attribute accessors
--------------------
-
-.. function:: psa_set_key_usage_flags
-
- .. summary::
- Declare usage flags for a key.
-
- .. param:: psa_key_attributes_t * attributes
- The attribute object to write to.
- .. param:: psa_key_usage_t usage_flags
- The usage flags to write.
-
- .. return:: void
-
- Usage flags are part of a key's usage policy. They encode what kind of operations are permitted on the key. For more details, refer to the documentation of the type `psa_key_usage_t`.
-
- This function overwrites any usage flags previously set in ``attributes``.
-
- .. admonition:: Implementation note
-
- This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:
-
- - This function can be declared as ``static`` or ``inline``, instead of using the default external linkage.
- - This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.
-
-.. function:: psa_get_key_usage_flags
-
- .. summary::
- Retrieve the usage flags from key attributes.
-
- .. param:: const psa_key_attributes_t * attributes
- The key attribute object to query.
-
- .. return:: psa_key_usage_t
- The usage flags stored in the attribute object.
-
- .. admonition:: Implementation note
-
- This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:
-
- - This function can be declared as ``static`` or ``inline``, instead of using the default external linkage.
- - This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.
diff --git a/docs/html/_sources/api/library/index.rst.txt b/docs/html/_sources/api/library/index.rst.txt
deleted file mode 100644
index be63207..0000000
--- a/docs/html/_sources/api/library/index.rst.txt
+++ /dev/null
@@ -1,11 +0,0 @@
-.. _api-reference:
-.. _library-management:
-
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-Library management reference
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-.. toctree::
-
- status
- library
diff --git a/docs/html/_sources/api/library/library.rst.txt b/docs/html/_sources/api/library/library.rst.txt
deleted file mode 100644
index 8956282..0000000
--- a/docs/html/_sources/api/library/library.rst.txt
+++ /dev/null
@@ -1,46 +0,0 @@
-PSA Crypto library
-==================
-
-.. _api-version:
-
-API version
------------
-
-.. macro:: PSA_CRYPTO_API_VERSION_MAJOR
- :definition: 1
-
- .. summary::
- The major version of this implementation of the PSA Crypto API.
-
-.. macro:: PSA_CRYPTO_API_VERSION_MINOR
- :definition: 0
-
- .. summary::
- The minor version of this implementation of the PSA Crypto API.
-
-.. _library-init:
-
-Library initialization
-----------------------
-
-.. function:: psa_crypto_init
-
- .. summary::
- Library initialization.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_INSUFFICIENT_ENTROPY
-
- Applications must call this function before calling any other function in this module.
-
- Applications are permitted to call this function more than once. Once a call succeeds, subsequent calls are guaranteed to succeed.
-
- If the application calls other functions before calling `psa_crypto_init()`, the behavior is undefined. In this situation:
-
- * Implementations are encouraged to either perform the operation as if the library had been initialized or to return `PSA_ERROR_BAD_STATE` or some other applicable error.
- * Implementations must not return a success status if the lack of initialization might have security implications, for example due to improper seeding of the random number generator.
diff --git a/docs/html/_sources/api/library/status.rst.txt b/docs/html/_sources/api/library/status.rst.txt
deleted file mode 100644
index 4d0c6a1..0000000
--- a/docs/html/_sources/api/library/status.rst.txt
+++ /dev/null
@@ -1,250 +0,0 @@
-.. _status-codes:
-
-PSA status codes
-================
-
-Status type
------------
-
-.. typedef:: int32_t psa_status_t
-
- .. summary::
- Function return status.
-
- This is either `PSA_SUCCESS`, which is zero, indicating success; or a small negative value indicating that an error occurred. Errors are encoded as one of the ``PSA_ERROR_xxx`` values defined here.
-
-Success codes
--------------
-
-.. macro:: PSA_SUCCESS
- :definition: ((psa_status_t)0)
-
- .. summary::
- The action was completed successfully.
-
-Error codes
------------
-
-.. macro:: PSA_ERROR_GENERIC_ERROR
- :definition: ((psa_status_t)-132)
-
- .. summary::
- An error occurred that does not correspond to any defined failure cause.
-
- Implementations can use this error code if none of the other standard error codes are applicable.
-
-.. macro:: PSA_ERROR_NOT_SUPPORTED
- :definition: ((psa_status_t)-134)
-
- .. summary::
- The requested operation or a parameter is not supported by this implementation.
-
- It is recommended that implementations return this error code when an enumeration parameter such as a key type, algorithm, etc. is not recognized. If a combination of parameters is recognized and identified as not valid, return `PSA_ERROR_INVALID_ARGUMENT` instead.
-
-.. macro:: PSA_ERROR_NOT_PERMITTED
- :definition: ((psa_status_t)-133)
-
- .. summary::
- The requested action is denied by a policy.
-
- It is recommended that implementations return this error code when the parameters are recognized as valid and supported, and a policy explicitly denies the requested operation.
-
- If a subset of the parameters of a function call identify a forbidden operation, and another subset of the parameters are not valid or not supported, it is unspecified whether the function returns `PSA_ERROR_NOT_PERMITTED`, `PSA_ERROR_NOT_SUPPORTED` or `PSA_ERROR_INVALID_ARGUMENT`.
-
-.. macro:: PSA_ERROR_BUFFER_TOO_SMALL
- :definition: ((psa_status_t)-138)
-
- .. summary::
- An output buffer is too small.
-
- Applications can call the ``PSA_xxx_SIZE`` macro listed in the function description to determine a sufficient buffer size.
-
- It is recommended that implementations only return this error code in cases when performing the operation with a larger output buffer would succeed. However, implementations can also return this error if a function has invalid or unsupported parameters in addition to an insufficient output buffer size.
-
-.. macro:: PSA_ERROR_ALREADY_EXISTS
- :definition: ((psa_status_t)-139)
-
- .. summary::
- Asking for an item that already exists.
-
- It is recommended that implementations return this error code when attempting to write to a location where a key is already present.
-
-.. macro:: PSA_ERROR_DOES_NOT_EXIST
- :definition: ((psa_status_t)-140)
-
- .. summary::
- Asking for an item that doesn't exist.
-
- It is recommended that implementations return this error code if a requested key does not exist.
-
-.. macro:: PSA_ERROR_BAD_STATE
- :definition: ((psa_status_t)-137)
-
- .. summary::
- The requested action cannot be performed in the current state.
-
- Multi-part operations return this error when one of the functions is called out of sequence. Refer to the function descriptions for permitted sequencing of functions.
-
- Implementations must not return this error code to indicate that a key either exists or not, but must instead return `PSA_ERROR_ALREADY_EXISTS` or `PSA_ERROR_DOES_NOT_EXIST` as applicable.
-
- Implementations must not return this error code to indicate that a key identifier is invalid, but must return `PSA_ERROR_INVALID_HANDLE` instead.
-
-.. macro:: PSA_ERROR_INVALID_ARGUMENT
- :definition: ((psa_status_t)-135)
-
- .. summary::
- The parameters passed to the function are invalid.
-
- Implementations can return this error any time a parameter or combination of parameters are recognized as invalid.
-
- Implementations must not return this error code to indicate that a key identifier is invalid, but must return `PSA_ERROR_INVALID_HANDLE` instead.
-
-.. macro:: PSA_ERROR_INSUFFICIENT_MEMORY
- :definition: ((psa_status_t)-141)
-
- .. summary::
- There is not enough runtime memory.
-
- If the action is carried out across multiple security realms, this error can refer to available memory in any of the security realms.
-
-.. macro:: PSA_ERROR_INSUFFICIENT_STORAGE
- :definition: ((psa_status_t)-142)
-
- .. summary::
- There is not enough persistent storage.
-
- Functions that modify the key storage return this error code if there is insufficient storage space on the host media. In addition, many functions that do not otherwise access storage might return this error code if the implementation requires a mandatory log entry for the requested action and the log storage space is full.
-
-.. macro:: PSA_ERROR_COMMUNICATION_FAILURE
- :definition: ((psa_status_t)-145)
-
- .. summary::
- There was a communication failure inside the implementation.
-
- This can indicate a communication failure between the application and an external cryptoprocessor or between the cryptoprocessor and an external volatile or persistent memory. A communication failure can be transient or permanent depending on the cause.
-
- .. warning::
- If a function returns this error, it is undetermined whether the requested action has completed. Returning `PSA_SUCCESS` is recommended on successful completion whenever possible, however functions can return `PSA_ERROR_COMMUNICATION_FAILURE` if the requested action was completed successfully in an external cryptoprocessor but there was a breakdown of communication before the cryptoprocessor could report the status to the application.
-
-.. macro:: PSA_ERROR_STORAGE_FAILURE
- :definition: ((psa_status_t)-146)
-
- .. summary::
- There was a storage failure that might have led to data loss.
-
- This error indicates that some persistent storage could not be read or written by the implementation. It does not indicate the following situations, which have specific error codes:
-
- * A corruption of volatile memory - use `PSA_ERROR_CORRUPTION_DETECTED`.
- * A communication error between the cryptoprocessor and its external storage - use `PSA_ERROR_COMMUNICATION_FAILURE`.
- * When the storage is in a valid state but is full - use `PSA_ERROR_INSUFFICIENT_STORAGE`.
- * When the storage or stored data is corrupted - use `PSA_ERROR_DATA_CORRUPT`.
- * When the stored data is not valid - use `PSA_ERROR_DATA_INVALID`.
-
- A storage failure does not indicate that any data that was previously read is invalid. However this previously read data might no longer be readable from storage.
-
- When a storage failure occurs, it is no longer possible to ensure the global integrity of the keystore. Depending on the global integrity guarantees offered by the implementation, access to other data might fail even if the data is still readable but its integrity cannot be guaranteed.
-
- It is recommended to only use this error code to report a permanent storage corruption. However application writers must keep in mind that transient errors while reading the storage might be reported using this error code.
-
-.. macro:: PSA_ERROR_DATA_CORRUPT
- :definition: ((psa_status_t)-152)
-
- .. summary::
- Stored data has been corrupted.
-
- This error indicates that some persistent storage has suffered corruption. It does not indicate the following situations, which have specific error codes:
-
- * A corruption of volatile memory - use `PSA_ERROR_CORRUPTION_DETECTED`.
- * A communication error between the cryptoprocessor and its external storage - use `PSA_ERROR_COMMUNICATION_FAILURE`.
- * When the storage is in a valid state but is full - use `PSA_ERROR_INSUFFICIENT_STORAGE`.
- * When the storage fails for other reasons - use `PSA_ERROR_STORAGE_FAILURE`.
- * When the stored data is not valid - use `PSA_ERROR_DATA_INVALID`.
-
- Note that a storage corruption does not indicate that any data that was previously read is invalid. However this previously read data might no longer be readable from storage.
-
- When a storage failure occurs, it is no longer possible to ensure the global integrity of the keystore. Depending on the global integrity guarantees offered by the implementation, access to other data might fail even if the data is still readable but its integrity cannot be guaranteed.
-
- It is recommended to only use this error code to report when a storage component indicates that the stored data is corrupt, or fails an integrity check. For example, in situations that the PSA Internal Trusted Storage API reports `PSA_ERROR_DATA_CORRUPT` or `PSA_ERROR_INVALID_SIGNATURE`.
-
-.. macro:: PSA_ERROR_DATA_INVALID
- :definition: ((psa_status_t)-153)
-
- .. summary::
- Data read from storage is not valid for the implementation.
-
- This error indicates that some data read from storage does not have a valid format. It does not indicate the following situations, which have specific error codes:
-
- * When the storage or stored data is corrupted - use `PSA_ERROR_DATA_CORRUPT`.
- * When the storage fails for other reasons - use `PSA_ERROR_STORAGE_FAILURE`.
- * An invalid argument to the API - use `PSA_ERROR_INVALID_ARGUMENT`.
-
- This error is typically a result of an integration failure, where the implementation reading the data is not compatible with the implementation that stored the data.
-
- It is recommended to only use this error code to report when data that is successfully read from storage is invalid.
-
-.. macro:: PSA_ERROR_HARDWARE_FAILURE
- :definition: ((psa_status_t)-147)
-
- .. summary::
- A hardware failure was detected.
-
- A hardware failure can be transient or permanent depending on the cause.
-
-.. macro:: PSA_ERROR_CORRUPTION_DETECTED
- :definition: ((psa_status_t)-151)
-
- .. summary::
- A tampering attempt was detected.
-
- If an application receives this error code, there is no guarantee that previously accessed or computed data was correct and remains confidential. In this situation, it is recommended that applications perform no further security functions and enter a safe failure state.
-
- Implementations can return this error code if they detect an invalid state that cannot happen during normal operation and that indicates that the implementation's security guarantees no longer hold. Depending on the implementation architecture and on its security and safety goals, the implementation might forcibly terminate the application.
-
- This error code is intended as a last resort when a security breach is detected and it is unsure whether the keystore data is still protected. Implementations must only return this error code to report an alarm from a tampering detector, to indicate that the confidentiality of stored data can no longer be guaranteed, or to indicate that the integrity of previously returned data is now considered compromised. Implementations must not use this error code to indicate a hardware failure that merely makes it impossible to perform the requested operation, instead use `PSA_ERROR_COMMUNICATION_FAILURE`, `PSA_ERROR_STORAGE_FAILURE`, `PSA_ERROR_HARDWARE_FAILURE`, `PSA_ERROR_INSUFFICIENT_ENTROPY` or other applicable error code.
-
- This error indicates an attack against the application. Implementations must not return this error code as a consequence of the behavior of the application itself.
-
-.. macro:: PSA_ERROR_INSUFFICIENT_ENTROPY
- :definition: ((psa_status_t)-148)
-
- .. summary::
- There is not enough entropy to generate random data needed for the requested action.
-
- This error indicates a failure of a hardware random generator. Application writers must note that this error can be returned not only by functions whose purpose is to generate random data, such as key, IV or nonce generation, but also by functions that execute an algorithm with a randomized result, as well as functions that use randomization of intermediate computations as a countermeasure to certain attacks.
-
- It is recommended that implementations do not return this error after `psa_crypto_init()` has succeeded. This can be achieved if the implementation generates sufficient entropy during initialization and subsequently a cryptographically secure pseudorandom generator (PRNG) is used. However, implementations might return this error at any time, for example, if a policy requires the PRNG to be reseeded during normal operation.
-
-.. macro:: PSA_ERROR_INVALID_SIGNATURE
- :definition: ((psa_status_t)-149)
-
- .. summary::
- The signature, MAC or hash is incorrect.
-
- Verification functions return this error if the verification calculations completed successfully, and the value to be verified was determined to be incorrect.
-
- If the value to verify has an invalid size, implementations can return either `PSA_ERROR_INVALID_ARGUMENT` or `PSA_ERROR_INVALID_SIGNATURE`.
-
-.. macro:: PSA_ERROR_INVALID_PADDING
- :definition: ((psa_status_t)-150)
-
- .. summary::
- The decrypted padding is incorrect.
-
- .. warning::
- In some protocols, when decrypting data, it is essential that the behavior of the application does not depend on whether the padding is correct, down to precise timing. Protocols that use authenticated encryption are recommended for use by applications, rather than plain encryption. If the application must perform a decryption of unauthenticated data, the application writer must take care not to reveal whether the padding is invalid.
-
- Implementations must handle padding carefully, aiming to make it impossible for an external observer to distinguish between valid and invalid padding. In particular, it is recommended that the timing of a decryption operation does not depend on the validity of the padding.
-
-.. macro:: PSA_ERROR_INSUFFICIENT_DATA
- :definition: ((psa_status_t)-143)
-
- .. summary::
- Return this error when there's insufficient data when attempting to read from a resource.
-
-.. macro:: PSA_ERROR_INVALID_HANDLE
- :definition: ((psa_status_t)-136)
-
- .. summary::
- The key identifier is not valid.
-
- See also :title:`key-ids`.
diff --git a/docs/html/_sources/api/ops/aead.rst.txt b/docs/html/_sources/api/ops/aead.rst.txt
deleted file mode 100644
index 162af7c..0000000
--- a/docs/html/_sources/api/ops/aead.rst.txt
+++ /dev/null
@@ -1,945 +0,0 @@
-.. _aead:
-
-Authenticated encryption with associated data (AEAD)
-====================================================
-
-.. _aead-algorithms:
-
-AEAD algorithms
----------------
-
-.. macro:: PSA_ALG_CCM
- :definition: ((psa_algorithm_t)0x05500100)
-
- .. summary::
- The CCM authenticated encryption algorithm.
-
- The underlying block cipher is determined by the key type.
-
-.. macro:: PSA_ALG_GCM
- :definition: ((psa_algorithm_t)0x05500200)
-
- .. summary::
- The GCM authenticated encryption algorithm.
-
- The underlying block cipher is determined by the key type.
-
-.. macro:: PSA_ALG_CHACHA20_POLY1305
- :definition: ((psa_algorithm_t)0x05100500)
-
- .. summary::
- The Chacha20-Poly1305 AEAD algorithm.
-
- The ChaCha20_Poly1305 construction is defined in :RFC:`7539`.
-
- Variants of this algorithm are defined by the length of the nonce:
-
- - Implementations must support a 12-byte nonce, as defined in :RFC:`7539`.
- - Implementations can optionally support an 8-byte nonce, the original variant.
- - It is recommended that implementations do not support other sizes of nonce.
-
- Implementations must support 16-byte tags. It is recommended that truncated tag sizes are rejected.
-
-.. macro:: PSA_ALG_AEAD_WITH_SHORTENED_TAG
- :definition: /* specification-defined value */
-
- .. summary::
- Macro to build a AEAD algorithm with a shortened tag.
-
- .. param:: aead_alg
- An AEAD algorithm identifier (value of type `psa_algorithm_t` such that :code:`PSA_ALG_IS_AEAD(alg)` is true).
- .. param:: tag_length
- Desired length of the authentication tag in bytes.
-
- .. return::
- The corresponding AEAD algorithm with the specified tag length.
-
- Unspecified if ``alg`` is not a supported AEAD algorithm or if ``tag_length`` is not valid for the specified AEAD algorithm.
-
- An AEAD algorithm with a shortened tag is similar to the corresponding AEAD algorithm, but has an authentication tag that consists of fewer bytes. Depending on the algorithm, the tag length might affect the calculation of the ciphertext.
-
- The AEAD algorithm with a default length tag can be recovered using `PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG()`.
-
-Single-part AEAD functions
---------------------------
-
-.. function:: psa_aead_encrypt
-
- .. summary::
- Process an authenticated encryption operation.
-
- .. param:: psa_key_id_t key
- Identifier of the key to use for the operation.
- It must allow the usage `PSA_KEY_USAGE_ENCRYPT`.
- .. param:: psa_algorithm_t alg
- The AEAD algorithm to compute (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_AEAD(alg)` is true).
- .. param:: const uint8_t * nonce
- Nonce or IV to use.
- .. param:: size_t nonce_length
- Size of the ``nonce`` buffer in bytes. This must be appropriate for the selected algorithm. The default nonce size is :code:`PSA_AEAD_NONCE_LENGTH(key_type, alg)` where ``key_type`` is the type of ``key``.
- .. param:: const uint8_t * additional_data
- Additional data that will be authenticated but not encrypted.
- .. param:: size_t additional_data_length
- Size of ``additional_data`` in bytes.
- .. param:: const uint8_t * plaintext
- Data that will be authenticated and encrypted.
- .. param:: size_t plaintext_length
- Size of ``plaintext`` in bytes.
- .. param:: uint8_t * ciphertext
- Output buffer for the authenticated and encrypted data. The additional data is not part of this output. For algorithms where the encrypted data and the authentication tag are defined as separate outputs, the authentication tag is appended to the encrypted data.
- .. param:: size_t ciphertext_size
- Size of the ``ciphertext`` buffer in bytes. This must be appropriate for the selected algorithm and key:
-
- * A sufficient output size is :code:`PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, plaintext_length)` where ``key_type`` is the type of ``key``.
- * :code:`PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(plaintext_length)` evaluates to the maximum ciphertext size of any supported AEAD encryption.
-
- .. param:: size_t * ciphertext_length
- On success, the size of the output in the ``ciphertext`` buffer.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- Success.
- .. retval:: PSA_ERROR_INVALID_HANDLE
- .. retval:: PSA_ERROR_NOT_PERMITTED
- The key does not have the `PSA_KEY_USAGE_ENCRYPT` flag, or it does not permit the requested algorithm.
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- ``key`` is not compatible with ``alg``.
- .. retval:: PSA_ERROR_NOT_SUPPORTED
- ``alg`` is not supported or is not an AEAD algorithm.
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_BUFFER_TOO_SMALL
- ``ciphertext_size`` is too small. `PSA_AEAD_ENCRYPT_OUTPUT_SIZE()` or `PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE()` can be used to determine the required buffer size.
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_STORAGE_FAILURE
- .. retval:: PSA_ERROR_DATA_CORRUPT
- .. retval:: PSA_ERROR_DATA_INVALID
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
-.. function:: psa_aead_decrypt
-
- .. summary::
- Process an authenticated decryption operation.
-
- .. param:: psa_key_id_t key
- Identifier of the key to use for the operation.
- It must allow the usage `PSA_KEY_USAGE_DECRYPT`.
- .. param:: psa_algorithm_t alg
- The AEAD algorithm to compute (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_AEAD(alg)` is true).
- .. param:: const uint8_t * nonce
- Nonce or IV to use.
- .. param:: size_t nonce_length
- Size of the ``nonce`` buffer in bytes. This must be appropriate for the selected algorithm. The default nonce size is :code:`PSA_AEAD_NONCE_LENGTH(key_type, alg)` where ``key_type`` is the type of ``key``.
- .. param:: const uint8_t * additional_data
- Additional data that has been authenticated but not encrypted.
- .. param:: size_t additional_data_length
- Size of ``additional_data`` in bytes.
- .. param:: const uint8_t * ciphertext
- Data that has been authenticated and encrypted. For algorithms where the encrypted data and the authentication tag are defined as separate inputs, the buffer must contain the encrypted data followed by the authentication tag.
- .. param:: size_t ciphertext_length
- Size of ``ciphertext`` in bytes.
- .. param:: uint8_t * plaintext
- Output buffer for the decrypted data.
- .. param:: size_t plaintext_size
- Size of the ``plaintext`` buffer in bytes. This must be appropriate for the selected algorithm and key:
-
- * A sufficient output size is :code:`PSA_AEAD_DECRYPT_OUTPUT_SIZE(key_type, alg, ciphertext_length)` where ``key_type`` is the type of ``key``.
- * :code:`PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(ciphertext_length)` evaluates to the maximum plaintext size of any supported AEAD decryption.
-
- .. param:: size_t * plaintext_length
- On success, the size of the output in the ``plaintext`` buffer.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- Success.
- .. retval:: PSA_ERROR_INVALID_HANDLE
- .. retval:: PSA_ERROR_INVALID_SIGNATURE
- The ciphertext is not authentic.
- .. retval:: PSA_ERROR_NOT_PERMITTED
- The key does not have the `PSA_KEY_USAGE_DECRYPT` flag, or it does not permit the requested algorithm.
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- ``key`` is not compatible with ``alg``.
- .. retval:: PSA_ERROR_NOT_SUPPORTED
- ``alg`` is not supported or is not an AEAD algorithm.
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_BUFFER_TOO_SMALL
- ``plaintext_size`` is too small. `PSA_AEAD_DECRYPT_OUTPUT_SIZE()` or `PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE()` can be used to determine the required buffer size.
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_STORAGE_FAILURE
- .. retval:: PSA_ERROR_DATA_CORRUPT
- .. retval:: PSA_ERROR_DATA_INVALID
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
-Multi-part AEAD operations
---------------------------
-
-.. _aead-multi-part-warning:
-
-.. warning::
- When decrypting using a multi-part AEAD operation, there is no guarantee that the input or output is valid until `psa_aead_verify()` has returned `PSA_SUCCESS`.
-
- A call to `psa_aead_update()` or `psa_aead_update_ad()` returning `PSA_SUCCESS` **does not** indicate that the input and output is valid.
-
- Until an application calls `psa_aead_verify()` and it has returned `PSA_SUCCESS`, the following rules apply to input and output data from a multi-part AEAD operation:
-
- * Do not trust the input. If the application takes any action that depends on the input data, this action will need to be undone if the input turns out to be invalid.
-
- * Store the output in a confidential location. In particular, the application must not copy the output to a memory or storage space which is shared.
-
- * Do not trust the output. If the application takes any action that depends on the tentative decrypted data, this action will need to be undone if the input turns out to be invalid. Furthermore, if an adversary can observe that this action took place, for example, through timing, they might be able to use this fact as an oracle to decrypt any message encrypted with the same key.
-
- An application that does not follow these rules might be vulnerable to maliciously constructed AEAD input data.
-
-
-.. typedef:: /* implementation-defined type */ psa_aead_operation_t
-
- .. summary::
- The type of the state object for multi-part AEAD operations.
-
- Before calling any function on an AEAD operation object, the application must initialize it by any of the following means:
-
- * Set the object to all-bits-zero, for example:
-
- .. autocode::
- psa_aead_operation_t operation;
- memset(&operation, 0, sizeof(operation));
-
- * Initialize the object to logical zero values by declaring the object as static or global without an explicit initializer, for example:
-
- .. autocode::
- static psa_aead_operation_t operation;
-
- * Initialize the object to the initializer `PSA_AEAD_OPERATION_INIT`, for example:
-
- .. autocode::
- psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
-
- * Assign the result of the function `psa_aead_operation_init()` to the object, for example:
-
- .. autocode::
- psa_aead_operation_t operation;
- operation = psa_aead_operation_init();
-
- This is an implementation-defined type. Applications that make assumptions about the content of this object will result in in implementation-specific behavior, and are non-portable.
-
-.. macro:: PSA_AEAD_OPERATION_INIT
- :definition: /* implementation-defined value */
-
- .. summary::
- This macro returns a suitable initializer for an AEAD operation object of type `psa_aead_operation_t`.
-
-.. function:: psa_aead_operation_init
-
- .. summary::
- Return an initial value for an AEAD operation object.
-
- .. return:: psa_aead_operation_t
-
-.. function:: psa_aead_encrypt_setup
-
- .. summary::
- Set the key for a multi-part authenticated encryption operation.
-
- .. param:: psa_aead_operation_t * operation
- The operation object to set up. It must have been initialized as per the documentation for `psa_aead_operation_t` and not yet in use.
- .. param:: psa_key_id_t key
- Identifier of the key to use for the operation. It must remain valid until the operation terminates.
- It must allow the usage `PSA_KEY_USAGE_ENCRYPT`.
- .. param:: psa_algorithm_t alg
- The AEAD algorithm to compute (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_AEAD(alg)` is true).
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- Success.
- .. retval:: PSA_ERROR_BAD_STATE
- The operation state is not valid: it must be inactive.
- .. retval:: PSA_ERROR_INVALID_HANDLE
- .. retval:: PSA_ERROR_NOT_PERMITTED
- The key does not have the `PSA_KEY_USAGE_ENCRYPT` flag, or it does not permit the requested algorithm.
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- ``key`` is not compatible with ``alg``.
- .. retval:: PSA_ERROR_NOT_SUPPORTED
- ``alg`` is not supported or is not an AEAD algorithm.
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_STORAGE_FAILURE
- .. retval:: PSA_ERROR_DATA_CORRUPT
- .. retval:: PSA_ERROR_DATA_INVALID
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- The sequence of operations to encrypt a message with authentication is as follows:
-
- #. Allocate an operation object which will be passed to all the functions listed here.
- #. Initialize the operation object with one of the methods described in the documentation for `psa_aead_operation_t`, e.g. `PSA_AEAD_OPERATION_INIT`.
- #. Call `psa_aead_encrypt_setup()` to specify the algorithm and key.
- #. If needed, call `psa_aead_set_lengths()` to specify the length of the inputs to the subsequent calls to `psa_aead_update_ad()` and `psa_aead_update()`. See the documentation of `psa_aead_set_lengths()` for details.
- #. Call either `psa_aead_generate_nonce()` or `psa_aead_set_nonce()` to generate or set the nonce. It is recommended to use `psa_aead_generate_nonce()` unless the protocol being implemented requires a specific nonce value.
- #. Call `psa_aead_update_ad()` zero, one or more times, passing a fragment of the non-encrypted additional authenticated data each time.
- #. Call `psa_aead_update()` zero, one or more times, passing a fragment of the message to encrypt each time.
- #. Call `psa_aead_finish()`.
-
- If an error occurs at any step after a call to `psa_aead_encrypt_setup()`, the operation will need to be reset by a call to `psa_aead_abort()`. The application can call `psa_aead_abort()` at any time after the operation has been initialized.
-
- After a successful call to `psa_aead_encrypt_setup()`, the application must eventually terminate the operation. The following events terminate an operation:
-
- * A successful call to `psa_aead_finish()`.
- * A call to `psa_aead_abort()`.
-
-.. function:: psa_aead_decrypt_setup
-
- .. summary::
- Set the key for a multi-part authenticated decryption operation.
-
- .. param:: psa_aead_operation_t * operation
- The operation object to set up. It must have been initialized as per the documentation for `psa_aead_operation_t` and not yet in use.
- .. param:: psa_key_id_t key
- Identifier of the key to use for the operation. It must remain valid until the operation terminates.
- It must allow the usage `PSA_KEY_USAGE_DECRYPT`.
- .. param:: psa_algorithm_t alg
- The AEAD algorithm to compute (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_AEAD(alg)` is true).
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- Success.
- .. retval:: PSA_ERROR_BAD_STATE
- The operation state is not valid: it must be inactive.
- .. retval:: PSA_ERROR_INVALID_HANDLE
- .. retval:: PSA_ERROR_NOT_PERMITTED
- The key does not have the `PSA_KEY_USAGE_DECRYPT` flag, or it does not permit the requested algorithm.
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- ``key`` is not compatible with ``alg``.
- .. retval:: PSA_ERROR_NOT_SUPPORTED
- ``alg`` is not supported or is not an AEAD algorithm.
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_STORAGE_FAILURE
- .. retval:: PSA_ERROR_DATA_CORRUPT
- .. retval:: PSA_ERROR_DATA_INVALID
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- The sequence of operations to decrypt a message with authentication is as follows:
-
- #. Allocate an operation object which will be passed to all the functions listed here.
- #. Initialize the operation object with one of the methods described in the documentation for `psa_aead_operation_t`, e.g. `PSA_AEAD_OPERATION_INIT`.
- #. Call `psa_aead_decrypt_setup()` to specify the algorithm and key.
- #. If needed, call `psa_aead_set_lengths()` to specify the length of the inputs to the subsequent calls to `psa_aead_update_ad()` and `psa_aead_update()`. See the documentation of `psa_aead_set_lengths()` for details.
- #. Call `psa_aead_set_nonce()` with the nonce for the decryption.
- #. Call `psa_aead_update_ad()` zero, one or more times, passing a fragment of the non-encrypted additional authenticated data each time.
- #. Call `psa_aead_update()` zero, one or more times, passing a fragment of the ciphertext to decrypt each time.
- #. Call `psa_aead_verify()`.
-
- If an error occurs at any step after a call to `psa_aead_decrypt_setup()`, the operation will need to be reset by a call to `psa_aead_abort()`. The application can call `psa_aead_abort()` at any time after the operation has been initialized.
-
- After a successful call to `psa_aead_decrypt_setup()`, the application must eventually terminate the operation. The following events terminate an operation:
-
- * A successful call to `psa_aead_verify()`.
- * A call to `psa_aead_abort()`.
-
-.. function:: psa_aead_generate_nonce
-
- .. summary::
- Generate a random nonce for an authenticated encryption operation.
-
- .. param:: psa_aead_operation_t * operation
- Active AEAD operation.
- .. param:: uint8_t * nonce
- Buffer where the generated nonce is to be written.
- .. param:: size_t nonce_size
- Size of the ``nonce`` buffer in bytes. This must be at least :code:`PSA_AEAD_NONCE_LENGTH(key_type, alg)` where ``key_type`` and ``alg`` are type of key and the algorithm respectively that were used to set up the AEAD operation.
- .. param:: size_t * nonce_length
- On success, the number of bytes of the generated nonce.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- Success.
- .. retval:: PSA_ERROR_BAD_STATE
- The operation state is not valid: it must be an active AEAD encryption operation, with no nonce set.
- .. retval:: PSA_ERROR_BUFFER_TOO_SMALL
- The size of the ``nonce`` buffer is too small. `PSA_AEAD_NONCE_LENGTH()` or `PSA_AEAD_NONCE_MAX_SIZE` can be used to determine the required buffer size.
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_STORAGE_FAILURE
- .. retval:: PSA_ERROR_DATA_CORRUPT
- .. retval:: PSA_ERROR_DATA_INVALID
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- This function generates a random nonce for the authenticated encryption operation with an appropriate size for the chosen algorithm, key type and key size.
-
- The application must call `psa_aead_encrypt_setup()` before calling this function.
-
- If this function returns an error status, the operation enters an error state and must be aborted by calling `psa_aead_abort()`.
-
-.. function:: psa_aead_set_nonce
-
- .. summary::
- Set the nonce for an authenticated encryption or decryption operation.
-
- .. param:: psa_aead_operation_t * operation
- Active AEAD operation.
- .. param:: const uint8_t * nonce
- Buffer containing the nonce to use.
- .. param:: size_t nonce_length
- Size of the nonce in bytes. This must be a valid nonce size for the chosen algorithm. The default nonce size is :code:`PSA_AEAD_NONCE_LENGTH(key_type, alg)` where ``key_type`` and ``alg`` are type of key and the algorithm respectively that were used to set up the AEAD operation.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- Success.
- .. retval:: PSA_ERROR_BAD_STATE
- The operation state is not valid: it must be active, with no nonce set.
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- The size of ``nonce`` is not acceptable for the chosen algorithm.
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_STORAGE_FAILURE
- .. retval:: PSA_ERROR_DATA_CORRUPT
- .. retval:: PSA_ERROR_DATA_INVALID
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- This function sets the nonce for the authenticated encryption or decryption operation.
-
- The application must call `psa_aead_encrypt_setup()` or `psa_aead_decrypt_setup()` before calling this function.
-
- If this function returns an error status, the operation enters an error state and must be aborted by calling `psa_aead_abort()`.
-
- .. note::
- When encrypting, `psa_aead_generate_nonce()` is recommended instead of using this function, unless implementing a protocol that requires a non-random IV.
-
-.. function:: psa_aead_set_lengths
-
- .. summary::
- Declare the lengths of the message and additional data for AEAD.
-
- .. param:: psa_aead_operation_t * operation
- Active AEAD operation.
- .. param:: size_t ad_length
- Size of the non-encrypted additional authenticated data in bytes.
- .. param:: size_t plaintext_length
- Size of the plaintext to encrypt in bytes.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- Success.
- .. retval:: PSA_ERROR_BAD_STATE
- The operation state is not valid: it must be active, and `psa_aead_update_ad()` and `psa_aead_update()` must not have been called yet.
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- At least one of the lengths is not acceptable for the chosen algorithm.
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- The application must call this function before calling `psa_aead_update_ad()` or `psa_aead_update()` if the algorithm for the operation requires it. If the algorithm does not require it, calling this function is optional, but if this function is called then the implementation must enforce the lengths.
-
- This function can be called before or after setting the nonce with `psa_aead_set_nonce()` or `psa_aead_generate_nonce()`.
-
- * For `PSA_ALG_CCM`, calling this function is required.
- * For the other AEAD algorithms defined in this specification, calling this function is not required.
- * For vendor-defined algorithm, refer to the vendor documentation.
-
- If this function returns an error status, the operation enters an error state and must be aborted by calling `psa_aead_abort()`.
-
-.. function:: psa_aead_update_ad
-
- .. summary::
- Pass additional data to an active AEAD operation.
-
- .. param:: psa_aead_operation_t * operation
- Active AEAD operation.
- .. param:: const uint8_t * input
- Buffer containing the fragment of additional data.
- .. param:: size_t input_length
- Size of the ``input`` buffer in bytes.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- Success.
-
- .. warning::
- When decrypting, do not trust the input until `psa_aead_verify()` succeeds.
-
- See the :ref:`detailed warning <aead-multi-part-warning>`.
-
- .. retval:: PSA_ERROR_BAD_STATE
- The operation state is not valid: it must be active, have a nonce set, have lengths set if required by the algorithm, and `psa_aead_update()` must not have been called yet.
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- The total input length overflows the additional data length that was previously specified with `psa_aead_set_lengths()`.
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_STORAGE_FAILURE
- .. retval:: PSA_ERROR_DATA_CORRUPT
- .. retval:: PSA_ERROR_DATA_INVALID
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- Additional data is authenticated, but not encrypted.
-
- This function can be called multiple times to pass successive fragments of the additional data. This function must not be called after passing data to encrypt or decrypt with `psa_aead_update()`.
-
- The following must occur before calling this function:
-
- #. Call either `psa_aead_encrypt_setup()` or `psa_aead_decrypt_setup()`.
- #. Set the nonce with `psa_aead_generate_nonce()` or `psa_aead_set_nonce()`.
-
- If this function returns an error status, the operation enters an error state and must be aborted by calling `psa_aead_abort()`.
-
-.. function:: psa_aead_update
-
- .. summary::
- Encrypt or decrypt a message fragment in an active AEAD operation.
-
- .. param:: psa_aead_operation_t * operation
- Active AEAD operation.
- .. param:: const uint8_t * input
- Buffer containing the message fragment to encrypt or decrypt.
- .. param:: size_t input_length
- Size of the ``input`` buffer in bytes.
- .. param:: uint8_t * output
- Buffer where the output is to be written.
- .. param:: size_t output_size
- Size of the ``output`` buffer in bytes. This must be appropriate for the selected algorithm and key:
-
- * A sufficient output size is :code:`PSA_AEAD_UPDATE_OUTPUT_SIZE(key_type, alg, input_length)` where ``key_type`` is the type of key and ``alg`` is the algorithm that were used to set up the operation.
- * :code:`PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(input_length)` evaluates to the maximum output size of any supported AEAD algorithm.
-
- .. param:: size_t * output_length
- On success, the number of bytes that make up the returned output.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- Success.
-
- .. warning::
- When decrypting, do not use the output until `psa_aead_verify()` succeeds.
-
- See the :ref:`detailed warning <aead-multi-part-warning>`.
-
- .. retval:: PSA_ERROR_BAD_STATE
- The operation state is not valid: it must be active, have a nonce set, and have lengths set if required by the algorithm.
- .. retval:: PSA_ERROR_BUFFER_TOO_SMALL
- The size of the ``output`` buffer is too small. `PSA_AEAD_UPDATE_OUTPUT_SIZE()` or `PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE()` can be used to determine the required buffer size.
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- The total length of input to `psa_aead_update_ad()` so far is less than the additional data length that was previously specified with `psa_aead_set_lengths()`.
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- The total input length overflows the plaintext length that was previously specified with `psa_aead_set_lengths()`.
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_STORAGE_FAILURE
- .. retval:: PSA_ERROR_DATA_CORRUPT
- .. retval:: PSA_ERROR_DATA_INVALID
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- The following must occur before calling this function:
-
- #. Call either `psa_aead_encrypt_setup()` or `psa_aead_decrypt_setup()`. The choice of setup function determines whether this function encrypts or decrypts its input.
- #. Set the nonce with `psa_aead_generate_nonce()` or `psa_aead_set_nonce()`.
- #. Call `psa_aead_update_ad()` to pass all the additional data.
-
- If this function returns an error status, the operation enters an error state and must be aborted by calling `psa_aead_abort()`.
-
- This function does not require the input to be aligned to any particular block boundary. If the implementation can only process a whole block at a time, it must consume all the input provided, but it might delay the end of the corresponding output until a subsequent call to `psa_aead_update()`, `psa_aead_finish()` or `psa_aead_verify()` provides sufficient input. The amount of data that can be delayed in this way is bounded by `PSA_AEAD_UPDATE_OUTPUT_SIZE()`.
-
-.. function:: psa_aead_finish
-
- .. summary::
- Finish encrypting a message in an AEAD operation.
-
- .. param:: psa_aead_operation_t * operation
- Active AEAD operation.
- .. param:: uint8_t * ciphertext
- Buffer where the last part of the ciphertext is to be written.
- .. param:: size_t ciphertext_size
- Size of the ``ciphertext`` buffer in bytes. This must be appropriate for the selected algorithm and key:
-
- * A sufficient output size is :code:`PSA_AEAD_FINISH_OUTPUT_SIZE(key_type, alg)` where ``key_type`` is the type of key and ``alg`` is the algorithm that were used to set up the operation.
- * `PSA_AEAD_FINISH_OUTPUT_MAX_SIZE` evaluates to the maximum output size of any supported AEAD algorithm.
-
- .. param:: size_t * ciphertext_length
- On success, the number of bytes of returned ciphertext.
- .. param:: uint8_t * tag
- Buffer where the authentication tag is to be written.
- .. param:: size_t tag_size
- Size of the ``tag`` buffer in bytes.
- This must be appropriate for the selected algorithm and key:
-
- * The exact tag size is :code:`PSA_AEAD_TAG_LENGTH(key_type, key_bits, alg)` where ``key_type`` and ``key_bits`` are the type and bit-size of the key, and ``alg`` is the algorithm that were used in the call to `psa_aead_encrypt_setup()`.
- * `PSA_AEAD_TAG_MAX_SIZE` evaluates to the maximum tag size of any supported AEAD algorithm.
-
- .. param:: size_t * tag_length
- On success, the number of bytes that make up the returned tag.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- Success.
- .. retval:: PSA_ERROR_BAD_STATE
- The operation state is not valid: it must be an active encryption operation with a nonce set.
- .. retval:: PSA_ERROR_BUFFER_TOO_SMALL
- The size of the ``ciphertext`` or ``tag`` buffer is too small.
- `PSA_AEAD_FINISH_OUTPUT_SIZE()` or `PSA_AEAD_FINISH_OUTPUT_MAX_SIZE` can be used to determine the required ``ciphertext`` buffer size.
- `PSA_AEAD_TAG_LENGTH()` or `PSA_AEAD_TAG_MAX_SIZE` can be used to determine the required ``tag`` buffer size.
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- The total length of input to `psa_aead_update_ad()` so far is less than the additional data length that was previously specified with `psa_aead_set_lengths()`.
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- The total length of input to `psa_aead_update()` so far is less than the plaintext length that was previously specified with `psa_aead_set_lengths()`.
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_STORAGE_FAILURE
- .. retval:: PSA_ERROR_DATA_CORRUPT
- .. retval:: PSA_ERROR_DATA_INVALID
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- The operation must have been set up with `psa_aead_encrypt_setup()`.
-
- This function finishes the authentication of the additional data formed by concatenating the inputs passed to preceding calls to `psa_aead_update_ad()` with the plaintext formed by concatenating the inputs passed to preceding calls to `psa_aead_update()`.
-
- This function has two output buffers:
-
- * ``ciphertext`` contains trailing ciphertext that was buffered from preceding calls to `psa_aead_update()`.
- * ``tag`` contains the authentication tag.
-
- When this function returns successfully, the operation becomes inactive. If this function returns an error status, the operation enters an error state and must be aborted by calling `psa_aead_abort()`.
-
-.. function:: psa_aead_verify
-
- .. summary::
- Finish authenticating and decrypting a message in an AEAD operation.
-
- .. param:: psa_aead_operation_t * operation
- Active AEAD operation.
- .. param:: uint8_t * plaintext
- Buffer where the last part of the plaintext is to be written. This is the remaining data from previous calls to `psa_aead_update()` that could not be processed until the end of the input.
- .. param:: size_t plaintext_size
- Size of the ``plaintext`` buffer in bytes. This must be appropriate for the selected algorithm and key:
-
- * A sufficient output size is :code:`PSA_AEAD_VERIFY_OUTPUT_SIZE(key_type, alg)` where ``key_type`` is the type of key and ``alg`` is the algorithm that were used to set up the operation.
- * `PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE` evaluates to the maximum output size of any supported AEAD algorithm.
-
- .. param:: size_t * plaintext_length
- On success, the number of bytes of returned plaintext.
- .. param:: const uint8_t * tag
- Buffer containing the authentication tag.
- .. param:: size_t tag_length
- Size of the ``tag`` buffer in bytes.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- Success.
- .. retval:: PSA_ERROR_INVALID_SIGNATURE
- The calculations were successful, but the authentication tag is not correct.
- .. retval:: PSA_ERROR_BAD_STATE
- The operation state is not valid: it must be an active decryption operation with a nonce set.
- .. retval:: PSA_ERROR_BUFFER_TOO_SMALL
- The size of the ``plaintext`` buffer is too small. `PSA_AEAD_VERIFY_OUTPUT_SIZE()` or `PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE` can be used to determine the required buffer size.
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- The total length of input to `psa_aead_update_ad()` so far is less than the additional data length that was previously specified with `psa_aead_set_lengths()`.
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- The total length of input to `psa_aead_update()` so far is less than the plaintext length that was previously specified with `psa_aead_set_lengths()`.
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_STORAGE_FAILURE
- .. retval:: PSA_ERROR_DATA_CORRUPT
- .. retval:: PSA_ERROR_DATA_INVALID
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- The operation must have been set up with `psa_aead_decrypt_setup()`.
-
- This function finishes the authenticated decryption of the message components:
-
- * The additional data consisting of the concatenation of the inputs passed to preceding calls to `psa_aead_update_ad()`.
- * The ciphertext consisting of the concatenation of the inputs passed to preceding calls to `psa_aead_update()`.
- * The tag passed to this function call.
-
- If the authentication tag is correct, this function outputs any remaining plaintext and reports success. If the authentication tag is not correct, this function returns `PSA_ERROR_INVALID_SIGNATURE`.
-
- When this function returns successfully, the operation becomes inactive. If this function returns an error status, the operation enters an error state and must be aborted by calling `psa_aead_abort()`.
-
- .. note::
- Implementations must make the best effort to ensure that the comparison between the actual tag and the expected tag is performed in constant time.
-
-.. function:: psa_aead_abort
-
- .. summary::
- Abort an AEAD operation.
-
- .. param:: psa_aead_operation_t * operation
- Initialized AEAD operation.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- Aborting an operation frees all associated resources except for the ``operation`` object itself. Once aborted, the operation object can be reused for another operation by calling `psa_aead_encrypt_setup()` or `psa_aead_decrypt_setup()` again.
-
- This function can be called any time after the operation object has been initialized as described in `psa_aead_operation_t`.
-
- In particular, calling `psa_aead_abort()` after the operation has been terminated by a call to `psa_aead_abort()`, `psa_aead_finish()` or `psa_aead_verify()` is safe and has no effect.
-
-Support macros
---------------
-
-.. macro:: PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER
- :definition: /* specification-defined value */
-
- .. summary::
- Whether the specified algorithm is an AEAD mode on a block cipher.
-
- .. param:: alg
- An algorithm identifier (value of type `psa_algorithm_t`).
-
- .. return::
- ``1`` if ``alg`` is an AEAD algorithm which is an AEAD mode based on a block cipher, ``0`` otherwise.
-
- This macro can return either ``0`` or ``1`` if ``alg`` is not a supported algorithm identifier.
-
-.. macro:: PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG
- :definition: /* specification-defined value */
-
- .. summary::
- An AEAD algorithm with the default tag length.
-
- .. param:: aead_alg
- An AEAD algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_AEAD(alg)` is true).
-
- .. return::
- The corresponding AEAD algorithm with the default tag length for that algorithm.
-
- This macro can be used to construct the AEAD algorithm with default tag length from an AEAD algorithm with a shortened tag. See also `PSA_ALG_AEAD_WITH_SHORTENED_TAG()`.
-
-.. macro:: PSA_AEAD_ENCRYPT_OUTPUT_SIZE
- :definition: /* implementation-defined value */
-
- .. summary::
- The maximum size of the output of `psa_aead_encrypt()`, in bytes.
-
- .. param:: key_type
- A symmetric key type that is compatible with algorithm ``alg``.
- .. param:: alg
- An AEAD algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_AEAD(alg)` is true).
- .. param:: plaintext_length
- Size of the plaintext in bytes.
-
- .. return::
- The AEAD ciphertext size for the specified key type and algorithm. If the key type or AEAD algorithm is not recognized, or the parameters are incompatible, return ``0``. An implementation can return either ``0`` or a correct size for a key type and AEAD algorithm that it recognizes, but does not support.
-
- If the size of the ciphertext buffer is at least this large, it is guaranteed that `psa_aead_encrypt()` will not fail due to an insufficient buffer size. Depending on the algorithm, the actual size of the ciphertext might be smaller.
-
- See also `PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE`.
-
-.. macro:: PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE
- :definition: /* implementation-defined value */
-
- .. summary::
- A sufficient output buffer size for `psa_aead_encrypt()`, for any of the supported key types and AEAD algorithms.
-
- .. param:: plaintext_length
- Size of the plaintext in bytes.
-
- If the size of the ciphertext buffer is at least this large, it is guaranteed that `psa_aead_encrypt()` will not fail due to an insufficient buffer size.
-
- See also `PSA_AEAD_ENCRYPT_OUTPUT_SIZE()`.
-
-.. macro:: PSA_AEAD_DECRYPT_OUTPUT_SIZE
- :definition: /* implementation-defined value */
-
- .. summary::
- The maximum size of the output of `psa_aead_decrypt()`, in bytes.
-
- .. param:: key_type
- A symmetric key type that is compatible with algorithm ``alg``.
- .. param:: alg
- An AEAD algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_AEAD(alg)` is true).
- .. param:: ciphertext_length
- Size of the ciphertext in bytes.
-
- .. return::
- The AEAD plaintext size for the specified key type and algorithm. If the key type or AEAD algorithm is not recognized, or the parameters are incompatible, return ``0``. An implementation can return either ``0`` or a correct size for a key type and AEAD algorithm that it recognizes, but does not support.
-
- If the size of the plaintext buffer is at least this large, it is guaranteed that `psa_aead_decrypt()` will not fail due to an insufficient buffer size. Depending on the algorithm, the actual size of the plaintext might be smaller.
-
- See also `PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE`.
-
-.. macro:: PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE
- :definition: /* implementation-defined value */
-
- .. summary::
- A sufficient output buffer size for `psa_aead_decrypt()`, for any of the supported key types and AEAD algorithms.
-
- .. param:: ciphertext_length
- Size of the ciphertext in bytes.
-
- If the size of the plaintext buffer is at least this large, it is guaranteed that `psa_aead_decrypt()` will not fail due to an insufficient buffer size.
-
- See also `PSA_AEAD_DECRYPT_OUTPUT_SIZE()`.
-
-.. macro:: PSA_AEAD_NONCE_LENGTH
- :definition: /* implementation-defined value */
-
- .. summary::
- The default nonce size for an AEAD algorithm, in bytes.
-
- .. param:: key_type
- A symmetric key type that is compatible with algorithm ``alg``.
- .. param:: alg
- An AEAD algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_AEAD(alg)` is true).
-
- .. return::
- The default nonce size for the specified key type and algorithm. If the key type or AEAD algorithm is not recognized, or the parameters are incompatible, return ``0``. An implementation can return either ``0`` or a correct size for a key type and AEAD algorithm that it recognizes, but does not support.
-
- This macro can be used to allocate a buffer of sufficient size to store the nonce output from `psa_aead_generate_nonce()`.
-
- See also `PSA_AEAD_NONCE_MAX_SIZE`.
-
-.. macro:: PSA_AEAD_NONCE_MAX_SIZE
- :definition: /* implementation-defined value */
-
- .. summary::
- The maximum nonce size for all supported AEAD algorithms, in bytes.
-
- See also `PSA_AEAD_NONCE_LENGTH()`.
-
-.. macro:: PSA_AEAD_UPDATE_OUTPUT_SIZE
- :definition: /* implementation-defined value */
-
- .. summary::
- A sufficient output buffer size for `psa_aead_update()`.
-
- .. param:: key_type
- A symmetric key type that is compatible with algorithm ``alg``.
- .. param:: alg
- An AEAD algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_AEAD(alg)` is true).
- .. param:: input_length
- Size of the input in bytes.
-
- .. return::
- A sufficient output buffer size for the specified key type and algorithm. If the key type or AEAD algorithm is not recognized, or the parameters are incompatible, return ``0``. An implementation can return either ``0`` or a correct size for a key type and AEAD algorithm that it recognizes, but does not support.
-
- If the size of the output buffer is at least this large, it is guaranteed that `psa_aead_update()` will not fail due to an insufficient buffer size. The actual size of the output might be smaller in any given call.
-
- See also `PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE`.
-
-.. macro:: PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE
- :definition: /* implementation-defined value */
-
- .. summary::
- A sufficient output buffer size for `psa_aead_update()`, for any of the supported key types and AEAD algorithms.
-
- .. param:: input_length
- Size of the input in bytes.
-
- If the size of the output buffer is at least this large, it is guaranteed that `psa_aead_update()` will not fail due to an insufficient buffer size.
-
- See also `PSA_AEAD_UPDATE_OUTPUT_SIZE()`.
-
-.. macro:: PSA_AEAD_FINISH_OUTPUT_SIZE
- :definition: /* implementation-defined value */
-
- .. summary::
- A sufficient ciphertext buffer size for `psa_aead_finish()`.
-
- .. param:: key_type
- A symmetric key type that is compatible with algorithm ``alg``.
- .. param:: alg
- An AEAD algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_AEAD(alg)` is true).
-
- .. return::
- A sufficient ciphertext buffer size for the specified key type and algorithm. If the key type or AEAD algorithm is not recognized, or the parameters are incompatible, return ``0``. An implementation can return either ``0`` or a correct size for a key type and AEAD algorithm that it recognizes, but does not support.
-
- If the size of the ciphertext buffer is at least this large, it is guaranteed that `psa_aead_finish()` will not fail due to an insufficient ciphertext buffer size. The actual size of the output might be smaller in any given call.
-
- See also `PSA_AEAD_FINISH_OUTPUT_MAX_SIZE`.
-
-.. macro:: PSA_AEAD_FINISH_OUTPUT_MAX_SIZE
- :definition: /* implementation-defined value */
-
- .. summary::
- A sufficient ciphertext buffer size for `psa_aead_finish()`, for any of the supported key types and AEAD algorithms.
-
- See also `PSA_AEAD_FINISH_OUTPUT_SIZE()`.
-
-.. macro:: PSA_AEAD_TAG_LENGTH
- :definition: /* implementation-defined value */
-
- .. summary::
- The length of a tag for an AEAD algorithm, in bytes.
-
- .. param:: key_type
- The type of the AEAD key.
- .. param:: key_bits
- The size of the AEAD key in bits.
- .. param:: alg
- An AEAD algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_AEAD(alg)` is true).
-
- .. return::
- The tag length for the specified algorithm and key.
- If the AEAD algorithm does not have an identified tag that can be distinguished from the rest of the ciphertext, return ``0``. If the AEAD algorithm is not recognized, return ``0``. An implementation can return either ``0`` or a correct size for an AEAD algorithm that it recognizes, but does not support.
-
- This macro can be used to allocate a buffer of sufficient size to store the tag output from `psa_aead_finish()`.
-
- See also `PSA_AEAD_TAG_MAX_SIZE`.
-
-.. macro:: PSA_AEAD_TAG_MAX_SIZE
- :definition: /* implementation-defined value */
-
- .. summary::
- The maximum tag size for all supported AEAD algorithms, in bytes.
-
- See also `PSA_AEAD_TAG_LENGTH()`.
-
-.. macro:: PSA_AEAD_VERIFY_OUTPUT_SIZE
- :definition: /* implementation-defined value */
-
- .. summary::
- A sufficient plaintext buffer size for `psa_aead_verify()`.
-
- .. param:: key_type
- A symmetric key type that is compatible with algorithm ``alg``.
- .. param:: alg
- An AEAD algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_AEAD(alg)` is true).
-
- .. return::
- A sufficient plaintext buffer size for the specified key type and algorithm. If the key type or AEAD algorithm is not recognized, or the parameters are incompatible, return ``0``. An implementation can return either ``0`` or a correct size for a key type and AEAD algorithm that it recognizes, but does not support.
-
- If the size of the plaintext buffer is at least this large, it is guaranteed that `psa_aead_verify()` will not fail due to an insufficient plaintext buffer size. The actual size of the output might be smaller in any given call.
-
- See also `PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE`.
-
-.. macro:: PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE
- :definition: /* implementation-defined value */
-
- .. summary::
- A sufficient plaintext buffer size for `psa_aead_verify()`, for any of the supported key types and AEAD algorithms.
-
- See also `PSA_AEAD_VERIFY_OUTPUT_SIZE()`.
diff --git a/docs/html/_sources/api/ops/ciphers.rst.txt b/docs/html/_sources/api/ops/ciphers.rst.txt
deleted file mode 100644
index 2e0883e..0000000
--- a/docs/html/_sources/api/ops/ciphers.rst.txt
+++ /dev/null
@@ -1,757 +0,0 @@
-.. _ciphers:
-
-Unauthenticated ciphers
-=======================
-
-.. warning::
-
- The unauthenticated cipher API is provided to implement legacy protocols and
- for use cases where the data integrity and authenticity is guaranteed by
- non-cryptographic means.
-
- It is recommended that newer protocols use :title:`aead`.
-
-.. _cipher-algorithms:
-
-Cipher algorithms
------------------
-
-.. macro:: PSA_ALG_STREAM_CIPHER
- :definition: ((psa_algorithm_t)0x04800100)
-
- .. summary::
- The stream cipher mode of a stream cipher algorithm.
-
- The underlying stream cipher is determined by the key type:
-
- * To use ChaCha20, use a key type of `PSA_KEY_TYPE_CHACHA20` and algorithm id `PSA_ALG_STREAM_CIPHER`.
- * To use ARC4, use a key type of `PSA_KEY_TYPE_ARC4` and algorithm id `PSA_ALG_STREAM_CIPHER`.
-
-.. macro:: PSA_ALG_CTR
- :definition: ((psa_algorithm_t)0x04c01000)
-
- .. summary::
- A stream cipher built using the Counter (CTR) mode of a block cipher.
-
- CTR is a stream cipher which is built from a block cipher. The underlying block cipher is determined by the key type. For example, to use AES-128-CTR, use this algorithm with a key of type `PSA_KEY_TYPE_AES` and a length of 128 bits (16 bytes).
-
-.. macro:: PSA_ALG_CFB
- :definition: ((psa_algorithm_t)0x04c01100)
-
- .. summary::
- A stream cipher built using the Cipher Feedback (CFB) mode of a block cipher.
-
- The underlying block cipher is determined by the key type.
-
-.. macro:: PSA_ALG_OFB
- :definition: ((psa_algorithm_t)0x04c01200)
-
- .. summary::
- A stream cipher built using the Output Feedback (OFB) mode of a block cipher.
-
- The underlying block cipher is determined by the key type.
-
-.. macro:: PSA_ALG_XTS
- :definition: ((psa_algorithm_t)0x0440ff00)
-
- .. summary::
- The XTS cipher mode of a block cipher.
-
- XTS is a cipher mode which is built from a block cipher. It requires at least one full block of input, but beyond this minimum the input does not need to be a whole number of blocks.
-
-.. macro:: PSA_ALG_ECB_NO_PADDING
- :definition: ((psa_algorithm_t)0x04404400)
-
- .. summary::
- The Electronic Code Book (ECB) mode of a block cipher, with no padding.
-
- .. warning::
- ECB mode does not protect the confidentiality of the encrypted data except in extremely narrow circumstances. It is recommended that applications only use ECB if they need to construct an operating mode that the implementation does not provide. Implementations are encouraged to provide the modes that applications need in preference to supporting direct access to ECB.
-
- The underlying block cipher is determined by the key type.
-
- This symmetric cipher mode can only be used with messages whose lengths are whole number of blocks for the chosen block cipher.
-
- ECB mode does not accept an initialization vector (IV). When using a multi-part cipher operation with this algorithm, `psa_cipher_generate_iv()` and `psa_cipher_set_iv()` must not be called.
-
-.. macro:: PSA_ALG_CBC_NO_PADDING
- :definition: ((psa_algorithm_t)0x04404000)
-
- .. summary::
- The Cipher Block Chaining (CBC) mode of a block cipher, with no padding.
-
- The underlying block cipher is determined by the key type.
-
- This symmetric cipher mode can only be used with messages whose lengths are whole number of blocks for the chosen block cipher.
-
-.. macro:: PSA_ALG_CBC_PKCS7
- :definition: ((psa_algorithm_t)0x04404100)
-
- .. summary::
- The Cipher Block Chaining (CBC) mode of a block cipher, with PKCS#7 padding.
-
- The underlying block cipher is determined by the key type.
-
- This is the padding method defined by PKCS#7 :RFC:`2315#10.3`.
-
-Single-part cipher functions
-----------------------------
-
-.. function:: psa_cipher_encrypt
-
- .. summary::
- Encrypt a message using a symmetric cipher.
-
- .. param:: psa_key_id_t key
- Identifier of the key to use for the operation.
- It must allow the usage `PSA_KEY_USAGE_ENCRYPT`.
- .. param:: psa_algorithm_t alg
- The cipher algorithm to compute (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_CIPHER(alg)` is true).
- .. param:: const uint8_t * input
- Buffer containing the message to encrypt.
- .. param:: size_t input_length
- Size of the ``input`` buffer in bytes.
- .. param:: uint8_t * output
- Buffer where the output is to be written. The output contains the IV followed by the ciphertext proper.
- .. param:: size_t output_size
- Size of the ``output`` buffer in bytes. This must be appropriate for the selected algorithm and key:
-
- * A sufficient output size is :code:`PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_length)` where ``key_type`` is the type of ``key``.
- * :code:`PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(input_length)` evaluates to the maximum output size of any supported cipher encryption.
-
- .. param:: size_t * output_length
- On success, the number of bytes that make up the output.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- Success.
- .. retval:: PSA_ERROR_INVALID_HANDLE
- .. retval:: PSA_ERROR_NOT_PERMITTED
- The key does not have the `PSA_KEY_USAGE_ENCRYPT` flag, or it does not permit the requested algorithm.
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- ``key`` is not compatible with ``alg``.
- .. retval:: PSA_ERROR_NOT_SUPPORTED
- ``alg`` is not supported or is not a cipher algorithm.
- .. retval:: PSA_ERROR_BUFFER_TOO_SMALL
- ``output_size`` is too small. `PSA_CIPHER_ENCRYPT_OUTPUT_SIZE()` or `PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE()` can be used to determine the required buffer size.
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_STORAGE_FAILURE
- .. retval:: PSA_ERROR_DATA_CORRUPT
- .. retval:: PSA_ERROR_DATA_INVALID
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- This function encrypts a message with a random initialization vector (IV).
- The length of the IV is :code:`PSA_CIPHER_IV_LENGTH(key_type, alg)` where ``key_type`` is the type of ``key``.
- The output of `psa_cipher_encrypt()` is the IV followed by the ciphertext.
-
- Use the multi-part operation interface with a `psa_cipher_operation_t` object to provide other forms of IV or to manage the IV and ciphertext independently.
-
-.. function:: psa_cipher_decrypt
-
- .. summary::
- Decrypt a message using a symmetric cipher.
-
- .. param:: psa_key_id_t key
- Identifier of the key to use for the operation. It must remain valid until the operation terminates.
- It must allow the usage `PSA_KEY_USAGE_DECRYPT`.
- .. param:: psa_algorithm_t alg
- The cipher algorithm to compute (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_CIPHER(alg)` is true).
- .. param:: const uint8_t * input
- Buffer containing the message to decrypt. This consists of the IV followed by the ciphertext proper.
- .. param:: size_t input_length
- Size of the ``input`` buffer in bytes.
- .. param:: uint8_t * output
- Buffer where the plaintext is to be written.
- .. param:: size_t output_size
- Size of the ``output`` buffer in bytes. This must be appropriate for the selected algorithm and key:
-
- * A sufficient output size is :code:`PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_length)` where ``key_type`` is the type of ``key``.
- * :code:`PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE(input_length)` evaluates to the maximum output size of any supported cipher decryption.
-
- .. param:: size_t * output_length
- On success, the number of bytes that make up the output.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- Success.
- .. retval:: PSA_ERROR_INVALID_HANDLE
- .. retval:: PSA_ERROR_NOT_PERMITTED
- The key does not have the `PSA_KEY_USAGE_DECRYPT` flag, or it does not permit the requested algorithm.
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- ``key`` is not compatible with ``alg``.
- .. retval:: PSA_ERROR_NOT_SUPPORTED
- ``alg`` is not supported or is not a cipher algorithm.
- .. retval:: PSA_ERROR_BUFFER_TOO_SMALL
- ``output_size`` is too small. `PSA_CIPHER_DECRYPT_OUTPUT_SIZE()` or `PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE()` can be used to determine the required buffer size.
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_STORAGE_FAILURE
- .. retval:: PSA_ERROR_DATA_CORRUPT
- .. retval:: PSA_ERROR_DATA_INVALID
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- This function decrypts a message encrypted with a symmetric cipher.
-
- The input to this function must contain the IV followed by the ciphertext, as output by `psa_cipher_encrypt()`. The IV must be :code:`PSA_CIPHER_IV_LENGTH(key_type, alg)` bytes in length, where ``key_type`` is the type of ``key``.
-
- Use the multi-part operation interface with a `psa_cipher_operation_t` object to decrypt data which is not in the expected input format.
-
-Multi-part cipher operations
-----------------------------
-
-.. typedef:: /* implementation-defined type */ psa_cipher_operation_t
-
- .. summary::
- The type of the state object for multi-part cipher operations.
-
- Before calling any function on a cipher operation object, the application must initialize it by any of the following means:
-
- * Set the object to all-bits-zero, for example:
-
- .. autocode::
- psa_cipher_operation_t operation;
- memset(&operation, 0, sizeof(operation));
-
- * Initialize the object to logical zero values by declaring the object as static or global without an explicit initializer, for example:
-
- .. autocode::
- static psa_cipher_operation_t operation;
-
- * Initialize the object to the initializer `PSA_CIPHER_OPERATION_INIT`, for example:
-
- .. autocode::
- psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
-
- * Assign the result of the function `psa_cipher_operation_init()` to the object, for example:
-
- .. autocode::
- psa_cipher_operation_t operation;
- operation = psa_cipher_operation_init();
-
- This is an implementation-defined type. Applications that make assumptions about the content of this object will result in in implementation-specific behavior, and are non-portable.
-
-.. macro:: PSA_CIPHER_OPERATION_INIT
- :definition: /* implementation-defined value */
-
- .. summary::
- This macro returns a suitable initializer for a cipher operation object of type `psa_cipher_operation_t`.
-
-.. function:: psa_cipher_operation_init
-
- .. summary::
- Return an initial value for a cipher operation object.
-
- .. return:: psa_cipher_operation_t
-
-.. function:: psa_cipher_encrypt_setup
-
- .. summary::
- Set the key for a multi-part symmetric encryption operation.
-
- .. param:: psa_cipher_operation_t * operation
- The operation object to set up. It must have been initialized as per the documentation for `psa_cipher_operation_t` and not yet in use.
- .. param:: psa_key_id_t key
- Identifier of the key to use for the operation. It must remain valid until the operation terminates.
- It must allow the usage `PSA_KEY_USAGE_ENCRYPT`.
- .. param:: psa_algorithm_t alg
- The cipher algorithm to compute (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_CIPHER(alg)` is true).
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- Success.
- .. retval:: PSA_ERROR_INVALID_HANDLE
- .. retval:: PSA_ERROR_NOT_PERMITTED
- The key does not have the `PSA_KEY_USAGE_ENCRYPT` flag, or it does not permit the requested algorithm.
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- ``key`` is not compatible with ``alg``.
- .. retval:: PSA_ERROR_NOT_SUPPORTED
- ``alg`` is not supported or is not a cipher algorithm.
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_STORAGE_FAILURE
- .. retval:: PSA_ERROR_DATA_CORRUPT
- .. retval:: PSA_ERROR_DATA_INVALID
- .. retval:: PSA_ERROR_BAD_STATE
- The operation state is not valid: it must be inactive.
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- The sequence of operations to encrypt a message with a symmetric cipher is as follows:
-
- #. Allocate an operation object which will be passed to all the functions listed here.
- #. Initialize the operation object with one of the methods described in the documentation for `psa_cipher_operation_t`, e.g. `PSA_CIPHER_OPERATION_INIT`.
- #. Call `psa_cipher_encrypt_setup()` to specify the algorithm and key.
- #. Call either `psa_cipher_generate_iv()` or `psa_cipher_set_iv()` to generate or set the initialization vector (IV), if the algorithm requires one. It is recommended to use `psa_cipher_generate_iv()` unless the protocol being implemented requires a specific IV value.
- #. Call `psa_cipher_update()` zero, one or more times, passing a fragment of the message each time.
- #. Call `psa_cipher_finish()`.
-
- If an error occurs at any step after a call to `psa_cipher_encrypt_setup()`, the operation will need to be reset by a call to `psa_cipher_abort()`. The application can call `psa_cipher_abort()` at any time after the operation has been initialized.
-
- After a successful call to `psa_cipher_encrypt_setup()`, the application must eventually terminate the operation. The following events terminate an operation:
-
- * A successful call to `psa_cipher_finish()`.
- * A call to `psa_cipher_abort()`.
-
-.. function:: psa_cipher_decrypt_setup
-
- .. summary::
- Set the key for a multi-part symmetric decryption operation.
-
- .. param:: psa_cipher_operation_t * operation
- The operation object to set up. It must have been initialized as per the documentation for `psa_cipher_operation_t` and not yet in use.
- .. param:: psa_key_id_t key
- Identifier of the key to use for the operation. It must remain valid until the operation terminates.
- It must allow the usage `PSA_KEY_USAGE_DECRYPT`.
- .. param:: psa_algorithm_t alg
- The cipher algorithm to compute (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_CIPHER(alg)` is true).
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- Success.
- .. retval:: PSA_ERROR_INVALID_HANDLE
- .. retval:: PSA_ERROR_NOT_PERMITTED
- The key does not have the `PSA_KEY_USAGE_DECRYPT` flag, or it does not permit the requested algorithm.
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- ``key`` is not compatible with ``alg``.
- .. retval:: PSA_ERROR_NOT_SUPPORTED
- ``alg`` is not supported or is not a cipher algorithm.
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_STORAGE_FAILURE
- .. retval:: PSA_ERROR_DATA_CORRUPT
- .. retval:: PSA_ERROR_DATA_INVALID
- .. retval:: PSA_ERROR_BAD_STATE
- The operation state is not valid: it must be inactive.
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- The sequence of operations to decrypt a message with a symmetric cipher is as follows:
-
- #. Allocate an operation object which will be passed to all the functions listed here.
- #. Initialize the operation object with one of the methods described in the documentation for `psa_cipher_operation_t`, e.g. `PSA_CIPHER_OPERATION_INIT`.
- #. Call `psa_cipher_decrypt_setup()` to specify the algorithm and key.
- #. Call `psa_cipher_set_iv()` with the initialization vector (IV) for the decryption, if the algorithm requires one. This must match the IV used for the encryption.
- #. Call `psa_cipher_update()` zero, one or more times, passing a fragment of the message each time.
- #. Call `psa_cipher_finish()`.
-
- If an error occurs at any step after a call to `psa_cipher_decrypt_setup()`, the operation will need to be reset by a call to `psa_cipher_abort()`. The application can call `psa_cipher_abort()` at any time after the operation has been initialized.
-
- After a successful call to `psa_cipher_decrypt_setup()`, the application must eventually terminate the operation. The following events terminate an operation:
-
- * A successful call to `psa_cipher_finish()`.
- * A call to `psa_cipher_abort()`.
-
-.. function:: psa_cipher_generate_iv
-
- .. summary::
- Generate an initialization vector (IV) for a symmetric encryption operation.
-
- .. param:: psa_cipher_operation_t * operation
- Active cipher operation.
- .. param:: uint8_t * iv
- Buffer where the generated IV is to be written.
- .. param:: size_t iv_size
- Size of the ``iv`` buffer in bytes. This must be at least :code:`PSA_CIPHER_IV_LENGTH(key_type, alg)` where ``key_type`` and ``alg`` are type of key and the algorithm respectively that were used to set up the cipher operation.
- .. param:: size_t * iv_length
- On success, the number of bytes of the generated IV.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- Success.
- .. retval:: PSA_ERROR_BAD_STATE
- Either:
-
- * The cipher algorithm does not use an IV.
- * The operation state is not valid: it must be active, with no IV set.
- .. retval:: PSA_ERROR_BUFFER_TOO_SMALL
- The size of the ``iv`` buffer is too small. `PSA_CIPHER_IV_LENGTH()` or `PSA_CIPHER_IV_MAX_SIZE` can be used to determine the required buffer size.
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_STORAGE_FAILURE
- .. retval:: PSA_ERROR_DATA_CORRUPT
- .. retval:: PSA_ERROR_DATA_INVALID
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- This function generates a random IV, nonce or initial counter value for the encryption operation as appropriate for the chosen algorithm, key type and key size.
-
- The generated IV is always the default length for the key and algorithm: :code:`PSA_CIPHER_IV_LENGTH(key_type, alg)`, where ``key_type`` is the type of key and ``alg`` is the algorithm that were used to set up the operation. To generate different lengths of IV, use `psa_generate_random()` and `psa_cipher_set_iv()`.
-
- If the cipher algorithm does not use an IV, calling this function returns a `PSA_ERROR_BAD_STATE` error. For these algorithms, :code:`PSA_CIPHER_IV_LENGTH(key_type, alg)` will be zero.
-
- The application must call `psa_cipher_encrypt_setup()` before calling this function.
-
- If this function returns an error status, the operation enters an error state and must be aborted by calling `psa_cipher_abort()`.
-
-.. function:: psa_cipher_set_iv
-
- .. summary::
- Set the initialization vector (IV) for a symmetric encryption or decryption operation.
-
- .. param:: psa_cipher_operation_t * operation
- Active cipher operation.
- .. param:: const uint8_t * iv
- Buffer containing the IV to use.
- .. param:: size_t iv_length
- Size of the IV in bytes.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- Success.
- .. retval:: PSA_ERROR_BAD_STATE
- Either:
-
- * The cipher algorithm does not use an IV.
- * The operation state is not valid: it must be an active cipher encrypt operation, with no IV set.
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- The size of ``iv`` is not acceptable for the chosen algorithm, or the chosen algorithm does not use an IV.
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_STORAGE_FAILURE
- .. retval:: PSA_ERROR_DATA_CORRUPT
- .. retval:: PSA_ERROR_DATA_INVALID
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- This function sets the IV, nonce or initial counter value for the encryption or decryption operation.
-
- If the cipher algorithm does not use an IV, calling this function returns a `PSA_ERROR_BAD_STATE` error. For these algorithms, :code:`PSA_CIPHER_IV_LENGTH(key_type, alg)` will be zero.
-
- The application must call `psa_cipher_encrypt_setup()` or `psa_cipher_decrypt_setup()` before calling this function.
-
- If this function returns an error status, the operation enters an error state and must be aborted by calling `psa_cipher_abort()`.
-
- .. note::
- When encrypting, `psa_cipher_generate_iv()` is recommended instead of using this function, unless implementing a protocol that requires a non-random IV.
-
-.. function:: psa_cipher_update
-
- .. summary::
- Encrypt or decrypt a message fragment in an active cipher operation.
-
- .. param:: psa_cipher_operation_t * operation
- Active cipher operation.
- .. param:: const uint8_t * input
- Buffer containing the message fragment to encrypt or decrypt.
- .. param:: size_t input_length
- Size of the ``input`` buffer in bytes.
- .. param:: uint8_t * output
- Buffer where the output is to be written.
- .. param:: size_t output_size
- Size of the ``output`` buffer in bytes. This must be appropriate for the selected algorithm and key:
-
- * A sufficient output size is :code:`PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input_length)` where ``key_type`` is the type of key and ``alg`` is the algorithm that were used to set up the operation.
- * :code:`PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE(input_length)` evaluates to the maximum output size of any supported cipher algorithm.
-
- .. param:: size_t * output_length
- On success, the number of bytes that make up the returned output.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- Success.
- .. retval:: PSA_ERROR_BAD_STATE
- The operation state is not valid: it must be active, with an IV set if required for the algorithm.
- .. retval:: PSA_ERROR_BUFFER_TOO_SMALL
- The size of the ``output`` buffer is too small. `PSA_CIPHER_UPDATE_OUTPUT_SIZE()` or `PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE()` can be used to determine the required buffer size.
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_STORAGE_FAILURE
- .. retval:: PSA_ERROR_DATA_CORRUPT
- .. retval:: PSA_ERROR_DATA_INVALID
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- The following must occur before calling this function:
-
- #. Call either `psa_cipher_encrypt_setup()` or `psa_cipher_decrypt_setup()`. The choice of setup function determines whether this function encrypts or decrypts its input.
- #. If the algorithm requires an IV, call `psa_cipher_generate_iv()` or `psa_cipher_set_iv()`. `psa_cipher_generate_iv()` is recommended when encrypting.
-
- If this function returns an error status, the operation enters an error state and must be aborted by calling `psa_cipher_abort()`.
-
-.. function:: psa_cipher_finish
-
- .. summary::
- Finish encrypting or decrypting a message in a cipher operation.
-
- .. param:: psa_cipher_operation_t * operation
- Active cipher operation.
- .. param:: uint8_t * output
- Buffer where the output is to be written.
- .. param:: size_t output_size
- Size of the ``output`` buffer in bytes. This must be appropriate for the selected algorithm and key:
-
- * A sufficient output size is :code:`PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg)` where ``key_type`` is the type of key and ``alg`` is the algorithm that were used to set up the operation.
- * `PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE` evaluates to the maximum output size of any supported cipher algorithm.
-
- .. param:: size_t * output_length
- On success, the number of bytes that make up the returned output.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- Success.
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- The total input size passed to this operation is not valid for this particular algorithm. For example, the algorithm is a based on block cipher and requires a whole number of blocks, but the total input size is not a multiple of the block size.
- .. retval:: PSA_ERROR_INVALID_PADDING
- This is a decryption operation for an algorithm that includes padding, and the ciphertext does not contain valid padding.
- .. retval:: PSA_ERROR_BAD_STATE
- The operation state is not valid: it must be active, with an IV set if required for the algorithm.
- .. retval:: PSA_ERROR_BUFFER_TOO_SMALL
- The size of the ``output`` buffer is too small. `PSA_CIPHER_FINISH_OUTPUT_SIZE()` or `PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE` can be used to determine the required buffer size.
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_STORAGE_FAILURE
- .. retval:: PSA_ERROR_DATA_CORRUPT
- .. retval:: PSA_ERROR_DATA_INVALID
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- The application must call `psa_cipher_encrypt_setup()` or `psa_cipher_decrypt_setup()` before calling this function. The choice of setup function determines whether this function encrypts or decrypts its input.
-
- This function finishes the encryption or decryption of the message formed by concatenating the inputs passed to preceding calls to `psa_cipher_update()`.
-
- When this function returns successfully, the operation becomes inactive. If this function returns an error status, the operation enters an error state and must be aborted by calling `psa_cipher_abort()`.
-
-.. function:: psa_cipher_abort
-
- .. summary::
- Abort a cipher operation.
-
- .. param:: psa_cipher_operation_t * operation
- Initialized cipher operation.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- Aborting an operation frees all associated resources except for the ``operation`` object itself. Once aborted, the operation object can be reused for another operation by calling `psa_cipher_encrypt_setup()` or `psa_cipher_decrypt_setup()` again.
-
- This function can be called any time after the operation object has been initialized as described in `psa_cipher_operation_t`.
-
- In particular, calling `psa_cipher_abort()` after the operation has been terminated by a call to `psa_cipher_abort()` or `psa_cipher_finish()` is safe and has no effect.
-
-Support macros
---------------
-
-.. macro:: PSA_ALG_IS_STREAM_CIPHER
- :definition: /* specification-defined value */
-
- .. summary::
- Whether the specified algorithm is a stream cipher.
-
- .. param:: alg
- An algorithm identifier (value of type `psa_algorithm_t`).
-
- .. return::
- ``1`` if ``alg`` is a stream cipher algorithm, ``0`` otherwise. This macro can return either ``0`` or ``1`` if ``alg`` is not a supported algorithm identifier or if it is not a symmetric cipher algorithm.
-
- A stream cipher is a symmetric cipher that encrypts or decrypts messages by applying a bitwise-xor with a stream of bytes that is generated from a key.
-
-.. macro:: PSA_CIPHER_ENCRYPT_OUTPUT_SIZE
- :definition: /* implementation-defined value */
-
- .. summary::
- The maximum size of the output of `psa_cipher_encrypt()`, in bytes.
-
- .. param:: key_type
- A symmetric key type that is compatible with algorithm ``alg``.
- .. param:: alg
- A cipher algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_CIPHER(alg)` is true).
- .. param:: input_length
- Size of the input in bytes.
-
- .. return::
- A sufficient output size for the specified key type and algorithm. If the key type or cipher algorithm is not recognized, or the parameters are incompatible, return ``0``. An implementation can return either ``0`` or a correct size for a key type and cipher algorithm that it recognizes, but does not support.
-
- If the size of the output buffer is at least this large, it is guaranteed that `psa_cipher_encrypt()` will not fail due to an insufficient buffer size. Depending on the algorithm, the actual size of the output might be smaller.
-
- See also `PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE`.
-
-.. macro:: PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE
- :definition: /* implementation-defined value */
-
- .. summary::
- A sufficient output buffer size for `psa_cipher_encrypt()`, for any of the supported key types and cipher algorithms.
-
- .. param:: input_length
- Size of the input in bytes.
-
- If the size of the output buffer is at least this large, it is guaranteed that `psa_cipher_encrypt()` will not fail due to an insufficient buffer size.
-
- See also `PSA_CIPHER_ENCRYPT_OUTPUT_SIZE()`.
-
-.. macro:: PSA_CIPHER_DECRYPT_OUTPUT_SIZE
- :definition: /* implementation-defined value */
-
- .. summary::
- The maximum size of the output of `psa_cipher_decrypt()`, in bytes.
-
- .. param:: key_type
- A symmetric key type that is compatible with algorithm ``alg``.
- .. param:: alg
- A cipher algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_CIPHER(alg)` is true).
- .. param:: input_length
- Size of the input in bytes.
-
- .. return::
- A sufficient output size for the specified key type and algorithm. If the key type or cipher algorithm is not recognized, or the parameters are incompatible, return ``0``. An implementation can return either ``0`` or a correct size for a key type and cipher algorithm that it recognizes, but does not support.
-
- If the size of the output buffer is at least this large, it is guaranteed that `psa_cipher_decrypt()` will not fail due to an insufficient buffer size. Depending on the algorithm, the actual size of the output might be smaller.
-
- See also `PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE`.
-
-.. macro:: PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE
- :definition: /* implementation-defined value */
-
- .. summary::
- A sufficient output buffer size for `psa_cipher_decrypt()`, for any of the supported key types and cipher algorithms.
-
- .. param:: input_length
- Size of the input in bytes.
-
- If the size of the output buffer is at least this large, it is guaranteed that `psa_cipher_decrypt()` will not fail due to an insufficient buffer size.
-
- See also `PSA_CIPHER_DECRYPT_OUTPUT_SIZE()`.
-
-.. macro:: PSA_CIPHER_IV_LENGTH
- :definition: /* implementation-defined value */
-
- .. summary::
- The default IV size for a cipher algorithm, in bytes.
-
- .. param:: key_type
- A symmetric key type that is compatible with algorithm ``alg``.
- .. param:: alg
- A cipher algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_CIPHER(alg)` is true).
-
- .. return::
- The default IV size for the specified key type and algorithm.
- If the algorithm does not use an IV, return ``0``.
- If the key type or cipher algorithm is not recognized, or the parameters are incompatible, return ``0``.
- An implementation can return either ``0`` or a correct size for a key type and cipher algorithm that it recognizes, but does not support.
-
- The IV that is generated as part of a call to `psa_cipher_encrypt()` is always the default IV length for the algorithm.
-
- This macro can be used to allocate a buffer of sufficient size to store the IV output from `psa_cipher_generate_iv()` when using a multi-part cipher operation.
-
- See also `PSA_CIPHER_IV_MAX_SIZE`.
-
-.. macro:: PSA_CIPHER_IV_MAX_SIZE
- :definition: /* implementation-defined value */
-
- .. summary::
- The maximum IV size for all supported cipher algorithms, in bytes.
-
- See also `PSA_CIPHER_IV_LENGTH()`.
-
-.. macro:: PSA_CIPHER_UPDATE_OUTPUT_SIZE
- :definition: /* implementation-defined value */
-
- .. summary::
- A sufficient output buffer size for `psa_cipher_update()`.
-
- .. param:: key_type
- A symmetric key type that is compatible with algorithm ``alg``.
- .. param:: alg
- A cipher algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_CIPHER(alg)` is true).
- .. param:: input_length
- Size of the input in bytes.
-
- .. return::
- A sufficient output size for the specified key type and algorithm. If the key type or cipher algorithm is not recognized, or the parameters are incompatible, return ``0``. An implementation can return either ``0`` or a correct size for a key type and cipher algorithm that it recognizes, but does not support.
-
- If the size of the output buffer is at least this large, it is guaranteed that `psa_cipher_update()` will not fail due to an insufficient buffer size. The actual size of the output might be smaller in any given call.
-
- See also `PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE`.
-
-.. macro:: PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE
- :definition: /* implementation-defined value */
-
- .. summary::
- A sufficient output buffer size for `psa_cipher_update()`, for any of the supported key types and cipher algorithms.
-
- .. param:: input_length
- Size of the input in bytes.
-
- If the size of the output buffer is at least this large, it is guaranteed that `psa_cipher_update()` will not fail due to an insufficient buffer size.
-
- See also `PSA_CIPHER_UPDATE_OUTPUT_SIZE()`.
-
-.. macro:: PSA_CIPHER_FINISH_OUTPUT_SIZE
- :definition: /* implementation-defined value */
-
- .. summary::
- A sufficient ciphertext buffer size for `psa_cipher_finish()`.
-
- .. param:: key_type
- A symmetric key type that is compatible with algorithm ``alg``.
- .. param:: alg
- A cipher algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_CIPHER(alg)` is true).
-
- .. return::
- A sufficient output size for the specified key type and algorithm. If the key type or cipher algorithm is not recognized, or the parameters are incompatible, return ``0``. An implementation can return either ``0`` or a correct size for a key type and cipher algorithm that it recognizes, but does not support.
-
- If the size of the ciphertext buffer is at least this large, it is guaranteed that `psa_cipher_finish()` will not fail due to an insufficient ciphertext buffer size. The actual size of the output might be smaller in any given call.
-
- See also `PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE`.
-
-.. macro:: PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE
- :definition: /* implementation-defined value */
-
- .. summary::
- A sufficient ciphertext buffer size for `psa_cipher_finish()`, for any of the supported key types and cipher algorithms.
-
- See also `PSA_CIPHER_FINISH_OUTPUT_SIZE()`.
-
-.. macro:: PSA_BLOCK_CIPHER_BLOCK_LENGTH
- :definition: /* specification-defined value */
-
- .. summary::
- The block size of a block cipher.
-
- .. param:: type
- A cipher key type (value of type `psa_key_type_t`).
-
- .. return::
- The block size for a block cipher, or ``1`` for a stream cipher. The return value is undefined if ``type`` is not a supported cipher key type.
-
- .. note::
- It is possible to build stream cipher algorithms on top of a block cipher, for example CTR mode (`PSA_ALG_CTR`). This macro only takes the key type into account, so it cannot be used to determine the size of the data that `psa_cipher_update()` might buffer for future processing in general.
-
- .. note::
- This macro expression is a compile-time constant if ``type`` is a compile-time constant.
-
- .. warning::
- This macro is permitted to evaluate its argument multiple times.
-
- See also `PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE`.
-
-.. macro:: PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE
- :definition: /* implementation-defined value */
-
- .. summary::
- The maximum size of a block cipher supported by the implementation.
-
- See also `PSA_BLOCK_CIPHER_BLOCK_LENGTH()`.
diff --git a/docs/html/_sources/api/ops/hashes.rst.txt b/docs/html/_sources/api/ops/hashes.rst.txt
deleted file mode 100644
index dceaf22..0000000
--- a/docs/html/_sources/api/ops/hashes.rst.txt
+++ /dev/null
@@ -1,755 +0,0 @@
-.. _hashes:
-
-Message digests
-===============
-
-.. _hash-algorithms:
-
-Hash algorithms
----------------
-
-.. macro:: PSA_ALG_MD2
- :definition: ((psa_algorithm_t)0x02000001)
-
- .. summary::
- MD2.
-
- .. warning::
- The MD2 hash is weak and deprecated and is only recommended for use in legacy protocols.
-
-.. macro:: PSA_ALG_MD4
- :definition: ((psa_algorithm_t)0x02000002)
-
- .. summary::
- MD4.
-
- .. warning::
- The MD4 hash is weak and deprecated and is only recommended for use in legacy protocols.
-
-.. macro:: PSA_ALG_MD5
- :definition: ((psa_algorithm_t)0x02000003)
-
- .. summary::
- MD5.
-
- .. warning::
- The MD5 hash is weak and deprecated and is only recommended for use in legacy protocols.
-
-.. macro:: PSA_ALG_RIPEMD160
- :definition: ((psa_algorithm_t)0x02000004)
-
- .. summary::
- RIPEMD-160.
-
-.. macro:: PSA_ALG_SHA_1
- :definition: ((psa_algorithm_t)0x02000005)
-
- .. summary::
- SHA-1.
-
- .. warning::
- The SHA-1 hash is weak and deprecated and is only recommended for use in legacy protocols.
-
-.. macro:: PSA_ALG_SHA_224
- :definition: ((psa_algorithm_t)0x02000008)
-
- .. summary::
- SHA-224.
-
-.. macro:: PSA_ALG_SHA_256
- :definition: ((psa_algorithm_t)0x02000009)
-
- .. summary::
- SHA-256.
-
-.. macro:: PSA_ALG_SHA_384
- :definition: ((psa_algorithm_t)0x0200000a)
-
- .. summary::
- SHA-384.
-
-.. macro:: PSA_ALG_SHA_512
- :definition: ((psa_algorithm_t)0x0200000b)
-
- .. summary::
- SHA-512.
-
-.. macro:: PSA_ALG_SHA_512_224
- :definition: ((psa_algorithm_t)0x0200000c)
-
- .. summary::
- SHA-512/224.
-
-.. macro:: PSA_ALG_SHA_512_256
- :definition: ((psa_algorithm_t)0x0200000d)
-
- .. summary::
- SHA-512/256.
-
-.. macro:: PSA_ALG_SHA3_224
- :definition: ((psa_algorithm_t)0x02000010)
-
- .. summary::
- SHA3-224.
-
-.. macro:: PSA_ALG_SHA3_256
- :definition: ((psa_algorithm_t)0x02000011)
-
- .. summary::
- SHA3-256.
-
-.. macro:: PSA_ALG_SHA3_384
- :definition: ((psa_algorithm_t)0x02000012)
-
- .. summary::
- SHA3-384.
-
-.. macro:: PSA_ALG_SHA3_512
- :definition: ((psa_algorithm_t)0x02000013)
-
- .. summary::
- SHA3-512.
-
-Single-part hashing functions
------------------------------
-
-.. function:: psa_hash_compute
-
- .. summary::
- Calculate the hash (digest) of a message.
-
- .. param:: psa_algorithm_t alg
- The hash algorithm to compute (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_HASH(alg)` is true).
- .. param:: const uint8_t * input
- Buffer containing the message to hash.
- .. param:: size_t input_length
- Size of the ``input`` buffer in bytes.
- .. param:: uint8_t * hash
- Buffer where the hash is to be written.
- .. param:: size_t hash_size
- Size of the ``hash`` buffer in bytes.
- This must be at least :code:`PSA_HASH_LENGTH(alg)`.
- .. param:: size_t * hash_length
- On success, the number of bytes that make up the hash value. This is always :code:`PSA_HASH_LENGTH(alg)`.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- Success.
- .. retval:: PSA_ERROR_NOT_SUPPORTED
- ``alg`` is not supported or is not a hash algorithm.
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- .. retval:: PSA_ERROR_BUFFER_TOO_SMALL
- ``hash_size`` is too small.
- `PSA_HASH_LENGTH()` can be used to determine the required buffer size.
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- .. note::
- To verify the hash of a message against an expected value, use `psa_hash_compare()` instead.
-
-.. function:: psa_hash_compare
-
- .. summary::
- Calculate the hash (digest) of a message and compare it with a reference value.
-
- .. param:: psa_algorithm_t alg
- The hash algorithm to compute (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_HASH(alg)` is true).
- .. param:: const uint8_t * input
- Buffer containing the message to hash.
- .. param:: size_t input_length
- Size of the ``input`` buffer in bytes.
- .. param:: const uint8_t * hash
- Buffer containing the expected hash value.
- .. param:: size_t hash_length
- Size of the ``hash`` buffer in bytes.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- The expected hash is identical to the actual hash of the input.
- .. retval:: PSA_ERROR_INVALID_SIGNATURE
- The hash of the message was calculated successfully, but it differs from the expected hash.
- .. retval:: PSA_ERROR_NOT_SUPPORTED
- ``alg`` is not supported or is not a hash algorithm.
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- ``input_length`` or ``hash_length`` do not match the hash size for ``alg``
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
-.. _hash-mp:
-
-Multi-part hashing operations
------------------------------
-
-.. typedef:: /* implementation-defined type */ psa_hash_operation_t
-
- .. summary::
- The type of the state object for multi-part hash operations.
-
- Before calling any function on a hash operation object, the application must initialize it by any of the following means:
-
- * Set the object to all-bits-zero, for example:
-
- .. autocode::
- psa_hash_operation_t operation;
- memset(&operation, 0, sizeof(operation));
-
- * Initialize the object to logical zero values by declaring the object as static or global without an explicit initializer, for example:
-
- .. autocode::
- static psa_hash_operation_t operation;
-
- * Initialize the object to the initializer `PSA_HASH_OPERATION_INIT`, for example:
-
- .. autocode::
- psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
-
- * Assign the result of the function `psa_hash_operation_init()` to the object, for example:
-
- .. autocode::
- psa_hash_operation_t operation;
- operation = psa_hash_operation_init();
-
- This is an implementation-defined type. Applications that make assumptions about the content of this object will result in in implementation-specific behavior, and are non-portable.
-
-.. macro:: PSA_HASH_OPERATION_INIT
- :definition: /* implementation-defined value */
-
- .. summary::
- This macro returns a suitable initializer for a hash operation object of type `psa_hash_operation_t`.
-
-.. function:: psa_hash_operation_init
-
- .. summary::
- Return an initial value for a hash operation object.
-
- .. return:: psa_hash_operation_t
-
-.. function:: psa_hash_setup
-
- .. summary::
- Set up a multi-part hash operation.
-
- .. param:: psa_hash_operation_t * operation
- The operation object to set up. It must have been initialized as per the documentation for `psa_hash_operation_t` and not yet in use.
- .. param:: psa_algorithm_t alg
- The hash algorithm to compute (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_HASH(alg)` is true).
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- Success.
- .. retval:: PSA_ERROR_NOT_SUPPORTED
- ``alg`` is not a supported hash algorithm.
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- ``alg`` is not a hash algorithm.
- .. retval:: PSA_ERROR_BAD_STATE
- The operation state is not valid: it must be inactive.
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- The sequence of operations to calculate a hash (message digest) is as follows:
-
- #. Allocate an operation object which will be passed to all the functions listed here.
- #. Initialize the operation object with one of the methods described in the documentation for `psa_hash_operation_t`, e.g. `PSA_HASH_OPERATION_INIT`.
- #. Call `psa_hash_setup()` to specify the algorithm.
- #. Call `psa_hash_update()` zero, one or more times, passing a fragment of the message each time. The hash that is calculated is the hash of the concatenation of these messages in order.
- #. To calculate the hash, call `psa_hash_finish()`. To compare the hash with an expected value, call `psa_hash_verify()`. To suspend the hash operation and extract the current state, call `psa_hash_suspend()`.
-
- If an error occurs at any step after a call to `psa_hash_setup()`, the operation will need to be reset by a call to `psa_hash_abort()`. The application can call `psa_hash_abort()` at any time after the operation has been initialized.
-
- After a successful call to `psa_hash_setup()`, the application must eventually terminate the operation. The following events terminate an operation:
-
- * A successful call to `psa_hash_finish()` or `psa_hash_verify()` or `psa_hash_suspend()`.
- * A call to `psa_hash_abort()`.
-
-.. function:: psa_hash_update
-
- .. summary::
- Add a message fragment to a multi-part hash operation.
-
- .. param:: psa_hash_operation_t * operation
- Active hash operation.
- .. param:: const uint8_t * input
- Buffer containing the message fragment to hash.
- .. param:: size_t input_length
- Size of the ``input`` buffer in bytes.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- Success.
- .. retval:: PSA_ERROR_BAD_STATE
- The operation state is not valid: it must be active.
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- The application must call `psa_hash_setup()` or `psa_hash_resume()` before calling this function.
-
- If this function returns an error status, the operation enters an error state and must be aborted by calling `psa_hash_abort()`.
-
-.. function:: psa_hash_finish
-
- .. summary::
- Finish the calculation of the hash of a message.
-
- .. param:: psa_hash_operation_t * operation
- Active hash operation.
- .. param:: uint8_t * hash
- Buffer where the hash is to be written.
- .. param:: size_t hash_size
- Size of the ``hash`` buffer in bytes. This must be at least :code:`PSA_HASH_LENGTH(alg)` where ``alg`` is the algorithm that the operation performs.
- .. param:: size_t * hash_length
- On success, the number of bytes that make up the hash value. This is always :code:`PSA_HASH_LENGTH(alg)` where ``alg`` is the hash algorithm that the operation performs.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- Success.
- .. retval:: PSA_ERROR_BAD_STATE
- The operation state is not valid: it must be active.
- .. retval:: PSA_ERROR_BUFFER_TOO_SMALL
- The size of the ``hash`` buffer is too small.
- `PSA_HASH_LENGTH()` can be used to determine the required buffer size.
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- The application must call `psa_hash_setup()` or `psa_hash_resume()` before calling this function. This function calculates the hash of the message formed by concatenating the inputs passed to preceding calls to `psa_hash_update()`.
-
- When this function returns successfully, the operation becomes inactive. If this function returns an error status, the operation enters an error state and must be aborted by calling `psa_hash_abort()`.
-
- .. warning::
- It is not recommended to use this function when a specific value is expected for the hash. Call `psa_hash_verify()` instead with the expected hash value.
-
- Comparing integrity or authenticity data such as hash values with a function such as ``memcmp()`` is risky because the time taken by the comparison might leak information about the hashed data which could allow an attacker to guess a valid hash and thereby bypass security controls.
-
-.. function:: psa_hash_verify
-
- .. summary::
- Finish the calculation of the hash of a message and compare it with an expected value.
-
- .. param:: psa_hash_operation_t * operation
- Active hash operation.
- .. param:: const uint8_t * hash
- Buffer containing the expected hash value.
- .. param:: size_t hash_length
- Size of the ``hash`` buffer in bytes.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- The expected hash is identical to the actual hash of the message.
- .. retval:: PSA_ERROR_INVALID_SIGNATURE
- The hash of the message was calculated successfully, but it differs from the expected hash.
- .. retval:: PSA_ERROR_BAD_STATE
- The operation state is not valid: it must be active.
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- The application must call `psa_hash_setup()` before calling this function. This function calculates the hash of the message formed by concatenating the inputs passed to preceding calls to `psa_hash_update()`. It then compares the calculated hash with the expected hash passed as a parameter to this function.
-
- When this function returns successfully, the operation becomes inactive. If this function returns an error status, the operation enters an error state and must be aborted by calling `psa_hash_abort()`.
-
- .. note::
- Implementations must make the best effort to ensure that the comparison between the actual hash and the expected hash is performed in constant time.
-
-.. function:: psa_hash_abort
-
- .. summary::
- Abort a hash operation.
-
- .. param:: psa_hash_operation_t * operation
- Initialized hash operation.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- Aborting an operation frees all associated resources except for the ``operation`` object itself. Once aborted, the operation object can be reused for another operation by calling `psa_hash_setup()` again.
-
- This function can be called any time after the operation object has been initialized by one of the methods described in `psa_hash_operation_t`.
-
- In particular, calling `psa_hash_abort()` after the operation has been terminated by a call to `psa_hash_abort()`, `psa_hash_finish()` or `psa_hash_verify()` is safe and has no effect.
-
-.. function:: psa_hash_suspend
-
- .. summary::
- Halt the hash operation and extract the intermediate state of the hash computation.
-
- .. param:: psa_hash_operation_t * operation
- Active hash operation.
- .. param:: uint8_t * hash_state
- Buffer where the hash suspend state is to be written.
- .. param:: size_t hash_state_size
- Size of the ``hash_state`` buffer in bytes.
- This must be appropriate for the selected algorithm:
-
- * A sufficient output size is :code:`PSA_HASH_SUSPEND_OUTPUT_SIZE(alg)` where ``alg`` is the algorithm that was used to set up the operation.
- * `PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE` evaluates to the maximum output size of any supported hash algorithm.
-
- .. param:: size_t * hash_state_length
- On success, the number of bytes that make up the hash suspend state.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- Success.
- .. retval:: PSA_ERROR_BAD_STATE
- The operation state is not valid: it must be active.
- .. retval:: PSA_ERROR_BUFFER_TOO_SMALL
- The size of the ``hash_state`` buffer is too small.
- `PSA_HASH_SUSPEND_OUTPUT_SIZE()` or `PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE` can be used to determine the required buffer size.
- .. retval:: PSA_ERROR_NOT_SUPPORTED
- The hash algorithm being computed does not support suspend and resume.
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- The application must call `psa_hash_setup()` or `psa_hash_resume()` before calling this function. This function extracts an intermediate state of the hash computation of the message formed by concatenating the inputs passed to preceding calls to `psa_hash_update()`.
-
- This function can be used to halt a hash operation, and then resume the hash operation at a later time, or in another application, by transferring the extracted hash suspend state to a call to `psa_hash_resume()`.
-
- When this function returns successfully, the operation becomes inactive. If this function returns an error status, the operation enters an error state and must be aborted by calling `psa_hash_abort()`.
-
- Hash suspend and resume is not defined for the SHA3 family of hash algorithms. :title:`hash-suspend-state` defines the format of the output from `psa_hash_suspend()`.
-
- .. warning::
- Applications must not use any of the hash suspend state as if it was a hash output. Instead, the suspend state must only be used to resume a hash operation, and `psa_hash_finish()` or `psa_hash_verify()` can then calculate or verify the final hash value.
-
- .. rubric:: Usage
-
- The sequence of operations to suspend and resume a hash operation is as follows:
-
- #. Compute the first part of the hash.
-
- #. Allocate an operation object and initialize it as described in the documentation for `psa_hash_operation_t`.
- #. Call `psa_hash_setup()` to specify the algorithm.
- #. Call `psa_hash_update()` zero, one or more times, passing a fragment of the message each time.
- #. Call `psa_hash_suspend()` to extract the hash suspend state into a buffer.
-
- #. Pass the hash state buffer to the application which will resume the operation.
-
- #. Compute the rest of the hash.
-
- #. Allocate an operation object and initialize it as described in the documentation for `psa_hash_operation_t`.
- #. Call `psa_hash_resume()` with the extracted hash state.
- #. Call `psa_hash_update()` zero, one or more times, passing a fragment of the message each time.
- #. To calculate the hash, call `psa_hash_finish()`. To compare the hash with an expected value, call `psa_hash_verify()`.
-
- If an error occurs at any step after a call to `psa_hash_setup()` or `psa_hash_resume()`, the operation will need to be reset by a call to `psa_hash_abort()`. The application can call `psa_hash_abort()` at any time after the operation has been initialized.
-
-.. function:: psa_hash_resume
-
- .. summary::
- Set up a multi-part hash operation using the hash suspend state from a previously suspended hash operation.
-
- .. param:: psa_hash_operation_t * operation
- The operation object to set up. It must have been initialized as per the documentation for `psa_hash_operation_t` and not yet in use.
- .. param:: const uint8_t * hash_state
- A buffer containing the suspended hash state which is to be resumed. This must be in the format output by `psa_hash_suspend()`, which is described in :title:`hash-suspend-state-format`.
- .. param:: size_t hash_state_length
- Length of ``hash_state`` in bytes.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- Success.
- .. retval:: PSA_ERROR_NOT_SUPPORTED
- The provided hash suspend state is for an algorithm that is not supported.
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- ``hash_state`` does not correspond to a valid hash suspend state. See :title:`hash-suspend-state-format` for the definition.
- .. retval:: PSA_ERROR_BAD_STATE
- The operation state is not valid: it must be inactive.
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- See `psa_hash_suspend()` for an example of how to use this function to suspend and resume a hash operation.
-
- After a successful call to `psa_hash_resume()`, the application must eventually terminate the operation. The following events terminate an operation:
-
- * A successful call to `psa_hash_finish()`, `psa_hash_verify()` or `psa_hash_suspend()`.
- * A call to `psa_hash_abort()`.
-
-.. function:: psa_hash_clone
-
- .. summary::
- Clone a hash operation.
-
- .. param:: const psa_hash_operation_t * source_operation
- The active hash operation to clone.
- .. param:: psa_hash_operation_t * target_operation
- The operation object to set up. It must be initialized but not active.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- .. retval:: PSA_ERROR_BAD_STATE
- The ``source_operation`` state is not valid: it must be active.
- .. retval:: PSA_ERROR_BAD_STATE
- The ``target_operation`` state is not valid: it must be inactive.
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- This function copies the state of an ongoing hash operation to a new operation object. In other words, this function is equivalent to calling `psa_hash_setup()` on ``target_operation`` with the same algorithm that ``source_operation`` was set up for, then `psa_hash_update()` on ``target_operation`` with the same input that that was passed to ``source_operation``. After this function returns, the two objects are independent, i.e. subsequent calls involving one of the objects do not affect the other object.
-
-Support macros
---------------
-
-.. macro:: PSA_HASH_LENGTH
- :definition: /* implementation-defined value */
-
- .. summary::
- The size of the output of `psa_hash_compute()` and `psa_hash_finish()`, in bytes.
-
- .. param:: alg
- A hash algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_HASH(alg)` is true), or an HMAC algorithm (:code:`PSA_ALG_HMAC(hash_alg)` where ``hash_alg`` is a hash algorithm).
-
- .. return::
- The hash length for the specified hash algorithm. If the hash algorithm is not recognized, return ``0``. An implementation can return either ``0`` or the correct size for a hash algorithm that it recognizes, but does not support.
-
- This is also the hash length that `psa_hash_compare()` and `psa_hash_verify()` expect.
-
- See also `PSA_HASH_MAX_SIZE`.
-
-.. macro:: PSA_HASH_MAX_SIZE
- :definition: /* implementation-defined value */
-
- .. summary::
- Maximum size of a hash.
-
- This macro must expand to a compile-time constant integer.
- It is recommended that this value is the maximum size of a hash supported by the implementation, in bytes. The value must not be smaller than this maximum.
-
- See also `PSA_HASH_LENGTH()`.
-
-.. macro:: PSA_HASH_SUSPEND_OUTPUT_SIZE
- :definition: /* specification-defined value */
-
- .. summary::
- A sufficient hash suspend state buffer size for `psa_hash_suspend()`.
-
- .. param:: alg
- A hash algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_HASH(alg)` is true).
-
- .. return::
- A sufficient output size for the algorithm. If the hash algorithm is not recognized, or is not supported by `psa_hash_suspend()`, return ``0``. An implementation can return either ``0`` or a correct size for a hash algorithm that it recognizes, but does not support.
-
- For a supported hash algorithm ``alg``, the following expression is true:
-
- .. autocode::
- PSA_HASH_SUSPEND_OUTPUT_SIZE(alg) == PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH +
- PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH(alg) +
- PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH(alg) +
- PSA_HASH_BLOCK_LENGTH(alg) - 1
-
- If the size of the hash state buffer is at least this large, it is guaranteed that `psa_hash_suspend()` will not fail due to an insufficient buffer size. The actual size of the output might be smaller in any given call.
-
- See also `PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE`.
-
-.. macro:: PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE
- :definition: /* implementation-defined value */
-
- .. summary::
- A sufficient hash suspend state buffer size for `psa_hash_suspend()`, for any supported hash algorithms.
-
- See also `PSA_HASH_SUSPEND_OUTPUT_SIZE()`.
-
-.. macro:: PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH
- :definition: ((size_t)4)
-
- .. summary::
- The size of the *algorithm* field that is part of the output of `psa_hash_suspend()`, in bytes.
-
- Applications can use this value to unpack the hash suspend state that is output by `psa_hash_suspend()`.
-
-.. macro:: PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH
- :definition: /* specification-defined value */
-
- .. summary::
- The size of the *input-length* field that is part of the output of `psa_hash_suspend()`, in bytes.
-
- .. param:: alg
- A hash algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_HASH(alg)` is true).
-
- .. return::
- The size, in bytes, of the *input-length* field of the hash suspend state for the specified hash algorithm. If the hash algorithm is not recognized, return ``0``. An implementation can return either ``0`` or the correct size for a hash algorithm that it recognizes, but does not support.
-
- The algorithm-specific values are defined in :title:`hash-suspend-state-constants`.
-
- Applications can use this value to unpack the hash suspend state that is output by `psa_hash_suspend()`.
-
-.. macro:: PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH
- :definition: /* specification-defined value */
-
- .. summary::
- The size of the *hash-state* field that is part of the output of `psa_hash_suspend()`, in bytes.
-
- .. param:: alg
- A hash algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_HASH(alg)` is true).
-
- .. return::
- The size, in bytes, of the *hash-state* field of the hash suspend state for the specified hash algorithm. If the hash algorithm is not recognized, return ``0``. An implementation can return either ``0`` or the correct size for a hash algorithm that it recognizes, but does not support.
-
- The algorithm-specific values are defined in :title:`hash-suspend-state-constants`.
-
- Applications can use this value to unpack the hash suspend state that is output by `psa_hash_suspend()`.
-
-.. macro:: PSA_HASH_BLOCK_LENGTH
- :definition: /* implementation-defined value */
-
- .. summary::
- The input block size of a hash algorithm.
-
- .. param:: alg
- A hash algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_HASH(alg)` is true).
-
- .. return::
- The block size for the specified hash algorithm. If the hash algorithm is not recognized, return ``0``. An implementation can return either ``0`` or the correct size for a hash algorithm that it recognizes, but does not support.
-
- Hash algorithms process their input data in blocks. Hash operations will retain any partial blocks until they have enough input to fill the block or until the operation is finished.
-
- This affects the output from `psa_hash_suspend()`.
-
-
-.. _hash-suspend-state:
-
-Hash suspend state
-------------------
-
-The hash suspend state is output by `psa_hash_suspend()` and input to `psa_hash_resume()`.
-
-.. note::
- Hash suspend and resume is not defined for the SHA3 family of hash algorithms.
-
-.. _hash-suspend-state-format:
-
-.. rubric:: Hash suspend state format
-
-The hash suspend state has the following format:
-
-*hash-suspend-state* = *algorithm* || *input-length* || *hash-state* || *unprocessed-input*
-
-The fields in the hash suspend state are defined as follows:
-
-.. tabularcolumns:: \Y{.25}\Y{.75}
-
-.. list-table::
- :header-rows: 0
- :widths: 1,3
-
- * - *algorithm*
-
- big-endian 32-bit unsigned integer
-
- - The PSA Crypto API algorithm identifier. Encoded as a big-endian 32-bit unsigned integer.
-
- The byte length of the *algorithm* field can be evaluated using `PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH`.
-
- * - *input-length*
-
- big-endian unsigned integer
-
- - The content of this field is algorithm-specific:
-
- - For MD2, this is the number of bytes in the *unprocessed-input*.
- - For all other hash algorithms, this is the total number of bytes of input to the hash computation. This includes the *unprocessed-input* bytes.
-
- The size of this field is algorithm-specific:
-
- - For MD2: *input-length* is an 8-bit unsigned integer.
- - For MD4, MD5, RIPEMD-160, SHA-1, SHA-224 and SHA-256: *input-length* is a 64-bit unsigned integer.
- - For SHA-512, SHA-384 and SHA-512/256: *input-length* is a 128-bit unsigned integer.
-
- The length, in bytes, of the *input-length* field can be calculated using :code:`PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH(alg)` where ``alg`` is a hash algorithm.
- See :title:`hash-suspend-state-constants`.
-
- * - *hash-state*
-
- array of bytes
-
- - Algorithm-specific intermediate hash state:
-
- - For MD2: 16 bytes of internal checksum, then 48 bytes of intermediate digest.
- - For MD4 and MD5: 4x 32-bit integers, in little-endian encoding.
- - For RIPEMD-160: 5x 32-bit integers, in little-endian encoding.
- - For SHA-1: 5x 32-bit integers, in big-endian encoding.
- - For SHA-224 and SHA-256: 8x 32-bit integers, in big-endian encoding.
- - For SHA-512, SHA-384 and SHA-512/256: 8x 64-bit integers, in big-endian encoding.
-
- The length of this field is specific to the algorithm.
- The length, in bytes, of the *hash-state* field can be calculated using :code:`PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH(alg)` where ``alg`` is a hash algorithm.
- See :title:`hash-suspend-state-constants`.
-
- * - *unprocessed-input*
-
- 0 to (*hash-block-size*-1) bytes
-
- - A partial block of unprocessed input data. This is between zero and *hash-block-size*-1 bytes of data, the length can be calculated by:
-
- ``length(``\ *unprocessed-input*\ ``)`` ``=`` *input-length* ``%`` *hash-block-size*.
-
- The *hash-block-size* is specific to the algorithm.
- The size of a hash block can be calculated using :code:`PSA_HASH_BLOCK_LENGTH(alg)` where ``alg`` is a hash algorithm.
- See :title:`hash-suspend-state-constants`.
-
-.. _hash-suspend-state-constants:
-
-.. rubric:: Hash suspend state field sizes
-
-The following table defines the algorithm-specific field lengths for the hash suspend state returned by `psa_hash_suspend()`. All of the field lengths are in bytes. To compute the field lengths for algorithm ``alg``, use the following expressions:
-
-- :code:`PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH` returns the length of the *algorithm* field.
-- :code:`PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH(alg)` returns the length of the *input-length* field.
-- :code:`PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH(alg)` returns the length of the *hash-state* field.
-- :code:`PSA_HASH_BLOCK_LENGTH(alg)-1` is the maximum length of the *unprocessed-bytes* field.
-- :code:`PSA_HASH_SUSPEND_OUTPUT_SIZE(slg)` returns the maximum size of the hash suspend state.
-
-.. tabularcolumns:: LLLL
-
-.. csv-table::
- :header-rows: 1
-
- Hash algorithm, *input-length* size (bytes), *hash-state* length (bytes), *unprocessed-bytes* length (bytes)
- `PSA_ALG_MD2`, 1, 64, 0 - 15
- `PSA_ALG_MD4`, 8, 16, 0 - 63
- `PSA_ALG_MD5`, 8, 16, 0 - 63
- `PSA_ALG_RIPEMD160`, 8, 20, 0 - 63
- `PSA_ALG_SHA_1`, 8, 20, 0 - 63
- `PSA_ALG_SHA_224`, 8, 32, 0 - 63
- `PSA_ALG_SHA_256`, 8, 32, 0 - 63
- `PSA_ALG_SHA_512_256`, 16, 64, 0 - 127
- `PSA_ALG_SHA_384`, 16, 64, 0 - 127
- `PSA_ALG_SHA_512`, 16, 64, 0 - 127
diff --git a/docs/html/_sources/api/ops/index.rst.txt b/docs/html/_sources/api/ops/index.rst.txt
deleted file mode 100644
index 1e66853..0000000
--- a/docs/html/_sources/api/ops/index.rst.txt
+++ /dev/null
@@ -1,17 +0,0 @@
-.. _crypto-operations:
-
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-Cryptographic operation reference
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-.. toctree::
-
- hashes
- macs
- ciphers
- aead
- kdf
- sign
- pke
- ka
- rng
diff --git a/docs/html/_sources/api/ops/ka.rst.txt b/docs/html/_sources/api/ops/ka.rst.txt
deleted file mode 100644
index a85b7a4..0000000
--- a/docs/html/_sources/api/ops/ka.rst.txt
+++ /dev/null
@@ -1,263 +0,0 @@
-.. _key-agreement:
-
-Key agreement
-=============
-
-.. _key-agreement-algorithms:
-
-Key agreement algorithms
-------------------------
-
-.. macro:: PSA_ALG_KEY_AGREEMENT
- :definition: /* specification-defined value */
-
- .. summary::
- Macro to build a combined algorithm that chains a key agreement with a key derivation.
-
- .. param:: ka_alg
- A key agreement algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_KEY_AGREEMENT(ka_alg)` is true).
- .. param:: kdf_alg
- A key derivation algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_KEY_DERIVATION(kdf_alg)` is true).
-
- .. return::
- The corresponding key agreement and derivation algorithm.
-
- Unspecified if ``ka_alg`` is not a supported key agreement algorithm or ``kdf_alg`` is not a supported key derivation algorithm.
-
- The component parts of a key agreement algorithm can be extracted using `PSA_ALG_KEY_AGREEMENT_GET_BASE()` and `PSA_ALG_KEY_AGREEMENT_GET_KDF()`.
-
-.. macro:: PSA_ALG_FFDH
- :definition: ((psa_algorithm_t)0x09010000)
-
- .. summary::
- The finite-field Diffie-Hellman (DH) key agreement algorithm.
-
- The shared secret produced by key agreement is ``g^{ab}`` in big-endian format. It is ``ceiling(m / 8)`` bytes long where ``m`` is the size of the prime ``p`` in bits.
-
-.. macro:: PSA_ALG_ECDH
- :definition: ((psa_algorithm_t)0x09020000)
-
- .. summary::
- The elliptic curve Diffie-Hellman (ECDH) key agreement algorithm.
-
- The shared secret produced by key agreement is the x-coordinate of the shared secret point. It is always ``ceiling(m / 8)`` bytes long where ``m`` is the bit size associated with the curve, i.e. the bit size of the order of the curve's coordinate field. When ``m`` is not a multiple of 8, the byte containing the most significant bit of the shared secret is padded with zero bits. The byte order is either little-endian or big-endian depending on the curve type.
-
- * For Montgomery curves (curve family `PSA_ECC_FAMILY_MONTGOMERY`), the shared secret is the x-coordinate of ``d_A Q_B = d_B Q_A`` in little-endian byte order. The bit size is 448 for Curve448 and 255 for Curve25519.
- * For Weierstrass curves over prime fields (curve families ``PSA_ECC_FAMILY_SECP_XX``, `PSA_ECC_FAMILY_BRAINPOOL_P_R1` and `PSA_ECC_FAMILY_FRP`), the shared secret is the x-coordinate of ``d_A Q_B = d_B Q_A`` in big-endian byte order. The bit size is ``m = ceiling(log_2(p))`` for the field ``F_p``.
- * For Weierstrass curves over binary fields (curve families ``PSA_ECC_FAMILY_SECT_XX``), the shared secret is the x-coordinate of ``d_A Q_B = d_B Q_A`` in big-endian byte order. The bit size is ``m`` for the field ``F_{2^m}``.
-
-Standalone key agreement
-------------------------
-
-.. function:: psa_raw_key_agreement
-
- .. summary::
- Perform a key agreement and return the raw shared secret.
-
- .. param:: psa_algorithm_t alg
- The key agreement algorithm to compute (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_RAW_KEY_AGREEMENT(alg)` is true).
- .. param:: psa_key_id_t private_key
- Identifier of the private key to use.
- It must allow the usage `PSA_KEY_USAGE_DERIVE`.
- .. param:: const uint8_t * peer_key
- Public key of the peer. It must be in the same format that `psa_import_key()` accepts. The standard formats for public keys are documented in the documentation of `psa_export_public_key()`.
- .. param:: size_t peer_key_length
- Size of ``peer_key`` in bytes.
- .. param:: uint8_t * output
- Buffer where the decrypted message is to be written.
- .. param:: size_t output_size
- Size of the ``output`` buffer in bytes.
- This must be appropriate for the keys:
-
- * The required output size is :code:`PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(type, bits)` where ``type`` is the type of ``private_key`` and ``bits`` is the bit-size of either ``private_key`` or the ``peer_key``.
- * `PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE` evaluates to the maximum output size of any supported raw key agreement algorithm.
-
- .. param:: size_t * output_length
- On success, the number of bytes that make up the returned output.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- Success.
- .. retval:: PSA_ERROR_INVALID_HANDLE
- .. retval:: PSA_ERROR_NOT_PERMITTED
- The key does not have the `PSA_KEY_USAGE_DERIVE` flag, or it does not permit the requested algorithm.
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- ``alg`` is not a key agreement algorithm
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- ``private_key`` is not compatible with ``alg``, or ``peer_key`` is not valid for ``alg`` or not compatible with ``private_key``.
- .. retval:: PSA_ERROR_BUFFER_TOO_SMALL
- The size of the ``output`` buffer is too small.
- `PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE()` or `PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE` can be used to determine the required buffer size.
- .. retval:: PSA_ERROR_NOT_SUPPORTED
- ``alg`` is not a supported key agreement algorithm.
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_STORAGE_FAILURE
- .. retval:: PSA_ERROR_DATA_CORRUPT
- .. retval:: PSA_ERROR_DATA_INVALID
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- .. warning::
- The raw result of a key agreement algorithm such as finite-field Diffie-Hellman or elliptic curve Diffie-Hellman has biases, and is not suitable for use as key material. Instead it is recommended that the result is used as input to a key derivation algorithm. To chain a key agreement with a key derivation, use `psa_key_derivation_key_agreement()` and other functions from the key derivation interface.
-
-Combining key agreement and key derivation
-------------------------------------------
-
-.. function:: psa_key_derivation_key_agreement
-
- .. summary::
- Perform a key agreement and use the shared secret as input to a key derivation.
-
- .. param:: psa_key_derivation_operation_t * operation
- The key derivation operation object to use. It must have been set up with `psa_key_derivation_setup()` with a key agreement and derivation algorithm ``alg`` (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_KEY_AGREEMENT(alg)` is true and :code:`PSA_ALG_IS_RAW_KEY_AGREEMENT(alg)` is false). The operation must be ready for an input of the type given by ``step``.
- .. param:: psa_key_derivation_step_t step
- Which step the input data is for.
- .. param:: psa_key_id_t private_key
- Identifier of the private key to use.
- It must allow the usage `PSA_KEY_USAGE_DERIVE`.
- .. param:: const uint8_t * peer_key
- Public key of the peer. The peer key must be in the same format that `psa_import_key()` accepts for the public key type corresponding to the type of private_key. That is, this function performs the equivalent of :code:`psa_import_key(..., peer_key, peer_key_length)` where with key attributes indicating the public key type corresponding to the type of ``private_key``. For example, for EC keys, this means that peer_key is interpreted as a point on the curve that the private key is on. The standard formats for public keys are documented in the documentation of `psa_export_public_key()`.
- .. param:: size_t peer_key_length
- Size of ``peer_key`` in bytes.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- Success.
- .. retval:: PSA_ERROR_BAD_STATE
- The operation state is not valid for this key agreement ``step``.
- .. retval:: PSA_ERROR_INVALID_HANDLE
- .. retval:: PSA_ERROR_NOT_PERMITTED
- The key does not have the `PSA_KEY_USAGE_DERIVE` flag, or it does not permit the requested algorithm.
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- ``private_key`` is not compatible with ``alg``, or ``peer_key`` is not valid for ``alg`` or not compatible with ``private_key``.
- .. retval:: PSA_ERROR_NOT_SUPPORTED
- ``alg`` is not supported or is not a key derivation algorithm.
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- ``step`` does not allow an input resulting from a key agreement.
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_STORAGE_FAILURE
- .. retval:: PSA_ERROR_DATA_CORRUPT
- .. retval:: PSA_ERROR_DATA_INVALID
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- A key agreement algorithm takes two inputs: a private key ``private_key`` a public key ``peer_key``. The result of this function is passed as input to a key derivation. The output of this key derivation can be extracted by reading from the resulting operation to produce keys and other cryptographic material.
-
- If this function returns an error status, the operation enters an error state and must be aborted by calling `psa_key_derivation_abort()`.
-
-Support macros
---------------
-
-.. macro:: PSA_ALG_KEY_AGREEMENT_GET_BASE
- :definition: /* specification-defined value */
-
- .. summary::
- Get the raw key agreement algorithm from a full key agreement algorithm.
-
- .. param:: alg
- A key agreement algorithm identifier (value of type `psa_algorithm_t` such that :code:`PSA_ALG_IS_KEY_AGREEMENT(alg)` is true).
-
- .. return::
- The underlying raw key agreement algorithm if ``alg`` is a key agreement algorithm.
-
- Unspecified if ``alg`` is not a key agreement algorithm or if it is not supported by the implementation.
-
- See also `PSA_ALG_KEY_AGREEMENT()` and `PSA_ALG_KEY_AGREEMENT_GET_KDF()`.
-
-.. macro:: PSA_ALG_KEY_AGREEMENT_GET_KDF
- :definition: /* specification-defined value */
-
- .. summary::
- Get the key derivation algorithm used in a full key agreement algorithm.
-
- .. param:: alg
- A key agreement algorithm identifier (value of type `psa_algorithm_t` such that :code:`PSA_ALG_IS_KEY_AGREEMENT(alg)` is true).
-
- .. return::
- The underlying key derivation algorithm if ``alg`` is a key agreement algorithm.
-
- Unspecified if ``alg`` is not a key agreement algorithm or if it is not supported by the implementation.
-
- See also `PSA_ALG_KEY_AGREEMENT()` and `PSA_ALG_KEY_AGREEMENT_GET_BASE()`.
-
-.. macro:: PSA_ALG_IS_RAW_KEY_AGREEMENT
- :definition: /* specification-defined value */
-
- .. summary::
- Whether the specified algorithm is a raw key agreement algorithm.
-
- .. param:: alg
- An algorithm identifier (value of type `psa_algorithm_t`).
-
- .. return::
- ``1`` if ``alg`` is a raw key agreement algorithm, ``0`` otherwise. This macro can return either ``0`` or ``1`` if ``alg`` is not a supported algorithm identifier.
-
- A raw key agreement algorithm is one that does not specify a key derivation function. Usually, raw key agreement algorithms are constructed directly with a ``PSA_ALG_xxx`` macro while non-raw key agreement algorithms are constructed with `PSA_ALG_KEY_AGREEMENT()`.
-
- The raw key agreement algorithm can be extracted from a full key agreement algorithm identifier using `PSA_ALG_KEY_AGREEMENT_GET_BASE()`.
-
-.. macro:: PSA_ALG_IS_FFDH
- :definition: /* specification-defined value */
-
- .. summary::
- Whether the specified algorithm is a finite field Diffie-Hellman algorithm.
-
- .. param:: alg
- An algorithm identifier (value of type `psa_algorithm_t`).
-
- .. return::
- ``1`` if ``alg`` is a finite field Diffie-Hellman algorithm, ``0`` otherwise. This macro can return either ``0`` or ``1`` if ``alg`` is not a supported key agreement algorithm identifier.
-
- This includes the raw finite field Diffie-Hellman algorithm as well as finite-field Diffie-Hellman followed by any supporter key derivation algorithm.
-
-.. macro:: PSA_ALG_IS_ECDH
- :definition: /* specification-defined value */
-
- .. summary::
- Whether the specified algorithm is an elliptic curve Diffie-Hellman algorithm.
-
- .. param:: alg
- An algorithm identifier (value of type `psa_algorithm_t`).
-
- .. return::
- ``1`` if ``alg`` is an elliptic curve Diffie-Hellman algorithm, ``0`` otherwise. This macro can return either ``0`` or ``1`` if ``alg`` is not a supported key agreement algorithm identifier.
-
- This includes the raw elliptic curve Diffie-Hellman algorithm as well as elliptic curve Diffie-Hellman followed by any supporter key derivation algorithm.
-
-.. macro:: PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE
- :definition: /* implementation-defined value */
-
- .. summary::
- Sufficient output buffer size for `psa_raw_key_agreement()`.
-
- .. param:: key_type
- A supported key type.
- .. param:: key_bits
- The size of the key in bits.
-
- .. return::
- If the parameters are valid and supported, return a buffer size in bytes that guarantees that `psa_raw_key_agreement()` will not fail with `PSA_ERROR_BUFFER_TOO_SMALL`. If the parameters are a valid combination that is not supported by the implementation, this macro must return either a sensible size or ``0``. If the parameters are not valid, the return value is unspecified.
-
- This macro returns a compile-time constant if its arguments are compile-time constants.
-
- .. warning::
- This function might evaluate its arguments multiple times or zero times. Providing arguments that have side effects will result in implementation-specific behavior, and is non-portable.
-
- See also `PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE`.
-
-.. macro:: PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE
- :definition: /* implementation-defined value */
-
- .. summary::
- Maximum size of the output from `psa_raw_key_agreement()`.
-
- This macro must expand to a compile-time constant integer.
- It is recommended that this value is the maximum size of the output any raw key agreement algorithm supported by the implementation, in bytes. The value must not be smaller than this maximum.
-
- See also `PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE()`.
diff --git a/docs/html/_sources/api/ops/kdf.rst.txt b/docs/html/_sources/api/ops/kdf.rst.txt
deleted file mode 100644
index 62267a3..0000000
--- a/docs/html/_sources/api/ops/kdf.rst.txt
+++ /dev/null
@@ -1,563 +0,0 @@
-.. _kdf:
-
-Key derivation
-==============
-
-.. _key-derivation-algorithms:
-
-Key derivation algorithms
--------------------------
-
-.. macro:: PSA_ALG_HKDF
- :definition: /* specification-defined value */
-
- .. summary::
- Macro to build an HKDF algorithm.
-
- .. param:: hash_alg
- A hash algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_HASH(hash_alg)` is true).
-
- .. return::
- The corresponding HKDF algorithm. For example, :code:`PSA_ALG_HKDF(PSA_ALG_SHA_256)` is HKDF using HMAC-SHA-256.
-
- Unspecified if ``hash_alg`` is not a supported hash algorithm.
-
- This key derivation algorithm uses the following inputs:
-
- * `PSA_KEY_DERIVATION_INPUT_SALT` is the salt used in the "extract" step. It is optional; if omitted, the derivation uses an empty salt.
- * `PSA_KEY_DERIVATION_INPUT_SECRET` is the secret key used in the "extract" step.
- * `PSA_KEY_DERIVATION_INPUT_INFO` is the info string used in the "expand" step.
-
- If `PSA_KEY_DERIVATION_INPUT_SALT` is provided, it must be before `PSA_KEY_DERIVATION_INPUT_SECRET`. `PSA_KEY_DERIVATION_INPUT_INFO` can be provided at any time after setup and before starting to generate output.
-
-.. macro:: PSA_ALG_TLS12_PRF
- :definition: /* specification-defined value */
-
- .. summary::
- Macro to build a TLS-1.2 PRF algorithm.
-
- .. param:: hash_alg
- A hash algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_HASH(hash_alg)` is true).
-
- .. return::
- The corresponding TLS-1.2 PRF algorithm. For example, :code:`PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256)` represents the TLS 1.2 PRF using HMAC-SHA-256.
-
- Unspecified if ``hash_alg`` is not a supported hash algorithm.
-
- TLS 1.2 uses a custom pseudorandom function (PRF) for key schedule, specified in :RFC:`5246#5`. It is based on HMAC and can be used with either SHA-256 or SHA-384.
-
- This key derivation algorithm uses the following inputs, which must be passed in the order given here:
-
- * `PSA_KEY_DERIVATION_INPUT_SEED` is the seed.
- * `PSA_KEY_DERIVATION_INPUT_SECRET` is the secret key.
- * `PSA_KEY_DERIVATION_INPUT_LABEL` is the label.
-
- For the application to TLS-1.2 key expansion:
-
- * The seed is the concatenation of ``ServerHello.Random + ClientHello.Random``.
- * The label is ``"key expansion"``.
-
-.. macro:: PSA_ALG_TLS12_PSK_TO_MS
- :definition: /* specification-defined value */
-
- .. summary::
- Macro to build a TLS-1.2 PSK-to-MasterSecret algorithm.
-
- .. param:: hash_alg
- A hash algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_HASH(hash_alg)` is true).
-
- .. return::
- The corresponding TLS-1.2 PSK to MS algorithm. For example, :code:`PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256)` represents the TLS-1.2 PSK to MasterSecret derivation PRF using HMAC-SHA-256.
-
- Unspecified if ``hash_alg`` is not a supported hash algorithm.
-
- In a pure-PSK handshake in TLS 1.2, the master secret (MS) is derived from the pre-shared key (PSK) through the application of padding (:RFC:`4279#2`) and the TLS-1.2 PRF (:RFC:`5246#5`). The latter is based on HMAC and can be used with either SHA-256 or SHA-384.
-
- This key derivation algorithm uses the following inputs, which must be passed in the order given here:
-
- * `PSA_KEY_DERIVATION_INPUT_SEED` is the seed.
- * `PSA_KEY_DERIVATION_INPUT_SECRET` is the PSK. The PSK must not be larger than `PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE`.
- * `PSA_KEY_DERIVATION_INPUT_LABEL` is the label.
-
- For the application to TLS-1.2:
-
- * The seed, which is forwarded to the TLS-1.2 PRF, is the concatenation of the ``ClientHello.Random + ServerHello.Random``.
- * The label is ``"master secret"`` or ``"extended master secret"``.
-
-Input step types
-----------------
-
-.. typedef:: uint16_t psa_key_derivation_step_t
-
- .. summary::
- Encoding of the step of a key derivation.
-
-.. macro:: PSA_KEY_DERIVATION_INPUT_SECRET
- :definition: /* implementation-defined value */
-
- .. summary::
- A secret input for key derivation.
-
- This is typically a key of type `PSA_KEY_TYPE_DERIVE` passed to `psa_key_derivation_input_key()`, or the shared secret resulting from a key agreement obtained via `psa_key_derivation_key_agreement()`.
-
- The secret can also be a direct input passed to `psa_key_derivation_input_bytes()`. In this case, the derivation operation cannot be used to derive keys: the operation will only allow `psa_key_derivation_output_bytes()`, not `psa_key_derivation_output_key()`.
-
-.. macro:: PSA_KEY_DERIVATION_INPUT_LABEL
- :definition: /* implementation-defined value */
-
- .. summary::
- A label for key derivation.
-
- This is typically a direct input. It can also be a key of type `PSA_KEY_TYPE_RAW_DATA`.
-
-.. macro:: PSA_KEY_DERIVATION_INPUT_CONTEXT
- :definition: /* implementation-defined value */
-
- .. summary::
- A context for key derivation.
-
- This is typically a direct input. It can also be a key of type `PSA_KEY_TYPE_RAW_DATA`.
-
-.. macro:: PSA_KEY_DERIVATION_INPUT_SALT
- :definition: /* implementation-defined value */
-
- .. summary::
- A salt for key derivation.
-
- This is typically a direct input. It can also be a key of type `PSA_KEY_TYPE_RAW_DATA`.
-
-.. macro:: PSA_KEY_DERIVATION_INPUT_INFO
- :definition: /* implementation-defined value */
-
- .. summary::
- An information string for key derivation.
-
- This is typically a direct input. It can also be a key of type `PSA_KEY_TYPE_RAW_DATA`.
-
-.. macro:: PSA_KEY_DERIVATION_INPUT_SEED
- :definition: /* implementation-defined value */
-
- .. summary::
- A seed for key derivation.
-
- This is typically a direct input. It can also be a key of type `PSA_KEY_TYPE_RAW_DATA`.
-
-Key derivation functions
-------------------------
-
-.. typedef:: /* implementation-defined type */ psa_key_derivation_operation_t
-
- .. summary::
- The type of the state object for key derivation operations.
-
- Before calling any function on a key derivation operation object, the application must initialize it by any of the following means:
-
- * Set the object to all-bits-zero, for example:
-
- .. autocode::
- psa_key_derivation_operation_t operation;
- memset(&operation, 0, sizeof(operation));
-
- * Initialize the object to logical zero values by declaring the object as static or global without an explicit initializer, for example:
-
- .. autocode::
- static psa_key_derivation_operation_t operation;
-
- * Initialize the object to the initializer `PSA_KEY_DERIVATION_OPERATION_INIT`, for example:
-
- .. autocode::
- psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
-
- * Assign the result of the function `psa_key_derivation_operation_init()` to the object, for example:
-
- .. autocode::
- psa_key_derivation_operation_t operation;
- operation = psa_key_derivation_operation_init();
-
- This is an implementation-defined type. Applications that make assumptions about the content of this object will result in in implementation-specific behavior, and are non-portable.
-
-.. macro:: PSA_KEY_DERIVATION_OPERATION_INIT
- :definition: /* implementation-defined value */
-
- .. summary::
- This macro returns a suitable initializer for a key derivation operation object of type `psa_key_derivation_operation_t`.
-
-.. function:: psa_key_derivation_operation_init
-
- .. summary::
- Return an initial value for a key derivation operation object.
-
- .. return:: psa_key_derivation_operation_t
-
-.. function:: psa_key_derivation_setup
-
- .. summary::
- Set up a key derivation operation.
-
- .. param:: psa_key_derivation_operation_t * operation
- The key derivation operation object to set up. It must have been initialized but not set up yet.
- .. param:: psa_algorithm_t alg
- The key derivation algorithm to compute (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_KEY_DERIVATION(alg)` is true).
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- Success.
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- ``alg`` is not a key derivation algorithm.
- .. retval:: PSA_ERROR_NOT_SUPPORTED
- ``alg`` is not supported or is not a key derivation algorithm.
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_STORAGE_FAILURE
- .. retval:: PSA_ERROR_DATA_CORRUPT
- .. retval:: PSA_ERROR_DATA_INVALID
- .. retval:: PSA_ERROR_BAD_STATE
- The operation state is not valid: it must be inactive.
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- A key derivation algorithm takes some inputs and uses them to generate a byte stream in a deterministic way. This byte stream can be used to produce keys and other cryptographic material.
-
- To derive a key:
-
- #. Start with an initialized object of type `psa_key_derivation_operation_t`.
- #. Call `psa_key_derivation_setup()` to select the algorithm.
- #. Provide the inputs for the key derivation by calling `psa_key_derivation_input_bytes()` or `psa_key_derivation_input_key()` as appropriate. Which inputs are needed, in what order, whether keys are permitted, and what type of keys depends on the algorithm.
- #. Optionally set the operation's maximum capacity with `psa_key_derivation_set_capacity()`. This can be done before, in the middle of, or after providing inputs. For some algorithms, this step is mandatory because the output depends on the maximum capacity.
- #. To derive a key, call `psa_key_derivation_output_key()`. To derive a byte string for a different purpose, call `psa_key_derivation_output_bytes()`. Successive calls to these functions use successive output bytes calculated by the key derivation algorithm.
- #. Clean up the key derivation operation object with `psa_key_derivation_abort()`.
-
- If this function returns an error, the key derivation operation object is not changed.
-
- If an error occurs at any step after a call to `psa_key_derivation_setup()`, the operation will need to be reset by a call to `psa_key_derivation_abort()`.
-
- Implementations must reject an attempt to derive a key of size ``0``.
-
-.. function:: psa_key_derivation_get_capacity
-
- .. summary::
- Retrieve the current capacity of a key derivation operation.
-
- .. param:: const psa_key_derivation_operation_t * operation
- The operation to query.
- .. param:: size_t * capacity
- On success, the capacity of the operation.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_BAD_STATE
- The operation state is not valid: it must be active.
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- The capacity of a key derivation is the maximum number of bytes that it can return. Reading *N* bytes of output from a key derivation operation reduces its capacity by at least *N*. The capacity can be reduced by more than *N* in the following situations:
-
- - Calling `psa_key_derivation_output_key()` can reduce the capacity by more than the key size, depending on the type of key being generated. See `psa_key_derivation_output_key()` for details of the key derivation process.
- - When the `psa_key_derivation_operation_t` object is operating as a deterministic random bit generator (DBRG), which reduces capacity in whole blocks, even when less than a block is read.
-
-.. function:: psa_key_derivation_set_capacity
-
- .. summary::
- Set the maximum capacity of a key derivation operation.
-
- .. param:: psa_key_derivation_operation_t * operation
- The key derivation operation object to modify.
- .. param:: size_t capacity
- The new capacity of the operation. It must be less or equal to the operation's current capacity.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- ``capacity`` is larger than the operation's current capacity. In this case, the operation object remains valid and its capacity remains unchanged.
- .. retval:: PSA_ERROR_BAD_STATE
- The operation state is not valid: it must be active.
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- The capacity of a key derivation operation is the maximum number of bytes that the key derivation operation can return from this point onwards.
-
-.. function:: psa_key_derivation_input_bytes
-
- .. summary::
- Provide an input for key derivation or key agreement.
-
- .. param:: psa_key_derivation_operation_t * operation
- The key derivation operation object to use. It must have been set up with `psa_key_derivation_setup()` and must not have produced any output yet.
- .. param:: psa_key_derivation_step_t step
- Which step the input data is for.
- .. param:: const uint8_t * data
- Input data to use.
- .. param:: size_t data_length
- Size of the ``data`` buffer in bytes.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- Success.
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- ``step`` is not compatible with the operation's algorithm.
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- ``step`` does not allow direct inputs.
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_STORAGE_FAILURE
- .. retval:: PSA_ERROR_DATA_CORRUPT
- .. retval:: PSA_ERROR_DATA_INVALID
- .. retval:: PSA_ERROR_BAD_STATE
- The operation state is not valid for this input ``step``.
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- Which inputs are required and in what order depends on the algorithm. Refer to the documentation of each key derivation or key agreement algorithm for information.
-
- This function passes direct inputs, which is usually correct for non-secret inputs. To pass a secret input, which is normally in a key object, call `psa_key_derivation_input_key()` instead of this function. Refer to the documentation of individual step types (``PSA_KEY_DERIVATION_INPUT_xxx`` values of type `psa_key_derivation_step_t`) for more information.
-
- If this function returns an error status, the operation enters an error state and must be aborted by calling `psa_key_derivation_abort()`.
-
-.. function:: psa_key_derivation_input_key
-
- .. summary::
- Provide an input for key derivation in the form of a key.
-
- .. param:: psa_key_derivation_operation_t * operation
- The key derivation operation object to use. It must have been set up with `psa_key_derivation_setup()` and must not have produced any output yet.
- .. param:: psa_key_derivation_step_t step
- Which step the input data is for.
- .. param:: psa_key_id_t key
- Identifier of the key. It must have an appropriate type for ``step`` and must allow the usage `PSA_KEY_USAGE_DERIVE`.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- Success.
- .. retval:: PSA_ERROR_INVALID_HANDLE
- .. retval:: PSA_ERROR_NOT_PERMITTED
- The key does not have the `PSA_KEY_USAGE_DERIVE` flag.
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- ``step`` is not compatible with the operation's algorithm.
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- ``step`` does not allow key inputs of the given type or does not allow key inputs at all.
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_STORAGE_FAILURE
- .. retval:: PSA_ERROR_DATA_CORRUPT
- .. retval:: PSA_ERROR_DATA_INVALID
- .. retval:: PSA_ERROR_BAD_STATE
- The operation state is not valid for this input ``step``.
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- Which inputs are required and in what order depends on the algorithm. Refer to the documentation of each key derivation or key agreement algorithm for information.
-
- This function obtains input from a key object, which is usually correct for secret inputs or for non-secret personalization strings kept in the key store. To pass a non-secret parameter which is not in the key store, call `psa_key_derivation_input_bytes()` instead of this function. Refer to the documentation of individual step types (``PSA_KEY_DERIVATION_INPUT_xxx`` values of type `psa_key_derivation_step_t`) for more information.
-
- If this function returns an error status, the operation enters an error state and must be aborted by calling `psa_key_derivation_abort()`.
-
-.. function:: psa_key_derivation_output_bytes
-
- .. summary::
- Read some data from a key derivation operation.
-
- .. param:: psa_key_derivation_operation_t * operation
- The key derivation operation object to read from.
- .. param:: uint8_t * output
- Buffer where the output will be written.
- .. param:: size_t output_length
- Number of bytes to output.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- .. retval:: PSA_ERROR_INSUFFICIENT_DATA
- The operation's capacity was less than ``output_length`` bytes. Note that in this case, no output is written to the output buffer. The operation's capacity is set to ``0``, thus subsequent calls to this function will not succeed, even with a smaller output buffer.
- .. retval:: PSA_ERROR_BAD_STATE
- The operation state is not valid: it must be active and completed all required input steps.
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_STORAGE_FAILURE
- .. retval:: PSA_ERROR_DATA_CORRUPT
- .. retval:: PSA_ERROR_DATA_INVALID
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- This function calculates output bytes from a key derivation algorithm and return those bytes. If the key derivation's output is viewed as a stream of bytes, this function consumes the requested number of bytes from the stream and returns them to the caller. The operation's capacity decreases by the number of bytes read.
-
- If this function returns an error status other than `PSA_ERROR_INSUFFICIENT_DATA`, the operation enters an error state and must be aborted by calling `psa_key_derivation_abort()`.
-
-.. function:: psa_key_derivation_output_key
-
- .. summary::
- Derive a key from an ongoing key derivation operation.
-
- .. param:: const psa_key_attributes_t * attributes
- The attributes for the new key.
- .. param:: psa_key_derivation_operation_t * operation
- The key derivation operation object to read from.
- .. param:: psa_key_id_t * key
- On success, an identifier for the newly created key. `PSA_KEY_ID_NULL` on failure.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- Success. If the key is persistent, the key material and the key's metadata have been saved to persistent storage.
- .. retval:: PSA_ERROR_ALREADY_EXISTS
- This is an attempt to create a persistent key, and there is already a persistent key with the given identifier.
- .. retval:: PSA_ERROR_INSUFFICIENT_DATA
- There was not enough data to create the desired key. Note that in this case, no output is written to the output buffer. The operation's capacity is set to ``0``, thus subsequent calls to this function will not succeed, even with a smaller output buffer.
- .. retval:: PSA_ERROR_NOT_SUPPORTED
- The key type or key size is not supported, either by the implementation in general or in this particular location.
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- The provided key attributes are not valid for the operation.
- .. retval:: PSA_ERROR_NOT_PERMITTED
- The `PSA_KEY_DERIVATION_INPUT_SECRET` input was not provided through a key.
- .. retval:: PSA_ERROR_BAD_STATE
- The operation state is not valid: it must be active and completed all required input steps.
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_INSUFFICIENT_STORAGE
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_STORAGE_FAILURE
- .. retval:: PSA_ERROR_DATA_CORRUPT
- .. retval:: PSA_ERROR_DATA_INVALID
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- This function calculates output bytes from a key derivation algorithm and uses those bytes to generate a key deterministically. The key's location, usage policy, type and size are taken from ``attributes``.
-
- If the key derivation's output is viewed as a stream of bytes, this function consumes the required number of bytes from the stream. The operation's capacity decreases by the number of bytes used to derive the key.
-
- If this function returns an error status other than `PSA_ERROR_INSUFFICIENT_DATA`, the operation enters an error state and must be aborted by calling `psa_key_derivation_abort()`.
-
- How much output is produced and consumed from the operation, and how the key is derived, depends on the key type:
-
- * For key types for which the key is an arbitrary sequence of bytes of a given size, this function is functionally equivalent to calling `psa_key_derivation_output_bytes()` and passing the resulting output to `psa_import_key()`. However, this function has a security benefit: if the implementation provides an isolation boundary then the key material is not exposed outside the isolation boundary. As a consequence, for these key types, this function always consumes exactly ``(bits/8)`` bytes from the operation. The following key types defined in this specification follow this scheme:
-
- * `PSA_KEY_TYPE_AES`;
- * `PSA_KEY_TYPE_ARC4`;
- * `PSA_KEY_TYPE_CAMELLIA`;
- * `PSA_KEY_TYPE_DERIVE`;
- * `PSA_KEY_TYPE_HMAC`.
-
- * For ECC keys on a Montgomery elliptic curve (:code:`PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY)`), this function always draws a byte string whose length is determined by the curve, and sets the mandatory bits accordingly. That is:
-
- * Curve25519 (`PSA_ECC_FAMILY_MONTGOMERY`, 255 bits): draw a 32-byte string and process it as specified in :RFC:`7748#5`.
- * Curve448 (`PSA_ECC_FAMILY_MONTGOMERY`, 448 bits): draw a 56-byte string and process it as specified in :RFC:`7748#5`.
-
- * For key types for which the key is represented by a single sequence of ``bits`` bits with constraints as to which bit sequences are acceptable, this function draws a byte string of length ``ceiling(bits/8)`` bytes. If the resulting byte string is acceptable, it becomes the key, otherwise the drawn bytes are discarded. This process is repeated until an acceptable byte string is drawn. The byte string drawn from the operation is interpreted as specified for the output produced by `psa_export_key()`. The following key types defined in this specification follow this scheme:
-
- * `PSA_KEY_TYPE_DES`. Force-set the parity bits, but discard forbidden weak keys. For 2-key and 3-key triple-DES, the three keys are generated successively. For example, for 3-key triple-DES, if the first 8 bytes specify a weak key and the next 8 bytes do not, discard the first 8 bytes, use the next 8 bytes as the first key, and continue reading output from the operation to derive the other two keys.
-
- * Finite-field Diffie-Hellman keys (:code:`PSA_KEY_TYPE_DH_KEY_PAIR(dh_family)` where ``dh_family`` designates any Diffie-Hellman family) and ECC keys on a Weierstrass elliptic curve (:code:`PSA_KEY_TYPE_ECC_KEY_PAIR(ecc_family)` where ``ecc_family`` designates a Weierstrass curve family). For these key types, interpret the byte string as integer in big-endian order. Discard it if it is not in the range [0, *N* - 2] where *N* is the boundary of the private key domain: *N* is the prime *p* for Diffie-Hellman, or the order of the curve's base point for ECC. Add ``1`` to the resulting integer and use this as the private key *x*.
-
- This method allows compliance to NIST standards, specifically the methods titled *Key-Pair Generation by Testing Candidates* in the following publications:
-
- - |NIST SP 800-56A|_ (NIST SP 800-56A) §5.6.1.1.4 for Diffie-Hellman keys.
- - `NIST SP 800-56A`_ §5.6.1.2.2 or |FIPS 186-4|_ (FIPS 186-4) §B.4.2 for elliptic curve keys.
-
- .. |NIST SP 800-56A| replace:: *NIST Special Publication 800-56A: Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography*
- .. _NIST SP 800-56A: https://doi.org/10.6028/NIST.SP.800-56Ar3
-
- .. |FIPS 186-4| replace:: *FIPS Publication 186-4: Digital Signature Standard (DSS)*
- .. _FIPS 186-4: https://doi.org/10.6028/NIST.FIPS.186-4
-
- * For other key types, including `PSA_KEY_TYPE_RSA_KEY_PAIR`, the way in which the operation output is consumed is implementation-defined.
-
- In all cases, the data that is read is discarded from the operation. The operation's capacity is decreased by the number of bytes read.
-
- For algorithms that take an input step `PSA_KEY_DERIVATION_INPUT_SECRET`, the input to that step must be provided with `psa_key_derivation_input_key()`. Future versions of this specification might include additional restrictions on the derived key based on the attributes and strength of the secret key.
-
-.. function:: psa_key_derivation_abort
-
- .. summary::
- Abort a key derivation operation.
-
- .. param:: psa_key_derivation_operation_t * operation
- The operation to abort.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- Aborting an operation frees all associated resources except for the ``operation`` object itself. Once aborted, the operation object can be reused for another operation by calling `psa_key_derivation_setup()` again.
-
- This function can be called at any time after the operation object has been initialized as described in `psa_key_derivation_operation_t`.
-
- In particular, it is valid to call `psa_key_derivation_abort()` twice, or to call `psa_key_derivation_abort()` on an operation that has not been set up.
-
-Support macros
---------------
-
-.. macro:: PSA_ALG_IS_HKDF
- :definition: /* specification-defined value */
-
- .. summary::
- Whether the specified algorithm is an HKDF algorithm.
-
- .. param:: alg
- An algorithm identifier (value of type `psa_algorithm_t`).
-
- .. return::
- ``1`` if ``alg`` is an HKDF algorithm, ``0`` otherwise. This macro can return either ``0`` or ``1`` if ``alg`` is not a supported key derivation algorithm identifier.
-
- HKDF is a family of key derivation algorithms that are based on a hash function and the HMAC construction.
-
-.. macro:: PSA_ALG_IS_TLS12_PRF
- :definition: /* specification-defined value */
-
- .. summary::
- Whether the specified algorithm is a TLS-1.2 PRF algorithm.
-
- .. param:: alg
- An algorithm identifier (value of type `psa_algorithm_t`).
-
- .. return::
- ``1`` if ``alg`` is a TLS-1.2 PRF algorithm, ``0`` otherwise. This macro can return either ``0`` or ``1`` if ``alg`` is not a supported key derivation algorithm identifier.
-
-.. macro:: PSA_ALG_IS_TLS12_PSK_TO_MS
- :definition: /* specification-defined value */
-
- .. summary::
- Whether the specified algorithm is a TLS-1.2 PSK to MS algorithm.
-
- .. param:: alg
- An algorithm identifier (value of type `psa_algorithm_t`).
-
- .. return::
- ``1`` if ``alg`` is a TLS-1.2 PSK to MS algorithm, ``0`` otherwise. This macro can return either ``0`` or ``1`` if ``alg`` is not a supported key derivation algorithm identifier.
-
-.. macro:: PSA_KEY_DERIVATION_UNLIMITED_CAPACITY
- :definition: /* implementation-defined value */
-
- .. summary::
- Use the maximum possible capacity for a key derivation operation.
-
- Use this value as the capacity argument when setting up a key derivation to specify that the operation will use the maximum possible capacity. The value of the maximum possible capacity depends on the key derivation algorithm.
-
-.. macro:: PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE
- :definition: /* implementation-defined value */
-
- .. summary::
- This macro returns the maximum supported length of the PSK for the TLS-1.2 PSK-to-MS key derivation.
-
- This implementation-defined value specifies the maximum length for the PSK input used with a `PSA_ALG_TLS12_PSK_TO_MS()` key agreement algorithm.
-
- Quoting :RFC:`4279#5.3`:
-
- TLS implementations supporting these ciphersuites MUST support arbitrary PSK identities up to 128 octets in length, and arbitrary PSKs up to 64 octets in length. Supporting longer identities and keys is RECOMMENDED.
-
- Therefore, it is recommended that implementations define `PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE` with a value greater than or equal to ``64``.
diff --git a/docs/html/_sources/api/ops/macs.rst.txt b/docs/html/_sources/api/ops/macs.rst.txt
deleted file mode 100644
index 3cd1283..0000000
--- a/docs/html/_sources/api/ops/macs.rst.txt
+++ /dev/null
@@ -1,540 +0,0 @@
-.. _macs:
-
-Message authentication codes (MAC)
-==================================
-
-.. _mac-algorithms:
-
-MAC algorithms
---------------
-
-.. macro:: PSA_ALG_HMAC
- :definition: /* specification-defined value */
-
- .. summary::
- Macro to build an HMAC algorithm.
-
- .. param:: hash_alg
- A hash algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_HASH(hash_alg)` is true).
-
- .. return::
- The corresponding HMAC algorithm.
-
- Unspecified if ``hash_alg`` is not a supported hash algorithm.
-
- For example, :code:`PSA_ALG_HMAC(PSA_ALG_SHA_256)` is HMAC-SHA-256.
-
-.. macro:: PSA_ALG_TRUNCATED_MAC
- :definition: /* specification-defined value */
-
- .. summary::
- Macro to build a truncated MAC algorithm.
-
- .. param:: mac_alg
- A MAC algorithm identifier (value of type `psa_algorithm_t` such that :code:`PSA_ALG_IS_MAC(alg)` is true). This can be a truncated or untruncated MAC algorithm.
- .. param:: mac_length
- Desired length of the truncated MAC in bytes. This must be at most the full length of the MAC and must be at least an implementation-specified minimum. The implementation-specified minimum must not be zero.
-
- .. return::
- The corresponding MAC algorithm with the specified length.
-
- Unspecified if ``alg`` is not a supported MAC algorithm or if ``mac_length`` is too small or too large for the specified MAC algorithm.
-
- A truncated MAC algorithm is identical to the corresponding MAC algorithm except that the MAC value for the truncated algorithm consists of only the first ``mac_length`` bytes of the MAC value for the untruncated algorithm.
-
- .. note::
- This macro might allow constructing algorithm identifiers that are not valid, either because the specified length is larger than the untruncated MAC or because the specified length is smaller than permitted by the implementation.
-
- .. note::
- It is implementation-defined whether a truncated MAC that is truncated to the same length as the MAC of the untruncated algorithm is considered identical to the untruncated algorithm for policy comparison purposes.
-
- The full-length MAC algorithm can be recovered using `PSA_ALG_FULL_LENGTH_MAC()`.
-
-.. macro:: PSA_ALG_CBC_MAC
- :definition: ((psa_algorithm_t)0x03c00100)
-
- .. summary::
- The CBC-MAC construction over a block cipher.
-
- .. warning::
- CBC-MAC is insecure in many cases. A more secure mode, such as `PSA_ALG_CMAC`, is recommended.
-
-.. macro:: PSA_ALG_CMAC
- :definition: ((psa_algorithm_t)0x03c00200)
-
- .. summary::
- The CMAC construction over a block cipher.
-
-Single-part MAC functions
--------------------------
-
-.. function:: psa_mac_compute
-
- .. summary::
- Calculate the message authentication code (MAC) of a message.
-
- .. param:: psa_key_id_t key
- Identifier of the key to use for the operation.
- It must allow the usage `PSA_KEY_USAGE_SIGN_MESSAGE`.
- .. param:: psa_algorithm_t alg
- The MAC algorithm to compute (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_MAC(alg)` is true).
- .. param:: const uint8_t * input
- Buffer containing the input message.
- .. param:: size_t input_length
- Size of the ``input`` buffer in bytes.
- .. param:: uint8_t * mac
- Buffer where the MAC value is to be written.
- .. param:: size_t mac_size
- Size of the ``mac`` buffer in bytes.
- This must be appropriate for the selected algorithm and key:
-
- * The exact MAC size is :code:`PSA_MAC_LENGTH(key_type, key_bits, alg)` where ``key_type`` and ``key_bits`` are attributes of the key used to compute the MAC.
- * `PSA_MAC_MAX_SIZE` evaluates to the maximum MAC size of any supported MAC algorithm.
-
- .. param:: size_t * mac_length
- On success, the number of bytes that make up the MAC value.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- Success.
- .. retval:: PSA_ERROR_INVALID_HANDLE
- .. retval:: PSA_ERROR_NOT_PERMITTED
- The key does not have the `PSA_KEY_USAGE_SIGN_MESSAGE` flag, or it does not permit the requested algorithm.
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- ``key`` is not compatible with ``alg``.
- .. retval:: PSA_ERROR_NOT_SUPPORTED
- ``alg`` is not supported or is not a MAC algorithm.
- .. retval:: PSA_ERROR_BUFFER_TOO_SMALL
- The size of the ``mac`` buffer is too small.
- `PSA_MAC_LENGTH()` or `PSA_MAC_MAX_SIZE` can be used to determine the required buffer size.
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_STORAGE_FAILURE
- The key could not be retrieved from storage.
- .. retval:: PSA_ERROR_DATA_CORRUPT
- The key could not be retrieved from storage.
- .. retval:: PSA_ERROR_DATA_INVALID
- The key could not be retrieved from storage.
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- .. note::
- To verify the MAC of a message against an expected value, use `psa_mac_verify()` instead. Beware that comparing integrity or authenticity data such as MAC values with a function such as ``memcmp()`` is risky because the time taken by the comparison might leak information about the MAC value which could allow an attacker to guess a valid MAC and thereby bypass security controls.
-
-.. function:: psa_mac_verify
-
- .. summary::
- Calculate the MAC of a message and compare it with a reference value.
-
- .. param:: psa_key_id_t key
- Identifier of the key to use for the operation.
- It must allow the usage `PSA_KEY_USAGE_VERIFY_MESSAGE`.
- .. param:: psa_algorithm_t alg
- The MAC algorithm to compute (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_MAC(alg)` is true).
- .. param:: const uint8_t * input
- Buffer containing the input message.
- .. param:: size_t input_length
- Size of the ``input`` buffer in bytes.
- .. param:: const uint8_t * mac
- Buffer containing the expected MAC value.
- .. param:: size_t mac_length
- Size of the ``mac`` buffer in bytes.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- The expected MAC is identical to the actual MAC of the input.
- .. retval:: PSA_ERROR_INVALID_SIGNATURE
- The MAC of the message was calculated successfully, but it differs from the expected value.
- .. retval:: PSA_ERROR_INVALID_HANDLE
- .. retval:: PSA_ERROR_NOT_PERMITTED
- The key does not have the `PSA_KEY_USAGE_VERIFY_MESSAGE` flag, or it does not permit the requested algorithm.
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- ``key`` is not compatible with ``alg``.
- .. retval:: PSA_ERROR_NOT_SUPPORTED
- ``alg`` is not supported or is not a MAC algorithm.
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_STORAGE_FAILURE
- The key could not be retrieved from storage.
- .. retval:: PSA_ERROR_DATA_CORRUPT
- The key could not be retrieved from storage.
- .. retval:: PSA_ERROR_DATA_INVALID
- The key could not be retrieved from storage.
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
-Multi-part MAC operations
--------------------------
-
-.. typedef:: /* implementation-defined type */ psa_mac_operation_t
-
- .. summary::
- The type of the state object for multi-part MAC operations.
-
- Before calling any function on a MAC operation object, the application must initialize it by any of the following means:
-
- * Set the object to all-bits-zero, for example:
-
- .. autocode::
- psa_mac_operation_t operation;
- memset(&operation, 0, sizeof(operation));
-
- * Initialize the object to logical zero values by declaring the object as static or global without an explicit initializer, for example:
-
- .. autocode::
- static psa_mac_operation_t operation;
-
- * Initialize the object to the initializer `PSA_MAC_OPERATION_INIT`, for example:
-
- .. autocode::
- psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
-
- * Assign the result of the function `psa_mac_operation_init()` to the object, for example:
-
- .. autocode::
- psa_mac_operation_t operation;
- operation = psa_mac_operation_init();
-
- This is an implementation-defined type. Applications that make assumptions about the content of this object will result in in implementation-specific behavior, and are non-portable.
-
-.. macro:: PSA_MAC_OPERATION_INIT
- :definition: /* implementation-defined value */
-
- .. summary::
- This macro returns a suitable initializer for a MAC operation object of type `psa_mac_operation_t`.
-
-.. function:: psa_mac_operation_init
-
- .. summary::
- Return an initial value for a MAC operation object.
-
- .. return:: psa_mac_operation_t
-
-.. function:: psa_mac_sign_setup
-
- .. summary::
- Set up a multi-part MAC calculation operation.
-
- .. param:: psa_mac_operation_t * operation
- The operation object to set up. It must have been initialized as per the documentation for `psa_mac_operation_t` and not yet in use.
- .. param:: psa_key_id_t key
- Identifier of the key to use for the operation. It must remain valid until the operation terminates.
- It must allow the usage `PSA_KEY_USAGE_SIGN_MESSAGE`.
- .. param:: psa_algorithm_t alg
- The MAC algorithm to compute (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_MAC(alg)` is true).
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- Success.
- .. retval:: PSA_ERROR_INVALID_HANDLE
- .. retval:: PSA_ERROR_NOT_PERMITTED
- The key does not have the `PSA_KEY_USAGE_SIGN_MESSAGE` flag, or it does not permit the requested algorithm.
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- ``key`` is not compatible with ``alg``.
- .. retval:: PSA_ERROR_NOT_SUPPORTED
- ``alg`` is not supported or is not a MAC algorithm.
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_STORAGE_FAILURE
- The key could not be retrieved from storage.
- .. retval:: PSA_ERROR_DATA_CORRUPT
- The key could not be retrieved from storage.
- .. retval:: PSA_ERROR_DATA_INVALID
- The key could not be retrieved from storage.
- .. retval:: PSA_ERROR_BAD_STATE
- The operation state is not valid: it must be inactive.
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- This function sets up the calculation of the message authentication code (MAC) of a byte string. To verify the MAC of a message against an expected value, use `psa_mac_verify_setup()` instead.
-
- The sequence of operations to calculate a MAC is as follows:
-
- #. Allocate an operation object which will be passed to all the functions listed here.
- #. Initialize the operation object with one of the methods described in the documentation for `psa_mac_operation_t`, e.g. `PSA_MAC_OPERATION_INIT`.
- #. Call `psa_mac_sign_setup()` to specify the algorithm and key.
- #. Call `psa_mac_update()` zero, one or more times, passing a fragment of the message each time. The MAC that is calculated is the MAC of the concatenation of these messages in order.
- #. At the end of the message, call `psa_mac_sign_finish()` to finish calculating the MAC value and retrieve it.
-
- If an error occurs at any step after a call to `psa_mac_sign_setup()`, the operation will need to be reset by a call to `psa_mac_abort()`. The application can call `psa_mac_abort()` at any time after the operation has been initialized.
-
- After a successful call to `psa_mac_sign_setup()`, the application must eventually terminate the operation through one of the following methods:
-
- * A successful call to `psa_mac_sign_finish()`.
- * A call to `psa_mac_abort()`.
-
-.. function:: psa_mac_verify_setup
-
- .. summary::
- Set up a multi-part MAC verification operation.
-
- .. param:: psa_mac_operation_t * operation
- The operation object to set up. It must have been initialized as per the documentation for `psa_mac_operation_t` and not yet in use.
- .. param:: psa_key_id_t key
- Identifier of the key to use for the operation. It must remain valid until the operation terminates.
- It must allow the usage `PSA_KEY_USAGE_VERIFY_MESSAGE`.
- .. param:: psa_algorithm_t alg
- The MAC algorithm to compute (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_MAC(alg)` is true).
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- Success.
- .. retval:: PSA_ERROR_INVALID_HANDLE
- .. retval:: PSA_ERROR_NOT_PERMITTED
- The key does not have the `PSA_KEY_USAGE_VERIFY_MESSAGE` flag, or it does not permit the requested algorithm.
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- ``key`` is not compatible with ``alg``.
- .. retval:: PSA_ERROR_NOT_SUPPORTED
- ``alg`` is not supported or is not a MAC algorithm.
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_STORAGE_FAILURE
- The key could not be retrieved from storage
- .. retval:: PSA_ERROR_DATA_CORRUPT
- The key could not be retrieved from storage.
- .. retval:: PSA_ERROR_DATA_INVALID
- The key could not be retrieved from storage.
- .. retval:: PSA_ERROR_BAD_STATE
- The operation state is not valid: it must be inactive.
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- This function sets up the verification of the message authentication code (MAC) of a byte string against an expected value.
-
- The sequence of operations to verify a MAC is as follows:
-
- #. Allocate an operation object which will be passed to all the functions listed here.
- #. Initialize the operation object with one of the methods described in the documentation for `psa_mac_operation_t`, e.g. `PSA_MAC_OPERATION_INIT`.
- #. Call `psa_mac_verify_setup()` to specify the algorithm and key.
- #. Call `psa_mac_update()` zero, one or more times, passing a fragment of the message each time. The MAC that is calculated is the MAC of the concatenation of these messages in order.
- #. At the end of the message, call `psa_mac_verify_finish()` to finish calculating the actual MAC of the message and verify it against the expected value.
-
- If an error occurs at any step after a call to `psa_mac_verify_setup()`, the operation will need to be reset by a call to `psa_mac_abort()`. The application can call `psa_mac_abort()` at any time after the operation has been initialized.
-
- After a successful call to `psa_mac_verify_setup()`, the application must eventually terminate the operation through one of the following methods:
-
- * A successful call to `psa_mac_verify_finish()`.
- * A call to `psa_mac_abort()`.
-
-.. function:: psa_mac_update
-
- .. summary::
- Add a message fragment to a multi-part MAC operation.
-
- .. param:: psa_mac_operation_t * operation
- Active MAC operation.
- .. param:: const uint8_t * input
- Buffer containing the message fragment to add to the MAC calculation.
- .. param:: size_t input_length
- Size of the ``input`` buffer in bytes.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- Success.
- .. retval:: PSA_ERROR_BAD_STATE
- The operation state is not valid: it must be active.
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_STORAGE_FAILURE
- .. retval:: PSA_ERROR_DATA_CORRUPT
- .. retval:: PSA_ERROR_DATA_INVALID
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- The application must call `psa_mac_sign_setup()` or `psa_mac_verify_setup()` before calling this function.
-
- If this function returns an error status, the operation enters an error state and must be aborted by calling `psa_mac_abort()`.
-
-.. function:: psa_mac_sign_finish
-
- .. summary::
- Finish the calculation of the MAC of a message.
-
- .. param:: psa_mac_operation_t * operation
- Active MAC operation.
- .. param:: uint8_t * mac
- Buffer where the MAC value is to be written.
- .. param:: size_t mac_size
- Size of the ``mac`` buffer in bytes.
- This must be appropriate for the selected algorithm and key:
-
- * The exact MAC size is :code:`PSA_MAC_LENGTH(key_type, key_bits, alg)` where ``key_type`` and ``key_bits`` are attributes of the key, and ``alg`` is the algorithm used to compute the MAC.
- * `PSA_MAC_MAX_SIZE` evaluates to the maximum MAC size of any supported MAC algorithm.
-
- .. param:: size_t * mac_length
- On success, the number of bytes that make up the MAC value. This is always :code:`PSA_MAC_FINAL_SIZE(key_type, key_bits, alg)` where ``key_type`` and ``key_bits`` are the type and bit-size respectively of the key and ``alg`` is the MAC algorithm that is calculated.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- Success.
- .. retval:: PSA_ERROR_BAD_STATE
- The operation state is not valid: it must be an active mac sign operation.
- .. retval:: PSA_ERROR_BUFFER_TOO_SMALL
- The size of the ``mac`` buffer is too small.
- `PSA_MAC_LENGTH()` or `PSA_MAC_MAX_SIZE` can be used to determine the required buffer size.
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_STORAGE_FAILURE
- .. retval:: PSA_ERROR_DATA_CORRUPT
- .. retval:: PSA_ERROR_DATA_INVALID
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- The application must call `psa_mac_sign_setup()` before calling this function. This function calculates the MAC of the message formed by concatenating the inputs passed to preceding calls to `psa_mac_update()`.
-
- When this function returns successfully, the operation becomes inactive. If this function returns an error status, the operation enters an error state and must be aborted by calling `psa_mac_abort()`.
-
- .. warning::
- It is not recommended to use this function when a specific value is expected for the MAC. Call `psa_mac_verify_finish()` instead with the expected MAC value.
-
- Comparing integrity or authenticity data such as MAC values with a function such as ``memcmp()`` is risky because the time taken by the comparison might leak information about the hashed data which could allow an attacker to guess a valid MAC and thereby bypass security controls.
-
-.. function:: psa_mac_verify_finish
-
- .. summary::
- Finish the calculation of the MAC of a message and compare it with an expected value.
-
- .. param:: psa_mac_operation_t * operation
- Active MAC operation.
- .. param:: const uint8_t * mac
- Buffer containing the expected MAC value.
- .. param:: size_t mac_length
- Size of the ``mac`` buffer in bytes.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- The expected MAC is identical to the actual MAC of the message.
- .. retval:: PSA_ERROR_INVALID_SIGNATURE
- The MAC of the message was calculated successfully, but it differs from the expected MAC.
- .. retval:: PSA_ERROR_BAD_STATE
- The operation state is not valid: it must be an active mac verify operation.
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_STORAGE_FAILURE
- .. retval:: PSA_ERROR_DATA_CORRUPT
- .. retval:: PSA_ERROR_DATA_INVALID
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- The application must call `psa_mac_verify_setup()` before calling this function. This function calculates the MAC of the message formed by concatenating the inputs passed to preceding calls to `psa_mac_update()`. It then compares the calculated MAC with the expected MAC passed as a parameter to this function.
-
- When this function returns successfully, the operation becomes inactive. If this function returns an error status, the operation enters an error state and must be aborted by calling `psa_mac_abort()`.
-
- .. note::
- Implementations must make the best effort to ensure that the comparison between the actual MAC and the expected MAC is performed in constant time.
-
-.. function:: psa_mac_abort
-
- .. summary::
- Abort a MAC operation.
-
- .. param:: psa_mac_operation_t * operation
- Initialized MAC operation.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- Aborting an operation frees all associated resources except for the ``operation`` object itself. Once aborted, the operation object can be reused for another operation by calling `psa_mac_sign_setup()` or `psa_mac_verify_setup()` again.
-
- This function can be called any time after the operation object has been initialized by one of the methods described in `psa_mac_operation_t`.
-
- In particular, calling `psa_mac_abort()` after the operation has been terminated by a call to `psa_mac_abort()`, `psa_mac_sign_finish()` or `psa_mac_verify_finish()` is safe and has no effect.
-
-Support macros
---------------
-
-.. macro:: PSA_ALG_IS_HMAC
- :definition: /* specification-defined value */
-
- .. summary::
- Whether the specified algorithm is an HMAC algorithm.
-
- .. param:: alg
- An algorithm identifier (value of type `psa_algorithm_t`).
-
- .. return::
- ``1`` if ``alg`` is an HMAC algorithm, ``0`` otherwise. This macro can return either ``0`` or ``1`` if ``alg`` is not a supported algorithm identifier.
-
- HMAC is a family of MAC algorithms that are based on a hash function.
-
-.. macro:: PSA_ALG_IS_BLOCK_CIPHER_MAC
- :definition: /* specification-defined value */
-
- .. summary::
- Whether the specified algorithm is a MAC algorithm based on a block cipher.
-
- .. param:: alg
- An algorithm identifier (value of type `psa_algorithm_t`).
-
- .. return::
- ``1`` if ``alg`` is a MAC algorithm based on a block cipher, ``0`` otherwise. This macro can return either ``0`` or ``1`` if ``alg`` is not a supported algorithm identifier.
-
-.. macro:: PSA_ALG_FULL_LENGTH_MAC
- :definition: /* specification-defined value */
-
- .. summary::
- Macro to construct the MAC algorithm with a full length MAC, from a truncated MAC algorithm.
-
- .. param:: mac_alg
- A MAC algorithm identifier (value of type `psa_algorithm_t` such that :code:`PSA_ALG_IS_MAC(alg)` is true). This can be a truncated or untruncated MAC algorithm.
-
- .. return::
- The corresponding MAC algorithm with a full length MAC.
-
- Unspecified if ``alg`` is not a supported MAC algorithm.
-
-.. macro:: PSA_MAC_LENGTH
- :definition: /* implementation-defined value */
-
- .. summary::
- The size of the output of `psa_mac_compute()` and `psa_mac_sign_finish()`, in bytes.
-
- .. param:: key_type
- The type of the MAC key.
- .. param:: key_bits
- The size of the MAC key in bits.
- .. param:: alg
- A MAC algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_MAC(alg)` is true).
-
- .. return::
- The MAC length for the specified algorithm with the specified key parameters.
-
- ``0`` if the MAC algorithm is not recognized.
-
- Either ``0`` or the correct length for a MAC algorithm that the implementation recognizes, but does not support.
-
- Unspecified if the key parameters are not consistent with the algorithm.
-
- This is also the MAC length that `psa_mac_verify()` and `psa_mac_verify_finish()` expects.
-
- See also `PSA_MAC_MAX_SIZE`.
-
-.. macro:: PSA_MAC_MAX_SIZE
- :definition: /* implementation-defined value */
-
- .. summary::
- Maximum size of a MAC.
-
- This macro must expand to a compile-time constant integer.
- It is recommended that this value is the maximum size of a MAC supported by the implementation, in bytes. The value must not be smaller than this maximum.
-
- See also `PSA_MAC_LENGTH()`.
diff --git a/docs/html/_sources/api/ops/pke.rst.txt b/docs/html/_sources/api/ops/pke.rst.txt
deleted file mode 100644
index 9ffde10..0000000
--- a/docs/html/_sources/api/ops/pke.rst.txt
+++ /dev/null
@@ -1,220 +0,0 @@
-.. _pke:
-
-Asymmetric encryption
-=====================
-
-.. _asymmetric-encryption-algorithms:
-
-Asymmetric encryption algorithms
---------------------------------
-
-.. macro:: PSA_ALG_RSA_PKCS1V15_CRYPT
- :definition: ((psa_algorithm_t)0x07000200)
-
- .. summary::
- RSA PKCS#1 v1.5 encryption.
-
-.. macro:: PSA_ALG_RSA_OAEP
- :definition: /* specification-defined value */
-
- .. summary::
- RSA OAEP encryption.
-
- .. param:: hash_alg
- The hash algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_HASH(hash_alg)` is true) to use for MGF1.
-
- .. return::
- The corresponding RSA OAEP signature algorithm.
-
- Unspecified if ``hash_alg`` is not a supported hash algorithm.
-
- This is the encryption scheme defined by :RFC:`8017` (PKCS#1: RSA Cryptography Specifications) under the name RSAES-OAEP, with the message generation function MGF1.
-
-Asymmetric encryption functions
--------------------------------
-
-.. function:: psa_asymmetric_encrypt
-
- .. summary::
- Encrypt a short message with a public key.
-
- .. param:: psa_key_id_t key
- Identifer of the key to use for the operation. It must be a public key or an asymmetric key pair.
- It must allow the usage `PSA_KEY_USAGE_ENCRYPT`.
- .. param:: psa_algorithm_t alg
- An asymmetric encryption algorithm that is compatible with the type of ``key``.
- .. param:: const uint8_t * input
- The message to encrypt.
- .. param:: size_t input_length
- Size of the ``input`` buffer in bytes.
- .. param:: const uint8_t * salt
- A salt or label, if supported by the encryption algorithm. If the algorithm does not support a salt, pass ``NULL``. If the algorithm supports an optional salt, pass ``NULL`` to indicate that there is no salt.
- .. param:: size_t salt_length
- Size of the ``salt`` buffer in bytes. If ``salt`` is ``NULL``, pass ``0``.
- .. param:: uint8_t * output
- Buffer where the encrypted message is to be written.
- .. param:: size_t output_size
- Size of the ``output`` buffer in bytes.
- This must be appropriate for the selected algorithm and key:
-
- * The required output size is :code:`PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg)` where ``key_type`` and ``key_bits`` are the type and bit-size respectively of ``key``.
- * `PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE` evaluates to the maximum output size of any supported asymmetric encryption.
-
- .. param:: size_t * output_length
- On success, the number of bytes that make up the returned output.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- .. retval:: PSA_ERROR_INVALID_HANDLE
- .. retval:: PSA_ERROR_NOT_PERMITTED
- The key does not have the `PSA_KEY_USAGE_ENCRYPT` flag, or it does not permit the requested algorithm.
- .. retval:: PSA_ERROR_BUFFER_TOO_SMALL
- The size of the ``output`` buffer is too small.
- `PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE()` or `PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE` can be used to determine the required buffer size.
- .. retval:: PSA_ERROR_NOT_SUPPORTED
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_STORAGE_FAILURE
- .. retval:: PSA_ERROR_DATA_CORRUPT
- .. retval:: PSA_ERROR_DATA_INVALID
- .. retval:: PSA_ERROR_INSUFFICIENT_ENTROPY
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- * For `PSA_ALG_RSA_PKCS1V15_CRYPT`, no salt is supported.
-
-.. function:: psa_asymmetric_decrypt
-
- .. summary::
- Decrypt a short message with a private key.
-
- .. param:: psa_key_id_t key
- Identifier of the key to use for the operation. It must be an asymmetric key pair.
- It must allow the usage `PSA_KEY_USAGE_DECRYPT`.
- .. param:: psa_algorithm_t alg
- An asymmetric encryption algorithm that is compatible with the type of ``key``.
- .. param:: const uint8_t * input
- The message to decrypt.
- .. param:: size_t input_length
- Size of the ``input`` buffer in bytes.
- .. param:: const uint8_t * salt
- A salt or label, if supported by the encryption algorithm. If the algorithm does not support a salt, pass ``NULL``. If the algorithm supports an optional salt, pass ``NULL`` to indicate that there is no salt.
- .. param:: size_t salt_length
- Size of the ``salt`` buffer in bytes. If ``salt`` is ``NULL``, pass ``0``.
- .. param:: uint8_t * output
- Buffer where the decrypted message is to be written.
- .. param:: size_t output_size
- Size of the ``output`` buffer in bytes.
- This must be appropriate for the selected algorithm and key:
-
- * The required output size is :code:`PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg)` where ``key_type`` and ``key_bits`` are the type and bit-size respectively of ``key``.
- * `PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE` evaluates to the maximum output size of any supported asymmetric decryption.
-
- .. param:: size_t * output_length
- On success, the number of bytes that make up the returned output.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- .. retval:: PSA_ERROR_INVALID_HANDLE
- .. retval:: PSA_ERROR_NOT_PERMITTED
- The key does not have the `PSA_KEY_USAGE_DECRYPT` flag, or it does not permit the requested algorithm.
- .. retval:: PSA_ERROR_BUFFER_TOO_SMALL
- The size of the ``output`` buffer is too small.
- `PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE()` or `PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE` can be used to determine the required buffer size.
- .. retval:: PSA_ERROR_NOT_SUPPORTED
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_STORAGE_FAILURE
- .. retval:: PSA_ERROR_DATA_CORRUPT
- .. retval:: PSA_ERROR_DATA_INVALID
- .. retval:: PSA_ERROR_INSUFFICIENT_ENTROPY
- .. retval:: PSA_ERROR_INVALID_PADDING
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- * For `PSA_ALG_RSA_PKCS1V15_CRYPT`, no salt is supported.
-
-Support macros
---------------
-
-.. macro:: PSA_ALG_IS_RSA_OAEP
- :definition: /* specification-defined value */
-
- .. summary::
- Whether the specified algorithm is an RSA OAEP encryption algorithm.
-
- .. param:: alg
- An algorithm identifier (value of type `psa_algorithm_t`).
-
- .. return::
- ``1`` if ``alg`` is an RSA OAEP algorithm, ``0`` otherwise.
-
- This macro can return either ``0`` or ``1`` if ``alg`` is not a supported algorithm identifier.
-
-.. macro:: PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE
- :definition: /* implementation-defined value */
-
- .. summary::
- Sufficient output buffer size for `psa_asymmetric_encrypt()`.
-
- .. param:: key_type
- An asymmetric key type, either a key pair or a public key.
- .. param:: key_bits
- The size of the key in bits.
- .. param:: alg
- The signature algorithm.
-
- .. return::
- If the parameters are valid and supported, return a buffer size in bytes that guarantees that `psa_asymmetric_encrypt()` will not fail with `PSA_ERROR_BUFFER_TOO_SMALL`. If the parameters are a valid combination that is not supported by the implementation, this macro must return either a sensible size or ``0``. If the parameters are not valid, the return value is unspecified.
-
- This macro returns a sufficient buffer size for a ciphertext produced using a key of the specified type and size, with the specified algorithm. Note that the actual size of the ciphertext might be smaller, depending on the algorithm.
-
- .. warning::
- This function might evaluate its arguments multiple times or zero times. Providing arguments that have side effects will result in implementation-specific behavior, and is non-portable.
-
- See also `PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE`.
-
-.. macro:: PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE
- :definition: /* implementation-defined value */
-
- .. summary::
- A sufficient output buffer size for `psa_asymmetric_encrypt()`, for any supported asymmetric encryption.
-
- See also `PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE()`.
-
-.. macro:: PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE
- :definition: /* implementation-defined value */
-
- .. summary::
- Sufficient output buffer size for `psa_asymmetric_decrypt()`.
-
- .. param:: key_type
- An asymmetric key type, either a key pair or a public key.
- .. param:: key_bits
- The size of the key in bits.
- .. param:: alg
- The signature algorithm.
-
- .. return::
- If the parameters are valid and supported, return a buffer size in bytes that guarantees that `psa_asymmetric_decrypt()` will not fail with `PSA_ERROR_BUFFER_TOO_SMALL`. If the parameters are a valid combination that is not supported by the implementation, this macro must return either a sensible size or ``0``. If the parameters are not valid, the return value is unspecified.
-
- This macro returns a sufficient buffer size for a ciphertext produced using a key of the specified type and size, with the specified algorithm. Note that the actual size of the ciphertext might be smaller, depending on the algorithm.
-
- .. warning::
- This function might evaluate its arguments multiple times or zero times. Providing arguments that have side effects will result in implementation-specific behavior, and is non-portable.
-
- See also `PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE`.
-
-.. macro:: PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE
- :definition: /* implementation-defined value */
-
- .. summary::
- A sufficient output buffer size for `psa_asymmetric_decrypt()`, for any supported asymmetric decryption.
-
- See also `PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE()`.
diff --git a/docs/html/_sources/api/ops/rng.rst.txt b/docs/html/_sources/api/ops/rng.rst.txt
deleted file mode 100644
index f670bd9..0000000
--- a/docs/html/_sources/api/ops/rng.rst.txt
+++ /dev/null
@@ -1,34 +0,0 @@
-Other cryptographic services
-============================
-
-.. _rng:
-
-Random number generation
-------------------------
-
-.. function:: psa_generate_random
-
- .. summary::
- Generate random bytes.
-
- .. param:: uint8_t * output
- Output buffer for the generated data.
- .. param:: size_t output_size
- Number of bytes to generate and output.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- .. retval:: PSA_ERROR_NOT_SUPPORTED
- .. retval:: PSA_ERROR_INSUFFICIENT_ENTROPY
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- .. warning::
- This function **can** fail! Callers MUST check the return status and MUST NOT use the content of the output buffer if the return status is not `PSA_SUCCESS`.
-
- .. note::
- To generate a key, use `psa_generate_key()` instead.
diff --git a/docs/html/_sources/api/ops/sign.rst.txt b/docs/html/_sources/api/ops/sign.rst.txt
deleted file mode 100644
index a0025b5..0000000
--- a/docs/html/_sources/api/ops/sign.rst.txt
+++ /dev/null
@@ -1,474 +0,0 @@
-.. _sign:
-
-Asymmetric signature
-====================
-
-.. _sign-algorithms:
-
-Asymmetric signature algorithms
--------------------------------
-
-.. macro:: PSA_ALG_RSA_PKCS1V15_SIGN
- :definition: /* specification-defined value */
-
- .. summary::
- RSA PKCS#1 v1.5 signature with hashing.
-
- .. param:: hash_alg
- A hash algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_HASH(hash_alg)` is true). This includes `PSA_ALG_ANY_HASH` when specifying the algorithm in a usage policy.
-
- .. return::
- The corresponding RSA PKCS#1 v1.5 signature algorithm.
-
- Unspecified if ``hash_alg`` is not a supported hash algorithm.
-
- This is the signature scheme defined by :RFC:`8017` (PKCS#1: RSA Cryptography Specifications) under the name RSASSA-PKCS1-v1_5.
-
-.. macro:: PSA_ALG_RSA_PKCS1V15_SIGN_RAW
- :definition: ((psa_algorithm_t) 0x06000200))
-
- .. summary::
- Raw PKCS#1 v1.5 signature.
-
- The input to this algorithm is the DigestInfo structure used by :RFC:`8017#9.2` (PKCS#1: RSA Cryptography Specifications), in steps 3–6.
-
-.. macro:: PSA_ALG_RSA_PSS
- :definition: /* specification-defined value */
-
- .. summary::
- RSA PSS signature with hashing.
-
- .. param:: hash_alg
- A hash algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_HASH(hash_alg)` is true). This includes `PSA_ALG_ANY_HASH` when specifying the algorithm in a usage policy.
-
- .. return::
- The corresponding RSA PSS signature algorithm.
-
- Unspecified if ``hash_alg`` is not a supported hash algorithm.
-
- This is the signature scheme defined by :RFC:`8017` (PKCS#1: RSA Cryptography Specifications) under the name RSASSA-PSS, with the message generation function MGF1, and with a salt length equal to the length of the hash. The specified hash algorithm is used to hash the input message, to create the salted hash, and for the mask generation.
-
-.. macro:: PSA_ALG_ECDSA
- :definition: /* specification-defined value */
-
- .. summary::
- ECDSA signature with hashing.
-
- .. param:: hash_alg
- A hash algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_HASH(hash_alg)` is true). This includes `PSA_ALG_ANY_HASH` when specifying the algorithm in a usage policy.
-
- .. return::
- The corresponding ECDSA signature algorithm.
-
- Unspecified if ``hash_alg`` is not a supported hash algorithm.
-
- This is the *Elliptic Curve Digital Signature Algorithm (ECDSA)* defined by ANSI X9.62-2005, with a random per-message secret number (*k*).
-
- The representation of the signature as a byte string consists of the concatenation of the signature values *r* and *s*. Each of *r* and *s* is encoded as an *N*-octet string, where *N* is the length of the base point of the curve in octets. Each value is represented in big-endian order, with the most significant octet first.
-
-.. macro:: PSA_ALG_ECDSA_ANY
- :definition: ((psa_algorithm_t) 0x06000600))
-
- .. summary::
- ECDSA signature without hashing.
-
- This is the same signature scheme as `PSA_ALG_ECDSA()`, but without specifying a hash algorithm. This algorithm is only recommended to sign or verify a sequence of bytes that are an already-calculated hash. Note that the input is padded with zeros on the left or truncated on the left as required to fit the curve size.
-
-.. macro:: PSA_ALG_DETERMINISTIC_ECDSA
- :definition: /* specification-defined value */
-
- .. summary::
- Deterministic ECDSA signature with hashing.
-
- .. param:: hash_alg
- A hash algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_HASH(hash_alg)` is true). This includes `PSA_ALG_ANY_HASH` when specifying the algorithm in a usage policy.
-
- .. return::
- The corresponding deterministic ECDSA signature algorithm.
-
- Unspecified if ``hash_alg`` is not a supported hash algorithm.
-
- This is the deterministic ECDSA signature scheme defined by :RFC:`6979`.
-
- The representation of a signature is the same as with `PSA_ALG_ECDSA()`.
-
- Note that when this algorithm is used for verification, signatures made with randomized ECDSA (:code:`PSA_ALG_ECDSA(hash_alg)`) with the same private key are accepted. In other words, :code:`PSA_ALG_DETERMINISTIC_ECDSA(hash_alg)` differs from :code:`PSA_ALG_ECDSA(hash_alg)` only for signature, not for verification.
-
-Asymmetric signature functions
-------------------------------
-
-.. function:: psa_sign_message
-
- .. summary::
- Sign a message with a private key. For hash-and-sign algorithms, this includes the hashing step.
-
- .. param:: psa_key_id_t key
- Identifier of the key to use for the operation. It must be an asymmetric key pair. The key must allow the usage `PSA_KEY_USAGE_SIGN_MESSAGE`.
- .. param:: psa_algorithm_t alg
- An asymmetric signature algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_SIGN_MESSAGE(alg)` is true), that is compatible with the type of ``key``.
- .. param:: const uint8_t * input
- The input message to sign.
- .. param:: size_t input_length
- Size of the ``input`` buffer in bytes.
- .. param:: uint8_t * signature
- Buffer where the signature is to be written.
- .. param:: size_t signature_size
- Size of the ``signature`` buffer in bytes.
- This must be appropriate for the selected algorithm and key:
-
- * The required signature size is :code:`PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg)` where ``key_type`` and ``key_bits`` are the type and bit-size respectively of ``key``.
- * `PSA_SIGNATURE_MAX_SIZE` evaluates to the maximum signature size of any supported signature algorithm.
-
- .. param:: size_t * signature_length
- On success, the number of bytes that make up the returned signature value.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- .. retval:: PSA_ERROR_INVALID_HANDLE
- .. retval:: PSA_ERROR_NOT_PERMITTED
- The key does not have the `PSA_KEY_USAGE_SIGN_MESSAGE` flag, or it does not permit the requested algorithm.
- .. retval:: PSA_ERROR_BUFFER_TOO_SMALL
- The size of the ``signature`` buffer is too small.
- `PSA_SIGN_OUTPUT_SIZE()` or `PSA_SIGNATURE_MAX_SIZE` can be used to determine the required buffer size.
- .. retval:: PSA_ERROR_NOT_SUPPORTED
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_STORAGE_FAILURE
- .. retval:: PSA_ERROR_DATA_CORRUPT
- .. retval:: PSA_ERROR_DATA_INVALID
- .. retval:: PSA_ERROR_INSUFFICIENT_ENTROPY
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- .. note::
- To perform a multi-part hash-and-sign signature algorithm, first use a :ref:`multi-part hash operation <hash-mp>` and then pass the resulting hash to `psa_sign_hash()`. :code:`PSA_ALG_GET_HASH(alg)` can be used to determine the hash algorithm to use.
-
-.. function:: psa_verify_message
-
- .. summary::
- Verify the signature of a message with a public key, using a hash-and-sign verification algorithm.
-
- .. param:: psa_key_id_t key
- Identifier of the key to use for the operation. It must be a public key or an asymmetric key pair. The key must allow the usage `PSA_KEY_USAGE_VERIFY_MESSAGE`.
- .. param:: psa_algorithm_t alg
- An asymmetric signature algorithm (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_SIGN_MESSAGE(alg)` is true), that is compatible with the type of ``key``.
- .. param:: const uint8_t * input
- The message whose signature is to be verified.
- .. param:: size_t input_length
- Size of the ``input`` buffer in bytes.
- .. param:: const uint8_t * signature
- Buffer containing the signature to verify.
- .. param:: size_t signature_length
- Size of the ``signature`` buffer in bytes.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- The signature is valid.
- .. retval:: PSA_ERROR_INVALID_HANDLE
- .. retval:: PSA_ERROR_NOT_PERMITTED
- The key does not have the `PSA_KEY_USAGE_VERIFY_MESSAGE` flag, or it does not permit the requested algorithm.
- .. retval:: PSA_ERROR_INVALID_SIGNATURE
- The calculation was performed successfully, but the passed signature is not a valid signature.
- .. retval:: PSA_ERROR_NOT_SUPPORTED
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_STORAGE_FAILURE
- .. retval:: PSA_ERROR_DATA_CORRUPT
- .. retval:: PSA_ERROR_DATA_INVALID
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- .. note::
- To perform a multi-part hash-and-sign signature verification algorithm, first use a :ref:`multi-part hash operation <hash-mp>` to hash the message and then pass the resulting hash to `psa_verify_hash()`. :code:`PSA_ALG_GET_HASH(alg)` can be used to determine the hash algorithm to use.
-
-.. function:: psa_sign_hash
-
- .. summary::
- Sign an already-calculated hash with a private key.
-
- .. param:: psa_key_id_t key
- Identifier of the key to use for the operation. It must be an asymmetric key pair. The key must allow the usage `PSA_KEY_USAGE_SIGN_HASH`.
- .. param:: psa_algorithm_t alg
- An asymmetric signature algorithm that separates the hash and sign operations (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_SIGN_HASH(alg)` is true), that is compatible with the type of ``key``.
- .. param:: const uint8_t * hash
- The input to sign. This is usually the hash of a message. See the detailed description of this function and the description of individual signature algorithms for a detailed description of acceptable inputs.
- .. param:: size_t hash_length
- Size of the ``hash`` buffer in bytes.
- .. param:: uint8_t * signature
- Buffer where the signature is to be written.
- .. param:: size_t signature_size
- Size of the ``signature`` buffer in bytes.
- This must be appropriate for the selected algorithm and key:
-
- * The required signature size is :code:`PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg)` where ``key_type`` and ``key_bits`` are the type and bit-size respectively of ``key``.
- * `PSA_SIGNATURE_MAX_SIZE` evaluates to the maximum signature size of any supported signature algorithm.
-
- .. param:: size_t * signature_length
- On success, the number of bytes that make up the returned signature value.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- .. retval:: PSA_ERROR_INVALID_HANDLE
- .. retval:: PSA_ERROR_NOT_PERMITTED
- The key does not have the `PSA_KEY_USAGE_SIGN_HASH` flag, or it does not permit the requested algorithm.
- .. retval:: PSA_ERROR_BUFFER_TOO_SMALL
- The size of the ``signature`` buffer is too small.
- `PSA_SIGN_OUTPUT_SIZE()` or `PSA_SIGNATURE_MAX_SIZE` can be used to determine the required buffer size.
- .. retval:: PSA_ERROR_NOT_SUPPORTED
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_STORAGE_FAILURE
- .. retval:: PSA_ERROR_DATA_CORRUPT
- .. retval:: PSA_ERROR_DATA_INVALID
- .. retval:: PSA_ERROR_INSUFFICIENT_ENTROPY
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- With most signature mechanisms that follow the hash-and-sign paradigm, the hash input to this function is the hash of the message to sign. The hash algorithm is encoded in the signature algorithm.
-
- Some hash-and-sign mechanisms apply a padding or encoding to the hash. In such cases, the encoded hash must be passed to this function. The current version of this specification defines one such signature algorithm: `PSA_ALG_RSA_PKCS1V15_SIGN_RAW`.
-
- .. note::
- To perform a hash-and-sign algorithm, the hash must be calculated before passing it to this function. This can be done by calling `psa_hash_compute()` or with a multi-part hash operation. Alternatively, to hash and sign a message in a single call, use `psa_sign_message()`.
-
-.. function:: psa_verify_hash
-
- .. summary::
- Verify the signature of a hash or short message using a public key.
-
- .. param:: psa_key_id_t key
- Identifier of the key to use for the operation. It must be a public key or an asymmetric key pair. The key must allow the usage `PSA_KEY_USAGE_VERIFY_HASH`.
- .. param:: psa_algorithm_t alg
- An asymmetric signature algorithm that separates the hash and sign operations (``PSA_ALG_XXX`` value such that :code:`PSA_ALG_IS_SIGN_HASH(alg)` is true), that is compatible with the type of ``key``.
- .. param:: const uint8_t * hash
- The input whose signature is to be verified. This is usually the hash of a message. See the detailed description of this function and the description of individual signature algorithms for a detailed description of acceptable inputs.
- .. param:: size_t hash_length
- Size of the ``hash`` buffer in bytes.
- .. param:: const uint8_t * signature
- Buffer containing the signature to verify.
- .. param:: size_t signature_length
- Size of the ``signature`` buffer in bytes.
-
- .. return:: psa_status_t
- .. retval:: PSA_SUCCESS
- The signature is valid.
- .. retval:: PSA_ERROR_INVALID_HANDLE
- .. retval:: PSA_ERROR_NOT_PERMITTED
- The key does not have the `PSA_KEY_USAGE_VERIFY_HASH` flag, or it does not permit the requested algorithm.
- .. retval:: PSA_ERROR_INVALID_SIGNATURE
- The calculation was performed successfully, but the passed signature is not a valid signature.
- .. retval:: PSA_ERROR_NOT_SUPPORTED
- .. retval:: PSA_ERROR_INVALID_ARGUMENT
- .. retval:: PSA_ERROR_INSUFFICIENT_MEMORY
- .. retval:: PSA_ERROR_COMMUNICATION_FAILURE
- .. retval:: PSA_ERROR_HARDWARE_FAILURE
- .. retval:: PSA_ERROR_CORRUPTION_DETECTED
- .. retval:: PSA_ERROR_STORAGE_FAILURE
- .. retval:: PSA_ERROR_DATA_CORRUPT
- .. retval:: PSA_ERROR_DATA_INVALID
- .. retval:: PSA_ERROR_BAD_STATE
- The library has not been previously initialized by `psa_crypto_init()`. It is implementation-dependent whether a failure to initialize results in this error code.
-
- With most signature mechanisms that follow the hash-and-sign paradigm, the hash input to this function is the hash of the message to sign. The hash algorithm is encoded in the signature algorithm.
-
- Some hash-and-sign mechanisms apply a padding or encoding to the hash. In such cases, the encoded hash must be passed to this function. The current version of this specification defines one such signature algorithm: `PSA_ALG_RSA_PKCS1V15_SIGN_RAW`.
-
- .. note::
- To perform a hash-and-sign verification algorithm, the hash must be calculated before passing it to this function. This can be done by calling `psa_hash_compute()` or with a multi-part hash operation. Alternatively, to hash and verify a message signature in a single call, use `psa_verify_message()`.
-
-Support macros
---------------
-
-.. macro:: PSA_ALG_IS_SIGN_MESSAGE
- :definition: /* specification-defined value */
-
- .. summary::
- Whether the specified algorithm is a signature algorithm that can be used with `psa_sign_message()` and `psa_verify_message()`.
-
- .. param:: alg
- An algorithm identifier (value of type `psa_algorithm_t`).
-
- .. return::
- ``1`` if ``alg`` is a signature algorithm that can be used to sign a message. ``0`` if ``alg`` is a signature algorithm that can only be used to sign an already-calculated hash. ``0`` if ``alg`` is not a signature algorithm. This macro can return either ``0`` or ``1`` if ``alg`` is not a supported algorithm identifier.
-
-.. macro:: PSA_ALG_IS_SIGN_HASH
- :definition: /* specification-defined value */
-
- .. summary::
- Whether the specified algorithm is a signature algorithm that can be used with `psa_sign_hash()` and `psa_verify_hash()`.
-
- .. param:: alg
- An algorithm identifier (value of type `psa_algorithm_t`).
-
- .. return::
- ``1`` if ``alg`` is a signature algorithm that can be used to sign a hash. ``0`` if ``alg`` is a signature algorithm that can only be used to sign a message. ``0`` if ``alg`` is not a signature algorithm. This macro can return either ``0`` or ``1`` if ``alg`` is not a supported algorithm identifier.
-
-.. macro:: PSA_ALG_IS_RSA_PKCS1V15_SIGN
- :definition: /* specification-defined value */
-
- .. summary::
- Whether the specified algorithm is an RSA PKCS#1 v1.5 signature algorithm.
-
- .. param:: alg
- An algorithm identifier (value of type `psa_algorithm_t`).
-
- .. return::
- ``1`` if ``alg`` is an RSA PKCS#1 v1.5 signature algorithm, ``0`` otherwise.
-
- This macro can return either ``0`` or ``1`` if ``alg`` is not a supported algorithm identifier.
-
-.. macro:: PSA_ALG_IS_RSA_PSS
- :definition: /* specification-defined value */
-
- .. summary::
- Whether the specified algorithm is an RSA PSS signature algorithm.
-
- .. param:: alg
- An algorithm identifier (value of type `psa_algorithm_t`).
-
- .. return::
- ``1`` if ``alg`` is an RSA PSS signature algorithm, ``0`` otherwise.
-
- This macro can return either ``0`` or ``1`` if ``alg`` is not a supported algorithm identifier.
-
-.. macro:: PSA_ALG_IS_ECDSA
- :definition: /* specification-defined value */
-
- .. summary::
- Whether the specified algorithm is ECDSA.
-
- .. param:: alg
- An algorithm identifier (value of type `psa_algorithm_t`).
-
- .. return::
- ``1`` if ``alg`` is an ECDSA algorithm, ``0`` otherwise.
-
- This macro can return either ``0`` or ``1`` if ``alg`` is not a supported algorithm identifier.
-
-.. macro:: PSA_ALG_IS_DETERMINISTIC_ECDSA
- :definition: /* specification-defined value */
-
- .. summary::
- Whether the specified algorithm is deterministic ECDSA.
-
- .. param:: alg
- An algorithm identifier (value of type `psa_algorithm_t`).
-
- .. return::
- ``1`` if ``alg`` is a deterministic ECDSA algorithm, ``0`` otherwise.
-
- This macro can return either ``0`` or ``1`` if ``alg`` is not a supported algorithm identifier.
-
- See also `PSA_ALG_IS_ECDSA()` and `PSA_ALG_IS_RANDOMIZED_ECDSA()`.
-
-.. macro:: PSA_ALG_IS_RANDOMIZED_ECDSA
- :definition: /* specification-defined value */
-
- .. summary::
- Whether the specified algorithm is randomized ECDSA.
-
- .. param:: alg
- An algorithm identifier (value of type `psa_algorithm_t`).
-
- .. return::
- ``1`` if ``alg`` is a randomized ECDSA algorithm, ``0`` otherwise.
-
- This macro can return either ``0`` or ``1`` if ``alg`` is not a supported algorithm identifier.
-
- See also `PSA_ALG_IS_ECDSA()` and `PSA_ALG_IS_DETERMINISTIC_ECDSA()`.
-
-.. macro:: PSA_ALG_IS_HASH_AND_SIGN
- :definition: /* specification-defined value */
-
- .. summary::
- Whether the specified algorithm is a hash-and-sign algorithm that signs exactly the hash value.
-
- .. param:: alg
- An algorithm identifier (value of type `psa_algorithm_t`).
-
- .. return::
- ``1`` if ``alg`` is a hash-and-sign algorithm that signs exactly the hash value, ``0`` otherwise. This macro can return either ``0`` or ``1`` if ``alg`` is not a supported algorithm identifier.
-
- This macro identifies algorithms that can be used with `psa_sign_hash()` that use the exact message hash value as an input the signature operation. This excludes hash-and-sign algorithms that require a encoded or modified hash for the signature step in the algorithm, such as `PSA_ALG_RSA_PKCS1V15_SIGN_RAW`.
-
-.. macro:: PSA_ALG_ANY_HASH
- :definition: ((psa_algorithm_t)0x020000ff)
-
- .. summary::
- In a hash-and-sign algorithm policy, allow any hash algorithm.
-
- This value can be used to form the algorithm usage field of a policy for a signature algorithm that is parametrized by a hash. A key with this policy can then be used to perform operations using the same signature algorithm parametrized with any supported hash.
- A signature algorithm policy created using this macro is a wildcard policy, and `PSA_ALG_IS_WILDCARD()` will return true.
-
- This value must not be used to build other algorithms that are parametrized over a hash. For any valid use of this macro to build an algorithm ``alg``, :code:`PSA_ALG_IS_HASH_AND_SIGN(alg)` is true.
-
- This value must not be used to build an algorithm specification to perform an operation. It is only valid to build policies.
-
- .. rubric:: Usage
-
- For example, suppose that ``PSA_xxx_SIGNATURE`` is one of the following macros:
-
- * `PSA_ALG_RSA_PKCS1V15_SIGN`
- * `PSA_ALG_RSA_PSS`
- * `PSA_ALG_ECDSA`
- * `PSA_ALG_DETERMINISTIC_ECDSA`
-
- The following sequence of operations shows how `PSA_ALG_ANY_HASH` can be used in a key policy:
-
- * Set the key usage field using `PSA_ALG_ANY_HASH`, for example:
-
- .. autocode::
- psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE); // or VERIFY_MESSAGE
- psa_set_key_algorithm(&attributes, PSA_xxx_SIGNATURE(PSA_ALG_ANY_HASH));
-
- * Import or generate key material.
- * Call `psa_sign_message()` or `psa_verify_message()`, passing an algorithm built from ``PSA_xxx_SIGNATURE`` and a specific hash. Each call to sign or verify a message can use a different hash algorithm.
-
- .. autocode::
- psa_sign_message(key, PSA_xxx_SIGNATURE(PSA_ALG_SHA_256), ...);
- psa_sign_message(key, PSA_xxx_SIGNATURE(PSA_ALG_SHA_512), ...);
- psa_sign_message(key, PSA_xxx_SIGNATURE(PSA_ALG_SHA3_256), ...);
-
-
-.. macro:: PSA_SIGN_OUTPUT_SIZE
- :definition: /* implementation-defined value */
-
- .. summary::
- Sufficient signature buffer size for `psa_sign_message()` and `psa_sign_hash()`.
-
- .. param:: key_type
- An asymmetric key type. This can be a key pair type or a public key type.
- .. param:: key_bits
- The size of the key in bits.
- .. param:: alg
- The signature algorithm.
-
- .. return::
- If the parameters are valid and supported, return a buffer size in bytes that guarantees that `psa_sign_message()` and `psa_sign_hash()` will not fail with `PSA_ERROR_BUFFER_TOO_SMALL`. If the parameters are a valid combination that is not supported by the implementation, this macro must return either a sensible size or ``0``. If the parameters are not valid, the return value is unspecified.
-
- This macro returns a sufficient buffer size for a signature using a key of the specified type and size, with the specified algorithm. Note that the actual size of the signature might be smaller, as some algorithms produce a variable-size signature.
-
- .. warning::
- This function might evaluate its arguments multiple times or zero times. Providing arguments that have side effects will result in implementation-specific behavior, and is non-portable.
-
- See also `PSA_SIGNATURE_MAX_SIZE`.
-
-.. macro:: PSA_SIGNATURE_MAX_SIZE
- :definition: /* implementation-defined value */
-
- .. summary::
- Maximum size of an asymmetric signature.
-
- This macro must expand to a compile-time constant integer.
- It is recommended that this value is the maximum size of an asymmetric signature supported by the implementation, in bytes. The value must not be smaller than this maximum.
-
- See also `PSA_SIGN_OUTPUT_SIZE()`.
diff --git a/docs/html/_sources/appendix/example_header.rst.txt b/docs/html/_sources/appendix/example_header.rst.txt
deleted file mode 100644
index 32ce590..0000000
--- a/docs/html/_sources/appendix/example_header.rst.txt
+++ /dev/null
@@ -1,18 +0,0 @@
-.. _appendix-example-header:
-
-Example header file
--------------------
-
-Each implementation of the PSA Crypto API must provide a header file named **psa/crypto.h**, in which the API elements in this specification are defined.
-
-This appendix provides a example of the **psa/crypto.h** header file with all of the API elements. This can be used as a starting point or reference for an implementation.
-
-.. note:
- Not all of the API elements are fully defined. An implementation must provide the full definition.
-
- The header will not compile without these missing definitions, and might require reordering to satisfy C compilation rules.
-
-psa/crypto.h
-~~~~~~~~~~~~
-
-.. autoinclude:: /../include/psa/crypto.h
diff --git a/docs/html/_sources/appendix/history.rst.txt b/docs/html/_sources/appendix/history.rst.txt
deleted file mode 100644
index 494ad62..0000000
--- a/docs/html/_sources/appendix/history.rst.txt
+++ /dev/null
@@ -1,623 +0,0 @@
-Changes to the API
-==================
-
-Release information
--------------------
-
-All published versions of this document have been **non-confidential**.
-
-The change history table lists the changes that have been made to this document.
-
-.. tabularcolumns:: |\Y{.15}\Y{.15}\Y{.7}|
-
-.. list-table::
- :header-rows: 1
- :widths: 3,3,14
-
- * - **Date**
- - **Version**
- - **Comments**
-
- * - **Jan 2019**
- - 1.0 beta 1
- - First public beta release.
-
- * - **Feb 2019**
- - 1.0 beta 2
- - Update for release with other PSA Dev API specifications.
-
- * - **May 2019**
- - 1.0 beta 3
- - Update for release with other PSA API specifications.
-
- * Alignment with PSA API specifications.
- * Changes to the key creation API.
- * Changes to the handling of key lifetimes.
- * Replaced 'generators' with key derivation operations.
-
- * - **Feb 2020**
- - 1.0.0
- - 1.0 API finalized.
-
- * Removed implementation APIs and definitions.
- * Merged key handles with key identifiers.
- * Recoded algorithm identifiers.
- * Restructured key types.
- * Provide buffer size macros for all output buffers.
- * Provide sign-message signature operations.
- * Add functions to suspend and resume hash operations.
- * Reallocated key types and algorithm identifiers.
- * Many minor corrections and clarifications.
-
-The detailed changes in each release are described in the following sections.
-
-Document change history
------------------------
-
-Changes between *1.0 beta 1* and *1.0 beta 2*
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-.. rubric:: Changes to the API
-
-- Remove obsolete definition ``PSA_ALG_IS_KEY_SELECTION``.
-- `PSA_AEAD_FINISH_OUTPUT_SIZE`: remove spurious parameter ``plaintext_length``.
-
-.. rubric:: Clarifications
-
-- ``psa_key_agreement()``: document ``alg`` parameter.
-
-.. rubric:: Other changes
-
-- Document formatting improvements.
-
-Changes between *1.0 beta 2* and *1.0 beta 3*
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-.. rubric:: Changes to the API
-
-- Change the value of error codes, and some names, to align
- with other PSA specifications. The name changes are:
-
- * ``PSA_ERROR_UNKNOWN_ERROR`` → `PSA_ERROR_GENERIC_ERROR`
- * ``PSA_ERROR_OCCUPIED_SLOT`` → `PSA_ERROR_ALREADY_EXISTS`
- * ``PSA_ERROR_EMPTY_SLOT`` → `PSA_ERROR_DOES_NOT_EXIST`
- * ``PSA_ERROR_INSUFFICIENT_CAPACITY`` → `PSA_ERROR_INSUFFICIENT_DATA`
- * ``PSA_ERROR_TAMPERING_DETECTED`` → `PSA_ERROR_CORRUPTION_DETECTED`
-
-- Change the way keys are created to avoid “half-filled” handles
- that contained key metadata, but no key material.
- Now, to create a key, first fill in a data structure containing
- its attributes, then pass this structure to a function that
- both allocates resources for the key and fills in the key
- material. This affects the following functions:
-
- * `psa_import_key()`, `psa_generate_key()`, ``psa_generator_import_key()``
- and `psa_copy_key()` now take an attribute structure, as
- a pointer to `psa_key_attributes_t`, to specify key metadata.
- This replaces the previous method of passing arguments to
- ``psa_create_key()`` or to the key material creation function
- or calling ``psa_set_key_policy()``.
- * ``psa_key_policy_t`` and functions operating on that type
- no longer exist. A key's policy is now accessible as part of
- its attributes.
- * ``psa_get_key_information()`` is also replaced by accessing the
- key's attributes, retrieved with `psa_get_key_attributes()`.
- * ``psa_create_key()`` no longer exists. Instead, set the key id
- attribute and the lifetime attribute before creating the
- key material.
-
-- Allow `psa_aead_update()` to buffer data.
-
-- New buffer size calculation macros.
-
-- Key identifiers are no longer specific to a given lifetime value. ``psa_open_key()`` no longer takes a ``lifetime`` parameter.
-
-- Define a range of key identifiers for use by applications and a separate range for use by implementations.
-
-- Avoid the unusual terminology "generator": call them
- "key derivation operations" instead. Rename a number of functions
- and other identifiers related to for clarity and consistency:
-
- * ``psa_crypto_generator_t`` → `psa_key_derivation_operation_t`
- * ``PSA_CRYPTO_GENERATOR_INIT`` → `PSA_KEY_DERIVATION_OPERATION_INIT`
- * ``psa_crypto_generator_init()`` → `psa_key_derivation_operation_init()`
- * ``PSA_GENERATOR_UNBRIDLED_CAPACITY`` → `PSA_KEY_DERIVATION_UNLIMITED_CAPACITY`
- * ``psa_set_generator_capacity()`` → `psa_key_derivation_set_capacity()`
- * ``psa_get_generator_capacity()`` → `psa_key_derivation_get_capacity()`
- * ``psa_key_agreement()`` → `psa_key_derivation_key_agreement()`
- * ``psa_generator_read()`` → `psa_key_derivation_output_bytes()`
- * ``psa_generate_derived_key()`` → `psa_key_derivation_output_key()`
- * ``psa_generator_abort()`` → `psa_key_derivation_abort()`
- * ``psa_key_agreement_raw_shared_secret()`` → `psa_raw_key_agreement()`
- * ``PSA_KDF_STEP_xxx`` → ``PSA_KEY_DERIVATION_INPUT_xxx``
- * ``PSA_xxx_KEYPAIR`` → ``PSA_xxx_KEY_PAIR``
-
-- Convert TLS1.2 KDF descriptions to multistep key derivation.
-
-.. rubric:: Clarifications
-
-- Specify ``psa_generator_import_key()`` for most key types.
-
-- Clarify the behavior in various corner cases.
-
-- Document more error conditions.
-
-Changes between *1.0 beta 3* and *1.0.0*
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-.. rubric:: Changes to the API
-
-- Added `PSA_CRYPTO_API_VERSION_MAJOR` and `PSA_CRYPTO_API_VERSION_MINOR` to report the PSA Cyrpto API version.
-
-- Removed ``PSA_ALG_GMAC`` algorithm identifier.
-
-- Removed internal implementation macros from the API specification:
-
- * ``PSA_AEAD_TAG_LENGTH_OFFSET``
- * ``PSA_ALG_AEAD_FROM_BLOCK_FLAG``
- * ``PSA_ALG_AEAD_TAG_LENGTH_MASK``
- * ``PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE``
- * ``PSA_ALG_CATEGORY_AEAD``
- * ``PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION``
- * ``PSA_ALG_CATEGORY_CIPHER``
- * ``PSA_ALG_CATEGORY_HASH``
- * ``PSA_ALG_CATEGORY_KEY_AGREEMENT``
- * ``PSA_ALG_CATEGORY_KEY_DERIVATION``
- * ``PSA_ALG_CATEGORY_MAC``
- * ``PSA_ALG_CATEGORY_MASK``
- * ``PSA_ALG_CATEGORY_SIGN``
- * ``PSA_ALG_CIPHER_FROM_BLOCK_FLAG``
- * ``PSA_ALG_CIPHER_MAC_BASE``
- * ``PSA_ALG_CIPHER_STREAM_FLAG``
- * ``PSA_ALG_DETERMINISTIC_ECDSA_BASE``
- * ``PSA_ALG_ECDSA_BASE``
- * ``PSA_ALG_ECDSA_IS_DETERMINISTIC``
- * ``PSA_ALG_HASH_MASK``
- * ``PSA_ALG_HKDF_BASE``
- * ``PSA_ALG_HMAC_BASE``
- * ``PSA_ALG_IS_KEY_DERIVATION_OR_AGREEMENT``
- * ``PSA_ALG_IS_VENDOR_DEFINED``
- * ``PSA_ALG_KEY_AGREEMENT_MASK``
- * ``PSA_ALG_KEY_DERIVATION_MASK``
- * ``PSA_ALG_MAC_SUBCATEGORY_MASK``
- * ``PSA_ALG_MAC_TRUNCATION_MASK``
- * ``PSA_ALG_RSA_OAEP_BASE``
- * ``PSA_ALG_RSA_PKCS1V15_SIGN_BASE``
- * ``PSA_ALG_RSA_PSS_BASE``
- * ``PSA_ALG_TLS12_PRF_BASE``
- * ``PSA_ALG_TLS12_PSK_TO_MS_BASE``
- * ``PSA_ALG_VENDOR_FLAG``
- * ``PSA_BITS_TO_BYTES``
- * ``PSA_BYTES_TO_BITS``
- * ``PSA_ECDSA_SIGNATURE_SIZE``
- * ``PSA_HMAC_MAX_HASH_BLOCK_SIZE``
- * ``PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE``
- * ``PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE``
- * ``PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE``
- * ``PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE``
- * ``PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE``
- * ``PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE``
- * ``PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE``
- * ``PSA_KEY_TYPE_CATEGORY_FLAG_PAIR``
- * ``PSA_KEY_TYPE_CATEGORY_KEY_PAIR``
- * ``PSA_KEY_TYPE_CATEGORY_MASK``
- * ``PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY``
- * ``PSA_KEY_TYPE_CATEGORY_RAW``
- * ``PSA_KEY_TYPE_CATEGORY_SYMMETRIC``
- * ``PSA_KEY_TYPE_DH_GROUP_MASK``
- * ``PSA_KEY_TYPE_DH_KEY_PAIR_BASE``
- * ``PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE``
- * ``PSA_KEY_TYPE_ECC_CURVE_MASK``
- * ``PSA_KEY_TYPE_ECC_KEY_PAIR_BASE``
- * ``PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE``
- * ``PSA_KEY_TYPE_IS_VENDOR_DEFINED``
- * ``PSA_KEY_TYPE_VENDOR_FLAG``
- * ``PSA_MAC_TRUNCATED_LENGTH``
- * ``PSA_MAC_TRUNCATION_OFFSET``
- * ``PSA_ROUND_UP_TO_MULTIPLE``
- * ``PSA_RSA_MINIMUM_PADDING_SIZE``
- * ``PSA_VENDOR_ECC_MAX_CURVE_BITS``
- * ``PSA_VENDOR_RSA_MAX_KEY_BITS``
-
-- Remove the definition of implementation-defined macros from the specification, and clarified the implementation requirements for these macros in :title:`implementation-specific-macro`.
-
- * Macros with implementation-defined values are indicated by ``/* implementation-defined value */`` in the API prototype.
- The implementation must provide the implementation.
-
- * Macros for algorithm and key type construction and inspection have specification-defined values.
- This is indicated by ``/* specification-defined value */`` in the API prototype.
- Example definitions of these macros is provided in :title:`appendix-specdef-values`.
-
-- Changed the semantics of multi-part operations.
-
- * Formalize the standard pattern for multi-part operations.
- * Require all errors to result in an error state, requiring a call to ``psa_xxx_abort()`` to reset the object.
- * Define behavior in illegal and impossible operation states, and for copying and reusing operation objects.
-
- Although the API signatures have not changed, this change requires modifications to application flows that handle error conditions in multi-part operations.
-
-- Merge the key identifier and key handle concepts in the API.
-
- * Replaced all references to key handles with key identifiers, or something similar.
- * Replaced all uses of ``psa_key_handle_t`` with `psa_key_id_t` in the API, and removes the ``psa_key_handle_t`` type.
- * Removed ``psa_open_key`` and ``psa_close_key``.
- * Added `PSA_KEY_ID_NULL` for the never valid zero key identifier.
- * Document rules related to destroying keys whilst in use.
- * Added the `PSA_KEY_USAGE_CACHE` usage policy and the related `psa_purge_key()` API.
- * Added clarification about caching keys to non-volatile memory.
-
-- Renamed ``PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN`` to `PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE`.
-
-- Relax definition of implementation-defined types.
-
- * This is indicated in the specification by ``/* implementation-defined type */`` in the type definition.
- * The specification only defines the name of implementation-defined types, and does not require that the implementation is a C struct.
-
-- Zero-length keys are not permitted. Attempting to create one will now result in an error.
-
-- Relax the constraints on inputs to key derivation:
-
- * `psa_key_derivation_input_bytes()` can be used for secret input steps. This is necessary if a zero-length input is required by the application.
- * `psa_key_derivation_input_key()` can be used for non-secret input steps.
-
-- Multi-part cipher operations now require that the IV is passed using `psa_cipher_set_iv()`, the option to provide this as part of the input to `psa_cipher_update()` has been removed.
-
- The format of the output from `psa_cipher_encrypt()`, and input to `psa_cipher_decrypt()`, is documented.
-
-- Support macros to calculate the size of output buffers, IVs and nonces.
-
- - Macros to calculate a key and/or algorithm specific result are provided for all output buffers. The new macros are:
-
- * `PSA_AEAD_NONCE_LENGTH()`
- * `PSA_CIPHER_ENCRYPT_OUTPUT_SIZE()`
- * `PSA_CIPHER_DECRYPT_OUTPUT_SIZE()`
- * `PSA_CIPHER_UPDATE_OUTPUT_SIZE()`
- * `PSA_CIPHER_FINISH_OUTPUT_SIZE()`
- * `PSA_CIPHER_IV_LENGTH()`
- * `PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE()`
- * `PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE()`
-
- - Macros that evaluate to a maximum type-independent buffer size are provided. The new macros are:
-
- * `PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE()`
- * `PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE()`
- * `PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE()`
- * `PSA_AEAD_FINISH_OUTPUT_MAX_SIZE`
- * `PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE`
- * `PSA_AEAD_NONCE_MAX_SIZE`
- * `PSA_AEAD_TAG_MAX_SIZE`
- * `PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE`
- * `PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE`
- * `PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE()`
- * `PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE()`
- * `PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE()`
- * `PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE`
- * `PSA_CIPHER_IV_MAX_SIZE`
- * `PSA_EXPORT_KEY_PAIR_MAX_SIZE`
- * `PSA_EXPORT_PUBLIC_KEY_MAX_SIZE`
- * `PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE`
-
- - AEAD output buffer size macros are now parameterized on the key type as well as the algorithm:
-
- * `PSA_AEAD_ENCRYPT_OUTPUT_SIZE()`
- * `PSA_AEAD_DECRYPT_OUTPUT_SIZE()`
- * `PSA_AEAD_UPDATE_OUTPUT_SIZE()`
- * `PSA_AEAD_FINISH_OUTPUT_SIZE()`
- * `PSA_AEAD_TAG_LENGTH()`
- * `PSA_AEAD_VERIFY_OUTPUT_SIZE()`
-
- - Some existing macros have been renamed to ensure that the name of the support macros are consistent. The following macros have been renamed:
-
- * ``PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH()`` → `PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG()`
- * ``PSA_ALG_AEAD_WITH_TAG_LENGTH()`` → `PSA_ALG_AEAD_WITH_SHORTENED_TAG()`
- * ``PSA_KEY_EXPORT_MAX_SIZE()`` → `PSA_EXPORT_KEY_OUTPUT_SIZE()`
- * ``PSA_HASH_SIZE()`` → `PSA_HASH_LENGTH()`
- * ``PSA_MAC_FINAL_SIZE()`` → `PSA_MAC_LENGTH()`
- * ``PSA_BLOCK_CIPHER_BLOCK_SIZE()`` → `PSA_BLOCK_CIPHER_BLOCK_LENGTH()`
- * ``PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE`` → `PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE`
-
- - Documentation of the macros and of related APIs has been updated to reference the related API elements.
-
-- Provide hash-and-sign operations as well as sign-the-hash operations. The API for asymmetric signature has been changed to clarify the use of the new functions.
-
- - The existing asymmetric signature API has been renamed to clarify that this is for signing a hash that is already computed:
-
- * ``PSA_KEY_USAGE_SIGN`` → `PSA_KEY_USAGE_SIGN_HASH`
- * ``PSA_KEY_USAGE_VERIFY`` → `PSA_KEY_USAGE_VERIFY_HASH`
- * ``psa_asymmetric_sign()`` → `psa_sign_hash()`
- * ``psa_asymmetric_verify()`` → `psa_verify_hash()`
-
- - New APIs added to provide the complete message signing operation:
-
- * `PSA_KEY_USAGE_SIGN_MESSAGE`
- * `PSA_KEY_USAGE_VERIFY_MESSAGE`
- * `psa_sign_message()`
- * `psa_verify_message()`
-
- - New Support macros to identify which algorithms can be used in which signing API:
-
- * `PSA_ALG_IS_SIGN_HASH()`
- * `PSA_ALG_IS_SIGN_MESSAGE()`
-
- - Renamed support macros that apply to both signing APIs:
-
- * ``PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE()`` → `PSA_SIGN_OUTPUT_SIZE()`
- * ``PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE`` → `PSA_SIGNATURE_MAX_SIZE`
-
- - The usage policy values have been changed, including for `PSA_KEY_USAGE_DERIVE`.
-
-- Restructure `psa_key_type_t` and reassign all key type values.
-
- - `psa_key_type_t` changes from 32-bit to 16-bit integer.
- - Reassigned the key type categories.
- - Add a parity bit to the key type to ensure that valid key type values differ by at least 2 bits.
- - 16-bit elliptic curve ids (``psa_ecc_curve_t``) replaced by 8-bit ECC curve family ids (`psa_ecc_family_t`).
- 16-bit Diffie-Hellman group ids (``psa_dh_group_t``) replaced by 8-bit DH group family ids (`psa_dh_family_t`).
-
- * These ids are no longer related to the IANA Group Registry specification.
- * The new key type values do not encode the key size for ECC curves or DH groups. The key bit size from the key attributes identify a specific ECC curve or DH group within the family.
-
- - The following macros have been removed:
-
- * ``PSA_DH_GROUP_FFDHE2048``
- * ``PSA_DH_GROUP_FFDHE3072``
- * ``PSA_DH_GROUP_FFDHE4096``
- * ``PSA_DH_GROUP_FFDHE6144``
- * ``PSA_DH_GROUP_FFDHE8192``
- * ``PSA_ECC_CURVE_BITS``
- * ``PSA_ECC_CURVE_BRAINPOOL_P256R1``
- * ``PSA_ECC_CURVE_BRAINPOOL_P384R1``
- * ``PSA_ECC_CURVE_BRAINPOOL_P512R1``
- * ``PSA_ECC_CURVE_CURVE25519``
- * ``PSA_ECC_CURVE_CURVE448``
- * ``PSA_ECC_CURVE_SECP160K1``
- * ``PSA_ECC_CURVE_SECP160R1``
- * ``PSA_ECC_CURVE_SECP160R2``
- * ``PSA_ECC_CURVE_SECP192K1``
- * ``PSA_ECC_CURVE_SECP192R1``
- * ``PSA_ECC_CURVE_SECP224K1``
- * ``PSA_ECC_CURVE_SECP224R1``
- * ``PSA_ECC_CURVE_SECP256K1``
- * ``PSA_ECC_CURVE_SECP256R1``
- * ``PSA_ECC_CURVE_SECP384R1``
- * ``PSA_ECC_CURVE_SECP521R1``
- * ``PSA_ECC_CURVE_SECT163K1``
- * ``PSA_ECC_CURVE_SECT163R1``
- * ``PSA_ECC_CURVE_SECT163R2``
- * ``PSA_ECC_CURVE_SECT193R1``
- * ``PSA_ECC_CURVE_SECT193R2``
- * ``PSA_ECC_CURVE_SECT233K1``
- * ``PSA_ECC_CURVE_SECT233R1``
- * ``PSA_ECC_CURVE_SECT239K1``
- * ``PSA_ECC_CURVE_SECT283K1``
- * ``PSA_ECC_CURVE_SECT283R1``
- * ``PSA_ECC_CURVE_SECT409K1``
- * ``PSA_ECC_CURVE_SECT409R1``
- * ``PSA_ECC_CURVE_SECT571K1``
- * ``PSA_ECC_CURVE_SECT571R1``
- * ``PSA_KEY_TYPE_GET_CURVE``
- * ``PSA_KEY_TYPE_GET_GROUP``
-
- - The following macros have been added:
-
- * `PSA_DH_FAMILY_RFC7919`
- * `PSA_ECC_FAMILY_BRAINPOOL_P_R1`
- * `PSA_ECC_FAMILY_SECP_K1`
- * `PSA_ECC_FAMILY_SECP_R1`
- * `PSA_ECC_FAMILY_SECP_R2`
- * `PSA_ECC_FAMILY_SECT_K1`
- * `PSA_ECC_FAMILY_SECT_R1`
- * `PSA_ECC_FAMILY_SECT_R2`
- * `PSA_ECC_FAMILY_MONTGOMERY`
- * `PSA_KEY_TYPE_DH_GET_FAMILY`
- * `PSA_KEY_TYPE_ECC_GET_FAMILY`
-
- - The following macros have new values:
-
- * `PSA_KEY_TYPE_AES`
- * `PSA_KEY_TYPE_ARC4`
- * `PSA_KEY_TYPE_CAMELLIA`
- * `PSA_KEY_TYPE_CHACHA20`
- * `PSA_KEY_TYPE_DERIVE`
- * `PSA_KEY_TYPE_DES`
- * `PSA_KEY_TYPE_HMAC`
- * `PSA_KEY_TYPE_NONE`
- * `PSA_KEY_TYPE_RAW_DATA`
- * `PSA_KEY_TYPE_RSA_KEY_PAIR`
- * `PSA_KEY_TYPE_RSA_PUBLIC_KEY`
-
- - The following macros with specification-defined values have new example implementations:
-
- * `PSA_BLOCK_CIPHER_BLOCK_LENGTH`
- * `PSA_KEY_TYPE_DH_KEY_PAIR`
- * `PSA_KEY_TYPE_DH_PUBLIC_KEY`
- * `PSA_KEY_TYPE_ECC_KEY_PAIR`
- * `PSA_KEY_TYPE_ECC_PUBLIC_KEY`
- * `PSA_KEY_TYPE_IS_ASYMMETRIC`
- * `PSA_KEY_TYPE_IS_DH`
- * `PSA_KEY_TYPE_IS_DH_KEY_PAIR`
- * `PSA_KEY_TYPE_IS_DH_PUBLIC_KEY`
- * `PSA_KEY_TYPE_IS_ECC`
- * `PSA_KEY_TYPE_IS_ECC_KEY_PAIR`
- * `PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY`
- * `PSA_KEY_TYPE_IS_KEY_PAIR`
- * `PSA_KEY_TYPE_IS_PUBLIC_KEY`
- * `PSA_KEY_TYPE_IS_RSA`
- * `PSA_KEY_TYPE_IS_UNSTRUCTURED`
- * `PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY`
- * `PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR`
-
-- Add ECC family `PSA_ECC_FAMILY_FRP` for the FRP256v1 curve.
-
-- Restructure `psa_algorithm_t` encoding, to increase consistency across algorithm categories.
-
- - Algorithms that include a hash operation all use the same structure to encode the hash algorithm. The following ``PSA_ALG_XXXX_GET_HASH()`` macros have all been replaced by a single macro `PSA_ALG_GET_HASH()`:
-
- * ``PSA_ALG_HKDF_GET_HASH()``
- * ``PSA_ALG_HMAC_GET_HASH()``
- * ``PSA_ALG_RSA_OAEP_GET_HASH()``
- * ``PSA_ALG_SIGN_GET_HASH()``
- * ``PSA_ALG_TLS12_PRF_GET_HASH()``
- * ``PSA_ALG_TLS12_PSK_TO_MS_GET_HASH()``
-
- - Stream cipher algorithm macros have been removed; the key type indicates which cipher to use. Instead of ``PSA_ALG_ARC4`` and ``PSA_ALG_CHACHA20``, use `PSA_ALG_STREAM_CIPHER`.
-
- All of the other ``PSA_ALG_XXX`` macros have updated values or updated example implementations.
-
- - The following macros have new values:
-
- * `PSA_ALG_ANY_HASH`
- * `PSA_ALG_CBC_MAC`
- * `PSA_ALG_CBC_NO_PADDING`
- * `PSA_ALG_CBC_PKCS7`
- * `PSA_ALG_CCM`
- * `PSA_ALG_CFB`
- * `PSA_ALG_CHACHA20_POLY1305`
- * `PSA_ALG_CMAC`
- * `PSA_ALG_CTR`
- * `PSA_ALG_ECDH`
- * `PSA_ALG_ECDSA_ANY`
- * `PSA_ALG_FFDH`
- * `PSA_ALG_GCM`
- * `PSA_ALG_MD2`
- * `PSA_ALG_MD4`
- * `PSA_ALG_MD5`
- * `PSA_ALG_OFB`
- * `PSA_ALG_RIPEMD160`
- * `PSA_ALG_RSA_PKCS1V15_CRYPT`
- * `PSA_ALG_RSA_PKCS1V15_SIGN_RAW`
- * `PSA_ALG_SHA_1`
- * `PSA_ALG_SHA_224`
- * `PSA_ALG_SHA_256`
- * `PSA_ALG_SHA_384`
- * `PSA_ALG_SHA_512`
- * `PSA_ALG_SHA_512_224`
- * `PSA_ALG_SHA_512_256`
- * `PSA_ALG_SHA3_224`
- * `PSA_ALG_SHA3_256`
- * `PSA_ALG_SHA3_384`
- * `PSA_ALG_SHA3_512`
- * `PSA_ALG_XTS`
-
- - The following macros with specification-defined values have new example implementations:
-
- * `PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG()`
- * `PSA_ALG_AEAD_WITH_SHORTENED_TAG()`
- * `PSA_ALG_DETERMINISTIC_ECDSA()`
- * `PSA_ALG_ECDSA()`
- * `PSA_ALG_FULL_LENGTH_MAC()`
- * `PSA_ALG_HKDF()`
- * `PSA_ALG_HMAC()`
- * `PSA_ALG_IS_AEAD()`
- * `PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER()`
- * `PSA_ALG_IS_ASYMMETRIC_ENCRYPTION()`
- * `PSA_ALG_IS_BLOCK_CIPHER_MAC()`
- * `PSA_ALG_IS_CIPHER()`
- * `PSA_ALG_IS_DETERMINISTIC_ECDSA()`
- * `PSA_ALG_IS_ECDH()`
- * `PSA_ALG_IS_ECDSA()`
- * `PSA_ALG_IS_FFDH()`
- * `PSA_ALG_IS_HASH()`
- * `PSA_ALG_IS_HASH_AND_SIGN()`
- * `PSA_ALG_IS_HKDF()`
- * `PSA_ALG_IS_HMAC()`
- * `PSA_ALG_IS_KEY_AGREEMENT()`
- * `PSA_ALG_IS_KEY_DERIVATION()`
- * `PSA_ALG_IS_MAC()`
- * `PSA_ALG_IS_RANDOMIZED_ECDSA()`
- * `PSA_ALG_IS_RAW_KEY_AGREEMENT()`
- * `PSA_ALG_IS_RSA_OAEP()`
- * `PSA_ALG_IS_RSA_PKCS1V15_SIGN()`
- * `PSA_ALG_IS_RSA_PSS()`
- * `PSA_ALG_IS_SIGN()`
- * `PSA_ALG_IS_SIGN_MESSAGE()`
- * `PSA_ALG_IS_STREAM_CIPHER()`
- * `PSA_ALG_IS_TLS12_PRF()`
- * `PSA_ALG_IS_TLS12_PSK_TO_MS()`
- * `PSA_ALG_IS_WILDCARD()`
- * `PSA_ALG_KEY_AGREEMENT()`
- * `PSA_ALG_KEY_AGREEMENT_GET_BASE()`
- * `PSA_ALG_KEY_AGREEMENT_GET_KDF()`
- * `PSA_ALG_RSA_OAEP()`
- * `PSA_ALG_RSA_PKCS1V15_SIGN()`
- * `PSA_ALG_RSA_PSS()`
- * `PSA_ALG_TLS12_PRF()`
- * `PSA_ALG_TLS12_PSK_TO_MS()`
- * `PSA_ALG_TRUNCATED_MAC()`
-
-- Added ECB block cipher mode, with no padding, as `PSA_ALG_ECB_NO_PADDING`.
-
-- Add functions to suspend and resume hash operations:
-
- * `psa_hash_suspend()` halts the current operation and outputs a hash suspend state.
- * `psa_hash_resume()` continues a previously suspended hash operation.
-
- The format of the hash suspend state is documented in :title:`hash-suspend-state`, and supporting macros are provided for using this API:
-
- * `PSA_HASH_SUSPEND_OUTPUT_SIZE()`
- * `PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE`
- * `PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH`
- * `PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH()`
- * `PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH()`
- * `PSA_HASH_BLOCK_LENGTH()`
-
-- Complement `PSA_ERROR_STORAGE_FAILURE` with new error codes `PSA_ERROR_DATA_CORRUPT` and `PSA_ERROR_DATA_INVALID`. These permit an implementation to distinguish different causes of failure when reading from key storage.
-
-- Added input step `PSA_KEY_DERIVATION_INPUT_CONTEXT` for key derivation, supporting obvious mapping from the step identifiers to common KDF constructions.
-
-.. rubric:: Clarifications
-
-- Clarified rules regarding modification of parameters in concurrent environments.
-
-- Guarantee that :code:`psa_destroy_key(PSA_KEY_ID_NULL)` always returns `PSA_SUCCESS`.
-
-- Clarified the TLS PSK to MS key agreement algorithm.
-
-- Document the key policy requirements for all APIs that accept a key parameter.
-
-- Document more of the error codes for each function.
-
-.. rubric:: Other changes
-
-- Require C99 for this specification instead of C89.
-
-- Removed references to non-standard mbed-crypto header files. The only header file that applications need to include is **psa/crypto.h**.
-
-- Reorganized the API reference, grouping the elements in a more natural way.
-
-- Improved the cross referencing between all of the document sections, and from code snippets to API element descriptions.
-
-Planned changes for version 1.0.x
----------------------------------
-
-Future versions of this specification that use a 1.0.x version will describe the same API as this specification. Any changes will not affect application compatibility and will not introduce major features. These updates are intended to add minor requirements on implementations, introduce optional definitions, make corrections, clarify potential or actual ambiguities, or improve the documentation.
-
-These are the changes that we are currently planning to make for version 1.0.x:
-
-* Declare identifiers for additional cryptographic algorithms.
-* Mandate certain checks when importing some types of asymmetric keys.
-* Specify the computation of algorithm and key type values.
-* Further clarifications on API usage and implementation.
-
-
-.. _future:
-
-Future additions
-----------------
-
-Major additions to the API will be defined in future drafts and editions of a 1.x or 2.x version of this specification. Features that are being considered include:
-
-- Multi-part operations for hybrid cryptography. For example, this includes
- hash-and-sign for EdDSA, and hybrid encryption for ECIES.
-- A more general interface to key derivation and key exchange. This would
- enable an application to derive a non-extractable session key from
- non-extractable secrets, without leaking the intermediate material.
-- Key wrapping mechanisms to extract and import keys in an encrypted and authenticated form.
-- Key discovery mechanisms. This would enable an application to locate a key by
- its name or attributes.
-- Implementation capability description. This would enable an application to
- determine the algorithms, key types and storage lifetimes that the
- implementation provides.
-- An ownership and access control mechanism allowing a multi-client
- implementation to have privileged clients that are able to manage keys of
- other clients.
diff --git a/docs/html/_sources/appendix/specdef_values.rst.txt b/docs/html/_sources/appendix/specdef_values.rst.txt
deleted file mode 100644
index 3a6a06e..0000000
--- a/docs/html/_sources/appendix/specdef_values.rst.txt
+++ /dev/null
@@ -1,231 +0,0 @@
-.. _appendix-specdef-values:
-
-Example macro implementations
------------------------------
-
-This appendix provides example implementations of the function-like macros that have specification-defined values.
-
-.. note::
- In a future version of this specification, these example implementations will be replaced with a pseudo-code representation of the macro's computation in the macro description.
-
-The examples here provide correct results for the valid inputs defined by each API, for an implementation that supports all of the defined algorithms and key types. An implementation can provide alternative definitions of these macros:
-
-* If the implementation does not support all of the algorithms or key types, it can provide a simpler definition of applicable macros.
-* If the implementation provides vendor-specific algorithms or key types, it needs to extend the definitions of applicable macros.
-
-Algorithm macros
-~~~~~~~~~~~~~~~~
-
-:code:`PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(aead_alg)`
- :code:`((((aead_alg) & ~0x003f0000) == 0x05400100) ? PSA_ALG_CCM : (((aead_alg) & ~0x003f0000) == 0x05400200) ? PSA_ALG_GCM : (((aead_alg) & ~0x003f0000) == 0x05000500) ? PSA_ALG_CHACHA20_POLY1305 : PSA_ALG_NONE)`
-
-:code:`PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, tag_length)`
- :code:`((psa_algorithm_t) (((aead_alg) & ~0x003f0000) | (((tag_length) & 0x3f) << 16)))`
-
-:code:`PSA_ALG_DETERMINISTIC_ECDSA(hash_alg)`
- :code:`((psa_algorithm_t) (0x06000700 | ((hash_alg) & 0x000000ff)))`
-
-:code:`PSA_ALG_ECDSA(hash_alg)`
- :code:`((psa_algorithm_t) (0x06000600 | ((hash_alg) & 0x000000ff)))`
-
-:code:`PSA_ALG_FULL_LENGTH_MAC(mac_alg)`
- :code:`((psa_algorithm_t) ((mac_alg) & ~0x003f0000))`
-
-:code:`PSA_ALG_GET_HASH(alg)`
- :code:`(((alg) & 0x000000ff) == 0 ? PSA_ALG_NONE : 0x02000000 | ((alg) & 0x000000ff))`
-
-:code:`PSA_ALG_HKDF(hash_alg)`
- :code:`((psa_algorithm_t) (0x08000100 | ((hash_alg) & 0x000000ff)))`
-
-:code:`PSA_ALG_HMAC(hash_alg)`
- :code:`((psa_algorithm_t) (0x03800000 | ((hash_alg) & 0x000000ff)))`
-
-:code:`PSA_ALG_IS_AEAD(alg)`
- :code:`(((alg) & 0x7f000000) == 0x05000000)`
-
-:code:`PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg)`
- :code:`(((alg) & 0x7f400000) == 0x05400000)`
-
-:code:`PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg)`
- :code:`(((alg) & 0x7f000000) == 0x07000000)`
-
-:code:`PSA_ALG_IS_BLOCK_CIPHER_MAC(alg)`
- :code:`(((alg) & 0x7fc00000) == 0x03c00000)`
-
-:code:`PSA_ALG_IS_CIPHER(alg)`
- :code:`(((alg) & 0x7f000000) == 0x03000000)`
-
-:code:`PSA_ALG_IS_DETERMINISTIC_ECDSA(alg)`
- :code:`(((alg) & ~0x000000ff) == 0x06000700)`
-
-:code:`PSA_ALG_IS_ECDH(alg)`
- :code:`(((alg) & 0x7fff0000) == 0x09020000)`
-
-:code:`PSA_ALG_IS_ECDSA(alg)`
- :code:`(((alg) & ~0x000001ff) == 0x06000600)`
-
-:code:`PSA_ALG_IS_FFDH(alg)`
- :code:`(((alg) & 0x7fff0000) == 0x09010000)`
-
-:code:`PSA_ALG_IS_HASH(alg)`
- :code:`(((alg) & 0x7f000000) == 0x02000000)`
-
-:code:`PSA_ALG_IS_HASH_AND_SIGN(alg)`
- :code:`(PSA_ALG_IS_RSA_PSS(alg) || PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) || PSA_ALG_IS_ECDSA(alg))`
-
-:code:`PSA_ALG_IS_HKDF(alg)`
- :code:`(((alg) & ~0x000000ff) == 0x08000100)`
-
-:code:`PSA_ALG_IS_HMAC(alg)`
- :code:`(((alg) & 0x7fc0ff00) == 0x03800000)`
-
-:code:`PSA_ALG_IS_KEY_AGREEMENT(alg)`
- :code:`(((alg) & 0x7f000000) == 0x09000000)`
-
-:code:`PSA_ALG_IS_KEY_DERIVATION(alg)`
- :code:`(((alg) & 0x7f000000) == 0x08000000)`
-
-:code:`PSA_ALG_IS_MAC(alg)`
- :code:`(((alg) & 0x7f000000) == 0x03000000)`
-
-:code:`PSA_ALG_IS_RANDOMIZED_ECDSA(alg)`
- :code:`(((alg) & ~0x000000ff) == 0x06000600)`
-
-:code:`PSA_ALG_IS_RAW_KEY_AGREEMENT(alg)`
- :code:`(((alg) & 0x7f00ffff) == 0x09000000)`
-
-:code:`PSA_ALG_IS_RSA_OAEP(alg)`
- :code:`(((alg) & ~0x000000ff) == 0x07000300)`
-
-:code:`PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg)`
- :code:`(((alg) & ~0x000000ff) == 0x06000200)`
-
-:code:`PSA_ALG_IS_RSA_PSS(alg)`
- :code:`(((alg) & ~0x000000ff) == 0x06000300)`
-
-:code:`PSA_ALG_IS_SIGN(alg)`
- :code:`(((alg) & 0x7f000000) == 0x06000000)`
-
-:code:`PSA_ALG_IS_SIGN_HASH(alg)`
- :code:`PSA_ALG_IS_SIGN(alg)`
-
-:code:`PSA_ALG_IS_SIGN_MESSAGE(alg)`
- :code:`(PSA_ALG_IS_SIGN(alg) && (alg) != PSA_ALG_ECDSA_ANY && (alg) != PSA_ALG_RSA_PKCS1V15_SIGN_RAW)`
-
-:code:`PSA_ALG_IS_STREAM_CIPHER(alg)`
- :code:`(((alg) & 0x7f800000) == 0x04800000)`
-
-:code:`PSA_ALG_IS_TLS12_PRF(alg)`
- :code:`(((alg) & ~0x000000ff) == 0x08000200)`
-
-:code:`PSA_ALG_IS_TLS12_PSK_TO_MS(alg)`
- :code:`(((alg) & ~0x000000ff) == 0x08000300)`
-
-:code:`PSA_ALG_IS_WILDCARD(alg)`
- :code:`(PSA_ALG_GET_HASH(alg) == PSA_ALG_HASH_ANY)`
-
-:code:`PSA_ALG_KEY_AGREEMENT(ka_alg, kdf_alg)`
- :code:`((ka_alg) | (kdf_alg))`
-
-:code:`PSA_ALG_KEY_AGREEMENT_GET_BASE(alg)`
- :code:`((psa_algorithm_t)((alg) & 0xffff0000))`
-
-:code:`PSA_ALG_KEY_AGREEMENT_GET_KDF(alg)`
- :code:`((psa_algorithm_t)((alg) & 0xfe00ffff))`
-
-:code:`PSA_ALG_RSA_OAEP(hash_alg)`
- :code:`((psa_algorithm_t)(0x07000300 | ((hash_alg) & 0x000000ff)))`
-
-:code:`PSA_ALG_RSA_PKCS1V15_SIGN(hash_alg)`
- :code:`((psa_algorithm_t)(0x06000200 | ((hash_alg) & 0x000000ff)))`
-
-:code:`PSA_ALG_RSA_PSS(hash_alg)`
- :code:`((psa_algorithm_t)(0x06000300 | ((hash_alg) & 0x000000ff)))`
-
-:code:`PSA_ALG_TLS12_PRF(hash_alg)`
- :code:`((psa_algorithm_t) (0x08000200 | ((hash_alg) & 0x000000ff)))`
-
-:code:`PSA_ALG_TLS12_PSK_TO_MS(hash_alg)`
- :code:`((psa_algorithm_t) (0x08000300 | ((hash_alg) & 0x000000ff)))`
-
-:code:`PSA_ALG_TRUNCATED_MAC(mac_alg, mac_length)`
- :code:`((psa_algorithm_t) (((mac_alg) & ~0x003f0000) | (((mac_length) & 0x3f) << 16)))`
-
-Key type macros
-~~~~~~~~~~~~~~~
-
-:code:`PSA_BLOCK_CIPHER_BLOCK_LENGTH(type)`
- :code:`(1u << (((type) >> 8) & 7))`
-
-:code:`PSA_KEY_TYPE_DH_GET_FAMILY(type)`
- :code:`((psa_dh_family_t) ((type) & 0x00ff))`
-
-:code:`PSA_KEY_TYPE_DH_KEY_PAIR(group)`
- :code:`((psa_key_type_t) (0x7200 | (group)))`
-
-:code:`PSA_KEY_TYPE_DH_PUBLIC_KEY(group)`
- :code:`((psa_key_type_t) (0x4200 | (group)))`
-
-:code:`PSA_KEY_TYPE_ECC_GET_FAMILY(type)`
- :code:`((psa_ecc_family_t) ((type) & 0x00ff))`
-
-:code:`PSA_KEY_TYPE_ECC_KEY_PAIR(curve)`
- :code:`((psa_key_type_t) (0x7100 | (curve)))`
-
-:code:`PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve)`
- :code:`((psa_key_type_t) (0x4100 | (curve)))`
-
-:code:`PSA_KEY_TYPE_IS_ASYMMETRIC(type)`
- :code:`(((type) & 0x4000) == 0x4000)`
-
-:code:`PSA_KEY_TYPE_IS_DH(type)`
- :code:`((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) & 0xff00) == 0x4200)`
-
-:code:`PSA_KEY_TYPE_IS_DH_KEY_PAIR(type)`
- :code:`(((type) & 0xff00) == 0x7200)`
-
-:code:`PSA_KEY_TYPE_IS_DH_PUBLIC_KEY(type)`
- :code:`(((type) & 0xff00) == 0x4200)`
-
-:code:`PSA_KEY_TYPE_IS_ECC(type)`
- :code:`((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) & 0xff00) == 0x4100)`
-
-:code:`PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)`
- :code:`(((type) & 0xff00) == 0x7100)`
-
-:code:`PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type)`
- :code:`(((type) & 0xff00) == 0x4100)`
-
-:code:`PSA_KEY_TYPE_IS_KEY_PAIR(type)`
- :code:`(((type) & 0x7000) == 0x7000)`
-
-:code:`PSA_KEY_TYPE_IS_PUBLIC_KEY(type)`
- :code:`(((type) & 0x7000) == 0x4000)`
-
-:code:`PSA_KEY_TYPE_IS_RSA(type)`
- :code:`(PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == 0x4001)`
-
-:code:`PSA_KEY_TYPE_IS_UNSTRUCTURED(type)`
- :code:`(((type) & 0x7000) == 0x1000 || ((type) & 0x7000) == 0x2000)`
-
-:code:`PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY(type)`
- :code:`((psa_key_type_t) ((type) | 0x3000))`
-
-:code:`PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type)`
- :code:`((psa_key_type_t) ((type) & ~0x3000))`
-
-Hash suspend state macros
-~~~~~~~~~~~~~~~~~~~~~~~~~
-
-:code:`PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH(alg)`
- :code:`((alg)==PSA_ALG_MD2 ? 64 : (alg)==PSA_ALG_MD4 || (alg)==PSA_ALG_MD5 ? 16 : (alg)==PSA_ALG_RIPEMD160 || (alg)==PSA_ALG_SHA_1 ? 20 : (alg)==PSA_ALG_SHA_224 || (alg)==PSA_ALG_SHA_256 ? 32 : (alg)==PSA_ALG_SHA_512 || (alg)==PSA_ALG_SHA_384 || (alg)==PSA_ALG_SHA_512_256 ? 64 : 0)`
-
- .. Could simplify a little if allowed to return 64 for every alg value that is not MD4/MD5/RIPEMD160/SHA1/SHA223/SHA256
-
-:code:`PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH(alg)`
- :code:`((alg)==PSA_ALG_MD2 ? 1 : (alg)==PSA_ALG_MD4 || (alg)==PSA_ALG_MD5 || (alg)==PSA_ALG_RIPEMD160 || (alg)==PSA_ALG_SHA_1 || (alg)==PSA_ALG_SHA_224 || (alg)==PSA_ALG_SHA_256 ? 8 : (alg)==PSA_ALG_SHA_512 || (alg)==PSA_ALG_SHA_384 || (alg)==PSA_ALG_SHA_512_256 ? 16 : 0)`
-
- .. Could simplify if allowed to return 8 for every alg value that is not MD2 or SHA512/SHA384/SHA512-256
-
-:code:`PSA_HASH_SUSPEND_OUTPUT_SIZE(alg)`
- :code:`(PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH + PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH(alg) + PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH(alg) + PSA_HASH_BLOCK_LENGTH(alg) - 1)`
diff --git a/docs/html/_sources/index.rst.txt b/docs/html/_sources/index.rst.txt
deleted file mode 100644
index 375ee65..0000000
--- a/docs/html/_sources/index.rst.txt
+++ /dev/null
@@ -1,36 +0,0 @@
-==============================
-PSA Cryptography API |version|
-==============================
-
-.. toctree::
- :maxdepth: 3
-
- overview/intro
- overview/goals
- overview/functionality
- overview/sample-arch
- overview/conventions
- overview/implementation
- overview/usage
- api/library/index
- api/keys/index
- api/ops/index
-
-.. only:: html
-
- .. toctree::
-
- appendix/example_header
- appendix/specdef_values
- appendix/history
-
-
-.. raw:: html
-
- <h2 id="indices">Indices</h2>
-
- <ul>
- <li><a class="reference internal" href="genindex.html">General index</a></li>
- <li><a class="reference internal" href="psa_c-identifiers.html">Index of identifiers</a></li>
- <li><a class="reference internal" href="search.html">Search</a></li>
- </ul>
diff --git a/docs/html/_sources/overview/conventions.rst.txt b/docs/html/_sources/overview/conventions.rst.txt
deleted file mode 100644
index 8baf991..0000000
--- a/docs/html/_sources/overview/conventions.rst.txt
+++ /dev/null
@@ -1,281 +0,0 @@
-Library conventions
--------------------
-
-Error handling
-~~~~~~~~~~~~~~
-
-Return status
-^^^^^^^^^^^^^
-
-Almost all functions return a status indication of type `psa_status_t`. This
-is an enumeration of integer values, with ``0`` (`PSA_SUCCESS`) indicating
-successful operation and other values indicating errors. The exceptions are
-functions which only access objects that are intended to be implemented as
-simple data structures. Such functions cannot fail and either return
-``void`` or a data value.
-
-Unless specified otherwise, if multiple error conditions apply, an
-implementation is free to return any of the applicable error codes. The choice
-of error code is considered an implementation quality issue. Different
-implementations can make different choices, for example to favor code size over
-ease of debugging or vice versa.
-
-If the behavior is undefined, for example, if a function receives an invalid
-pointer as a parameter, this specification makes no guarantee that the function
-will return an error. Implementations are encouraged to return an error or halt
-the application in a manner that is appropriate for the platform if the
-undefined behavior condition can be detected. However, application developers need to be aware that undefined behavior conditions cannot be detected in general.
-
-Behavior on error
-^^^^^^^^^^^^^^^^^
-
-All function calls must be implemented atomically:
-
-- When a function returns a type other than `psa_status_t`, the requested
- action has been carried out.
-- When a function returns the status `PSA_SUCCESS`, the requested action has
- been carried out.
-- When a function returns another status of type `psa_status_t`, no action
- has been carried out. The content of the output parameters is undefined, but
- otherwise the state of the system has not changed, except as described below.
-
-In general, functions that modify the system state, for example, creating or
-destroying a key, must leave the system state unchanged if they return an error
-code. There are specific conditions that can result in different behavior:
-
-- The status `PSA_ERROR_BAD_STATE` indicates that a parameter was not in a
- valid state for the requested action. This parameter might have been modified
- by the call and is now in an undefined state. The only valid action on an
- object in an undefined state is to abort it with the appropriate
- ``psa_abort_xxx()`` function.
-- The status `PSA_ERROR_INSUFFICIENT_DATA` indicates that a key
- derivation object has reached its maximum capacity. The key derivation
- operation might have been modified by the call. Any further attempt to obtain
- output from the key derivation operation will return
- `PSA_ERROR_INSUFFICIENT_DATA`.
-- The status `PSA_ERROR_COMMUNICATION_FAILURE` indicates that the
- communication between the application and the cryptoprocessor has broken
- down. In this case, the cryptoprocessor must either finish the requested
- action successfully, or interrupt the action and roll back the system to its
- original state. Because it is often impossible to report the outcome to the
- application after a communication failure, this specification does not
- provide a way for the application to determine whether the action was
- successful.
-- The statuses `PSA_ERROR_STORAGE_FAILURE`, `PSA_ERROR_DATA_CORRUPT`, `PSA_ERROR_HARDWARE_FAILURE`
- and `PSA_ERROR_CORRUPTION_DETECTED` might indicate data corruption in the
- system state. When a function returns one of these statuses, the system state
- might have changed from its previous state before the function call, even
- though the function call failed.
-- Some system states cannot be rolled back, for example, the internal state of
- the random number generator or the content of access logs.
-
-Unless otherwise documented, the content of output parameters is not defined
-when a function returns a status other than `PSA_SUCCESS`. It is recommended
-that implementations set output parameters to safe defaults to avoid leaking
-confidential data and limit risk, in case an application does not properly
-handle all errors.
-
-Parameter conventions
-~~~~~~~~~~~~~~~~~~~~~
-
-Pointer conventions
-^^^^^^^^^^^^^^^^^^^
-
-Unless explicitly stated in the documentation of a function, all pointers must
-be valid pointers to an object of the specified type.
-
-A parameter is considered a **buffer** if it points to an array of bytes. A
-buffer parameter always has the type ``uint8_t *`` or ``const uint8_t *``, and
-always has an associated parameter indicating the size of the array. Note that a
-parameter of type ``void *`` is never considered a buffer.
-
-All parameters of pointer type must be valid non-null pointers, unless the
-pointer is to a buffer of length ``0`` or the function’s documentation
-explicitly describes the behavior when the pointer is null. Passing a null
-pointer as a function parameter in other cases is expected to abort the caller
-on implementations where this is the normal behavior for a null pointer
-dereference.
-
-Pointers to input parameters can be in read-only memory. Output parameters must
-be in writable memory. Output parameters that are not buffers must also be
-readable, and the implementation must be able to write to a non-buffer output
-parameter and read back the same value, as explained in the
-:title:`stability-of-parameters` section.
-
-Input buffer sizes
-^^^^^^^^^^^^^^^^^^
-
-For input buffers, the parameter convention is:
-
-``const uint8_t *foo``
- Pointer to the first byte of the data. The pointer
- can be invalid if the buffer size is ``0``.
-
-``size_t foo_length``
- Size of the buffer in bytes.
-
-The interface never uses input-output buffers.
-
-Output buffer sizes
-^^^^^^^^^^^^^^^^^^^
-
-For output buffers, the parameter convention is:
-
-``uint8_t *foo``
- Pointer to the first byte of the data. The pointer can be
- invalid if the buffer size is ``0``.
-
-``size_t foo_size``
- The size of the buffer in bytes.
-
-``size_t *foo_length``
- On successful return, contains the length of the
- output in bytes.
-
-The content of the data buffer and of ``*foo_length`` on errors is unspecified,
-unless explicitly mentioned in the function description. They might be unmodified
-or set to a safe default. On successful completion, the content of the buffer
-between the offsets ``*foo_length`` and ``foo_size`` is also unspecified.
-
-Functions return `PSA_ERROR_BUFFER_TOO_SMALL` if the buffer size is
-insufficient to carry out the requested operation. The interface defines macros
-to calculate a sufficient buffer size for each operation that has an output
-buffer. These macros return compile-time constants if their arguments are
-compile-time constants, so they are suitable for static or stack allocation.
-Refer to an individual function’s documentation for the associated output size
-macro.
-
-Some functions always return exactly as much data as the size of the output
-buffer. In this case, the parameter convention changes to:
-
-``uint8_t *foo``
- Pointer to the first byte of the output. The pointer can be
- invalid if the buffer size is ``0``.
-
-``size_t foo_length``
- The number of bytes to return in ``foo`` if
- successful.
-
-Overlap between parameters
-^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Output parameters that are not buffers must not overlap with any input buffer or
-with any other output parameter. Otherwise, the behavior is undefined.
-
-Output buffers can overlap with input buffers. In this event, the implementation
-must return the same result as if the buffers did not overlap. The
-implementation must behave as if it had copied all the inputs into temporary
-memory, as far as the result is concerned. However, it is possible that overlap
-between parameters will affect the performance of a function call. Overlap might
-also affect memory management security if the buffer is located in memory that
-the caller shares with another security context, as described in the
-:title:`stability-of-parameters` section.
-
-.. _stability-of-parameters:
-
-Stability of parameters
-^^^^^^^^^^^^^^^^^^^^^^^
-
-In some environments, it is possible for the content of a parameter to change
-while a function is executing. It might also be possible for the content of an
-output parameter to be read before the function terminates. This can happen if
-the application is multithreaded. In some implementations, memory can be shared
-between security contexts, for example, between tasks in a multitasking
-operating system, between a user land task and the kernel, or between the
-Non-secure world and the Secure world of a trusted execution environment.
-
-This section describes the assumptions that an implementation can make about
-function parameters, and the guarantees that the implementation must provide
-about how it accesses parameters.
-
-Parameters that are not buffers are assumed to be under the caller’s full
-control. In a shared memory environment, this means that the parameter must be
-in memory that is exclusively accessible by the application. In a multithreaded
-environment, this means that the parameter must not be modified during the
-execution, and the value of an output parameter is undetermined until the
-function returns. The implementation can read an input parameter that is not a
-buffer multiple times and expect to read the same data. The implementation can
-write to an output parameter that is not a buffer and expect to read back the
-value that it last wrote. The implementation has the same permissions on buffers
-that overlap with a buffer in the opposite direction.
-
-In an environment with multiple threads or with shared memory, the
-implementation carefully accesses non-overlapping buffer parameters in order to
-prevent any security risk resulting from the content of the buffer being
-modified or observed during the execution of the function. In an input buffer
-that does not overlap with an output buffer, the implementation reads each byte
-of the input once, at most. The implementation does not read from an output
-buffer that does not overlap with an input buffer. Additionally, the
-implementation does not write data to a non-overlapping output buffer if this
-data is potentially confidential and the implementation has not yet verified
-that outputting this data is authorized.
-
-Unless otherwise specified, the implementation must not keep a reference to any
-parameter once a function call has returned.
-
-Key types and algorithms
-~~~~~~~~~~~~~~~~~~~~~~~~
-
-Types of cryptographic keys and cryptographic algorithms are encoded separately.
-Each is encoded by using an integral type: `psa_key_type_t` and
-`psa_algorithm_t`, respectively.
-
-There is some overlap in the information conveyed by key types and algorithms.
-Both types contain enough information, so that the meaning of an algorithm type
-value does not depend on what type of key it is used with, and vice versa.
-However, the particular instance of an algorithm might depend on the key type. For
-example, the algorithm `PSA_ALG_GCM` can be instantiated as any AEAD algorithm
-using the GCM mode over a block cipher. The underlying block cipher is
-determined by the key type.
-
-Key types do not encode the key size. For example, AES-128, AES-192 and AES-256
-share a key type `PSA_KEY_TYPE_AES`.
-
-Structure of key and algorithm types
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Both types use a partial bitmask structure, which allows the analysis and
-building of values from parts. However, the interface defines constants, so that
-applications do not need to depend on the encoding, and an implementation might
-only care about the encoding for code size optimization.
-
-The encodings follows a few conventions:
-
-- The highest bit is a vendor flag. Current and future versions of this
- specification will only define values where this bit is clear.
- Implementations that wish to define additional implementation-specific values
- must use values where this bit is set, to avoid conflicts with future
- versions of this specification.
-- The next few highest bits indicate the corresponding algorithm category:
- hash, MAC, symmetric cipher, asymmetric encryption, and so on.
-- The following bits identify a family of algorithms in a category-dependent
- manner.
-- In some categories and algorithm families, the lowest-order bits indicate a
- variant in a systematic way. For example, algorithm families that are
- parametrized around a hash function encode the hash in the 8 lowest bits.
-
-.. _concurrency:
-
-Concurrent calls
-~~~~~~~~~~~~~~~~
-
-In some environments, an application can make calls to the PSA crypto API in
-separate threads. In such an environment, concurrent calls are performed
-correctly, as if the calls were executed in sequence, provided that they obey
-the following constraints:
-
-- There is no overlap between an output parameter of one call and an input or
- output parameter of another call. Overlap between input parameters is
- permitted.
-- If a call destroys a key, then no other call must destroy or use that key.
- *Using*, in this context, includes all functions of multi-part operations
- which have used the key as an input in a previous function.
-- Concurrent calls that use the same key are permitted.
-- Concurrent calls must not use the same operation object.
-
-If any of these constraints are violated, the behavior is undefined.
-
-If the application modifies an input parameter while a function call is in
-progress, the behavior is undefined.
-
-Individual implementations can provide additional guarantees.
diff --git a/docs/html/_sources/overview/functionality.rst.txt b/docs/html/_sources/overview/functionality.rst.txt
deleted file mode 100644
index 004f8bc..0000000
--- a/docs/html/_sources/overview/functionality.rst.txt
+++ /dev/null
@@ -1,647 +0,0 @@
-.. _functionality-overview:
-
-Functionality overview
-----------------------
-
-This section provides a high-level overview of the functionality provided by the
-interface defined in this specification. Refer to the `API definition
-<api-reference>` for a detailed description.
-
-`future` describes features that might be included in future versions of this
-specification.
-
-Due to the modularity of the interface, almost every part of the library is
-optional. The only mandatory function is `psa_crypto_init()`.
-
-Library management
-~~~~~~~~~~~~~~~~~~
-
-Applications must call `psa_crypto_init()` to initialize the library before
-using any other function.
-
-Key management
-~~~~~~~~~~~~~~
-
-Applications always access keys indirectly via an identifier, and can perform
-operations using a key without accessing the key material. This allows keys to
-be *non-extractable*, where an application can use a key but is not permitted to
-obtain the key material. Non-extractable keys are bound to the device, can be
-rate-limited and can have their usage restricted by policies.
-
-Each key has a set of attributes that describe the key and the policy for using
-the key. A `psa_key_attributes_t` object contains all of the attributes, which
-is used when creating a key and when querying key attributes.
-
-Each key has a *lifetime* that determines when the key material is destroyed.
-There are two types of lifetimes: `volatile <volatile-keys>` and
-`persistent <persistent-keys>`.
-
-.. _volatile-keys:
-
-Volatile keys
-^^^^^^^^^^^^^
-
-A *volatile* key exists until it explicitly destroyed with `psa_destroy_key()`
-or until the application terminates, which conceptually destroys all of its
-volatile keys.
-
-Conceptually, a volatile key is stored in RAM. Volatile keys have the
-lifetime `PSA_KEY_LIFETIME_VOLATILE`.
-
-To create a volatile key:
-
-1. Populate a `psa_key_attributes_t` object with the required type, size, policy
- and other key attributes.
-2. Create the key with `psa_import_key()`, `psa_generate_key()`,
- `psa_key_derivation_output_key()` or `psa_copy_key()`. If successful, these
- functions output a transient `key identifier <key-ids>`.
-
-To destroy a volatile key, call `psa_destroy_key()` with the key identifier.
-
-.. _persistent-keys:
-
-Persistent keys
-^^^^^^^^^^^^^^^
-
-A *persistent* key exists until it explicitly destroyed with `psa_destroy_key()`
-or until it is wiped by the reset or destruction of the device.
-
-Each persistent key has a permanent key identifier, which acts as a name for the key.
-Within an application, the key identifier corresponds to a single key. The
-application specifies the key identifier when the key is created and when
-using the key.
-
-Persistent keys can be stored in different storage areas; this is indicated
-through different lifetime values. This specification defines a single lifetime
-value `PSA_KEY_LIFETIME_PERSISTENT` which corresponds to a default storage
-area. Implementations can define alternative lifetime values corresponding to
-different storage areas with different retention policies, or to secure elements
-with different security characteristics.
-
-To create a persistent key:
-
-1. Populate a `psa_key_attributes_t` object with the key’s type, size, policy
- and other attributes.
-2. In the attributes object, set the desired lifetime and persistent identifier
- for the key.
-3. Create the key with one of the *key creation functions*:
-
- * `psa_import_key()`
- * `psa_generate_key()`
- * `psa_key_derivation_output_key()`
- * `psa_copy_key()`
-
- If successful, these functions output the `key identifier <key-ids>`
- that was specified by the application in step 2.
-
-To access an existing persistent key: use the key identifier in any API that
-requires a key.
-
-To remove cached copies of key material for persistent keys created with the
-`PSA_KEY_USAGE_CACHE` policy: call `psa_purge_key()` with the key identifier.
-
-To destroy a persistent key: call `psa_destroy_key()` with the key identifier.
-Destroying a persistent key permanently removes it from memory and storage.
-
-The key lifetime and identifier are set when the key is created and cannot be
-changed without destroying the key first. If the original key permits copying,
-then the application can specify a different lifetime for the copy of the key.
-
-.. _key-ids:
-
-Key identifiers
-^^^^^^^^^^^^^^^
-
-Key identifiers are integral values that act as permanent names for persistent
-keys, or as transient references to volatile keys. Key identifiers use the
-`psa_key_id_t` type, and the range of identifier values is divided as follows:
-
-:code:`PSA_KEY_ID_NULL = 0`
- Reserved as an invalid key identifier.
-:code:`PSA_KEY_ID_USER_MIN - PSA_KEY_ID_USER_MAX`
- Applications can freely choose persistent key identifiers in this range.
-:code:`PSA_KEY_ID_VENDOR_MIN - PSA_KEY_ID_VENDOR_MAX`
- Implementations can define additional persistent key identifiers in this
- range, and must allocate any volatile key identifiers from this range.
-
-Key identifiers outside these ranges are reserved for future use.
-
-Key identifiers are output from a successful call to one of
-the key creation functions. For persistent keys, this is the same identifier
-as the one specified in the key attributes used to create the key.
-The key identifier remains valid until it is invalidated by passing it to
-`psa_destroy_key()`. A volatile key identifier must not be used after it has been
-invalidated.
-
-Valid key identifiers must have distinct values within the same application. If
-the implementation provides `caller isolation <isolation>`, then key
-identifiers are local to each application. That is, the same key identifier in two
-applications corresponds to two different keys.
-
-If an invalid key identifier is provided as a parameter in any function, the
-function will return `PSA_ERROR_INVALID_HANDLE`; except for the special case of
-calling :code:`psa_destroy_key(PSA_KEY_ID_NULL)`, which has no effect and always
-returns `PSA_SUCCESS`.
-
-There must be a matching call to `psa_destroy_key()` for each successful call
-to a create a volatile key.
-
-A call to `psa_destroy_key()` destroys the key material, and will cause any active
-operations that are using the key to fail. Therefore an application must not
-destroy a key while an operation using that key is in progress, unless the
-application is prepared to handle a failure of the operation.
-
-Recommendations of minimum standards for key management
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Most implementations provide the following functions:
-
-* `psa_import_key()`. The exceptions are implementations that only give access
- to a key or keys that are provisioned by proprietary means, and do not allow
- the main application to use its own cryptographic material.
-
-* `psa_get_key_attributes()` and the ``psa_get_key_xxx()`` accessor functions.
- They are easy to implement, and it is difficult to write applications and to
- diagnose issues without being able to check the metadata.
-
-* `psa_export_public_key()`. This function is usually provided if the
- implementation supports any asymmetric algorithm, since public-key
- cryptography often requires the delivery of a public key that is associated
- with a protected private key.
-
-* `psa_export_key()`. However, highly constrained implementations that are
- designed to work only with short-term keys, or only with long-term
- non-extractable keys, do not need to provide this function.
-
-Usage policies
-~~~~~~~~~~~~~~
-
-All keys have an associated policy that regulates which operations are permitted
-on the key. Each key policy is a set of usage flags and a specific algorithm
-that is permitted with the key. The policy is part of the key attributes that
-are managed by a `psa_key_attributes_t` object.
-
-The usage flags are encoded in a bitmask, which has the type
-`psa_key_usage_t`. Four kinds of usage flag can be specified:
-
-* The extractable flag `PSA_KEY_USAGE_EXPORT` determines whether the key
- material can be extracted.
-* The copyable flag `PSA_KEY_USAGE_COPY` determines whether the key material
- can be copied into a new key, which can have a different lifetime or a more
- restrictive policy.
-* The cacheable flag `PSA_KEY_USAGE_CACHE` determines whether the
- implementation is permitted to retain non-essential copies of the
- key material in RAM. This policy only applies to persistent keys. See also
- :title:`key-material`.
-* The other usage flags, for example, `PSA_KEY_USAGE_ENCRYPT` and `PSA_KEY_USAGE_SIGN_MESSAGE`,
- determine whether the corresponding operation is permitted on the key.
-
-In addition to the usage bitmask, a policy specifies which algorithm is
-permitted with the key. This specification only defines policies that restrict
-keys to a single algorithm, which is consistent with both common practice and
-security good practice.
-
-A highly constrained implementation might not be able to support all the policies
-that can be expressed through this interface. If an implementation cannot create
-a key with the required policy, it must return an appropriate error code when
-the key is created.
-
-Symmetric cryptography
-~~~~~~~~~~~~~~~~~~~~~~
-
-This specification defines interfaces for the following types of symmetric
-cryptographic operation:
-
-* Message digests, commonly known as hash functions.
-* Message authentication codes (MAC).
-* Symmetric ciphers.
-* Authenticated encryption with associated data (AEAD).
-
-For each type of symmetric cryptographic operation, the API includes:
-
-* A pair of *single-part* functions. For example, compute and verify, or
- encrypt and decrypt.
-* A series of functions that permit *multi-part operations*.
-
-Single-part Functions
-^^^^^^^^^^^^^^^^^^^^^
-
-Single-part functions are APIs that implement the cryptographic operation in a
-single function call. This is the easiest API to use when all of the inputs and
-outputs fit into the application memory.
-
-Some use cases involve messages that are too large to be assembled in memory, or
-require non-default configuration of the algorithm. These use cases require the
-use of a :title:`multi-part operation <multi-part-operations>`.
-
-.. _multi-part-operations:
-
-Multi-part operations
-^^^^^^^^^^^^^^^^^^^^^
-
-Multi-part operations are APIs which split a single cryptographic operation into
-a sequence of separate steps. This enables fine control over the configuration
-of the cryptographic operation, and allows the message data to be processed in
-fragments instead of all at once. For example, the following situations require
-the use of a multi-part operation:
-
-- Processing messages that cannot be assembled in memory.
-- Using a deterministic IV for unauthenticated encryption.
-- Providing the IV separately for unauthenticated encryption or decryption.
-- Separating the AEAD authentication tag from the cipher text.
-
-Each multi-part operation defines a specific object type to maintain the state
-of the operation. These types are implementation-defined. All multi-part
-operations follow the same pattern of use:
-
-1. **Allocate:** Allocate memory for an operation object of the appropriate
- type. The application can use any allocation strategy: stack, heap, static, etc.
-
-2. **Initialize:** Initialize or assign the operation object by one of the
- following methods:
-
- - Set it to logical zero. This is automatic for static and global
- variables. Explicit initialization must use the associated
- ``PSA_xxx_INIT`` macro as the type is implementation-defined.
- - Set it to all-bits zero. This is automatic if the object was
- allocated with ``calloc()``.
- - Assign the value of the associated macro ``PSA_xxx_INIT``.
- - Assign the result of calling the associated function
- ``psa_xxx_init()``.
-
- The resulting object is now *inactive*.
-
- It is an error to initialize an operation object that is in *active* or
- *error* states. This can leak memory or other resources.
-
-3. **Setup:** Start a new multi-part operation on an *inactive* operation
- object. Each operation object will define one or more setup functions to
- start a specific operation.
-
- On success, a setup function will put an operation object into an *active*
- state. On failure, the operation object will remain *inactive*.
-
-4. **Update:** Update an *active* operation object. The update function can
- provide additional parameters, supply data for processing or generate
- outputs.
-
- On success, the operation object remains *active*. On failure, the
- operation object will enter an *error* state.
-
-5. **Finish:** To end the operation, call the applicable finishing function.
- This will take any final inputs, produce any final outputs, and then
- release any resources associated with the operation.
-
- On success, the operation object returns to the *inactive* state. On
- failure, the operation object will enter an *error* state.
-
-An operation can be aborted at any stage during its use by calling the
-associated ``psa_xxx_abort()`` function. This will release any resources
-associated with the operation and return the operation object to the *inactive*
-state.
-
-Any error that occurs to an operation while it is in an *active* state will
-result in the operation entering an *error* state. The application must call the
-associated ``psa_xxx_abort()`` function to release the operation resources and
-return the object to the *inactive* state.
-
-Once an operation object is returned to the *inactive* state, it can be reused
-by calling one of the applicable setup functions again.
-
-If a multi-part operation object is not initialized before use, the behavior is
-undefined.
-
-If a multi-part operation function determines that the operation object is not in
-any valid state, it can return `PSA_ERROR_CORRUPTION_DETECTED`.
-
-If a multi-part operation function is called with an operation object in the
-wrong state, the function will return `PSA_ERROR_BAD_STATE` and the operation
-object will enter the *error* state.
-
-It is safe to move a multi-part operation object to a different memory location,
-for example, using a bitwise copy, and then to use the object in the new
-location. For example, an application can allocate an operation object on the
-stack and return it, or the operation object can be allocated within memory
-managed by a garbage collector. However, this does not permit the following
-behaviors:
-
-- Moving the object while a function is being called on the object. This is
- not safe. See also `concurrency`.
-- Working with both the original and the copied operation objects. This
- requires cloning the operation, which is only available for hash operations
- using `psa_hash_clone()`.
-
-Each type of multi-part operation can have multiple *active* states.
-Documentation for the specific operation describes the configuration and update
-functions, and any requirements about their usage and ordering.
-
-Message digests (Hashes)
-^^^^^^^^^^^^^^^^^^^^^^^^
-
-The single-part hash functions are:
-
-- `psa_hash_compute()` to calculate the hash of a message.
-- `psa_hash_compare()` to compare the hash of a message with a reference value.
-
-The `psa_hash_operation_t` `multi-part operation <multi-part-operations>`
-allows messages to be processed in fragments:
-
-1. Initialize the `psa_hash_operation_t` object to zero, or by assigning the
- value of the associated macro `PSA_HASH_OPERATION_INIT`.
-2. Call `psa_hash_setup()` to specify the required hash algorithm, call
- `psa_hash_clone()` to duplicate the state of *active* `psa_hash_operation_t`
- object, or call `psa_hash_resume()` to restart a hash operation with the
- output from a previously suspended hash operation.
-3. Call the `psa_hash_update()` function on successive chunks of the message.
-4. At the end of the message, call the required finishing function:
-
- - To suspend the hash operation and extract a hash suspend state,
- call `psa_hash_suspend()`. The output state can subsequently be used
- to resume the hash operation.
- - To calculate the digest of a message, call `psa_hash_finish()`.
- - To verify the digest of a message against a reference value, call
- `psa_hash_verify()`.
-
-To abort the operation or recover from an error, call `psa_hash_abort()`.
-
-Message authentication codes (MACs)
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-The single-part MAC functions are:
-
-- `psa_mac_compute()` to calculate the MAC of a message.
-- `psa_mac_verify()` to compare the MAC of a message with a reference value.
-
-The `psa_mac_operation_t` `multi-part operation <multi-part-operations>`
-allows messages to be processed in fragments:
-
-1. Initialize the `psa_mac_operation_t` object to zero, or by assigning the
- value of the associated macro `PSA_MAC_OPERATION_INIT`.
-2. Call `psa_mac_sign_setup()` or `psa_mac_verify_setup()` to specify the
- algorithm and key.
-3. Call the `psa_mac_update()` function on successive chunks of the message.
-4. At the end of the message, call the required finishing function:
-
- - To calculate the MAC of the message, call `psa_mac_sign_finish()`.
- - To verify the MAC of the message against a reference value, call
- `psa_mac_verify_finish()`.
-
-To abort the operation or recover from an error, call `psa_mac_abort()`.
-
-Encryption and decryption
-^^^^^^^^^^^^^^^^^^^^^^^^^
-
-.. note::
-
- The unauthenticated cipher API is provided to implement legacy protocols and
- for use cases where the data integrity and authenticity is guaranteed by
- non-cryptographic means. It is recommended that newer protocols use
- :title:`func-aead`.
-
-The single-part functions for encrypting or decrypting a message using an
-unauthenticated symmetric cipher are:
-
-- `psa_cipher_encrypt()` to encrypt a message using an unauthenticated symmetric
- cipher. The encryption function generates a random IV. Use the multi-part API
- to provide a deterministic IV: this is not secure in general, but
- can be secure in some conditions that depend on the algorithm.
-- `psa_cipher_decrypt()` to decrypt a message using an unauthenticated symmetric
- cipher.
-
-The `psa_cipher_operation_t` `multi-part operation <multi-part-operations>`
-permits alternative initialization parameters and allows messages to be
-processed in fragments:
-
-1. Initialize the `psa_cipher_operation_t` object to zero, or by assigning the
- value of the associated macro `PSA_CIPHER_OPERATION_INIT`.
-2. Call `psa_cipher_encrypt_setup()` or `psa_cipher_decrypt_setup()` to specify the
- algorithm and key.
-3. Provide additional parameters:
-
- - When encrypting data, generate or set an initialization vector (IV),
- nonce, or similar initial value such as an initial counter value. To
- generate a random IV, which is recommended in most protocols, call
- `psa_cipher_generate_iv()`. To set the IV, call `psa_cipher_set_iv()`.
- - When decrypting, set the IV or nonce. To set the IV, call
- `psa_cipher_set_iv()`.
-4. Call the `psa_cipher_update()` function on successive chunks of the message.
-5. Call `psa_cipher_finish()` to complete the operation and return any final
- output.
-
-To abort the operation or recover from an error, call `psa_cipher_abort()`.
-
-.. _func-aead:
-
-Authenticated encryption (AEAD)
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-The single-part AEAD functions are:
-
-- `psa_aead_encrypt()` to encrypt a message using an authenticated symmetric
- cipher.
-- `psa_aead_decrypt()` to decrypt a message using an authenticated symmetric
- cipher.
-
-These functions follow the interface recommended by :RFC:`5116`.
-
-The encryption function requires a nonce to be provided. To generate a random
-nonce, either call `psa_generate_random()` or use the AEAD multi-part API.
-
-The `psa_aead_operation_t` `multi-part operation <multi-part-operations>`
-permits alternative initialization parameters and allows messages to be
-processed in fragments:
-
-1. Initialize the `psa_aead_operation_t` object to zero, or by assigning the
- value of the associated macro `PSA_AEAD_OPERATION_INIT`.
-2. Call `psa_aead_encrypt_setup()` or `psa_aead_decrypt_setup()` to specify the
- algorithm and key.
-3. Provide additional parameters:
-
- - If the algorithm requires it, call `psa_aead_set_lengths()` to specify the
- length of the non-encrypted and encrypted inputs to the operation.
- - When encrypting, call either `psa_aead_generate_nonce()` or
- `psa_aead_set_nonce()` to generate or set the nonce.
- - When decrypting, call `psa_aead_set_nonce()` to set the nonce.
-4. Call `psa_aead_update_ad()` zero or more times with fragments of the
- non-encrypted additional data.
-5. Call `psa_aead_update()` zero or more times with fragments of the plaintext
- or ciphertext to encrypt or decrypt.
-6. At the end of the message, call the required finishing function:
-
- - To complete an encryption operation, call `psa_aead_finish()` to compute
- and return authentication tag.
- - To complete a decryption operation, call `psa_aead_verify()` to
- compute the authentication tag and verify it against a reference value.
-
-To abort the operation or recover from an error, call `psa_aead_abort()`.
-
-Having a multi-part interface to authenticated encryption raises specific issues.
-
-Multi-part authenticated decryption produces partial results that are not
-authenticated. Applications must not use or expose partial results of
-authenticated decryption until `psa_aead_verify()` has returned a success
-status and must destroy all partial results without revealing them if
-`psa_aead_verify()` returns a failure status. Revealing partial results, either directly or indirectly through the application’s behavior, can compromise the
-confidentiality of all inputs that are encrypted with the same key.
-
-For encryption, some common algorithms cannot be processed in a streaming
-fashion. For SIV mode, the whole plaintext must be known before the encryption
-can start; the multi-part AEAD API is not meant to be usable with SIV mode. For
-CCM mode, the length of the plaintext must be known before the encryption can
-start; the application can call the function `psa_aead_set_lengths()` to provide
-these lengths before providing input.
-
-.. _key-derivation:
-
-Key derivation
-^^^^^^^^^^^^^^
-
-A key derivation encodes a deterministic method to generate a finite stream of
-bytes. This data stream is computed by the cryptoprocessor and extracted in
-chunks. If two key derivation operations are constructed with the same
-parameters, then they produce the same output.
-
-A key derivation consists of two phases:
-
-1. Input collection. This is sometimes known as *extraction*: the operation
- “extracts” information from the inputs to generate a pseudorandom
- intermediate secret value.
-2. Output generation. This is sometimes known as *expansion*: the operation
- “expands” the intermediate secret value to the desired output length.
-
-The specification defines a `multi-part operation <multi-part-operations>`
-API for key derivation that allows for multiple key and non-key outputs to be
-extracted from a single derivation operation object.
-
-In an implementation with `isolation <isolation>`, the intermediate
-state of the key derivation is not visible to the caller, and if an output of
-the derivation is a non-exportable key, then this key cannot be recovered
-outside the isolation boundary.
-
-Applications use the `psa_key_derivation_operation_t` type to create key
-derivation operations. The operation object is used as follows:
-
-1. Initialize a `psa_key_derivation_operation_t` object to zero or to
- `PSA_KEY_DERIVATION_OPERATION_INIT`.
-2. Call `psa_key_derivation_setup()` to select a key derivation algorithm.
-3. Call the functions `psa_key_derivation_input_bytes()` and
- `psa_key_derivation_input_key()`, or `psa_key_derivation_key_agreement()` to
- provide the inputs to the key derivation algorithm. Many key derivation
- algorithms take multiple inputs; the ``step`` parameter to these functions
- indicates which input is being provided. The documentation for each key
- derivation algorithm describes the expected inputs for that algorithm and
- in what order to pass them.
-4. Optionally, call `psa_key_derivation_set_capacity()` to set a limit on the
- amount of data that can be output from the key derivation operation.
-5. Call `psa_key_derivation_output_key()` to create a derived key, or
- `psa_key_derivation_output_bytes()` to export the derived data. These
- functions can be called multiple times to read successive output from the key
- derivation, until the stream is exhausted when its capacity has been reached.
-6. Key derivation does not finish in the same way as other multi-part
- operations. Call `psa_key_derivation_abort()` to release the key derivation
- operation memory when the object is no longer required.
-
-To recover from an error, call `psa_key_derivation_abort()` to release the key
-derivation operation memory.
-
-A key derivation operation cannot be rewound. Once a part of the stream has been
-output, it cannot be output again. This ensures that the same part of the output
-will not be used for different purposes.
-
-Example of the symmetric cryptography API
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Here is an example of a use case where a master key is used to generate both a
-message encryption key and an IV for the encryption, and the derived key and IV
-are then used to encrypt a message.
-
-1. Derive the message encryption material from the master key.
-
- 1. Initialize a `psa_key_derivation_operation_t` object to zero or to
- `PSA_KEY_DERIVATION_OPERATION_INIT`.
- 2. Call `psa_key_derivation_setup()` with `PSA_ALG_HKDF` as the algorithm.
- 3. Call `psa_key_derivation_input_key()` with the step
- `PSA_KEY_DERIVATION_INPUT_SECRET` and the master key.
- 4. Call `psa_key_derivation_input_bytes()` with the step
- `PSA_KEY_DERIVATION_INPUT_INFO` and a public value that uniquely
- identifies the message.
- 5. Populate a `psa_key_attributes_t` object with the derived message
- encryption key’s attributes.
- 6. Call `psa_key_derivation_output_key()` to create the derived message key.
- 7. Call `psa_key_derivation_output_bytes()` to generate the derived IV.
- 8. Call `psa_key_derivation_abort()` to release the key derivation operation
- memory.
-
-2. Encrypt the message with the derived material.
-
- 1. Initialize a `psa_cipher_operation_t` object to zero or to
- `PSA_CIPHER_OPERATION_INIT`.
- 2. Call `psa_cipher_encrypt_setup()` with the derived message encryption key.
- 3. Call `psa_cipher_set_iv()` using the derived IV retrieved above.
- 4. Call `psa_cipher_update()` one or more times to encrypt the message.
- 5. Call `psa_cipher_finish()` at the end of the message.
-
-3. Call `psa_destroy_key()` to clear the generated key.
-
-Asymmetric cryptography
-~~~~~~~~~~~~~~~~~~~~~~~
-
-This specification defines functions for asymmetric cryptography, including
-asymmetric encryption, asymmetric signature, and two-way key agreement.
-
-Asymmetric encryption
-^^^^^^^^^^^^^^^^^^^^^
-
-Asymmetric encryption is provided through the functions
-`psa_asymmetric_encrypt()` and `psa_asymmetric_decrypt()`.
-
-Hash-and-sign
-^^^^^^^^^^^^^
-
-The signature and verification functions `psa_sign_message()` and
-`psa_verify_message()` take a message as one of their inputs and perform a
-hash-and-sign algorithm.
-
-The functions `psa_sign_hash()` and `psa_verify_hash()` take a message hash as
-one of their inputs. This is useful for signing pre-computed hashes, or for
-implementing hash-and-sign using a :ref:`multi-part hash operation <hash-mp>`
-before signing the resulting hash. To determine which
-hash algorithm to use, call the macro `PSA_ALG_GET_HASH()` on the
-corresponding signature algorithm.
-
-Some hash-and-sign algorithms add padding to the message hash before completing
-the signing operation. The format of the padding that is used depends on the
-algorithm used to construct the signature.
-
-Key agreement
-^^^^^^^^^^^^^
-
-This specification defines two functions for a Diffie-Hellman-style key
-agreement where each party combines its own private key with the peer’s public
-key.
-
-The recommended approach is to use a `key derivation
-operation <key-derivation>` with the `psa_key_derivation_key_agreement()`
-input function, which calculates a shared secret for the key derivation
-function.
-
-Where an application needs direct access to the shared secret, it can call
-`psa_raw_key_agreement()` instead. Note that in general the shared secret is not
-directly suitable for use as a key because it is biased.
-
-Randomness and key generation
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-We strongly recommended that implementations include a random generator,
-consisting of a cryptographically secure pseudo-random generator (CSPRNG), which
-is adequately seeded with a cryptographic-quality hardware entropy source,
-commonly referred to as a true random number generator (TRNG). Constrained
-implementations can omit the random generation functionality if they do not
-implement any algorithm that requires randomness internally, and they do not
-provide a key generation functionality. For example, a special-purpose component
-for signature verification can omit this.
-
-It is recommended that applications use `psa_generate_key()`,
-`psa_cipher_generate_iv()` or `psa_aead_generate_nonce()` to generate
-suitably-formatted random data, as applicable. In addition, the API includes a
-function `psa_generate_random()` to generate and extract arbitrary random data.
diff --git a/docs/html/_sources/overview/goals.rst.txt b/docs/html/_sources/overview/goals.rst.txt
deleted file mode 100644
index 48a2f75..0000000
--- a/docs/html/_sources/overview/goals.rst.txt
+++ /dev/null
@@ -1,194 +0,0 @@
-.. _design-goals:
-
-Design goals
-------------
-
-Suitable for constrained devices
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-The interface is suitable for a vast range of devices: from special-purpose
-cryptographic processors that process data with a built-in key, to constrained
-devices running custom application code, such as microcontrollers, and
-multi-application devices, such as servers. Consequentially, the interface is
-scalable and modular.
-
-- *Scalable*: devices only need to implement the functionality that they will
- use.
-- *Modular*: larger devices implement larger subsets of the same interface,
- rather than different interfaces.
-
-In this interface, all operations on unbounded amounts of data
-allow *multi-part* processing, as long as the calculations on the data are
-performed in a streaming manner. This means that the application does not need
-to store the whole message in memory at one time. As a result, this
-specification is suitable for very constrained devices, including those where
-memory is very limited.
-
-Memory outside the keystore boundary is managed by the application. An
-implementation of the interface is not required to retain any state between
-function calls, apart from the content of the keystore and other data that must
-be kept inside the keystore security boundary.
-
-The interface does not expose the representation of keys and intermediate data,
-except when required for interchange. This allows each implementation to choose
-optimal data representations. Implementations with multiple components are also
-free to choose which memory area to use for internal data.
-
-A keystore interface
-~~~~~~~~~~~~~~~~~~~~
-
-The specification allows cryptographic operations to be performed on a key to
-which the application does not have direct access. Except where required for
-interchange, applications access all keys indirectly, by an identifier. The key
-material corresponding to that identifier can reside inside a security boundary
-that prevents it from being extracted, except as permitted by a policy that is
-defined when the key is created.
-
-.. _isolation:
-
-Optional isolation
-~~~~~~~~~~~~~~~~~~
-
-Implementations can isolate the cryptoprocessor from the calling application,
-and can further isolate multiple calling applications. The interface allows the
-implementation to be separated between a frontend and a backend. In an isolated
-implementation, the frontend is the part of the implementation that is located
-in the same isolation boundary as the application, which the application
-accesses by function calls. The backend is the part of the implementation that
-is located in a different environment, which is protected from the frontend.
-Various technologies can provide protection, for example:
-
-- Process isolation in an operating system.
-- Partition isolation, either with a virtual machine or a partition manager.
-- Physical separation between devices.
-
-Communication between the frontend and backend is beyond the scope of this
-specification.
-
-In an isolated implementation, the backend can serve more than one
-implementation instance. In this case, a single backend communicates with
-multiple instances of the frontend. The backend must enforce **caller
-isolation**: it must ensure that assets of one frontend are not visible to any
-other frontend. The mechanism for identifying callers is beyond the scope of this
-specification. An implementation that provides caller isolation must document
-the identification mechanism. An implementation that provides isolation must
-document any implementation-specific extension of the API that enables frontend
-instances to share data in any form.
-
-In summary, there are three types of implementation:
-
-- No isolation: there is no security boundary between the application and the
- cryptoprocessor. For example, a statically or dynamically linked library is
- an implementation with no isolation.
-- Cryptoprocessor isolation: there is a security boundary between the
- application and the cryptoprocessor, but the cryptoprocessor does not
- communicate with other applications. For example, a cryptoprocessor chip that
- is a companion to an application processor is an implementation with
- cryptoprocessor isolation.
-- Caller isolation: there are multiple application instances, with a security
- boundary between the application instances among themselves, as well as
- between the cryptoprocessor and the application instances. For example, a
- cryptography service in a multiprocess environment is an implementation with
- caller and cryptoprocessor isolation.
-
-Choice of algorithms
-~~~~~~~~~~~~~~~~~~~~
-
-The specification defines a low-level cryptographic interface, where the caller
-explicitly chooses which algorithm and which security parameters they use. This
-is necessary to implement protocols that are inescapable in various use cases.
-The design of the interface enables applications to implement widely-used
-protocols and data exchange formats, as well as custom ones.
-
-As a consequence, all cryptographic functionality operates according to the
-precise algorithm specified by the caller. However, this does not apply to
-device-internal functionality, which does not involve any form of
-interoperability, such as random number generation. The specification does not
-include generic higher-level interfaces, where the implementation chooses the
-best algorithm for a purpose. However, higher-level libraries can be built on
-top of the PSA Crypto API.
-
-Another consequence is that the specification permits the use of algorithms, key
-sizes and other parameters that, while known to be insecure, might be necessary to
-support legacy protocols or legacy data. Where major weaknesses are known, the
-algorithm descriptions give applicable warnings. However, the lack of a warning
-both does not and cannot indicate that an algorithm is secure in all circumstances.
-Application developers need to research the security of the protocols and
-algorithms that they plan to use to determine if these meet their requirements.
-
-The interface facilitates algorithm agility. As a consequence, cryptographic
-primitives are presented through generic functions with a parameter indicating
-the specific choice of algorithm. For example, there is a single function to
-calculate a message digest, which takes a parameter that identifies the specific
-hash algorithm.
-
-Ease of use
-~~~~~~~~~~~
-
-The interface is designed to be as user-friendly as possible, given the
-aforementioned constraints on suitability for various types of devices and on
-the freedom to choose algorithms.
-
-In particular, the code flows are designed to reduce the risk of dangerous
-misuse. The interface is designed in part to make it harder to misuse. Where
-possible, it is designed so that
-typical mistakes result in test failures, rather than subtle security issues.
-Implementations avoid leaking data when a function is called with invalid
-parameters, to the extent allowed by the C language and by implementation size
-constraints.
-
-Example use cases
-~~~~~~~~~~~~~~~~~
-
-This section lists some of the use cases that were considered during the design
-of this API. This list is not exhaustive, nor are all implementations required to
-support all use cases.
-
-Network Security (TLS)
-^^^^^^^^^^^^^^^^^^^^^^
-
-The API provides all of the cryptographic primitives needed to establish TLS
-connections.
-
-Secure Storage
-^^^^^^^^^^^^^^
-
-The API provides all primitives related to storage encryption, block or
-file-based, with master encryption keys stored inside a key store.
-
-Network Credentials
-^^^^^^^^^^^^^^^^^^^
-
-The API provides network credential management inside a key store, for example,
-for X.509-based authentication or pre-shared keys on enterprise networks.
-
-Device Pairing
-^^^^^^^^^^^^^^
-
-The API provides support for key agreement protocols that are often used for
-secure pairing of devices over wireless channels. For example, the pairing of an
-NFC token or a Bluetooth device might use key agreement protocols upon
-first use.
-
-Secure Boot
-^^^^^^^^^^^
-
-The API provides primitives for use during firmware integrity and authenticity
-validation, during a secure or trusted boot process.
-
-Attestation
-^^^^^^^^^^^
-
-The API provides primitives used in attestation activities. Attestation is the
-ability for a device to sign an array of bytes with a device private key and
-return the result to the caller. There are several use cases; ranging from attestation
-of the device state, to the ability to generate a key pair and prove that it has
-been generated inside a secure key store. The API provides access to the
-algorithms commonly used for attestation.
-
-Factory Provisioning
-^^^^^^^^^^^^^^^^^^^^
-
-Most IoT devices receive a unique identity during the factory provisioning
-process, or once they have been deployed to the field. This API provides the APIs necessary for
-populating a device with keys that represent that identity.
diff --git a/docs/html/_sources/overview/implementation.rst.txt b/docs/html/_sources/overview/implementation.rst.txt
deleted file mode 100644
index b85ef16..0000000
--- a/docs/html/_sources/overview/implementation.rst.txt
+++ /dev/null
@@ -1,290 +0,0 @@
-.. _implementation-considerations:
-
-Implementation considerations
------------------------------
-
-Implementation-specific aspects of the interface
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Implementation profile
-^^^^^^^^^^^^^^^^^^^^^^
-
-Implementations can implement a subset of the API and a subset of the available
-algorithms. The implemented subset is known as the implementation’s profile. The
-documentation for each implementation must describe the profile that it
-implements. This specification’s companion documents also define a number of
-standard profiles.
-
-.. _implementation-defined-type:
-
-Implementation-specific types
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-This specification defines a number of implementation-specific types, which
-represent objects whose content depends on the implementation. These are defined
-as C ``typedef`` types in this specification, with a comment
-:code:`/* implementation-defined type */` in place of the underlying type
-definition. For some types the specification constrains the type, for example,
-by requiring that the type is a ``struct``, or that it is convertible to and
-from an unsigned integer. In the implementation's version of **psa/crypto.h**,
-these types need to be defined as complete C types so that objects of these
-types can be instantiated by application code.
-
-Applications that rely on the implementation specific definition of any of these
-types might not be portable to other implementations of this specification.
-
-.. _implementation-specific-macro:
-
-Implementation-specific macros
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Some macro constants and function-like macros are precisely defined by this
-specification. The use of an exact definition is essential if the definition can
-appear in more than one header file within a compilation.
-
-Other macros that are defined by this specification have a macro body that is
-implementation-specific. The description of an implementation-specific macro can
-optionally specify each of the following requirements:
-
-* Input domains: the macro must be valid for arguments within the input domain.
-* A return type: the macro result must be compatible with this type.
-* Output range: the macro result must lie in the output range.
-* Computed value: A precise mapping of valid input to output values.
-
-Each implementation-specific macro is in one of following categories:
-
-.. _specification-defined-value:
-
-*Specification-defined value*
-
- The result type and computed value of the macro expression is defined by
- this specification, but the definition of the macro body is provided by the
- implementation.
-
- These macros are indicated in this specification using the comment
- :code:`/* specification-defined value */`.
-
- .. TODO!!
- Change this text when we have provided pseudo-code implementations of
- all the relevant macro expressions.
-
- For function-like macros with specification-defined values:
-
- * Example implementations are provided in an appendix to this specification.
- See :title:`appendix-specdef-values`.
-
- * The expected computation for valid and supported input arguments will be
- defined as pseudo-code in a future version of this specification.
-
-.. _implementation-defined-value:
-
-*Implementation-defined value*
-
- The value of the macro expression is implementation-defined.
-
- For some macros, the computed value is derived from the specification of one
- or more cryptographic algorithms. In these cases, the result must exactly
- match the value in those external specifications.
-
- These macros are indicated in this specification using the comment
- :code:`/* implementation-defined value */`.
-
-Some of these macros compute a result based on an algorithm or key type.
-If an implementation defines vendor-specific algorithms or
-key types, then it must provide an implementation for such macros that takes all
-relevant algorithms and types into account. Conversely, an implementation that
-does not support a certain algorithm or key type can define such macros in a
-simpler way that does not take unsupported argument values into account.
-
-Some macros define the minimum sufficient output buffer size for certain
-functions. In some cases, an implementation is allowed to require a buffer size
-that is larger than the theoretical minimum. An implementation must define
-minimum-size macros in such a way that it guarantees that the buffer of the
-resulting size is sufficient for the output of the corresponding function. Refer
-to each macro’s documentation for the applicable requirements.
-
-Porting to a platform
-~~~~~~~~~~~~~~~~~~~~~
-
-Platform assumptions
-^^^^^^^^^^^^^^^^^^^^
-
-This specification is designed for a C99 platform. The interface is defined in
-terms of C macros, functions and objects.
-
-The specification assumes 8-bit bytes, and “byte” and “octet” are used
-synonymously.
-
-Platform-specific types
-^^^^^^^^^^^^^^^^^^^^^^^
-
-The specification makes use of some types defined in C99. These types must be
-defined in the implementation version of **psa/crypto.h** or by a header
-included in this file. The following C99 types are used:
-
-``uint8_t``, ``uint16_t``, ``uint32_t``
- Unsigned integer types with 8, 16 and 32 value bits respectively.
- These types are defined by the C99 header **stdint.h**.
-
-Cryptographic hardware support
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Implementations are encouraged to make use of hardware accelerators where
-available. A future version of this specification will define a function
-interface that calls drivers for hardware accelerators and external
-cryptographic hardware.
-
-Security requirements and recommendations
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Error detection
-^^^^^^^^^^^^^^^
-
-Implementations that provide isolation between the caller and the cryptography
-processing environment must validate parameters to ensure that the cryptography
-processing environment is protected from attacks caused by passing invalid
-parameters.
-
-Even implementations that do not provide isolation are recommended to detect bad
-parameters and fail-safe where possible.
-
-Indirect object references
-^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Implementations can use different strategies for allocating key identifiers,
-and other types of indirect object reference.
-
-Implementations that provide isolation between the caller and the cryptography
-processing environment must consider the threats relating to abuse and misuse
-of key identifiers and other indirect resource references. For example,
-multi-part operations can be implemented as backend state to which the client
-only maintains an indirect reference in the application's multi-part operation
-object.
-
-An implementation that supports multiple callers must implement strict isolation
-of API resources between different callers. For example, a client must not be
-able to obtain a reference to another client's key by guessing the key
-identifier value. Isolation of key identifiers can be achieved in several ways.
-For example:
-
-- There is a single identifier namespace for all clients, and the
- implementation verifies that the client is the owner of the identifier when
- looking up the key.
-- Each client has an independent identifier namespace, and the implementation
- uses a client specific identifier-to-key mapping when looking up the key.
-
-After a volatile key identifier is destroyed, it is recommended that the
-implementation does not immediately reuse the same identifier value for a
-different key. This reduces the risk of an attack that is able to exploit a key
-identifier reuse vulnerability within an application.
-
-.. _memory-cleanup:
-
-Memory cleanup
-^^^^^^^^^^^^^^
-
-Implementations must wipe all sensitive data from memory when it is no longer
-used. It is recommended that they wipe this sensitive data as soon as possible. All
-temporary data used during the execution of a function, such as stack buffers,
-must be wiped before the function returns. All data associated with an object,
-such as a multi-part operation, must be wiped, at the latest, when the object
-becomes inactive, for example, when a multi-part operation is aborted.
-
-The rationale for this non-functional requirement is to minimize impact if the
-system is compromised. If sensitive data is wiped immediately after use, only
-data that is currently in use can be leaked. It does not compromise past data.
-
-.. _key-material:
-
-Managing key material
-^^^^^^^^^^^^^^^^^^^^^
-
-In implementations that have limited volatile memory for keys, the
-implementation is permitted to store a `volatile key <volatile-keys>` to a
-temporary location in non-volatile memory. The implementation must delete any
-such copies when the key is destroyed, and it is recommended that these copies
-are deleted as soon as the key is reloaded into volatile memory. An
-implementation that uses this method must clear any stored volatile key material
-on startup.
-
-Implementing the `memory cleanup rule <memory-cleanup>` for persistent keys
-can result in inefficiencies when the same persistent key is used sequentially
-in multiple cryptographic operations. The inefficiency stems from loading the
-key from non-volatile storage on each use of the key. The `PSA_KEY_USAGE_CACHE`
-policy allows an application to request that the implementation does not cleanup
-non-essential copies of persistent key material, effectively suspending the
-cleanup rules for that key. The effects of this policy depend on the
-implementation and the key, for example:
-
-- For volatile keys or keys in a secure element with no open/close mechanism,
- this is likely to have no effect.
-- For persistent keys that are not in a secure element, this allows the
- implementation to keep the key in a memory cache outside of the memory used
- by ongoing operations.
-- For keys in a secure element with an open/close mechanism, this is a hint to
- keep the key open in the secure element.
-
-The application can indicate when it has finished using the key by calling
-`psa_purge_key()`, to request that the key material is cleaned from memory.
-
-Safe outputs on error
-^^^^^^^^^^^^^^^^^^^^^
-
-Implementations must ensure that confidential data is not written to output
-parameters before validating that the disclosure of this confidential data is
-authorized. This requirement is particularly important for implementations where
-the caller can share memory with another security context, as described in the
-`stability-of-parameters` section.
-
-In most cases, the specification does not define the content of output
-parameters when an error occurs. It is recommended that implementations try to
-ensure that the content of output parameters is as safe as possible, in case an
-application flaw or a data leak causes it to be used. In particular, Arm
-recommends that implementations avoid placing partial output in output buffers
-when an action is interrupted. The meaning of “safe as possible” depends on the
-implementation, as different environments require different compromises between
-implementation complexity, overall robustness and performance. Some common
-strategies are to leave output parameters unchanged, in case of errors, or
-zeroing them out.
-
-Attack resistance
-^^^^^^^^^^^^^^^^^
-
-Cryptographic code tends to manipulate high-value secrets, from which other
-secrets can be unlocked. As such, it is a high-value target for attacks. There
-is a vast body of literature on attack types, such as side channel attacks and
-glitch attacks. Typical side channels include timing, cache access patterns,
-branch-prediction access patterns, power consumption, radio emissions and more.
-
-This specification does not specify particular requirements for attack
-resistance. Implementers are encouraged to consider the attack resistance
-desired in each use case and design their implementation accordingly. Security
-standards for attack resistance for particular targets might be applicable in
-certain use cases.
-
-Other implementation considerations
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Philosophy of resource management
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-The specification allows most functions to return
-`PSA_ERROR_INSUFFICIENT_MEMORY`. This gives implementations the freedom to
-manage memory as they please.
-
-Alternatively, the interface is also designed for conservative strategies of
-memory management. An implementation can avoid dynamic memory allocation
-altogether by obeying certain restrictions:
-
-- Pre-allocate memory for a predefined number of keys, each with sufficient
- memory for all key types that can be stored.
-- For multi-part operations, in an implementation without isolation, place all
- the data that needs to be carried over from one step to the next in the
- operation object. The application is then fully in control of how memory is
- allocated for the operation.
-- In an implementation with isolation, pre-allocate memory for a predefined
- number of operations inside the cryptoprocessor.
-
-.. Inclusion of algorithms
-
- Inline algorithm-generic functions into specialized functions at compile/link time
diff --git a/docs/html/_sources/overview/intro.rst.txt b/docs/html/_sources/overview/intro.rst.txt
deleted file mode 100644
index 416cde7..0000000
--- a/docs/html/_sources/overview/intro.rst.txt
+++ /dev/null
@@ -1,36 +0,0 @@
-Introduction
-------------
-
-Arm’s Platform Security Architecture (PSA) is a holistic set of threat models,
-security analyses, hardware and firmware architecture specifications, an
-open source firmware reference implementation, and an independent evaluation
-and certification scheme. PSA provides a recipe, based on
-industry best practice, that allows security to be consistently designed in, at
-both a hardware and firmware level.
-
-The PSA Cryptographic API (Crypto API) described in this document is an
-important PSA component that provides an interface to cryptographic operations
-on resource-constrained devices. The interface is user-friendly, while still
-providing access to the low-level primitives used in modern cryptography. It
-does not require that the user has access to the key material. Instead, it uses
-opaque key identifiers.
-
-This document is part of the PSA family of specifications. It defines an
-interface for cryptographic services, including cryptography primitives and a
-key storage functionality.
-
-This document includes:
-
-- A `rationale <design-goals>` for the design.
-- A `high-level overview of the functionality <functionality-overview>`
- provided by the interface.
-- A `description of typical architectures <architectures>` of
- implementations for this specification.
-- General considerations `for implementers <implementation-considerations>`
- of this specification and `for applications <usage-considerations>` that
- use the interface defined in this specification.
-- A `detailed definition <api-reference>` of the API.
-
-Companion documents will define *profiles* for this specification. A profile is
-a minimum mandatory subset of the interface that a compliant implementation must
-provide.
diff --git a/docs/html/_sources/overview/sample-arch.rst.txt b/docs/html/_sources/overview/sample-arch.rst.txt
deleted file mode 100644
index 499283e..0000000
--- a/docs/html/_sources/overview/sample-arch.rst.txt
+++ /dev/null
@@ -1,121 +0,0 @@
-.. _architectures:
-
-Sample architectures
---------------------
-
-This section describes some example architectures that can be used for
-implementations of the interface described in this specification. This list is
-not exhaustive and the section is entirely non-normative.
-
-Single-partition architecture
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-In the single-partition architecture, there is no security boundary inside the system. The
-application code can access all the system memory, including the memory used by
-the cryptographic services described in this specification. Thus, the
-architecture provides `no isolation <isolation>`.
-
-This architecture does not conform to the Arm *Platform Security Architecture
-Security Model*. However, it is useful for providing cryptographic services
-that use the same interface, even on devices that cannot support any security
-boundary. So, while this architecture is not the primary design goal of the API
-defined in the present specification, it is supported.
-
-The functions in this specification simply execute the underlying algorithmic
-code. Security checks can be kept to a minimum, since the cryptoprocessor cannot
-defend against a malicious application. Key import and export copy data inside
-the same memory space.
-
-This architecture also describes a subset of some larger systems, where the
-cryptographic services are implemented inside a high-security partition,
-separate from the code of the main application, though it shares this
-high-security partition with other platform security services.
-
-.. _isolated-cryptoprocessor:
-
-Cryptographic token and single-application processor
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-This system is composed of two partitions: one is a cryptoprocessor and the
-other partition runs an application. There is a security boundary between the
-two partitions, so that the application cannot access the cryptoprocessor,
-except through its public interface. Thus, the architecture provides
-`cryptoprocessor isolation <isolation>`. The cryptoprocessor has
-some non-volatile storage, a TRNG, and possibly, some cryptographic accelerators.
-
-There are a number of potential physical realizations: the cryptoprocessor might
-be a separate chip, a separate processor on the same chip, or a logical
-partition using a combination of hardware and software to provide the isolation.
-These realizations are functionally equivalent in terms of the offered software
-interface, but they would typically offer different levels of security
-guarantees.
-
-The PSA crypto API in the application processor consists of a thin layer of code
-that translates function calls to remote procedure calls in the cryptoprocessor.
-All cryptographic computations are, therefore, performed inside the
-cryptoprocessor. Non-volatile keys are stored inside the cryptoprocessor.
-
-Cryptoprocessor with no key storage
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-As in the :title:`isolated-cryptoprocessor` architecture, this system
-is also composed of two partitions separated by a security boundary and also
-provides `cryptoprocessor isolation <isolation>`.
-However, unlike the previous architecture, in this system, the cryptoprocessor
-does not have any secure, persistent storage that could be used to store
-application keys.
-
-If the cryptoprocessor is not capable of storing cryptographic material, then
-there is little use for a separate cryptoprocessor, since all data would have to
-be imported by the application.
-
-The cryptoprocessor can provide useful services if it is able to store at least
-one key. This might be a hardware unique key that is burnt to one-time
-programmable memory during the manufacturing of the device. This key can be used
-for one or more purposes:
-
-- Encrypt and authenticate data stored in the application processor.
-- Communicate with a paired device.
-- Allow the application to perform operations with keys that are derived from
- the hardware unique key.
-
-Multi-client cryptoprocessor
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-This is an expanded variant of the `cryptographic token plus application
-architecture <isolated-cryptoprocessor>`. In this
-variant, the cryptoprocessor serves multiple applications that are mutually
-untrustworthy. This architecture provides `caller
-isolation <isolation>`.
-
-In this architecture, API calls are translated to remote procedure calls, which
-encode the identity of the client application. The cryptoprocessor carefully
-segments its internal storage to ensure that a client’s data is never leaked to
-another client.
-
-Multi-cryptoprocessor architecture
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-This system includes multiple cryptoprocessors. There are several reasons to
-have multiple cryptoprocessors:
-
-- Different compromises between security and performance for different keys.
- Typically, this means a cryptoprocessor that runs on the same hardware as the
- main application and processes short-term secrets, a secure element or a
- similar separate chip that retains long-term secrets.
-- Independent provisioning of certain secrets.
-- A combination of a non-removable cryptoprocessor and removable ones, for
- example, a smartcard or HSM.
-- Cryptoprocessors managed by different stakeholders who do not trust each
- other.
-
-The keystore implementation needs to dispatch each request to the correct
-processor. For example:
-
-- All requests involving a non-extractable key must be processed in the
- cryptoprocessor that holds that key.
-- Requests involving a persistent key must be processed in the cryptoprocessor
- that corresponds to the key’s lifetime value.
-- Requests involving a volatile key might target a cryptoprocessor based on
- parameters supplied by the application, or based on considerations such as
- performance inside the implementation.
diff --git a/docs/html/_sources/overview/usage.rst.txt b/docs/html/_sources/overview/usage.rst.txt
deleted file mode 100644
index 1d1f2c9..0000000
--- a/docs/html/_sources/overview/usage.rst.txt
+++ /dev/null
@@ -1,71 +0,0 @@
-.. _usage-considerations:
-
-Usage considerations
---------------------
-
-Security recommendations
-~~~~~~~~~~~~~~~~~~~~~~~~
-
-Always check for errors
-^^^^^^^^^^^^^^^^^^^^^^^
-
-Most functions in this API can return errors. All functions that can fail have
-the return type `psa_status_t`. A few functions cannot fail, and thus, return
-``void`` or some other type.
-
-If an error occurs, unless otherwise specified, the content of the output
-parameters is undefined and must not be used.
-
-Some common causes of errors include:
-
-- In implementations where the keys are stored and processed in a separate
- environment from the application, all functions that need to access the
- cryptography processing environment might fail due to an error in the
- communication between the two environments.
-- If an algorithm is implemented with a hardware accelerator, which is
- logically separate from the application processor, the accelerator might fail,
- even when the application processor keeps running normally.
-- Most functions might fail due to a lack of resources. However, some
- implementations guarantee that certain functions always have sufficient
- memory.
-- All functions that access persistent keys might fail due to a storage failure.
-- All functions that require randomness might fail due to a lack of entropy.
- Implementations are encouraged to seed the random generator with sufficient
- entropy during the execution of `psa_crypto_init()`. However, some security
- standards require periodic reseeding from a hardware random generator, which
- can fail.
-
-Shared memory and concurrency
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Some environments allow applications to be multithreaded, while others do not.
-In some environments, applications can share memory with a different security
-context. In environments with multithreaded applications or shared memory,
-applications must be written carefully to avoid data corruption or leakage. This
-specification requires the application to obey certain constraints.
-
-In general, this API allows either one writer or any number of simultaneous
-readers, on any given object. In other words, if two or more calls access the
-same object concurrently, then the behavior is only well-defined if all the
-calls are only reading from the object and do not modify it. Read accesses
-include reading memory by input parameters and reading keystore content by using
-a key. For more details, refer to the `concurrency`
-section.
-
-If an application shares memory with another security context, it can pass
-shared memory blocks as input buffers or output buffers, but not as non-buffer
-parameters. For more details, refer to the :title:`stability-of-parameters` section.
-
-Cleaning up after use
-^^^^^^^^^^^^^^^^^^^^^
-
-To minimize impact if the system is compromised, it is recommended that
-applications wipe all sensitive data from memory when it is no longer used. That
-way, only data that is currently in use can be leaked, and past data is not
-compromised.
-
-Wiping sensitive data includes:
-
-- Clearing temporary buffers in the stack or on the heap.
-- Aborting operations if they will not be finished.
-- Destroying keys that are no longer used.
diff --git a/docs/html/_static/custom.css b/docs/html/_static/custom.css
index c252930..cac5e88 100644
--- a/docs/html/_static/custom.css
+++ b/docs/html/_static/custom.css
@@ -2,11 +2,20 @@
body {
font-family: Calibri, sans-serif;
- font-size: 17px;
+ font-size: 15px;
}
div.document {
- width: 1080px;
+ width: 900px;
+}
+
+div.bodywrapper {
+ margin: 0 0 0 180px;
+}
+
+div.sphinxsidebar {
+ width: 180px;
+ font-size: 12.5px;
}
div.body h1,
@@ -56,27 +65,70 @@
table.docutils {
border: 0;
- width: 100%;
- -moz-box-shadow: none;
+ width: 100%;
+ -moz-box-shadow: none;
-webkit-box-shadow: none;
box-shadow: none;
border-top: 1px solid #AAA;
border-bottom: 1px solid #AAA;
+ margin-bottom: 1em;
+}
+
+table.titletable {
+ margin-top: 40px;
+ width: auto;
+ border-top: none;
+ border-bottom: none;
+}
+
+table.docutils caption, div.figure p.caption {
+ font-size: 90%;
+ text-align: right;
+}
+
+table.docutils caption span.caption-number, div.figure p.caption span.caption-number {
+ font-weight: bold;
+ font-style: normal;
}
table.docutils td, table.docutils th {
- border: 0;
+ border: 0;
padding: 0.3em 0.5em 0.3em 0.5em;
text-align: left;
vertical-align: top;
}
+table.docutils td p, table.docutils th p {
+ margin-block-start: .3em;
+ margin-block-end: .3em;
+}
+
+table.docutils th > p:first-child, table.docutils td > p:first-child {
+ margin-top: 0px;
+}
+
table.docutils th {
+ font-weight: bold;
+ font-size: 90%;
+}
+
+table.docutils th.stub {
+ border-bottom: none;
+}
+
+table.docutils th.head {
border-bottom: 1px solid #AAA;
}
-.small-caps {
- font-variant: small-caps;
+div.figure div.legend {
+ font-size: 80%;
+ font-style: italic;
+ text-align: center;
+}
+
+div.figure p.caption, div.figure div.legend p {
+ margin-block-start: 0.2em;
+ margin-block-end: 0.5em;
}
div.admonition {
@@ -87,18 +139,14 @@
border-left: 6px solid #DDD;
}
-div.warning {
- border-left: 6px solid #FBB;
-}
-
div.admonition p.admonition-title {
font-family: Calibri, sans-serif;
font-weight: bold;
font-size: 90%;
}
-div.warning p.admonition-title {
- color: darkred;
+p.admonition-title:after {
+ content: "";
}
div.admonition p {
@@ -106,6 +154,61 @@
margin-bottom: 5px;
}
-p.admonition-title:after {
- content: "";
+div.warning {
+ border-left: 6px solid #FBB;
+}
+
+div.warning p.admonition-title {
+ color: darkred;
+}
+
+div.banner {
+ border: 2px solid #CC0;
+ background-color: #FFB;
+}
+
+div.rationale {
+ border-left: 6px solid #BFB;
+ background-color: #EFE;
+}
+
+div.rationale p.admonition-title {
+ color: darkgreen;
+}
+
+.scterm, .sc {
+ font-variant: small-caps;
+ text-transform: lowercase;
+}
+
+.term {
+ font-style: italic;
+}
+
+.license{
+ font-size: 80%;
+}
+
+.anchor {
+ color: #0091BD;
+}
+
+.issue {
+ color: red;
+}
+
+.secref {
+ font-style: italic;
+}
+
+.sectiontitle {
+ display: block;
+ margin-top: 30px;
+ font-weight: bold;
+ font-size: 180%;
+}
+
+p.titlecopyright {
+ font-size: 70%;
+ text-align: right;
}
diff --git a/docs/html/about.html b/docs/html/about.html
new file mode 100644
index 0000000..92dcb95
--- /dev/null
+++ b/docs/html/about.html
@@ -0,0 +1,597 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+ <title>About this document — PSA Crypto API 1.0.1 documentation</title>
+ <link rel="stylesheet" href="_static/alabaster.css" type="text/css" />
+ <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
+ <script type="text/javascript">
+ var DOCUMENTATION_OPTIONS = {
+ URL_ROOT: './',
+ VERSION: '1.0.1',
+ COLLAPSE_INDEX: false,
+ FILE_SUFFIX: '.html',
+ HAS_SOURCE: false,
+ SOURCELINK_SUFFIX: '.txt'
+ };
+ </script>
+ <script type="text/javascript" src="_static/jquery.js"></script>
+ <script type="text/javascript" src="_static/underscore.js"></script>
+ <script type="text/javascript" src="_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="#" />
+ <link rel="index" title="Index" href="genindex.html" />
+ <link rel="search" title="Search" href="search.html" />
+ <link rel="next" title="1. Introduction" href="overview/intro.html" />
+ <link rel="prev" title="PSA Cryptography API 1.0" href="index.html" />
+
+ <link rel="stylesheet" href="_static/custom.css" type="text/css" />
+
+ <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
+
+ </head>
+ <body>
+
+
+ <div class="document">
+ <div class="documentwrapper">
+ <div class="bodywrapper">
+ <div class="body" role="main">
+
+ <div class="section" id="about-this-document">
+<span id="id1"></span><h1>About this document</h1>
+<div class="section" id="release-information">
+<h2>Release information</h2>
+<p>The change history table lists the changes that have been made to this document.</p>
+<table border="1" class="colwidths-given docutils">
+<colgroup>
+<col width="20%" />
+<col width="15%" />
+<col width="20%" />
+<col width="45%" />
+</colgroup>
+<thead valign="bottom">
+<tr class="row-odd"><th class="head">Date</th>
+<th class="head">Version</th>
+<th class="head">Confidentiality</th>
+<th class="head">Change</th>
+</tr>
+</thead>
+<tbody valign="top">
+<tr class="row-even"><td>January 2019</td>
+<td>1.0 Beta 1</td>
+<td>Non-confidential</td>
+<td>First public beta release.</td>
+</tr>
+<tr class="row-odd"><td>February 2019</td>
+<td>1.0 Beta 2</td>
+<td>Non-confidential</td>
+<td>Update for release with other PSA Dev API specifications.</td>
+</tr>
+<tr class="row-even"><td>May 2019</td>
+<td>1.0 Beta 3</td>
+<td>Non-confidential</td>
+<td>Update for release with other PSA API specifications.</td>
+</tr>
+<tr class="row-odd"><td>February 2020</td>
+<td>1.0 Final</td>
+<td>Non-confidential</td>
+<td>1.0 API finalized.</td>
+</tr>
+<tr class="row-even"><td>August 2020</td>
+<td>1.0.1 Final</td>
+<td>Non-confidential</td>
+<td>Update to fix errors and provide clarifications.</td>
+</tr>
+</tbody>
+</table>
+<p>The detailed changes in each release are described in <a class="reference internal" href="appendix/history.html#changes"><span class="secref">Document change history</span></a>.</p>
+</div>
+<p><span class="sectiontitle">PSA Cryptography API</span></p>
+<p>Copyright © 2018-2020, Arm Limited or its affiliates. All rights reserved. The copyright statement reflects the fact that some
+draft issues of this document have been released, to a limited circulation.</p>
+<div class="section" id="arm-non-confidential-document-licence-licence">
+<h2>Arm Non-Confidential Document Licence (“Licence”)</h2>
+<div class="license docutils container">
+<p>This Licence is a legal agreement between you and Arm Limited (“<strong>Arm</strong>”) for the use of Arm’s intellectual property (including, without limitation, any copyright) embodied in the document accompanying this Licence (“<strong>Document</strong>”). Arm licenses its intellectual property in the Document to you on condition that you agree to the terms of this Licence. By using or copying the Document you indicate that you agree to be bound by the terms of this Licence.</p>
+<p>“<strong>Subsidiary</strong>” means any company the majority of whose voting shares is now or hereafter owner or controlled, directly or indirectly, by you. A company shall be a Subsidiary only for the period during which such control exists.</p>
+<p>This Document is <strong>NON-CONFIDENTIAL</strong> and any use by you and your Subsidiaries (“Licensee”) is subject to the terms of this Licence between you and Arm.</p>
+<p>Subject to the terms and conditions of this Licence, Arm hereby grants to Licensee under the intellectual property in the Document owned or controlled by Arm, a non-exclusive, non-transferable, non-sub-licensable, royalty-free, worldwide licence to:</p>
+<ol class="lowerroman simple">
+<li>use and copy the Document for the purpose of designing and having designed products that comply with the Document;</li>
+<li>manufacture and have manufactured products which have been created under the licence granted in (i) above; and</li>
+<li>sell, supply and distribute products which have been created under the licence granted in (i) above.</li>
+</ol>
+<p><strong>Licensee hereby agrees that the licences granted above shall not extend to any portion or function of a product that is not itself compliant with part of the Document.</strong></p>
+<p>Except as expressly licensed above, Licensee acquires no right, title or interest in any Arm technology or any intellectual property embodied therein.</p>
+<p>THE DOCUMENT IS PROVIDED “AS IS”. ARM PROVIDES NO REPRESENTATIONS AND NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, NON-INFRINGEMENT OR FITNESS FOR A PARTICULAR PURPOSE WITH RESPECT TO THE DOCUMENT. Arm may make changes to the Document at any time and without notice. For the avoidance of doubt, Arm makes no representation with respect to, and has undertaken no analysis to identify or understand the scope and content of, third party patents, copyrights, trade secrets, or other rights.</p>
+<p>NOTWITHSTANDING ANYTHING TO THE CONTRARY CONTAINED IN THIS LICENCE, TO THE FULLEST EXTENT PERMITTED BY LAW, IN NO EVENT WILL ARM BE LIABLE FOR ANY DAMAGES, IN CONTRACT, TORT OR OTHERWISE, IN CONNECTION WITH THE SUBJECT MATTER OF THIS LICENCE (INCLUDING WITHOUT LIMITATION) (I) LICENSEE’S USE OF THE DOCUMENT; AND (II) THE IMPLEMENTATION OF THE DOCUMENT IN ANY PRODUCT CREATED BY LICENSEE UNDER THIS LICENCE). THE EXISTENCE OF MORE THAN ONE CLAIM OR SUIT WILL NOT ENLARGE OR EXTEND THE LIMIT. LICENSEE RELEASES ARM FROM ALL OBLIGATIONS, LIABILITY, CLAIMS OR DEMANDS IN EXCESS OF THIS LIMITATION.</p>
+<p>This Licence shall remain in force until terminated by Licensee or by Arm. Without prejudice to any of its other rights, if Licensee is in breach of any of the terms and conditions of this Licence then Arm may terminate this Licence immediately upon giving written notice to Licensee. Licensee may terminate this Licence at any time. Upon termination of this Licence by Licensee or by Arm, Licensee shall stop using the Document and destroy all copies of the Document in its possession. Upon termination of this Licence, all terms shall survive except for the licence grants.</p>
+<p>Any breach of this Licence by a Subsidiary shall entitle Arm to terminate this Licence as if you were the party in breach. Any termination of this Licence shall be effective in respect of all Subsidiaries. Any rights granted to any Subsidiary hereunder shall automatically terminate upon such Subsidiary ceasing to be a Subsidiary.</p>
+<p>The Document consists solely of commercial items. Licensee shall be responsible for ensuring that any use, duplication or disclosure of the Document complies fully with any relevant export laws and regulations to assure that the Document or any portion thereof is not exported, directly or indirectly, in violation of such export laws.</p>
+<p>This Licence may be translated into other languages for convenience, and Licensee agrees that if there is any conflict between the English version of this Licence and any translation, the terms of the English version of this Licence shall prevail.</p>
+<p>The Arm corporate logo and words marked with ® or ™ are registered trademarks or trademarks of Arm Limited (or its subsidiaries) in the US and/or elsewhere. All rights reserved. Other brands and names mentioned in this document may be the trademarks of their respective owners. No licence, express, implied or otherwise, is granted to Licensee under this Licence, to use the Arm trade marks in connection with the Document or any products based thereon. Visit Arm’s website at <a class="reference external" href="https://www.arm.com/company/policies/trademarks">https://www.arm.com/company/policies/trademarks</a> for more information about Arm’s trademarks.</p>
+<p>The validity, construction and performance of this Licence shall be governed by English Law.</p>
+<p>Copyright © 2018-2020, Arm Limited or its affiliates. All rights reserved.</p>
+<div class="line-block">
+<div class="line">Arm Limited. Company 02557590 registered in England.</div>
+<div class="line">110 Fulbourn Road, Cambridge, England CB1 9NJ.</div>
+</div>
+<p>Arm document reference: LES-PRE-21585 version 4.0</p>
+</div>
+</div>
+<div class="section" id="references">
+<h2>References</h2>
+<p>This document refers to the following documents.</p>
+<table border="1" class="longtable colwidths-given docutils" id="id2">
+<caption><span class="caption-number">Table 1 </span><span class="caption-text">Arm documents referenced by this document</span></caption>
+<colgroup>
+<col width="15%" />
+<col width="20%" />
+<col width="65%" />
+</colgroup>
+<thead valign="bottom">
+<tr class="row-odd"><th class="head">Ref</th>
+<th class="head">Document Number</th>
+<th class="head">Title</th>
+</tr>
+</thead>
+<tbody valign="top">
+<tr class="row-even"><td><span class="target" id="citation-psa-its"></span>[PSA-ITS]</td>
+<td>ARM IHI 0087</td>
+<td><em>PSA Storage API</em>. <a class="reference external" href="https://developer.arm.com/architectures/security-architectures/platform-security-architecture/documentation">https://developer.arm.com/architectures/security-architectures/platform-security-architecture/documentation</a></td>
+</tr>
+</tbody>
+</table>
+<table border="1" class="longtable colwidths-given docutils" id="id3">
+<caption><span class="caption-number">Table 2 </span><span class="caption-text">Other documents referenced by this document</span></caption>
+<colgroup>
+<col width="15%" />
+<col width="85%" />
+</colgroup>
+<thead valign="bottom">
+<tr class="row-odd"><th class="head">Ref</th>
+<th class="head">Title</th>
+</tr>
+</thead>
+<tbody valign="top">
+<tr class="row-even"><td><span class="target" id="citation-chacha20"></span>[CHACHA20]</td>
+<td>Bernstein, D., <em>ChaCha, a variant of Salsa20</em>, January 2008. <a class="reference external" href="http://cr.yp.to/chacha/chacha-20080128.pdf">http://cr.yp.to/chacha/chacha-20080128.pdf</a></td>
+</tr>
+<tr class="row-odd"><td><span class="target" id="citation-curve25519"></span>[Curve25519]</td>
+<td>Bernstein et al., <em>Curve25519: new Diffie-Hellman speed records</em>, LNCS 3958, 2006. <a class="reference external" href="https://www.iacr.org/archive/pkc2006/39580209/39580209.pdf">https://www.iacr.org/archive/pkc2006/39580209/39580209.pdf</a></td>
+</tr>
+<tr class="row-even"><td><span class="target" id="citation-curve448"></span>[Curve448]</td>
+<td>Hamburg, <em>Ed448-Goldilocks, a new elliptic curve</em>, NIST ECC Workshop, 2015. <a class="reference external" href="https://eprint.iacr.org/2015/625.pdf">https://eprint.iacr.org/2015/625.pdf</a></td>
+</tr>
+<tr class="row-odd"><td><span class="target" id="citation-fips180-4"></span>[FIPS180-4]</td>
+<td>NIST, <em>FIPS Publication 180-4: Secure Hash Standard (SHS)</em>, August 2015. <a class="reference external" href="https://doi.org/10.6028/NIST.FIPS.180-4">https://doi.org/10.6028/NIST.FIPS.180-4</a></td>
+</tr>
+<tr class="row-even"><td><span class="target" id="citation-fips186-4"></span>[FIPS186-4]</td>
+<td>NIST, <em>FIPS Publication 186-4: Digital Signature Standard (DSS)</em>, July 2013. <a class="reference external" href="https://doi.org/10.6028/NIST.FIPS.186-4">https://doi.org/10.6028/NIST.FIPS.186-4</a></td>
+</tr>
+<tr class="row-odd"><td><span class="target" id="citation-fips197"></span>[FIPS197]</td>
+<td>NIST, <em>FIPS Publication 197: Advanced Encryption Standard (AES)</em>, November 2001. <a class="reference external" href="https://doi.org/10.6028/NIST.FIPS.197">https://doi.org/10.6028/NIST.FIPS.197</a></td>
+</tr>
+<tr class="row-even"><td><span class="target" id="citation-fips202"></span>[FIPS202]</td>
+<td>NIST, <em>FIPS Publication 202: SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions</em>, August 2015. <a class="reference external" href="https://doi.org/10.6028/NIST.FIPS.202">https://doi.org/10.6028/NIST.FIPS.202</a></td>
+</tr>
+<tr class="row-odd"><td><span class="target" id="citation-frp"></span>[FRP]</td>
+<td>Agence nationale de la sécurité des systèmes d’information, <em>Publication d’un paramétrage de courbe elliptique visant des applications de passeport électronique et de l’administration électronique française</em>, 21 November 2011. <a class="reference external" href="https://www.ssi.gouv.fr/agence/rayonnement-scientifique/publications-scientifiques/articles-ouvrages-actes">https://www.ssi.gouv.fr/agence/rayonnement-scientifique/publications-scientifiques/articles-ouvrages-actes</a></td>
+</tr>
+<tr class="row-even"><td><span class="target" id="citation-ieee-xts"></span>[IEEE-XTS]</td>
+<td>IEEE, <em>1619-2018 - IEEE Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices</em>, January 2019. <a class="reference external" href="https://ieeexplore.ieee.org/servlet/opac?punumber=8637986">https://ieeexplore.ieee.org/servlet/opac?punumber=8637986</a></td>
+</tr>
+<tr class="row-odd"><td><span class="target" id="citation-ietf-sm3"></span>[IETF-SM3]</td>
+<td>IETF, <em>The SM3 Cryptographic Hash Function</em>, November 2017. <a class="reference external" href="https://tools.ietf.org/id/draft-oscca-cfrg-sm3-02.html">https://tools.ietf.org/id/draft-oscca-cfrg-sm3-02.html</a></td>
+</tr>
+<tr class="row-even"><td><span class="target" id="citation-ietf-sm4"></span>[IETF-SM4]</td>
+<td>IETF, <em>The SM4 Blockcipher Algorithm And Its Modes Of Operations</em>, April 2018. <a class="reference external" href="https://tools.ietf.org/html/draft-ribose-cfrg-sm4-10">https://tools.ietf.org/html/draft-ribose-cfrg-sm4-10</a></td>
+</tr>
+<tr class="row-odd"><td><span class="target" id="citation-iso10118"></span>[ISO10118]</td>
+<td>ISO/IEC, <em>ISO/IEC 10118-3:2018 IT Security techniques — Hash-functions — Part 3: Dedicated hash-functions</em>, October 2018. <a class="reference external" href="https://www.iso.org/standard/67116.html">https://www.iso.org/standard/67116.html</a></td>
+</tr>
+<tr class="row-even"><td><span class="target" id="citation-iso9797"></span>[ISO9797]</td>
+<td>ISO/IEC, <em>ISO/IEC 9797-1:2011 Information technology — Security techniques — Message Authentication Codes (MACs) — Part 1: Mechanisms using a block cipher</em>, March 2011. <a class="reference external" href="https://www.iso.org/standard/50375.html">https://www.iso.org/standard/50375.html</a></td>
+</tr>
+<tr class="row-odd"><td><span class="target" id="citation-ntt-cam"></span>[NTT-CAM]</td>
+<td>NTT Corporation and Mitsubishi Electric Corporation, <em>Specification of Camellia — a 128-bit Block Cipher</em>, September 2001. <a class="reference external" href="https://info.isl.ntt.co.jp/crypt/eng/camellia/specifications">https://info.isl.ntt.co.jp/crypt/eng/camellia/specifications</a></td>
+</tr>
+<tr class="row-even"><td><span class="target" id="citation-prc-sm3"></span>[PRC-SM3]</td>
+<td>Standardization Administration of the People’s Republic of China, <em>GB/T 32905-2016: Information security techniques — SM3 cryptographic hash algorithm</em>, August 2016. <a class="reference external" href="http://www.gb688.cn/bzgk/gb/newGbInfo?hcno=45B1A67F20F3BF339211C391E9278F5E">http://www.gb688.cn/bzgk/gb/newGbInfo?hcno=45B1A67F20F3BF339211C391E9278F5E</a></td>
+</tr>
+<tr class="row-odd"><td><span class="target" id="citation-prc-sm4"></span>[PRC-SM4]</td>
+<td>Standardization Administration of the People’s Republic of China, <em>GB/T 32907-2016: Information security technology — SM4 block cipher algorithm</em>, August 2016. <a class="reference external" href="http://www.gb688.cn/bzgk/gb/newGbInfo?hcno=7803DE42D3BC5E80B0C3E5D8E873D56A">http://www.gb688.cn/bzgk/gb/newGbInfo?hcno=7803DE42D3BC5E80B0C3E5D8E873D56A</a></td>
+</tr>
+<tr class="row-even"><td><span class="target" id="citation-rfc1319"></span>[RFC1319]</td>
+<td>IETF, <em>The MD2 Message-Digest Algorithm</em>, April 1992. <a class="reference external" href="https://tools.ietf.org/html/rfc1319.html">https://tools.ietf.org/html/rfc1319.html</a></td>
+</tr>
+<tr class="row-odd"><td><span class="target" id="citation-rfc1320"></span>[RFC1320]</td>
+<td>IETF, <em>The MD4 Message-Digest Algorithm</em>, April 1992. <a class="reference external" href="https://tools.ietf.org/html/rfc1320.html">https://tools.ietf.org/html/rfc1320.html</a></td>
+</tr>
+<tr class="row-even"><td><span class="target" id="citation-rfc1321"></span>[RFC1321]</td>
+<td>IETF, <em>The MD5 Message-Digest Algorithm</em>, April 1992. <a class="reference external" href="https://tools.ietf.org/html/rfc1321.html">https://tools.ietf.org/html/rfc1321.html</a></td>
+</tr>
+<tr class="row-odd"><td><span class="target" id="citation-rfc2104"></span>[RFC2104]</td>
+<td>IETF, <em>HMAC: Keyed-Hashing for Message Authentication</em>, February 1997. <a class="reference external" href="https://tools.ietf.org/html/rfc2104.html">https://tools.ietf.org/html/rfc2104.html</a></td>
+</tr>
+<tr class="row-even"><td><span class="target" id="citation-rfc2315"></span>[RFC2315]</td>
+<td>IETF, <em>PKCS #7: Cryptographic Message Syntax Version 1.5</em>, March 1998. <a class="reference external" href="https://tools.ietf.org/html/rfc2315.html">https://tools.ietf.org/html/rfc2315.html</a></td>
+</tr>
+<tr class="row-odd"><td><span class="target" id="citation-rfc3279"></span>[RFC3279]</td>
+<td>IETF, <em>Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile</em>, April 2002. <a class="reference external" href="https://tools.ietf.org/html/rfc3279.html">https://tools.ietf.org/html/rfc3279.html</a></td>
+</tr>
+<tr class="row-even"><td><span class="target" id="citation-rfc3610"></span>[RFC3610]</td>
+<td>IETF, <em>Counter with CBC-MAC (CCM)</em>, September 2003. <a class="reference external" href="https://tools.ietf.org/html/rfc3610">https://tools.ietf.org/html/rfc3610</a></td>
+</tr>
+<tr class="row-odd"><td><span class="target" id="citation-rfc3713"></span>[RFC3713]</td>
+<td>IETF, <em>A Description of the Camellia Encryption Algorithm</em>, April 2004. <a class="reference external" href="https://tools.ietf.org/html/rfc3713">https://tools.ietf.org/html/rfc3713</a></td>
+</tr>
+<tr class="row-even"><td><span class="target" id="citation-rfc4279"></span>[RFC4279]</td>
+<td>IETF, <em>Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)</em>, December 2005. <a class="reference external" href="https://tools.ietf.org/html/rfc4279.html">https://tools.ietf.org/html/rfc4279.html</a></td>
+</tr>
+<tr class="row-odd"><td><span class="target" id="citation-rfc5116"></span>[RFC5116]</td>
+<td>IETF, <em>An Interface and Algorithms for Authenticated Encryption</em>, January 2008. <a class="reference external" href="https://tools.ietf.org/html/rfc5116.html">https://tools.ietf.org/html/rfc5116.html</a></td>
+</tr>
+<tr class="row-even"><td><span class="target" id="citation-rfc5246"></span>[RFC5246]</td>
+<td>IETF, <em>The Transport Layer Security (TLS) Protocol Version 1.2</em>, August 2008. <a class="reference external" href="https://tools.ietf.org/html/rfc5246.html">https://tools.ietf.org/html/rfc5246.html</a></td>
+</tr>
+<tr class="row-odd"><td><span class="target" id="citation-rfc5639"></span>[RFC5639]</td>
+<td>IETF, <em>Elliptic Curve Cryptography (ECC) Brainpool Standard Curves and Curve Generation</em>, March 2010. <a class="reference external" href="https://tools.ietf.org/html/rfc5639.html">https://tools.ietf.org/html/rfc5639.html</a></td>
+</tr>
+<tr class="row-even"><td><span class="target" id="citation-rfc5869"></span>[RFC5869]</td>
+<td>IETF, <em>HMAC-based Extract-and-Expand Key Derivation Function (HKDF)</em>, May 2010. <a class="reference external" href="https://tools.ietf.org/html/rfc5869.html">https://tools.ietf.org/html/rfc5869.html</a></td>
+</tr>
+<tr class="row-odd"><td><span class="target" id="citation-rfc5915"></span>[RFC5915]</td>
+<td>IETF, <em>Elliptic Curve Private Key Structure</em>, June 2010. <a class="reference external" href="https://tools.ietf.org/html/rfc5915.html">https://tools.ietf.org/html/rfc5915.html</a></td>
+</tr>
+<tr class="row-even"><td><span class="target" id="citation-rfc6979"></span>[RFC6979]</td>
+<td>IETF, <em>Deterministic Usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA)</em>, August 2013. <a class="reference external" href="https://tools.ietf.org/html/rfc6979.html">https://tools.ietf.org/html/rfc6979.html</a></td>
+</tr>
+<tr class="row-odd"><td><span class="target" id="citation-rfc7539"></span>[RFC7539]</td>
+<td>IETF, <em>ChaCha20 and Poly1305 for IETF Protocols</em>, May 2015. <a class="reference external" href="https://tools.ietf.org/html/rfc7539.html">https://tools.ietf.org/html/rfc7539.html</a></td>
+</tr>
+<tr class="row-even"><td><span class="target" id="citation-rfc7748"></span>[RFC7748]</td>
+<td>IETF, <em>Elliptic Curves for Security</em>, January 2016. <a class="reference external" href="https://tools.ietf.org/html/rfc7748.html">https://tools.ietf.org/html/rfc7748.html</a></td>
+</tr>
+<tr class="row-odd"><td><span class="target" id="citation-rfc7919"></span>[RFC7919]</td>
+<td>IETF, <em>Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS)</em>, August 2016. <a class="reference external" href="https://tools.ietf.org/html/rfc7919.html">https://tools.ietf.org/html/rfc7919.html</a></td>
+</tr>
+<tr class="row-even"><td><span class="target" id="citation-rfc8017"></span>[RFC8017]</td>
+<td>IETF, <em>PKCS #1: RSA Cryptography Specifications Version 2.2</em>, November 2016. <a class="reference external" href="https://tools.ietf.org/html/rfc8017.html">https://tools.ietf.org/html/rfc8017.html</a></td>
+</tr>
+<tr class="row-odd"><td><span class="target" id="citation-ripemd"></span>[RIPEMD]</td>
+<td>Dobbertin, Bosselaers and Preneel, <em>RIPEMD-160: A Strengthened Version of RIPEMD</em>, April 1996. <a class="reference external" href="https://homes.esat.kuleuven.be/~bosselae/ripemd160.html">https://homes.esat.kuleuven.be/~bosselae/ripemd160.html</a></td>
+</tr>
+<tr class="row-even"><td><span class="target" id="citation-sec1"></span>[SEC1]</td>
+<td>Standards for Efficient Cryptography, <em>SEC 1: Elliptic Curve Cryptography</em>, May 2009. <a class="reference external" href="https://www.secg.org/sec1-v2.pdf">https://www.secg.org/sec1-v2.pdf</a></td>
+</tr>
+<tr class="row-odd"><td><span class="target" id="citation-sec2"></span>[SEC2]</td>
+<td>Standards for Efficient Cryptography, <em>SEC 2: Recommended Elliptic Curve Domain Parameters</em>, January 2010. <a class="reference external" href="https://www.secg.org/sec2-v2.pdf">https://www.secg.org/sec2-v2.pdf</a></td>
+</tr>
+<tr class="row-even"><td><span class="target" id="citation-sec2v1"></span>[SEC2v1]</td>
+<td>Standards for Efficient Cryptography, <em>SEC 2: Recommended Elliptic Curve Domain Parameters, Version 1.0</em>, September 2000. <a class="reference external" href="https://www.secg.org/SEC2-Ver-1.0.pdf">https://www.secg.org/SEC2-Ver-1.0.pdf</a></td>
+</tr>
+<tr class="row-odd"><td><span class="target" id="citation-sp800-38a"></span>[SP800-38A]</td>
+<td>NIST, <em>NIST Special Publication 800-38A: Recommendation for Block Cipher Modes of Operation: Methods and Techniques</em>, December 2001. <a class="reference external" href="https://doi.org/10.6028/NIST.SP.800-38A">https://doi.org/10.6028/NIST.SP.800-38A</a></td>
+</tr>
+<tr class="row-even"><td><span class="target" id="citation-sp800-38b"></span>[SP800-38B]</td>
+<td>NIST, <em>NIST Special Publication 800-38B: Recommendation for Block Cipher Modes of Operation: the CMAC Mode for Authentication</em>, May 2005. <a class="reference external" href="https://doi.org/10.6028/NIST.SP.800-38B">https://doi.org/10.6028/NIST.SP.800-38B</a></td>
+</tr>
+<tr class="row-odd"><td><span class="target" id="citation-sp800-38d"></span>[SP800-38D]</td>
+<td>NIST, <em>NIST Special Publication 800-38D: Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC</em>, November 2007. <a class="reference external" href="https://doi.org/10.6028/NIST.SP.800-38D">https://doi.org/10.6028/NIST.SP.800-38D</a></td>
+</tr>
+<tr class="row-even"><td><span class="target" id="citation-sp800-56a"></span>[SP800-56A]</td>
+<td>NIST, <em>NIST Special Publication 800-56A: Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography</em>, April 2018. <a class="reference external" href="https://doi.org/10.6028/NIST.SP.800-56Ar3">https://doi.org/10.6028/NIST.SP.800-56Ar3</a></td>
+</tr>
+<tr class="row-odd"><td><span class="target" id="citation-sp800-67"></span>[SP800-67]</td>
+<td>NIST, <em>NIST Special Publication 800-67: Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher</em>, November 2017. <a class="reference external" href="https://doi.org/10.6028/NIST.SP.800-67r2">https://doi.org/10.6028/NIST.SP.800-67r2</a></td>
+</tr>
+<tr class="row-even"><td><span class="target" id="citation-x9-62"></span>[X9-62]</td>
+<td>ANSI, <em>Public Key Cryptography For The Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA)</em>. <a class="reference external" href="https://standards.globalspec.com/std/1955141/ANSI%20X9.62">https://standards.globalspec.com/std/1955141/ANSI%20X9.62</a></td>
+</tr>
+</tbody>
+</table>
+</div>
+<div class="section" id="terms-and-abbreviations">
+<h2>Terms and abbreviations</h2>
+<p>This document uses the following terms and abbreviations.</p>
+<table border="1" class="longtable colwidths-given docutils">
+<colgroup>
+<col width="25%" />
+<col width="75%" />
+</colgroup>
+<thead valign="bottom">
+<tr class="row-odd"><th class="head">Term</th>
+<th class="head">Meaning</th>
+</tr>
+</thead>
+<tbody valign="top">
+<tr class="row-even"><td><span class="first last"><span class="target" id="term-aead"></span><span><span>AEAD</span></span></span></td>
+<td><span class="first last">See <a class="reference internal" href="#term-authenticated-encryption-with-associated-data"><span class="term">Authenticated Encryption with Associated Data</span></a>.</span></td>
+</tr>
+<tr class="row-odd"><td><span class="first last"><span class="target" id="term-algorithm"></span><span>Algorithm</span></span></td>
+<td><p class="first">A finite sequence of steps to perform a particular operation.</p>
+<p class="last">In this specification, an algorithm is a <a class="reference internal" href="#term-cipher"><span class="term">cipher</span></a> or a related function.
+Other texts call this a cryptographic mechanism.</p>
+</td>
+</tr>
+<tr class="row-even"><td><span class="first last"><span class="target" id="term-api"></span><span>API</span></span></td>
+<td>Application Programming Interface.</td>
+</tr>
+<tr class="row-odd"><td><span class="first last"><span class="target" id="term-asymmetric"></span><span>Asymmetric</span></span></td>
+<td>See <a class="reference internal" href="#term-public-key-cryptography"><span class="term">Public-key cryptography</span></a>.</td>
+</tr>
+<tr class="row-even"><td><span class="first last"><span class="target" id="term-authenticated-encryption-with-associated-data"></span><span>Authenticated Encryption with Associated Data (AEAD)</span></span></td>
+<td>A type of encryption that
+provides confidentiality and authenticity of data using <a class="reference internal" href="#term-symmetric"><span class="term">symmetric</span></a> keys.</td>
+</tr>
+<tr class="row-odd"><td><span class="first last"><span class="target" id="term-byte"></span><span>Byte</span></span></td>
+<td>In this specification, a unit of storage comprising eight bits, also called an octet.</td>
+</tr>
+<tr class="row-even"><td><span class="first last"><span class="target" id="term-cipher"></span><span>Cipher</span></span></td>
+<td>An algorithm used for encryption or decryption with a <a class="reference internal" href="#term-symmetric"><span class="term">symmetric</span></a> key.</td>
+</tr>
+<tr class="row-odd"><td><span class="first last"><span class="target" id="term-cryptoprocessor"></span><span>Cryptoprocessor</span></span></td>
+<td>The component that performs cryptographic operations.
+A cryptoprocessor might contain a <a class="reference internal" href="#term-keystore"><span class="term">keystore</span></a> and countermeasures against a range of physical and timing attacks.</td>
+</tr>
+<tr class="row-even"><td><span class="first last"><span class="target" id="term-hash"></span><span>Hash</span></span></td>
+<td>A cryptographic hash function, or the value returned by such a function.</td>
+</tr>
+<tr class="row-odd"><td><span class="first last"><span class="target" id="term-hmac"></span><span>HMAC</span></span></td>
+<td>A type of <a class="reference internal" href="#term-mac"><span class="term">MAC</span></a> that uses a cryptographic key with a <a class="reference internal" href="#term-hash"><span class="term">hash</span></a> function.</td>
+</tr>
+<tr class="row-even"><td><span class="first last"><span class="target" id="term-implementation-defined"></span><span class="sc">Implementation defined</span></span></td>
+<td>Behavior that is not defined by the architecture, but is defined and documented by individual implementations.</td>
+</tr>
+<tr class="row-odd"><td><span class="first last"><span class="target" id="term-initialization-vector"></span><span>Initialization vector (IV)</span></span></td>
+<td><p class="first">An additional input that is not part of the message. It is used to prevent an attacker from making any
+correlation between cipher text and plain text.</p>
+<p class="last">This specification uses the term for such initial inputs
+in all contexts. For example, the initial counter in CTR mode is called the IV.</p>
+</td>
+</tr>
+<tr class="row-even"><td><span class="first last"><span class="target" id="term-iv"></span><span><span>IV</span></span></span></td>
+<td><span class="first last">See <a class="reference internal" href="#term-initialization-vector"><span class="term">Initialization vector</span></a>.</span></td>
+</tr>
+<tr class="row-odd"><td><span class="first last"><span class="target" id="term-kdf"></span><span><span>KDF</span></span></span></td>
+<td><span class="first last">See <a class="reference internal" href="#term-key-derivation-function"><span class="term">Key Derivation Function</span></a>.</span></td>
+</tr>
+<tr class="row-even"><td><span class="first last"><span class="target" id="term-key-agreement"></span><span>Key agreement</span></span></td>
+<td>An algorithm for two or more parties to establish a common secret key.</td>
+</tr>
+<tr class="row-odd"><td><span class="first last"><span class="target" id="term-key-derivation-function"></span><span>Key Derivation Function (KDF)</span></span></td>
+<td>Key Derivation Function. An algorithm for deriving keys from secret material.</td>
+</tr>
+<tr class="row-even"><td><span class="first last"><span class="target" id="term-key-identifier"></span><span>Key identifier</span></span></td>
+<td>A reference to a cryptographic key. Key identifiers in the PSA Crypto API are 32-bit integers.</td>
+</tr>
+<tr class="row-odd"><td><span class="first last"><span class="target" id="term-key-policy"></span><span>Key policy</span></span></td>
+<td>Key metadata that describes and restricts what a key can be used for.</td>
+</tr>
+<tr class="row-even"><td><span class="first last"><span class="target" id="term-key-size"></span><span>Key size</span></span></td>
+<td><p class="first">The size of a key as defined by common conventions for each key type.
+For keys that are built from several numbers of strings, this is the size of a particular one of these numbers or strings.</p>
+<p class="last">This specification expresses key sizes in bits.</p>
+</td>
+</tr>
+<tr class="row-odd"><td><span class="first last"><span class="target" id="term-key-type"></span><span>Key type</span></span></td>
+<td>Key metadata that describes the structure and content of a key.</td>
+</tr>
+<tr class="row-even"><td><span class="first last"><span class="target" id="term-keystore"></span><span>Keystore</span></span></td>
+<td>A hardware or software component that protects, stores, and manages cryptographic keys.</td>
+</tr>
+<tr class="row-odd"><td><span class="first last"><span class="target" id="term-lifetime"></span><span>Lifetime</span></span></td>
+<td>Key metadata that describes when a key is destroyed.</td>
+</tr>
+<tr class="row-even"><td><span class="first last"><span class="target" id="term-mac"></span><span><span>MAC</span></span></span></td>
+<td><span class="first last">See <a class="reference internal" href="#term-message-authentication-code"><span class="term">Message Authentication Code</span></a>.</span></td>
+</tr>
+<tr class="row-odd"><td><span class="first last"><span class="target" id="term-message-authentication-code"></span><span>Message Authentication Code (MAC)</span></span></td>
+<td>A short piece of information used to authenticate a message.
+It is created and verified using a <a class="reference internal" href="#term-symmetric"><span class="term">symmetric</span></a> key.</td>
+</tr>
+<tr class="row-even"><td><span class="first last"><span class="target" id="term-message-digest"></span><span>Message digest</span></span></td>
+<td>A <a class="reference internal" href="#term-hash"><span class="term">hash</span></a> of a message. Used to determine if a message has been tampered.</td>
+</tr>
+<tr class="row-odd"><td><span class="first last"><span class="target" id="term-multi-part-operation"></span><span>Multi-part operation</span></span></td>
+<td>An <a class="reference internal" href="#term-api"><span class="term">API</span></a> which splits a single cryptographic operation into a sequence of separate steps.</td>
+</tr>
+<tr class="row-even"><td><span class="first last"><span class="target" id="term-non-extractable-key"></span><span>Non-extractable key</span></span></td>
+<td>A key with a <a class="reference internal" href="#term-key-policy"><span class="term">key policy</span></a> that prevents it from being read by ordinary means.</td>
+</tr>
+<tr class="row-odd"><td><span class="first last"><span class="target" id="term-nonce"></span><span>Nonce</span></span></td>
+<td>Used as an input for certain <a class="reference internal" href="#term-aead"><span class="term">AEAD</span></a> algorithms.
+Nonces must not be reused with the same key because this can break a cryptographic protocol.</td>
+</tr>
+<tr class="row-even"><td><span class="first last"><span class="target" id="term-persistent-key"></span><span>Persistent key</span></span></td>
+<td>A key that is stored in protected non-volatile memory.</td>
+</tr>
+<tr class="row-odd"><td><span class="first last"><span class="target" id="term-psa"></span><span>PSA</span></span></td>
+<td>Platform Security Architecture</td>
+</tr>
+<tr class="row-even"><td><span class="first last"><span class="target" id="term-public-key-cryptography"></span><span>Public-key cryptography</span></span></td>
+<td>A type of cryptographic system that uses key pairs. A keypair consists of a (secret) private key
+and a public key (not secret). A public key cryptographic algorithm can be used for key distribution
+and for digital signatures.</td>
+</tr>
+<tr class="row-odd"><td><span class="first last"><span class="target" id="term-salt"></span><span>Salt</span></span></td>
+<td>Used as an input for certain algorithms, such as key derivations.</td>
+</tr>
+<tr class="row-even"><td><span class="first last"><span class="target" id="term-signature"></span><span>Signature</span></span></td>
+<td>The output of a digital signature scheme that uses an <a class="reference internal" href="#term-asymmetric"><span class="term">asymmetric</span></a> keypair. Used to establish who produced a message.</td>
+</tr>
+<tr class="row-odd"><td><span class="first last"><span class="target" id="term-single-part-function"></span><span>Single-part function</span></span></td>
+<td>An <a class="reference internal" href="#term-api"><span class="term">API</span></a> that implements the cryptographic operation in a single function call.</td>
+</tr>
+<tr class="row-even"><td><span class="first last"><span class="target" id="term-specification-defined"></span><span class="sc">Specification defined</span></span></td>
+<td>Behavior that is defined by this specification.</td>
+</tr>
+<tr class="row-odd"><td><span class="first last"><span class="target" id="term-symmetric"></span><span>Symmetric</span></span></td>
+<td>A type of cryptographic algorithm that uses a single key. A symmetric key can be used with
+a block cipher or a stream cipher.</td>
+</tr>
+<tr class="row-even"><td><span class="first last"><span class="target" id="term-volatile-key"></span><span>Volatile key</span></span></td>
+<td>A key that has a short lifespan and is guaranteed not to exist after a restart of an application instance.</td>
+</tr>
+</tbody>
+</table>
+</div>
+<div class="section" id="potential-for-change">
+<h2>Potential for change</h2>
+<p>The contents of this specification are stable for version 1.0.</p>
+<p>The following may change in updates to the version 1.0 specification:</p>
+<ul class="simple">
+<li>Small optional feature additions.</li>
+<li>Clarifications.</li>
+</ul>
+<p>Significant additions, or any changes that affect the compatibility of the
+interfaces defined in this specification will only be included in a new major or
+minor version of the specification.</p>
+</div>
+<div class="section" id="conventions">
+<h2>Conventions</h2>
+<div class="section" id="typographical-conventions">
+<h3>Typographical conventions</h3>
+<p>The typographical conventions are:</p>
+<dl class="docutils">
+<dt><em>italic</em></dt>
+<dd>Introduces special terminology, and denotes citations.</dd>
+<dt><code class="docutils literal"><span class="pre">monospace</span></code></dt>
+<dd><p class="first">Used for assembler syntax descriptions, pseudocode, and source code examples.</p>
+<p class="last">Also used in the main text for instruction mnemonics and for references to
+other items appearing in assembler syntax descriptions, pseudocode, and
+source code examples.</p>
+</dd>
+<dt><span class="sc">small capitals</span></dt>
+<dd><p class="first">Used for some common terms such as <span class="sc">implementation defined</span>.</p>
+<p class="last">Used for a few terms that have specific technical meanings, and are included
+in the <em>Terms and abbreviations</em>.</p>
+</dd>
+<dt><span class="issue">Red text</span></dt>
+<dd>Indicates an open issue.</dd>
+<dt><span class="anchor">Blue text</span></dt>
+<dd><p class="first">Indicates a link. This can be</p>
+<ul class="last simple">
+<li>A cross-reference to another location within the document</li>
+<li>A URL, for example <a class="reference external" href="http://infocenter.arm.com">http://infocenter.arm.com</a></li>
+</ul>
+</dd>
+</dl>
+</div>
+<div class="section" id="numbers">
+<h3>Numbers</h3>
+<p>Numbers are normally written in decimal. Binary numbers are preceded by 0b, and
+hexadecimal numbers by <code class="docutils literal"><span class="pre">0x</span></code>.</p>
+<p>In both cases, the prefix and the associated value are written in a monospace
+font, for example <code class="docutils literal"><span class="pre">0xFFFF0000</span></code>. To improve readability, long numbers can be
+written with an underscore separator between every four characters, for example
+<code class="docutils literal"><span class="pre">0xFFFF_0000_0000_0000</span></code>. Ignore any underscores when interpreting the value of
+a number.</p>
+</div>
+</div>
+<div class="section" id="pseudocode-descriptions">
+<h2>Pseudocode descriptions</h2>
+<p>This book uses a form of pseudocode to provide precise descriptions of the
+specified functionality. This pseudocode is written in a monospace font. The
+pseudocode language is described in the Arm Architecture Reference Manual.</p>
+</div>
+<div class="section" id="assembler-syntax-descriptions">
+<h2>Assembler syntax descriptions</h2>
+<p>This book is not expected to contain assembler code or pseudo code examples.</p>
+<p>Any code examples are shown in a <code class="docutils literal"><span class="pre">monospace</span></code> font.</p>
+</div>
+<div class="section" id="feedback">
+<h2>Feedback</h2>
+<p>Arm welcomes feedback on its documentation.</p>
+<div class="section" id="feedback-on-this-book">
+<h3>Feedback on this book</h3>
+<p>If you have comments on the content of this book, send an e-mail to
+<a class="reference external" href="mailto:arm.psa-feedback%40arm.com">arm<span>.</span>psa-feedback<span>@</span>arm<span>.</span>com</a>. Give:</p>
+<ul class="simple">
+<li>The title (PSA Cryptography API).</li>
+<li>The number and issue (IHI 0086 1.0.1).</li>
+<li>The page numbers to which your comments apply.</li>
+<li>The rule identifiers to which your comments apply, if applicable.</li>
+<li>A concise explanation of your comments.</li>
+</ul>
+<p>Arm also welcomes general suggestions for additions and improvements.</p>
+</div>
+</div>
+</div>
+
+
+ </div>
+ </div>
+ </div>
+ <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
+ <div class="sphinxsidebarwrapper"><h3><a href="index.html"><b>PSA Crypto API</b></a></h3>
+IHI 0086<br/>
+Non-confidential<br/>
+Version 1.0.1
+<span style="color: red; font-weight: bold;"></span>
+<ul class="current">
+<li class="toctree-l1 current"><a class="current reference internal" href="#">About this document</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="#release-information">Release information</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#arm-non-confidential-document-licence-licence">Arm Non-Confidential Document Licence (“Licence”)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#references">References</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#terms-and-abbreviations">Terms and abbreviations</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#potential-for-change">Potential for change</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#conventions">Conventions</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#pseudocode-descriptions">Pseudocode descriptions</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#assembler-syntax-descriptions">Assembler syntax descriptions</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#feedback">Feedback</a></li>
+</ul>
+</li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="overview/intro.html">1. Introduction</a></li>
+<li class="toctree-l1"><a class="reference internal" href="overview/goals.html">2. Design goals</a></li>
+<li class="toctree-l1"><a class="reference internal" href="overview/functionality.html">3. Functionality overview</a></li>
+<li class="toctree-l1"><a class="reference internal" href="overview/sample-arch.html">4. Sample architectures</a></li>
+<li class="toctree-l1"><a class="reference internal" href="overview/conventions.html">5. Library conventions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="overview/implementation.html">6. Implementation considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="overview/usage.html">7. Usage considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="api/library/index.html">8. Library management reference</a></li>
+<li class="toctree-l1"><a class="reference internal" href="api/keys/index.html">9. Key management reference</a></li>
+<li class="toctree-l1"><a class="reference internal" href="api/ops/index.html">10. Cryptographic operation reference</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="appendix/example_header.html">Example header file</a></li>
+<li class="toctree-l1"><a class="reference internal" href="appendix/specdef_values.html">Example macro implementations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="appendix/history.html">Changes to the API</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="psa_c-identifiers.html">Index of API elements</a></li>
+</ul>
+<div id="searchbox" style="display: none" role="search">
+ <h3>Quick search</h3>
+ <form class="search" action="search.html" method="get">
+ <div><input type="text" name="q" /></div>
+ <div><input type="submit" value="Go" /></div>
+ <input type="hidden" name="check_keywords" value="yes" />
+ <input type="hidden" name="area" value="default" />
+ </form>
+</div>
+<script type="text/javascript">$('#searchbox').show(0);</script>
+ </div>
+ </div>
+ <div class="clearer"></div>
+ </div>
+ <div class="footer">
+ © 2018-2020, Arm Limited or its affiliates. All rights reserved.
+
+ |
+ Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
+ & <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
+
+ </div>
+
+
+
+
+ </body>
+</html>
\ No newline at end of file
diff --git a/docs/html/api/keys/algorithms.html b/docs/html/api/keys/algorithms.html
deleted file mode 100644
index e0c9b41..0000000
--- a/docs/html/api/keys/algorithms.html
+++ /dev/null
@@ -1,368 +0,0 @@
-
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>Algorithms — PSA Crypto API 1.0.0 documentation</title>
- <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
- <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
- <script type="text/javascript">
- var DOCUMENTATION_OPTIONS = {
- URL_ROOT: '../../',
- VERSION: '1.0.0',
- COLLAPSE_INDEX: false,
- FILE_SUFFIX: '.html',
- HAS_SOURCE: true,
- SOURCELINK_SUFFIX: '.txt'
- };
- </script>
- <script type="text/javascript" src="../../_static/jquery.js"></script>
- <script type="text/javascript" src="../../_static/underscore.js"></script>
- <script type="text/javascript" src="../../_static/doctools.js"></script>
- <link rel="index" title="Index" href="../../genindex.html" />
- <link rel="search" title="Search" href="../../search.html" />
- <link rel="next" title="Key management functions" href="management.html" />
- <link rel="prev" title="Key policies" href="usage.html" />
-
- <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
-
- <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
-
- </head>
- <body>
-
-
- <div class="document">
- <div class="documentwrapper">
- <div class="bodywrapper">
- <div class="body" role="main">
-
- <div class="section" id="algorithms">
-<span id="id1"></span><h1>Algorithms</h1>
-<div class="section" id="algorithm-categories">
-<h2>Algorithm categories</h2>
-<div class="section" id="PSA_ALG_NONE">
-<span id="c.PSA_ALG_NONE"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_NONE</span></code> (macro)</h3>
-<p>An invalid algorithm identifier value.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_NONE" title="PSA_ALG_NONE">PSA_ALG_NONE</a> ((<a class="reference internal" href="attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0)
-</pre>
-<p>Zero is not the encoding of any algorithm.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_HASH">
-<span id="c.PSA_ALG_IS_HASH"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code> (macro)</h3>
-<p>Whether the specified algorithm is a hash algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH">PSA_ALG_IS_HASH</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a hash algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-<p class="rubric">Description</p>
-<p>See <em><a class="reference internal" href="../ops/hashes.html#hash-algorithms"><span class="std std-ref">Hash algorithms</span></a></em> for a list of defined hash algorithms.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_MAC">
-<span id="c.PSA_ALG_IS_MAC"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_MAC</span></code> (macro)</h3>
-<p>Whether the specified algorithm is a MAC algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC">PSA_ALG_IS_MAC</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a MAC algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-<p class="rubric">Description</p>
-<p>See <em><a class="reference internal" href="../ops/macs.html#mac-algorithms"><span class="std std-ref">MAC algorithms</span></a></em> for a list of defined MAC algorithms.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_CIPHER">
-<span id="c.PSA_ALG_IS_CIPHER"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code> (macro)</h3>
-<p>Whether the specified algorithm is a symmetric cipher algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER">PSA_ALG_IS_CIPHER</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a symmetric cipher algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-<p class="rubric">Description</p>
-<p>See <em><a class="reference internal" href="../ops/ciphers.html#cipher-algorithms"><span class="std std-ref">Cipher algorithms</span></a></em> for a list of defined cipher algorithms.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_AEAD">
-<span id="c.PSA_ALG_IS_AEAD"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code> (macro)</h3>
-<p>Whether the specified algorithm is an authenticated encryption with associated data (AEAD) algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD">PSA_ALG_IS_AEAD</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is an AEAD algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-<p class="rubric">Description</p>
-<p>See <em><a class="reference internal" href="../ops/aead.html#aead-algorithms"><span class="std std-ref">AEAD algorithms</span></a></em> for a list of defined AEAD algorithms.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_SIGN">
-<span id="c.PSA_ALG_IS_SIGN"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN</span></code> (macro)</h3>
-<p>Whether the specified algorithm is a public-key signature algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_IS_SIGN" title="PSA_ALG_IS_SIGN">PSA_ALG_IS_SIGN</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a public-key signature algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-<p class="rubric">Description</p>
-<p>See <em><a class="reference internal" href="../ops/sign.html#sign-algorithms"><span class="std std-ref">Asymmetric signature algorithms</span></a></em> for a list of defined signature algorithms.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_ASYMMETRIC_ENCRYPTION">
-<span id="c.PSA_ALG_IS_ASYMMETRIC_ENCRYPTION"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_ASYMMETRIC_ENCRYPTION</span></code> (macro)</h3>
-<p>Whether the specified algorithm is a public-key encryption algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_IS_ASYMMETRIC_ENCRYPTION" title="PSA_ALG_IS_ASYMMETRIC_ENCRYPTION">PSA_ALG_IS_ASYMMETRIC_ENCRYPTION</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a public-key encryption algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-<p class="rubric">Description</p>
-<p>See <em><a class="reference internal" href="../ops/pke.html#asymmetric-encryption-algorithms"><span class="std std-ref">Asymmetric encryption algorithms</span></a></em> for a list of defined asymmetric encryption algorithms.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_KEY_AGREEMENT">
-<span id="c.PSA_ALG_IS_KEY_AGREEMENT"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_AGREEMENT</span></code> (macro)</h3>
-<p>Whether the specified algorithm is a key agreement algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_IS_KEY_AGREEMENT" title="PSA_ALG_IS_KEY_AGREEMENT">PSA_ALG_IS_KEY_AGREEMENT</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a key agreement algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-<p class="rubric">Description</p>
-<p>See <em><a class="reference internal" href="../ops/ka.html#key-agreement-algorithms"><span class="std std-ref">Key agreement algorithms</span></a></em> for a list of defined key agreement algorithms.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_KEY_DERIVATION">
-<span id="c.PSA_ALG_IS_KEY_DERIVATION"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_DERIVATION</span></code> (macro)</h3>
-<p>Whether the specified algorithm is a key derivation algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_IS_KEY_DERIVATION" title="PSA_ALG_IS_KEY_DERIVATION">PSA_ALG_IS_KEY_DERIVATION</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a key derivation algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-<p class="rubric">Description</p>
-<p>See <em><a class="reference internal" href="../ops/kdf.html#key-derivation-algorithms"><span class="std std-ref">Key derivation algorithms</span></a></em> for a list of defined key derivation algorithms.</p>
-</div>
-<div class="section" id="PSA_ALG_IS_WILDCARD">
-<span id="c.PSA_ALG_IS_WILDCARD"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_WILDCARD</span></code> (macro)</h3>
-<p>Whether the specified algorithm encoding is a wildcard.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_IS_WILDCARD" title="PSA_ALG_IS_WILDCARD">PSA_ALG_IS_WILDCARD</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a wildcard algorithm encoding.</p>
-<p><code class="docutils literal"><span class="pre">0</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a non-wildcard algorithm encoding that is suitable for an operation.</p>
-<p>This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
-<p class="rubric">Description</p>
-<p>Wildcard algorithm values can only be used to set the usage algorithm field in a policy, wildcard values cannot be used to perform an operation.</p>
-<p>See <a class="reference internal" href="../ops/sign.html#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code></a> for example of how a wildcard algorithm can be used in a key policy.</p>
-</div>
-<div class="section" id="PSA_ALG_GET_HASH">
-<span id="c.PSA_ALG_GET_HASH"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_GET_HASH</span></code> (macro)</h3>
-<p>Get the hash used by a composite algorithm.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_GET_HASH" title="PSA_ALG_GET_HASH">PSA_ALG_GET_HASH</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
-</dl>
-<p class="rubric">Returns</p>
-<p>The underlying hash algorithm if <code class="docutils literal"><span class="pre">alg</span></code> is a composite algorithm that uses a hash algorithm.</p>
-<p><a class="reference internal" href="#c.PSA_ALG_NONE" title="PSA_ALG_NONE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_NONE</span></code></a> if <code class="docutils literal"><span class="pre">alg</span></code> is not a composite algorithm that uses a hash.</p>
-<p class="rubric">Description</p>
-<p>The following composite algorithms require a hash algorithm:</p>
-<ul class="simple">
-<li><a class="reference internal" href="../ops/sign.html#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA()</span></code></a></li>
-<li><a class="reference internal" href="../ops/kdf.html#c.PSA_ALG_HKDF" title="PSA_ALG_HKDF"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_HKDF()</span></code></a></li>
-<li><a class="reference internal" href="../ops/macs.html#c.PSA_ALG_HMAC" title="PSA_ALG_HMAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_HMAC()</span></code></a></li>
-<li><a class="reference internal" href="../ops/pke.html#c.PSA_ALG_RSA_OAEP" title="PSA_ALG_RSA_OAEP"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_OAEP()</span></code></a></li>
-<li><a class="reference internal" href="../ops/sign.html#c.PSA_ALG_IS_RSA_PKCS1V15_SIGN" title="PSA_ALG_IS_RSA_PKCS1V15_SIGN"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_RSA_PKCS1V15_SIGN()</span></code></a></li>
-<li><a class="reference internal" href="../ops/sign.html#c.PSA_ALG_RSA_PSS" title="PSA_ALG_RSA_PSS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PSS()</span></code></a></li>
-<li><a class="reference internal" href="../ops/kdf.html#c.PSA_ALG_TLS12_PRF" title="PSA_ALG_TLS12_PRF"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_TLS12_PRF()</span></code></a></li>
-<li><a class="reference internal" href="../ops/kdf.html#c.PSA_ALG_TLS12_PSK_TO_MS" title="PSA_ALG_TLS12_PSK_TO_MS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS()</span></code></a></li>
-</ul>
-</div>
-</div>
-<div class="section" id="attribute-accessors">
-<h2>Attribute accessors</h2>
-<div class="section" id="psa_set_key_algorithm">
-<span id="c.psa_set_key_algorithm"></span><h3><code class="docutils literal"><span class="pre">psa_set_key_algorithm</span></code> (function)</h3>
-<p>Declare the permitted algorithm policy for a key.</p>
-<pre class="literal-block">
-void <a class="reference internal" href="#c.psa_set_key_algorithm" title="psa_set_key_algorithm">psa_set_key_algorithm</a>(<a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
- <a class="reference internal" href="attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
-<dd>The attribute object to write to.</dd>
-<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>The permitted algorithm policy to write.</dd>
-</dl>
-<p class="rubric">Returns: <code class="docutils literal"><span class="pre">void</span></code></p>
-<p class="rubric">Description</p>
-<p>The permitted algorithm policy of a key encodes which algorithm or algorithms are permitted to be used with this key. The following algorithm policies are supported:</p>
-<ul class="simple">
-<li><a class="reference internal" href="#c.PSA_ALG_NONE" title="PSA_ALG_NONE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_NONE</span></code></a> does not allow any cryptographic operation with the key. The key can still be used for non-cryptographic actions such as exporting, if permitted by the usage flags.</li>
-<li>An algorithm value permits this particular algorithm.</li>
-<li>An algorithm wildcard built from <a class="reference internal" href="../ops/sign.html#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code></a> allows the specified signature scheme with any hash algorithm.</li>
-</ul>
-<p>This function overwrites any algorithm policy previously set in <code class="docutils literal"><span class="pre">attributes</span></code>.</p>
-<div class="admonition-implementation-note admonition">
-<p class="first admonition-title">Implementation note</p>
-<p>This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:</p>
-<ul class="last simple">
-<li>This function can be declared as <code class="docutils literal"><span class="pre">static</span></code> or <code class="docutils literal"><span class="pre">inline</span></code>, instead of using the default external linkage.</li>
-<li>This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.</li>
-</ul>
-</div>
-</div>
-<div class="section" id="psa_get_key_algorithm">
-<span id="c.psa_get_key_algorithm"></span><h3><code class="docutils literal"><span class="pre">psa_get_key_algorithm</span></code> (function)</h3>
-<p>Retrieve the algorithm policy from key attributes.</p>
-<pre class="literal-block">
-<a class="reference internal" href="attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> <a class="reference internal" href="#c.psa_get_key_algorithm" title="psa_get_key_algorithm">psa_get_key_algorithm</a>(const <a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
-<dd>The key attribute object to query.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="docutils literal"><span class="pre">psa_algorithm_t</span></code></a></p>
-<p>The algorithm stored in the attribute object.</p>
-<p class="rubric">Description</p>
-<div class="admonition-implementation-note admonition">
-<p class="first admonition-title">Implementation note</p>
-<p>This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:</p>
-<ul class="last simple">
-<li>This function can be declared as <code class="docutils literal"><span class="pre">static</span></code> or <code class="docutils literal"><span class="pre">inline</span></code>, instead of using the default external linkage.</li>
-<li>This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.</li>
-</ul>
-</div>
-</div>
-</div>
-</div>
-
-
- </div>
- </div>
- </div>
- <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper">
- <h3><a href="../../index.html">Table Of Contents</a></h3>
- <ul>
-<li><a class="reference internal" href="#">Algorithms</a><ul>
-<li><a class="reference internal" href="#algorithm-categories">Algorithm categories</a><ul>
-<li><a class="reference internal" href="#PSA_ALG_NONE"><code class="docutils literal"><span class="pre">PSA_ALG_NONE</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_IS_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_MAC</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_IS_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_IS_SIGN"><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_IS_ASYMMETRIC_ENCRYPTION"><code class="docutils literal"><span class="pre">PSA_ALG_IS_ASYMMETRIC_ENCRYPTION</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_IS_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_AGREEMENT</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_IS_KEY_DERIVATION"><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_DERIVATION</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_IS_WILDCARD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_WILDCARD</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_GET_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_GET_HASH</span></code> (macro)</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#attribute-accessors">Attribute accessors</a><ul>
-<li><a class="reference internal" href="#psa_set_key_algorithm"><code class="docutils literal"><span class="pre">psa_set_key_algorithm</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_get_key_algorithm"><code class="docutils literal"><span class="pre">psa_get_key_algorithm</span></code> (function)</a></li>
-</ul>
-</li>
-</ul>
-</li>
-</ul>
-<div class="relations">
-<h3>Related Topics</h3>
-<ul>
- <li><a href="../../index.html">Documentation overview</a><ul>
- <li><a href="index.html">Key management reference</a><ul>
- <li>Previous: <a href="usage.html" title="previous chapter">Key policies</a></li>
- <li>Next: <a href="management.html" title="next chapter">Key management functions</a></li>
- </ul></li>
- </ul></li>
-</ul>
-</div>
- <div role="note" aria-label="source link">
- <h3>This Page</h3>
- <ul class="this-page-menu">
- <li><a href="../../_sources/api/keys/algorithms.rst.txt"
- rel="nofollow">Show Source</a></li>
- </ul>
- </div>
-<div id="searchbox" style="display: none" role="search">
- <h3>Quick search</h3>
- <form class="search" action="../../search.html" method="get">
- <div><input type="text" name="q" /></div>
- <div><input type="submit" value="Go" /></div>
- <input type="hidden" name="check_keywords" value="yes" />
- <input type="hidden" name="area" value="default" />
- </form>
-</div>
-<script type="text/javascript">$('#searchbox').show(0);</script>
- </div>
- </div>
- <div class="clearer"></div>
- </div>
- <div class="footer">
- © 2019-2020, Arm Limited or its affiliates. All rights reserved.
-
- |
- Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
- & <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
-
- |
- <a href="../../_sources/api/keys/algorithms.rst.txt"
- rel="nofollow">Page source</a>
- </div>
-
-
-
-
- </body>
-</html>
\ No newline at end of file
diff --git a/docs/html/api/keys/attributes.html b/docs/html/api/keys/attributes.html
index cd78ebb..4e5a193 100644
--- a/docs/html/api/keys/attributes.html
+++ b/docs/html/api/keys/attributes.html
@@ -5,26 +5,27 @@
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>Key attributes — PSA Crypto API 1.0.0 documentation</title>
+ <title>9.1. Key attributes — PSA Crypto API 1.0.1 documentation</title>
<link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
<link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../../',
- VERSION: '1.0.0',
+ VERSION: '1.0.1',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
- HAS_SOURCE: true,
+ HAS_SOURCE: false,
SOURCELINK_SUFFIX: '.txt'
};
</script>
<script type="text/javascript" src="../../_static/jquery.js"></script>
<script type="text/javascript" src="../../_static/underscore.js"></script>
<script type="text/javascript" src="../../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../../about.html" />
<link rel="index" title="Index" href="../../genindex.html" />
<link rel="search" title="Search" href="../../search.html" />
- <link rel="next" title="Key locations" href="locations.html" />
- <link rel="prev" title="Key management reference" href="index.html" />
+ <link rel="next" title="9.2. Key types" href="types.html" />
+ <link rel="prev" title="9. Key management reference" href="index.html" />
<link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
@@ -40,93 +41,17 @@
<div class="body" role="main">
<div class="section" id="key-attributes">
-<span id="id1"></span><h1>Key attributes</h1>
-<div class="section" id="attribute-types">
-<h2>Attribute types</h2>
-<div class="section" id="psa_key_lifetime_t">
-<span id="c.psa_key_lifetime_t"></span><h3><code class="docutils literal"><span class="pre">psa_key_lifetime_t</span></code> (type)</h3>
-<p>Encoding of key lifetimes.</p>
-<pre class="literal-block">
-typedef uint32_t <a class="reference internal" href="#c.psa_key_lifetime_t" title="psa_key_lifetime_t">psa_key_lifetime_t</a>;
-</pre>
-<p>The lifetime of a key indicates where it is stored and which application and system actions will create and destroy it.</p>
-<p>Keys with the lifetime <a class="reference internal" href="locations.html#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code></a> are automatically destroyed when the application terminates or on a power reset.</p>
-<p>Keys with a lifetime other than <a class="reference internal" href="locations.html#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code></a> are said to be <em>persistent</em>. Persistent keys are preserved if the application or the system restarts. Persistent keys have a key identifier of type <a class="reference internal" href="#c.psa_key_id_t" title="psa_key_id_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_id_t</span></code></a>.</p>
-<p>See <em><a class="reference internal" href="locations.html#key-locations"><span class="std std-ref">Key locations</span></a></em> for a list of defined key lifetimes.</p>
-</div>
-<div class="section" id="psa_key_id_t">
-<span id="c.psa_key_id_t"></span><h3><code class="docutils literal"><span class="pre">psa_key_id_t</span></code> (type)</h3>
-<p>Key identifier.</p>
-<pre class="literal-block">
-typedef uint32_t <a class="reference internal" href="#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a>;
-</pre>
-<p>A key identifiers can be a permanent name for a persistent key, or a transient reference to volatile key. The range of identifier values is divided as follows:</p>
-<dl class="docutils">
-<dt><a class="reference internal" href="locations.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a></dt>
-<dd>Reserved as an invalid key identifier.</dd>
-<dt><a class="reference internal" href="locations.html#c.PSA_KEY_ID_USER_MIN" title="PSA_KEY_ID_USER_MIN"><code class="docutils literal"><span class="pre">PSA_KEY_ID_USER_MIN</span></code></a><code class="docutils literal"> <span class="pre">-</span> </code><a class="reference internal" href="locations.html#c.PSA_KEY_ID_USER_MAX" title="PSA_KEY_ID_USER_MAX"><code class="docutils literal"><span class="pre">PSA_KEY_ID_USER_MAX</span></code></a></dt>
-<dd>Applications can freely choose persistent key identifiers in this range.</dd>
-<dt><a class="reference internal" href="locations.html#c.PSA_KEY_ID_VENDOR_MIN" title="PSA_KEY_ID_VENDOR_MIN"><code class="docutils literal"><span class="pre">PSA_KEY_ID_VENDOR_MIN</span></code></a><code class="docutils literal"> <span class="pre">-</span> </code><a class="reference internal" href="locations.html#c.PSA_KEY_ID_VENDOR_MAX" title="PSA_KEY_ID_VENDOR_MAX"><code class="docutils literal"><span class="pre">PSA_KEY_ID_VENDOR_MAX</span></code></a></dt>
-<dd>Implementations can define additional persistent key identifiers in this
-range, and allocate key identifiers for volatile keys from this range.</dd>
-</dl>
-<p>Key identifiers outside these ranges are reserved for future use.</p>
-<p>See also <em><a class="reference internal" href="../../overview/functionality.html#key-ids"><span class="std std-ref">Key identifiers</span></a></em>.</p>
-</div>
-<div class="section" id="psa_key_type_t">
-<span id="c.psa_key_type_t"></span><h3><code class="docutils literal"><span class="pre">psa_key_type_t</span></code> (type)</h3>
-<p>Encoding of a key type.</p>
-<pre class="literal-block">
-typedef uint16_t <a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>;
-</pre>
-<p>This is a structured bitfield that identifies the category and type of key. The range of key type values is divided as follows:</p>
-<dl class="docutils">
-<dt><a class="reference internal" href="types.html#c.PSA_KEY_TYPE_NONE" title="PSA_KEY_TYPE_NONE"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_NONE</span></code></a><code class="docutils literal"> <span class="pre">==</span> <span class="pre">0</span></code></dt>
-<dd>Reserved as an invalid key type.</dd>
-<dt><code class="docutils literal"><span class="pre">0</span></code><code class="docutils literal"><span class="pre">x0001</span></code><code class="docutils literal"> <span class="pre">-</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7fff</span></code></dt>
-<dd>Specification-defined key types.
-Key types defined by this standard always have bit 15 clear.
-Unallocated key type values in this range are reserved for future use.</dd>
-<dt><code class="docutils literal"><span class="pre">0</span></code><code class="docutils literal"><span class="pre">x8000</span></code><code class="docutils literal"> <span class="pre">-</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">xffff</span></code></dt>
-<dd>Implementation-defined key types.
-Implementations that define additional key types must use an encoding with bit 15 set.
-The related support macros will be easier to write if these key encodings also respect the bitwise structure used by standard encodings.</dd>
-</dl>
-<p>See <em><a class="reference internal" href="types.html#key-types"><span class="std std-ref">Key types</span></a></em> for a complete list of key types.</p>
-</div>
-<div class="section" id="psa_key_usage_t">
-<span id="c.psa_key_usage_t"></span><h3><code class="docutils literal"><span class="pre">psa_key_usage_t</span></code> (type)</h3>
-<p>Encoding of permitted usage on a key.</p>
-<pre class="literal-block">
-typedef uint32_t <a class="reference internal" href="#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>;
-</pre>
-<p>See <em><a class="reference internal" href="usage.html#key-usage"><span class="std std-ref">Key policies</span></a></em> for a full list of key usage policies.</p>
-</div>
-<div class="section" id="psa_algorithm_t">
-<span id="c.psa_algorithm_t"></span><h3><code class="docutils literal"><span class="pre">psa_algorithm_t</span></code> (type)</h3>
-<p>Encoding of a cryptographic algorithm.</p>
-<pre class="literal-block">
-typedef uint32_t <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>;
-</pre>
-<p>This is a structured bitfield that identifies the category and type of algorithm. The range of algorithm identifier values is divided as follows:</p>
-<dl class="docutils">
-<dt><code class="docutils literal"><span class="pre">0</span></code><code class="docutils literal"><span class="pre">x00000000</span></code></dt>
-<dd>Reserved as an invalid algorithm identifier.</dd>
-<dt><code class="docutils literal"><span class="pre">0</span></code><code class="docutils literal"><span class="pre">x00000001</span></code><code class="docutils literal"> <span class="pre">-</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7fffffff</span></code></dt>
-<dd>Specification-defined algorithm identifiers.
-Algorithm identifiers defined by this standard always have bit 31 clear.
-Unallocated algorithm identifier values in this range are reserved for future use.</dd>
-<dt><code class="docutils literal"><span class="pre">0</span></code><code class="docutils literal"><span class="pre">x80000000</span></code><code class="docutils literal"> <span class="pre">-</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">xffffffff</span></code></dt>
-<dd>Implementation-defined algorithm identifiers.
-Implementations that define additional algorithms must use an encoding with bit 31 set.
-The related support macros will be easier to write if these algorithm identifier encodings also respect the bitwise structure used by standard encodings.</dd>
-</dl>
-<p>For algorithms that can be applied to multiple key types, this identifier does not encode the key type. For example, for symmetric ciphers based on a block cipher, <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> encodes the block cipher mode and the padding mode while the block cipher itself is encoded via <a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>.</p>
-<p>See <em><a class="reference internal" href="algorithms.html#algorithms"><span class="std std-ref">Algorithms</span></a></em> for a full list of algorithm identifiers.</p>
-</div>
-</div>
-<div class="section" id="managing-attributes">
-<h2>Managing attributes</h2>
+<span id="id1"></span><h1>9.1. Key attributes</h1>
+<p>Key attributes are managed in a <a class="reference internal" href="#c.psa_key_attributes_t" title="psa_key_attributes_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_attributes_t</span></code></a> object. These are used when a key is created, after which the key attributes are fixed. Attributes of an existing key can be queried using <a class="reference internal" href="#c.psa_get_key_attributes" title="psa_get_key_attributes"><code class="xref any c c-func docutils literal"><span class="pre">psa_get_key_attributes()</span></code></a>.</p>
+<p>Description of the individual attributes is found in the following sections:</p>
+<ul class="simple">
+<li><a class="reference internal" href="types.html#key-types"><span class="secref">Key types</span></a></li>
+<li><a class="reference internal" href="ids.html#key-identifiers"><span class="secref">Key identifiers</span></a></li>
+<li><a class="reference internal" href="lifetimes.html#key-lifetimes"><span class="secref">Key lifetimes</span></a></li>
+<li><a class="reference internal" href="policy.html#key-policy"><span class="secref">Key policies</span></a></li>
+</ul>
+<div class="section" id="managing-key-attributes">
+<h2>9.1.1. Managing key attributes</h2>
<div class="section" id="psa_key_attributes_t">
<span id="c.psa_key_attributes_t"></span><h3><code class="docutils literal"><span class="pre">psa_key_attributes_t</span></code> (type)</h3>
<p>The type of an object containing key attributes.</p>
@@ -149,12 +74,12 @@
<p>This is an implementation-defined type. Applications that make assumptions about the content of this object will result in in implementation-specific behavior, and are non-portable.</p>
<p>An attribute object can contain references to auxiliary resources, for example pointers to allocated memory or indirect references to pre-calculated values. In order to free such resources, the application must call <a class="reference internal" href="#c.psa_reset_key_attributes" title="psa_reset_key_attributes"><code class="xref any c c-func docutils literal"><span class="pre">psa_reset_key_attributes()</span></code></a>. As an exception, calling <a class="reference internal" href="#c.psa_reset_key_attributes" title="psa_reset_key_attributes"><code class="xref any c c-func docutils literal"><span class="pre">psa_reset_key_attributes()</span></code></a> on an attribute object is optional if the object has only been modified by the following functions since it was initialized or last reset with <a class="reference internal" href="#c.psa_reset_key_attributes" title="psa_reset_key_attributes"><code class="xref any c c-func docutils literal"><span class="pre">psa_reset_key_attributes()</span></code></a>:</p>
<ul class="simple">
-<li><a class="reference internal" href="locations.html#c.psa_set_key_id" title="psa_set_key_id"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_id()</span></code></a></li>
-<li><a class="reference internal" href="locations.html#c.psa_set_key_lifetime" title="psa_set_key_lifetime"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_lifetime()</span></code></a></li>
+<li><a class="reference internal" href="ids.html#c.psa_set_key_id" title="psa_set_key_id"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_id()</span></code></a></li>
+<li><a class="reference internal" href="lifetimes.html#c.psa_set_key_lifetime" title="psa_set_key_lifetime"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_lifetime()</span></code></a></li>
<li><a class="reference internal" href="types.html#c.psa_set_key_type" title="psa_set_key_type"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_type()</span></code></a></li>
<li><a class="reference internal" href="types.html#c.psa_set_key_bits" title="psa_set_key_bits"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_bits()</span></code></a></li>
-<li><a class="reference internal" href="usage.html#c.psa_set_key_usage_flags" title="psa_set_key_usage_flags"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_usage_flags()</span></code></a></li>
-<li><a class="reference internal" href="algorithms.html#c.psa_set_key_algorithm" title="psa_set_key_algorithm"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_algorithm()</span></code></a></li>
+<li><a class="reference internal" href="policy.html#c.psa_set_key_usage_flags" title="psa_set_key_usage_flags"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_usage_flags()</span></code></a></li>
+<li><a class="reference internal" href="policy.html#c.psa_set_key_algorithm" title="psa_set_key_algorithm"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_algorithm()</span></code></a></li>
</ul>
<p>Before calling any function on a key attribute object, the application must initialize it by any of the following means:</p>
<ul>
@@ -182,11 +107,7 @@
</li>
</ul>
<p>A freshly initialized attribute object contains the following values:</p>
-<table border="1" class="docutils">
-<colgroup>
-<col width="15%" />
-<col width="85%" />
-</colgroup>
+<table border="1" class="colwidths-auto docutils align-left">
<thead valign="bottom">
<tr class="row-odd"><th class="head">Attribute</th>
<th class="head">Value</th>
@@ -194,10 +115,10 @@
</thead>
<tbody valign="top">
<tr class="row-even"><td>lifetime</td>
-<td><a class="reference internal" href="locations.html#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code></a>.</td>
+<td><a class="reference internal" href="lifetimes.html#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code></a>.</td>
</tr>
<tr class="row-odd"><td>key identifier</td>
-<td><a class="reference internal" href="locations.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a> - which is not a valid key identifier.</td>
+<td><a class="reference internal" href="ids.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a> - which is not a valid key identifier.</td>
</tr>
<tr class="row-even"><td>type</td>
<td><a class="reference internal" href="types.html#c.PSA_KEY_TYPE_NONE" title="PSA_KEY_TYPE_NONE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_NONE</span></code></a> - meaning that the type is unspecified.</td>
@@ -209,7 +130,7 @@
<td><code class="docutils literal"><span class="pre">0</span></code> - which allows no usage except exporting a public key.</td>
</tr>
<tr class="row-odd"><td>algorithm</td>
-<td><a class="reference internal" href="algorithms.html#c.PSA_ALG_NONE" title="PSA_ALG_NONE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_NONE</span></code></a> - which does not allow cryptographic usage, but allows exporting.</td>
+<td><a class="reference internal" href="../ops/algorithms.html#c.PSA_ALG_NONE" title="PSA_ALG_NONE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_NONE</span></code></a> - which does not allow cryptographic usage, but allows exporting.</td>
</tr>
</tbody>
</table>
@@ -217,8 +138,8 @@
<p>A typical sequence to create a key is as follows:</p>
<ol class="arabic simple">
<li>Create and initialize an attribute object.</li>
-<li>If the key is persistent, call <a class="reference internal" href="locations.html#c.psa_set_key_id" title="psa_set_key_id"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_id()</span></code></a>. Also call <a class="reference internal" href="locations.html#c.psa_set_key_lifetime" title="psa_set_key_lifetime"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_lifetime()</span></code></a> to place the key in a non-default location.</li>
-<li>Set the key policy with <a class="reference internal" href="usage.html#c.psa_set_key_usage_flags" title="psa_set_key_usage_flags"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_usage_flags()</span></code></a> and <a class="reference internal" href="algorithms.html#c.psa_set_key_algorithm" title="psa_set_key_algorithm"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_algorithm()</span></code></a>.</li>
+<li>If the key is persistent, call <a class="reference internal" href="ids.html#c.psa_set_key_id" title="psa_set_key_id"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_id()</span></code></a>. Also call <a class="reference internal" href="lifetimes.html#c.psa_set_key_lifetime" title="psa_set_key_lifetime"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_lifetime()</span></code></a> to place the key in a non-default location.</li>
+<li>Set the key policy with <a class="reference internal" href="policy.html#c.psa_set_key_usage_flags" title="psa_set_key_usage_flags"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_usage_flags()</span></code></a> and <a class="reference internal" href="policy.html#c.psa_set_key_algorithm" title="psa_set_key_algorithm"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_algorithm()</span></code></a>.</li>
<li>Set the key type with <a class="reference internal" href="types.html#c.psa_set_key_type" title="psa_set_key_type"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_type()</span></code></a>. Skip this step if copying an existing key with <a class="reference internal" href="management.html#c.psa_copy_key" title="psa_copy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_copy_key()</span></code></a>.</li>
<li>When generating a random key with <a class="reference internal" href="management.html#c.psa_generate_key" title="psa_generate_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_generate_key()</span></code></a> or deriving a key with <a class="reference internal" href="../ops/kdf.html#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_key()</span></code></a>, set the desired key size with <a class="reference internal" href="types.html#c.psa_set_key_bits" title="psa_set_key_bits"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_bits()</span></code></a>.</li>
<li>Call a key creation function: <a class="reference internal" href="management.html#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_import_key()</span></code></a>, <a class="reference internal" href="management.html#c.psa_generate_key" title="psa_generate_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_generate_key()</span></code></a>, <a class="reference internal" href="../ops/kdf.html#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_key()</span></code></a> or <a class="reference internal" href="management.html#c.psa_copy_key" title="psa_copy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_copy_key()</span></code></a>. This function reads the attribute object, creates a key with these attributes, and outputs an identifier for the newly created key.</li>
@@ -251,7 +172,7 @@
<span id="c.psa_get_key_attributes"></span><h3><code class="docutils literal"><span class="pre">psa_get_key_attributes</span></code> (function)</h3>
<p>Retrieve the attributes of a key.</p>
<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_get_key_attributes" title="psa_get_key_attributes">psa_get_key_attributes</a>(<a class="reference internal" href="#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_get_key_attributes" title="psa_get_key_attributes">psa_get_key_attributes</a>(<a class="reference internal" href="ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
<a class="reference internal" href="#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
</pre>
<p class="rubric">Parameters</p>
@@ -317,47 +238,45 @@
</div>
</div>
<div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper">
- <h3><a href="../../index.html">Table Of Contents</a></h3>
- <ul>
-<li><a class="reference internal" href="#">Key attributes</a><ul>
-<li><a class="reference internal" href="#attribute-types">Attribute types</a><ul>
-<li><a class="reference internal" href="#psa_key_lifetime_t"><code class="docutils literal"><span class="pre">psa_key_lifetime_t</span></code> (type)</a></li>
-<li><a class="reference internal" href="#psa_key_id_t"><code class="docutils literal"><span class="pre">psa_key_id_t</span></code> (type)</a></li>
-<li><a class="reference internal" href="#psa_key_type_t"><code class="docutils literal"><span class="pre">psa_key_type_t</span></code> (type)</a></li>
-<li><a class="reference internal" href="#psa_key_usage_t"><code class="docutils literal"><span class="pre">psa_key_usage_t</span></code> (type)</a></li>
-<li><a class="reference internal" href="#psa_algorithm_t"><code class="docutils literal"><span class="pre">psa_algorithm_t</span></code> (type)</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#managing-attributes">Managing attributes</a><ul>
-<li><a class="reference internal" href="#psa_key_attributes_t"><code class="docutils literal"><span class="pre">psa_key_attributes_t</span></code> (type)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_ATTRIBUTES_INIT"><code class="docutils literal"><span class="pre">PSA_KEY_ATTRIBUTES_INIT</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#psa_key_attributes_init"><code class="docutils literal"><span class="pre">psa_key_attributes_init</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_get_key_attributes"><code class="docutils literal"><span class="pre">psa_get_key_attributes</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_reset_key_attributes"><code class="docutils literal"><span class="pre">psa_reset_key_attributes</span></code> (function)</a></li>
-</ul>
-</li>
-</ul>
-</li>
-</ul>
-<div class="relations">
-<h3>Related Topics</h3>
+ <div class="sphinxsidebarwrapper"><h3><a href="../../index.html"><b>PSA Crypto API</b></a></h3>
+IHI 0086<br/>
+Non-confidential<br/>
+Version 1.0.1
+<span style="color: red; font-weight: bold;"></span>
<ul>
- <li><a href="../../index.html">Documentation overview</a><ul>
- <li><a href="index.html">Key management reference</a><ul>
- <li>Previous: <a href="index.html" title="previous chapter">Key management reference</a></li>
- <li>Next: <a href="locations.html" title="next chapter">Key locations</a></li>
- </ul></li>
- </ul></li>
+<li class="toctree-l1"><a class="reference internal" href="../../about.html">About this document</a></li>
</ul>
-</div>
- <div role="note" aria-label="source link">
- <h3>This Page</h3>
- <ul class="this-page-menu">
- <li><a href="../../_sources/api/keys/attributes.rst.txt"
- rel="nofollow">Show Source</a></li>
- </ul>
- </div>
+<ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../../overview/intro.html">1. Introduction</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/goals.html">2. Design goals</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/functionality.html">3. Functionality overview</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/sample-arch.html">4. Sample architectures</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/conventions.html">5. Library conventions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/implementation.html">6. Implementation considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/usage.html">7. Usage considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../library/index.html">8. Library management reference</a></li>
+<li class="toctree-l1 current"><a class="reference internal" href="index.html">9. Key management reference</a><ul class="current">
+<li class="toctree-l2 current"><a class="current reference internal" href="#">9.1. Key attributes</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#managing-key-attributes">9.1.1. Managing key attributes</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="types.html">9.2. Key types</a></li>
+<li class="toctree-l2"><a class="reference internal" href="lifetimes.html">9.3. Key lifetimes</a></li>
+<li class="toctree-l2"><a class="reference internal" href="ids.html">9.4. Key identifiers</a></li>
+<li class="toctree-l2"><a class="reference internal" href="policy.html">9.5. Key policies</a></li>
+<li class="toctree-l2"><a class="reference internal" href="management.html">9.6. Key management functions</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="../ops/index.html">10. Cryptographic operation reference</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/example_header.html">Example header file</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/specdef_values.html">Example macro implementations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/history.html">Changes to the API</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../../psa_c-identifiers.html">Index of API elements</a></li>
+</ul>
<div id="searchbox" style="display: none" role="search">
<h3>Quick search</h3>
<form class="search" action="../../search.html" method="get">
@@ -373,15 +292,12 @@
<div class="clearer"></div>
</div>
<div class="footer">
- © 2019-2020, Arm Limited or its affiliates. All rights reserved.
+ © 2018-2020, Arm Limited or its affiliates. All rights reserved.
|
Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
& <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
- |
- <a href="../../_sources/api/keys/attributes.rst.txt"
- rel="nofollow">Page source</a>
</div>
diff --git a/docs/html/api/keys/ids.html b/docs/html/api/keys/ids.html
new file mode 100644
index 0000000..ce090cc
--- /dev/null
+++ b/docs/html/api/keys/ids.html
@@ -0,0 +1,233 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+ <title>9.4. Key identifiers — PSA Crypto API 1.0.1 documentation</title>
+ <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
+ <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
+ <script type="text/javascript">
+ var DOCUMENTATION_OPTIONS = {
+ URL_ROOT: '../../',
+ VERSION: '1.0.1',
+ COLLAPSE_INDEX: false,
+ FILE_SUFFIX: '.html',
+ HAS_SOURCE: false,
+ SOURCELINK_SUFFIX: '.txt'
+ };
+ </script>
+ <script type="text/javascript" src="../../_static/jquery.js"></script>
+ <script type="text/javascript" src="../../_static/underscore.js"></script>
+ <script type="text/javascript" src="../../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../../about.html" />
+ <link rel="index" title="Index" href="../../genindex.html" />
+ <link rel="search" title="Search" href="../../search.html" />
+ <link rel="next" title="9.5. Key policies" href="policy.html" />
+ <link rel="prev" title="9.3. Key lifetimes" href="lifetimes.html" />
+
+ <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
+
+ <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
+
+ </head>
+ <body>
+
+
+ <div class="document">
+ <div class="documentwrapper">
+ <div class="bodywrapper">
+ <div class="body" role="main">
+
+ <div class="section" id="key-identifiers">
+<span id="id1"></span><h1>9.4. Key identifiers</h1>
+<p>Key identifiers are integral values that act as permanent names for persistent keys, or as transient references to volatile keys. Key identifiers use the <a class="reference internal" href="#c.psa_key_id_t" title="psa_key_id_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_id_t</span></code></a> type, and the range of identifier values is divided as follows:</p>
+<dl class="docutils">
+<dt><a class="reference internal" href="#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a><code class="docutils literal"> <span class="pre">=</span> <span class="pre">0</span></code></dt>
+<dd>Reserved as an invalid key identifier.</dd>
+<dt><a class="reference internal" href="#c.PSA_KEY_ID_USER_MIN" title="PSA_KEY_ID_USER_MIN"><code class="docutils literal"><span class="pre">PSA_KEY_ID_USER_MIN</span></code></a><code class="docutils literal"> <span class="pre">-</span> </code><a class="reference internal" href="#c.PSA_KEY_ID_USER_MAX" title="PSA_KEY_ID_USER_MAX"><code class="docutils literal"><span class="pre">PSA_KEY_ID_USER_MAX</span></code></a></dt>
+<dd>Applications can freely choose persistent key identifiers in this range.</dd>
+<dt><a class="reference internal" href="#c.PSA_KEY_ID_VENDOR_MIN" title="PSA_KEY_ID_VENDOR_MIN"><code class="docutils literal"><span class="pre">PSA_KEY_ID_VENDOR_MIN</span></code></a><code class="docutils literal"> <span class="pre">-</span> </code><a class="reference internal" href="#c.PSA_KEY_ID_VENDOR_MAX" title="PSA_KEY_ID_VENDOR_MAX"><code class="docutils literal"><span class="pre">PSA_KEY_ID_VENDOR_MAX</span></code></a></dt>
+<dd>Implementations can define additional persistent key identifiers in this range, and must allocate any volatile key identifiers from this range.</dd>
+</dl>
+<p>Key identifiers outside these ranges are reserved for future use.</p>
+<p>Key identifiers are output from a successful call to one of the key creation functions. For persistent keys, this is the same identifier as the one specified in the key attributes used to create the key. The key identifier remains valid until it is invalidated by passing it to <a class="reference internal" href="management.html#c.psa_destroy_key" title="psa_destroy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_destroy_key()</span></code></a>. A volatile key identifier must not be used after it has been invalidated.</p>
+<p>If an invalid key identifier is provided as a parameter in any function, the function will return <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a>; except for the special case of calling <a class="reference internal" href="management.html#c.psa_destroy_key" title="psa_destroy_key"><code class="docutils literal"><span class="pre">psa_destroy_key</span></code></a><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a><code class="docutils literal"><span class="pre">)</span></code>, which has no effect and always returns <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SUCCESS</span></code></a>.</p>
+<p>Valid key identifiers must have distinct values within the same application. If the implementation provides <a class="reference internal" href="../../overview/goals.html#isolation"><span class="std std-ref">caller isolation</span></a>, then key identifiers are local to each application. That is, the same key identifier in two applications corresponds to two different keys.</p>
+<div class="section" id="key-identifier-type">
+<h2>9.4.1. Key identifier type</h2>
+<div class="section" id="psa_key_id_t">
+<span id="c.psa_key_id_t"></span><h3><code class="docutils literal"><span class="pre">psa_key_id_t</span></code> (type)</h3>
+<p>Key identifier.</p>
+<pre class="literal-block">
+typedef uint32_t <a class="reference internal" href="#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a>;
+</pre>
+<p>A key identifier can be a permanent name for a persistent key, or a transient reference to volatile key. See <a class="reference internal" href="#key-identifiers"><span class="secref">Key identifiers</span></a>.</p>
+</div>
+<div class="section" id="PSA_KEY_ID_NULL">
+<span id="c.PSA_KEY_ID_NULL"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code> (macro)</h3>
+<p>The null key identifier.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL">PSA_KEY_ID_NULL</a> ((<a class="reference internal" href="#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a>)0)
+</pre>
+<p>The null key identifier is always invalid, except when used without in a call to <a class="reference internal" href="management.html#c.psa_destroy_key" title="psa_destroy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_destroy_key()</span></code></a> which will return <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SUCCESS</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_KEY_ID_USER_MIN">
+<span id="c.PSA_KEY_ID_USER_MIN"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_ID_USER_MIN</span></code> (macro)</h3>
+<p>The minimum value for a key identifier chosen by the application.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_ID_USER_MIN" title="PSA_KEY_ID_USER_MIN">PSA_KEY_ID_USER_MIN</a> ((<a class="reference internal" href="#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a>)0x00000001)
+</pre>
+</div>
+<div class="section" id="PSA_KEY_ID_USER_MAX">
+<span id="c.PSA_KEY_ID_USER_MAX"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_ID_USER_MAX</span></code> (macro)</h3>
+<p>The maximum value for a key identifier chosen by the application.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_ID_USER_MAX" title="PSA_KEY_ID_USER_MAX">PSA_KEY_ID_USER_MAX</a> ((<a class="reference internal" href="#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a>)0x3fffffff)
+</pre>
+</div>
+<div class="section" id="PSA_KEY_ID_VENDOR_MIN">
+<span id="c.PSA_KEY_ID_VENDOR_MIN"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_ID_VENDOR_MIN</span></code> (macro)</h3>
+<p>The minimum value for a key identifier chosen by the implementation.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_ID_VENDOR_MIN" title="PSA_KEY_ID_VENDOR_MIN">PSA_KEY_ID_VENDOR_MIN</a> ((<a class="reference internal" href="#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a>)0x40000000)
+</pre>
+</div>
+<div class="section" id="PSA_KEY_ID_VENDOR_MAX">
+<span id="c.PSA_KEY_ID_VENDOR_MAX"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_ID_VENDOR_MAX</span></code> (macro)</h3>
+<p>The maximum value for a key identifier chosen by the implementation.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_ID_VENDOR_MAX" title="PSA_KEY_ID_VENDOR_MAX">PSA_KEY_ID_VENDOR_MAX</a> ((<a class="reference internal" href="#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a>)0x7fffffff)
+</pre>
+</div>
+</div>
+<div class="section" id="attribute-accessors">
+<h2>9.4.2. Attribute accessors</h2>
+<div class="section" id="psa_set_key_id">
+<span id="c.psa_set_key_id"></span><h3><code class="docutils literal"><span class="pre">psa_set_key_id</span></code> (function)</h3>
+<p>Declare a key as persistent and set its key identifier.</p>
+<pre class="literal-block">
+void <a class="reference internal" href="#c.psa_set_key_id" title="psa_set_key_id">psa_set_key_id</a>(<a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
+ <a class="reference internal" href="#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> id);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
+<dd>The attribute object to write to.</dd>
+<dt> <code class="docutils literal"><span class="pre">id</span></code></dt>
+<dd>The persistent identifier for the key.</dd>
+</dl>
+<p class="rubric">Returns: <code class="docutils literal"><span class="pre">void</span></code></p>
+<p class="rubric">Description</p>
+<p>The application must choose a value for <code class="docutils literal"><span class="pre">id</span></code> between <a class="reference internal" href="#c.PSA_KEY_ID_USER_MIN" title="PSA_KEY_ID_USER_MIN"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_ID_USER_MIN</span></code></a> and <a class="reference internal" href="#c.PSA_KEY_ID_USER_MAX" title="PSA_KEY_ID_USER_MAX"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_ID_USER_MAX</span></code></a>.</p>
+<p>If the attribute object currently declares the key as volatile, which is the default lifetime of an attribute object, this function sets the lifetime attribute to <a class="reference internal" href="lifetimes.html#c.PSA_KEY_LIFETIME_PERSISTENT" title="PSA_KEY_LIFETIME_PERSISTENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code></a>.</p>
+<p>This function does not access storage, it merely stores the given value in the attribute object. The persistent key will be written to storage when the attribute object is passed to a key creation function such as <a class="reference internal" href="management.html#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_import_key()</span></code></a>, <a class="reference internal" href="management.html#c.psa_generate_key" title="psa_generate_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_generate_key()</span></code></a>, <a class="reference internal" href="../ops/kdf.html#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_key()</span></code></a> or <a class="reference internal" href="management.html#c.psa_copy_key" title="psa_copy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_copy_key()</span></code></a>.</p>
+<div class="admonition-implementation-note admonition">
+<p class="first admonition-title">Implementation note</p>
+<p>This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:</p>
+<ul class="last simple">
+<li>This function can be declared as <code class="docutils literal"><span class="pre">static</span></code> or <code class="docutils literal"><span class="pre">inline</span></code>, instead of using the default external linkage.</li>
+<li>This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.</li>
+</ul>
+</div>
+</div>
+<div class="section" id="psa_get_key_id">
+<span id="c.psa_get_key_id"></span><h3><code class="docutils literal"><span class="pre">psa_get_key_id</span></code> (function)</h3>
+<p>Retrieve the key identifier from key attributes.</p>
+<pre class="literal-block">
+<a class="reference internal" href="#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> <a class="reference internal" href="#c.psa_get_key_id" title="psa_get_key_id">psa_get_key_id</a>(const <a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
+<dd>The key attribute object to query.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="#c.psa_key_id_t" title="psa_key_id_t"><code class="docutils literal"><span class="pre">psa_key_id_t</span></code></a></p>
+<p>The persistent identifier stored in the attribute object. This value is unspecified if the attribute object declares the key as volatile.</p>
+<p class="rubric">Description</p>
+<div class="admonition-implementation-note admonition">
+<p class="first admonition-title">Implementation note</p>
+<p>This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:</p>
+<ul class="last simple">
+<li>This function can be declared as <code class="docutils literal"><span class="pre">static</span></code> or <code class="docutils literal"><span class="pre">inline</span></code>, instead of using the default external linkage.</li>
+<li>This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.</li>
+</ul>
+</div>
+</div>
+</div>
+</div>
+
+
+ </div>
+ </div>
+ </div>
+ <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
+ <div class="sphinxsidebarwrapper"><h3><a href="../../index.html"><b>PSA Crypto API</b></a></h3>
+IHI 0086<br/>
+Non-confidential<br/>
+Version 1.0.1
+<span style="color: red; font-weight: bold;"></span>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../../about.html">About this document</a></li>
+</ul>
+<ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../../overview/intro.html">1. Introduction</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/goals.html">2. Design goals</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/functionality.html">3. Functionality overview</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/sample-arch.html">4. Sample architectures</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/conventions.html">5. Library conventions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/implementation.html">6. Implementation considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/usage.html">7. Usage considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../library/index.html">8. Library management reference</a></li>
+<li class="toctree-l1 current"><a class="reference internal" href="index.html">9. Key management reference</a><ul class="current">
+<li class="toctree-l2"><a class="reference internal" href="attributes.html">9.1. Key attributes</a></li>
+<li class="toctree-l2"><a class="reference internal" href="types.html">9.2. Key types</a></li>
+<li class="toctree-l2"><a class="reference internal" href="lifetimes.html">9.3. Key lifetimes</a></li>
+<li class="toctree-l2 current"><a class="current reference internal" href="#">9.4. Key identifiers</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#key-identifier-type">9.4.1. Key identifier type</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#attribute-accessors">9.4.2. Attribute accessors</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="policy.html">9.5. Key policies</a></li>
+<li class="toctree-l2"><a class="reference internal" href="management.html">9.6. Key management functions</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="../ops/index.html">10. Cryptographic operation reference</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/example_header.html">Example header file</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/specdef_values.html">Example macro implementations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/history.html">Changes to the API</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../../psa_c-identifiers.html">Index of API elements</a></li>
+</ul>
+<div id="searchbox" style="display: none" role="search">
+ <h3>Quick search</h3>
+ <form class="search" action="../../search.html" method="get">
+ <div><input type="text" name="q" /></div>
+ <div><input type="submit" value="Go" /></div>
+ <input type="hidden" name="check_keywords" value="yes" />
+ <input type="hidden" name="area" value="default" />
+ </form>
+</div>
+<script type="text/javascript">$('#searchbox').show(0);</script>
+ </div>
+ </div>
+ <div class="clearer"></div>
+ </div>
+ <div class="footer">
+ © 2018-2020, Arm Limited or its affiliates. All rights reserved.
+
+ |
+ Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
+ & <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
+
+ </div>
+
+
+
+
+ </body>
+</html>
\ No newline at end of file
diff --git a/docs/html/api/keys/index.html b/docs/html/api/keys/index.html
index 1ebb944..dcdb227 100644
--- a/docs/html/api/keys/index.html
+++ b/docs/html/api/keys/index.html
@@ -5,26 +5,27 @@
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>Key management reference — PSA Crypto API 1.0.0 documentation</title>
+ <title>9. Key management reference — PSA Crypto API 1.0.1 documentation</title>
<link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
<link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../../',
- VERSION: '1.0.0',
+ VERSION: '1.0.1',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
- HAS_SOURCE: true,
+ HAS_SOURCE: false,
SOURCELINK_SUFFIX: '.txt'
};
</script>
<script type="text/javascript" src="../../_static/jquery.js"></script>
<script type="text/javascript" src="../../_static/underscore.js"></script>
<script type="text/javascript" src="../../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../../about.html" />
<link rel="index" title="Index" href="../../genindex.html" />
<link rel="search" title="Search" href="../../search.html" />
- <link rel="next" title="Key attributes" href="attributes.html" />
- <link rel="prev" title="PSA Crypto library" href="../library/library.html" />
+ <link rel="next" title="9.1. Key attributes" href="attributes.html" />
+ <link rel="prev" title="8.2. PSA Crypto library" href="../library/library.html" />
<link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
@@ -40,19 +41,11 @@
<div class="body" role="main">
<div class="section" id="key-management-reference">
-<span id="key-management"></span><h1>Key management reference</h1>
+<span id="key-management"></span><h1>9. Key management reference</h1>
<div class="toctree-wrapper compound">
<ul>
-<li class="toctree-l1"><a class="reference internal" href="attributes.html">Key attributes</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="attributes.html#attribute-types">Attribute types</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="attributes.html#psa_key_lifetime_t"><code class="docutils literal"><span class="pre">psa_key_lifetime_t</span></code> (type)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="attributes.html#psa_key_id_t"><code class="docutils literal"><span class="pre">psa_key_id_t</span></code> (type)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="attributes.html#psa_key_type_t"><code class="docutils literal"><span class="pre">psa_key_type_t</span></code> (type)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="attributes.html#psa_key_usage_t"><code class="docutils literal"><span class="pre">psa_key_usage_t</span></code> (type)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="attributes.html#psa_algorithm_t"><code class="docutils literal"><span class="pre">psa_algorithm_t</span></code> (type)</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="attributes.html#managing-attributes">Managing attributes</a><ul>
+<li class="toctree-l1"><a class="reference internal" href="attributes.html">9.1. Key attributes</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="attributes.html#managing-key-attributes">9.1.1. Managing key attributes</a><ul>
<li class="toctree-l3"><a class="reference internal" href="attributes.html#psa_key_attributes_t"><code class="docutils literal"><span class="pre">psa_key_attributes_t</span></code> (type)</a></li>
<li class="toctree-l3"><a class="reference internal" href="attributes.html#PSA_KEY_ATTRIBUTES_INIT"><code class="docutils literal"><span class="pre">PSA_KEY_ATTRIBUTES_INIT</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="attributes.html#psa_key_attributes_init"><code class="docutils literal"><span class="pre">psa_key_attributes_init</span></code> (function)</a></li>
@@ -62,56 +55,38 @@
</li>
</ul>
</li>
-<li class="toctree-l1"><a class="reference internal" href="locations.html">Key locations</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="locations.html#key-lifetimes">Key lifetimes</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="locations.html#PSA_KEY_LIFETIME_VOLATILE"><code class="docutils literal"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="locations.html#PSA_KEY_LIFETIME_PERSISTENT"><code class="docutils literal"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code> (macro)</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="locations.html#key-identifiers">Key identifiers</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="locations.html#PSA_KEY_ID_NULL"><code class="docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="locations.html#PSA_KEY_ID_USER_MIN"><code class="docutils literal"><span class="pre">PSA_KEY_ID_USER_MIN</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="locations.html#PSA_KEY_ID_USER_MAX"><code class="docutils literal"><span class="pre">PSA_KEY_ID_USER_MAX</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="locations.html#PSA_KEY_ID_VENDOR_MIN"><code class="docutils literal"><span class="pre">PSA_KEY_ID_VENDOR_MIN</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="locations.html#PSA_KEY_ID_VENDOR_MAX"><code class="docutils literal"><span class="pre">PSA_KEY_ID_VENDOR_MAX</span></code> (macro)</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="locations.html#attribute-accessors">Attribute accessors</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="locations.html#psa_set_key_lifetime"><code class="docutils literal"><span class="pre">psa_set_key_lifetime</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="locations.html#psa_get_key_lifetime"><code class="docutils literal"><span class="pre">psa_get_key_lifetime</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="locations.html#psa_set_key_id"><code class="docutils literal"><span class="pre">psa_set_key_id</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="locations.html#psa_get_key_id"><code class="docutils literal"><span class="pre">psa_get_key_id</span></code> (function)</a></li>
-</ul>
-</li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="types.html">Key types</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="types.html#key-categories">Key categories</a><ul>
+<li class="toctree-l1"><a class="reference internal" href="types.html">9.2. Key types</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="types.html#key-type-encoding">9.2.1. Key type encoding</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="types.html#psa_key_type_t"><code class="docutils literal"><span class="pre">psa_key_type_t</span></code> (type)</a></li>
<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_NONE"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_NONE</span></code> (macro)</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="types.html#key-categories">9.2.2. Key categories</a><ul>
<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_IS_UNSTRUCTURED"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_UNSTRUCTURED</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_IS_ASYMMETRIC"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ASYMMETRIC</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_IS_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_PUBLIC_KEY</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_IS_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_KEY_PAIR</span></code> (macro)</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="types.html#symmetric-keys">Symmetric keys</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="types.html#symmetric-keys">9.2.3. Symmetric keys</a><ul>
<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_RAW_DATA"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_RAW_DATA</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_HMAC"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_HMAC</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_DERIVE"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DERIVE</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_AES"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_AES</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_DES"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DES</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_CAMELLIA"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_CAMELLIA</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_SM4"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_SM4</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_ARC4"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ARC4</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_CHACHA20"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_CHACHA20</span></code> (macro)</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="types.html#rsa-keys">RSA keys</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="types.html#rsa-keys">9.2.4. RSA keys</a><ul>
<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_RSA_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_RSA_PUBLIC_KEY</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_RSA_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_RSA_KEY_PAIR</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_IS_RSA"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_RSA</span></code> (macro)</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="types.html#elliptic-curve-keys">Elliptic Curve keys</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="types.html#elliptic-curve-keys">9.2.5. Elliptic Curve keys</a><ul>
<li class="toctree-l3"><a class="reference internal" href="types.html#psa_ecc_family_t"><code class="docutils literal"><span class="pre">psa_ecc_family_t</span></code> (type)</a></li>
<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_ECC_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_ECC_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_PUBLIC_KEY</span></code> (macro)</a></li>
@@ -130,7 +105,7 @@
<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_ECC_GET_FAMILY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_GET_FAMILY</span></code> (macro)</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="types.html#diffie-hellman-keys">Diffie Hellman keys</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="types.html#diffie-hellman-keys">9.2.6. Diffie Hellman keys</a><ul>
<li class="toctree-l3"><a class="reference internal" href="types.html#psa_dh_family_t"><code class="docutils literal"><span class="pre">psa_dh_family_t</span></code> (type)</a></li>
<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_DH_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DH_KEY_PAIR</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_DH_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DH_PUBLIC_KEY</span></code> (macro)</a></li>
@@ -143,7 +118,7 @@
<li class="toctree-l3"><a class="reference internal" href="types.html#PSA_KEY_TYPE_DH_GET_FAMILY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DH_GET_FAMILY</span></code> (macro)</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="types.html#attribute-accessors">Attribute accessors</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="types.html#attribute-accessors">9.2.7. Attribute accessors</a><ul>
<li class="toctree-l3"><a class="reference internal" href="types.html#psa_set_key_type"><code class="docutils literal"><span class="pre">psa_set_key_type</span></code> (function)</a></li>
<li class="toctree-l3"><a class="reference internal" href="types.html#psa_get_key_type"><code class="docutils literal"><span class="pre">psa_get_key_type</span></code> (function)</a></li>
<li class="toctree-l3"><a class="reference internal" href="types.html#psa_get_key_bits"><code class="docutils literal"><span class="pre">psa_get_key_bits</span></code> (function)</a></li>
@@ -152,62 +127,93 @@
</li>
</ul>
</li>
-<li class="toctree-l1"><a class="reference internal" href="usage.html">Key policies</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="usage.html#key-usage-flags">Key usage flags</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="usage.html#PSA_KEY_USAGE_EXPORT"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="usage.html#PSA_KEY_USAGE_COPY"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_COPY</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="usage.html#PSA_KEY_USAGE_CACHE"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_CACHE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="usage.html#PSA_KEY_USAGE_ENCRYPT"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="usage.html#PSA_KEY_USAGE_DECRYPT"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="usage.html#PSA_KEY_USAGE_SIGN_MESSAGE"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="usage.html#PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="usage.html#PSA_KEY_USAGE_SIGN_HASH"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_HASH</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="usage.html#PSA_KEY_USAGE_VERIFY_HASH"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_HASH</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="usage.html#PSA_KEY_USAGE_DERIVE"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code> (macro)</a></li>
+<li class="toctree-l1"><a class="reference internal" href="lifetimes.html">9.3. Key lifetimes</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="lifetimes.html#volatile-keys">9.3.1. Volatile keys</a></li>
+<li class="toctree-l2"><a class="reference internal" href="lifetimes.html#persistent-keys">9.3.2. Persistent keys</a></li>
+<li class="toctree-l2"><a class="reference internal" href="lifetimes.html#lifetime-encodings">9.3.3. Lifetime encodings</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="lifetimes.html#psa_key_lifetime_t"><code class="docutils literal"><span class="pre">psa_key_lifetime_t</span></code> (type)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="lifetimes.html#psa_key_persistence_t"><code class="docutils literal"><span class="pre">psa_key_persistence_t</span></code> (type)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="lifetimes.html#psa_key_location_t"><code class="docutils literal"><span class="pre">psa_key_location_t</span></code> (type)</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="usage.html#attribute-accessors">Attribute accessors</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="usage.html#psa_set_key_usage_flags"><code class="docutils literal"><span class="pre">psa_set_key_usage_flags</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="usage.html#psa_get_key_usage_flags"><code class="docutils literal"><span class="pre">psa_get_key_usage_flags</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="lifetimes.html#lifetime-values">9.3.4. Lifetime values</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="lifetimes.html#PSA_KEY_LIFETIME_VOLATILE"><code class="docutils literal"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="lifetimes.html#PSA_KEY_LIFETIME_PERSISTENT"><code class="docutils literal"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="lifetimes.html#PSA_KEY_PERSISTENCE_VOLATILE"><code class="docutils literal"><span class="pre">PSA_KEY_PERSISTENCE_VOLATILE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="lifetimes.html#PSA_KEY_PERSISTENCE_DEFAULT"><code class="docutils literal"><span class="pre">PSA_KEY_PERSISTENCE_DEFAULT</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="lifetimes.html#PSA_KEY_PERSISTENCE_READ_ONLY"><code class="docutils literal"><span class="pre">PSA_KEY_PERSISTENCE_READ_ONLY</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="lifetimes.html#PSA_KEY_LOCATION_LOCAL_STORAGE"><code class="docutils literal"><span class="pre">PSA_KEY_LOCATION_LOCAL_STORAGE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="lifetimes.html#PSA_KEY_LOCATION_PRIMARY_SECURE_ELEMENT"><code class="docutils literal"><span class="pre">PSA_KEY_LOCATION_PRIMARY_SECURE_ELEMENT</span></code> (macro)</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="lifetimes.html#attribute-accessors">9.3.5. Attribute accessors</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="lifetimes.html#psa_set_key_lifetime"><code class="docutils literal"><span class="pre">psa_set_key_lifetime</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="lifetimes.html#psa_get_key_lifetime"><code class="docutils literal"><span class="pre">psa_get_key_lifetime</span></code> (function)</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="lifetimes.html#support-macros">9.3.6. Support macros</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="lifetimes.html#PSA_KEY_LIFETIME_GET_PERSISTENCE"><code class="docutils literal"><span class="pre">PSA_KEY_LIFETIME_GET_PERSISTENCE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="lifetimes.html#PSA_KEY_LIFETIME_GET_LOCATION"><code class="docutils literal"><span class="pre">PSA_KEY_LIFETIME_GET_LOCATION</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="lifetimes.html#PSA_KEY_LIFETIME_IS_VOLATILE"><code class="docutils literal"><span class="pre">PSA_KEY_LIFETIME_IS_VOLATILE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="lifetimes.html#PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION"><code class="docutils literal"><span class="pre">PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION</span></code> (macro)</a></li>
</ul>
</li>
</ul>
</li>
-<li class="toctree-l1"><a class="reference internal" href="algorithms.html">Algorithms</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="algorithms.html#algorithm-categories">Algorithm categories</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="algorithms.html#PSA_ALG_NONE"><code class="docutils literal"><span class="pre">PSA_ALG_NONE</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="algorithms.html#PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="algorithms.html#PSA_ALG_IS_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_MAC</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="algorithms.html#PSA_ALG_IS_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="algorithms.html#PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="algorithms.html#PSA_ALG_IS_SIGN"><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="algorithms.html#PSA_ALG_IS_ASYMMETRIC_ENCRYPTION"><code class="docutils literal"><span class="pre">PSA_ALG_IS_ASYMMETRIC_ENCRYPTION</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="algorithms.html#PSA_ALG_IS_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_AGREEMENT</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="algorithms.html#PSA_ALG_IS_KEY_DERIVATION"><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_DERIVATION</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="algorithms.html#PSA_ALG_IS_WILDCARD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_WILDCARD</span></code> (macro)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="algorithms.html#PSA_ALG_GET_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_GET_HASH</span></code> (macro)</a></li>
+<li class="toctree-l1"><a class="reference internal" href="ids.html">9.4. Key identifiers</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="ids.html#key-identifier-type">9.4.1. Key identifier type</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="ids.html#psa_key_id_t"><code class="docutils literal"><span class="pre">psa_key_id_t</span></code> (type)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ids.html#PSA_KEY_ID_NULL"><code class="docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ids.html#PSA_KEY_ID_USER_MIN"><code class="docutils literal"><span class="pre">PSA_KEY_ID_USER_MIN</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ids.html#PSA_KEY_ID_USER_MAX"><code class="docutils literal"><span class="pre">PSA_KEY_ID_USER_MAX</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ids.html#PSA_KEY_ID_VENDOR_MIN"><code class="docutils literal"><span class="pre">PSA_KEY_ID_VENDOR_MIN</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ids.html#PSA_KEY_ID_VENDOR_MAX"><code class="docutils literal"><span class="pre">PSA_KEY_ID_VENDOR_MAX</span></code> (macro)</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="algorithms.html#attribute-accessors">Attribute accessors</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="algorithms.html#psa_set_key_algorithm"><code class="docutils literal"><span class="pre">psa_set_key_algorithm</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="algorithms.html#psa_get_key_algorithm"><code class="docutils literal"><span class="pre">psa_get_key_algorithm</span></code> (function)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="ids.html#attribute-accessors">9.4.2. Attribute accessors</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="ids.html#psa_set_key_id"><code class="docutils literal"><span class="pre">psa_set_key_id</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="ids.html#psa_get_key_id"><code class="docutils literal"><span class="pre">psa_get_key_id</span></code> (function)</a></li>
</ul>
</li>
</ul>
</li>
-<li class="toctree-l1"><a class="reference internal" href="management.html">Key management functions</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="management.html#key-creation">Key creation</a><ul>
+<li class="toctree-l1"><a class="reference internal" href="policy.html">9.5. Key policies</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="policy.html#permitted-algorithms">9.5.1. Permitted algorithms</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="policy.html#psa_set_key_algorithm"><code class="docutils literal"><span class="pre">psa_set_key_algorithm</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="policy.html#psa_get_key_algorithm"><code class="docutils literal"><span class="pre">psa_get_key_algorithm</span></code> (function)</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="policy.html#key-usage-flags">9.5.2. Key usage flags</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="policy.html#psa_key_usage_t"><code class="docutils literal"><span class="pre">psa_key_usage_t</span></code> (type)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="policy.html#PSA_KEY_USAGE_EXPORT"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="policy.html#PSA_KEY_USAGE_COPY"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_COPY</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="policy.html#PSA_KEY_USAGE_CACHE"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_CACHE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="policy.html#PSA_KEY_USAGE_ENCRYPT"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="policy.html#PSA_KEY_USAGE_DECRYPT"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="policy.html#PSA_KEY_USAGE_SIGN_MESSAGE"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="policy.html#PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="policy.html#PSA_KEY_USAGE_SIGN_HASH"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_HASH</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="policy.html#PSA_KEY_USAGE_VERIFY_HASH"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_HASH</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="policy.html#PSA_KEY_USAGE_DERIVE"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="policy.html#psa_set_key_usage_flags"><code class="docutils literal"><span class="pre">psa_set_key_usage_flags</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="policy.html#psa_get_key_usage_flags"><code class="docutils literal"><span class="pre">psa_get_key_usage_flags</span></code> (function)</a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="management.html">9.6. Key management functions</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="management.html#key-creation">9.6.1. Key creation</a><ul>
<li class="toctree-l3"><a class="reference internal" href="management.html#psa_import_key"><code class="docutils literal"><span class="pre">psa_import_key</span></code> (function)</a></li>
<li class="toctree-l3"><a class="reference internal" href="management.html#psa_generate_key"><code class="docutils literal"><span class="pre">psa_generate_key</span></code> (function)</a></li>
<li class="toctree-l3"><a class="reference internal" href="management.html#psa_copy_key"><code class="docutils literal"><span class="pre">psa_copy_key</span></code> (function)</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="management.html#key-destruction">Key destruction</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="management.html#key-destruction">9.6.2. Key destruction</a><ul>
<li class="toctree-l3"><a class="reference internal" href="management.html#psa_destroy_key"><code class="docutils literal"><span class="pre">psa_destroy_key</span></code> (function)</a></li>
<li class="toctree-l3"><a class="reference internal" href="management.html#psa_purge_key"><code class="docutils literal"><span class="pre">psa_purge_key</span></code> (function)</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="management.html#key-export">Key export</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="management.html#key-export">9.6.3. Key export</a><ul>
<li class="toctree-l3"><a class="reference internal" href="management.html#psa_export_key"><code class="docutils literal"><span class="pre">psa_export_key</span></code> (function)</a></li>
<li class="toctree-l3"><a class="reference internal" href="management.html#psa_export_public_key"><code class="docutils literal"><span class="pre">psa_export_public_key</span></code> (function)</a></li>
<li class="toctree-l3"><a class="reference internal" href="management.html#PSA_EXPORT_KEY_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_EXPORT_KEY_OUTPUT_SIZE</span></code> (macro)</a></li>
@@ -227,22 +233,42 @@
</div>
</div>
<div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper"><div class="relations">
-<h3>Related Topics</h3>
+ <div class="sphinxsidebarwrapper"><h3><a href="../../index.html"><b>PSA Crypto API</b></a></h3>
+IHI 0086<br/>
+Non-confidential<br/>
+Version 1.0.1
+<span style="color: red; font-weight: bold;"></span>
<ul>
- <li><a href="../../index.html">Documentation overview</a><ul>
- <li>Previous: <a href="../library/library.html" title="previous chapter">PSA Crypto library</a></li>
- <li>Next: <a href="attributes.html" title="next chapter">Key attributes</a></li>
- </ul></li>
+<li class="toctree-l1"><a class="reference internal" href="../../about.html">About this document</a></li>
</ul>
-</div>
- <div role="note" aria-label="source link">
- <h3>This Page</h3>
- <ul class="this-page-menu">
- <li><a href="../../_sources/api/keys/index.rst.txt"
- rel="nofollow">Show Source</a></li>
- </ul>
- </div>
+<ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../../overview/intro.html">1. Introduction</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/goals.html">2. Design goals</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/functionality.html">3. Functionality overview</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/sample-arch.html">4. Sample architectures</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/conventions.html">5. Library conventions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/implementation.html">6. Implementation considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/usage.html">7. Usage considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../library/index.html">8. Library management reference</a></li>
+<li class="toctree-l1 current"><a class="current reference internal" href="#">9. Key management reference</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="attributes.html">9.1. Key attributes</a></li>
+<li class="toctree-l2"><a class="reference internal" href="types.html">9.2. Key types</a></li>
+<li class="toctree-l2"><a class="reference internal" href="lifetimes.html">9.3. Key lifetimes</a></li>
+<li class="toctree-l2"><a class="reference internal" href="ids.html">9.4. Key identifiers</a></li>
+<li class="toctree-l2"><a class="reference internal" href="policy.html">9.5. Key policies</a></li>
+<li class="toctree-l2"><a class="reference internal" href="management.html">9.6. Key management functions</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="../ops/index.html">10. Cryptographic operation reference</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/example_header.html">Example header file</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/specdef_values.html">Example macro implementations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/history.html">Changes to the API</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../../psa_c-identifiers.html">Index of API elements</a></li>
+</ul>
<div id="searchbox" style="display: none" role="search">
<h3>Quick search</h3>
<form class="search" action="../../search.html" method="get">
@@ -258,15 +284,12 @@
<div class="clearer"></div>
</div>
<div class="footer">
- © 2019-2020, Arm Limited or its affiliates. All rights reserved.
+ © 2018-2020, Arm Limited or its affiliates. All rights reserved.
|
Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
& <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
- |
- <a href="../../_sources/api/keys/index.rst.txt"
- rel="nofollow">Page source</a>
</div>
diff --git a/docs/html/api/keys/lifetimes.html b/docs/html/api/keys/lifetimes.html
new file mode 100644
index 0000000..315a24b
--- /dev/null
+++ b/docs/html/api/keys/lifetimes.html
@@ -0,0 +1,471 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+ <title>9.3. Key lifetimes — PSA Crypto API 1.0.1 documentation</title>
+ <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
+ <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
+ <script type="text/javascript">
+ var DOCUMENTATION_OPTIONS = {
+ URL_ROOT: '../../',
+ VERSION: '1.0.1',
+ COLLAPSE_INDEX: false,
+ FILE_SUFFIX: '.html',
+ HAS_SOURCE: false,
+ SOURCELINK_SUFFIX: '.txt'
+ };
+ </script>
+ <script type="text/javascript" src="../../_static/jquery.js"></script>
+ <script type="text/javascript" src="../../_static/underscore.js"></script>
+ <script type="text/javascript" src="../../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../../about.html" />
+ <link rel="index" title="Index" href="../../genindex.html" />
+ <link rel="search" title="Search" href="../../search.html" />
+ <link rel="next" title="9.4. Key identifiers" href="ids.html" />
+ <link rel="prev" title="9.2. Key types" href="types.html" />
+
+ <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
+
+ <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
+
+ </head>
+ <body>
+
+
+ <div class="document">
+ <div class="documentwrapper">
+ <div class="bodywrapper">
+ <div class="body" role="main">
+
+ <div class="section" id="key-lifetimes">
+<span id="id1"></span><h1>9.3. Key lifetimes</h1>
+<p>The lifetime of a key indicates where it is stored and which application and system actions will create and destroy it.</p>
+<p>Lifetime values are composed from:</p>
+<ul class="simple">
+<li>A persistence level, which indicates what device management actions can cause it to be destroyed. In particular, it indicates whether the key is volatile or persistent. See <a class="reference internal" href="#c.psa_key_persistence_t" title="psa_key_persistence_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_persistence_t</span></code></a> for more information.</li>
+<li>A location indicator, which indicates where the key is stored and where operations on the key are performed. See <a class="reference internal" href="#c.psa_key_location_t" title="psa_key_location_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_location_t</span></code></a> for more information.</li>
+</ul>
+<p>There are two main types of lifetime, indicated by the persistence level: <em>volatile</em> and <em>persistent</em>.</p>
+<div class="section" id="volatile-keys">
+<h2>9.3.1. Volatile keys</h2>
+<p>Volatile keys are automatically destroyed when the application instance terminates or on a power reset of the device. Volatile keys can be explicitly destroyed by the application.</p>
+<p>Conceptually, a volatile key is stored in RAM. Volatile keys have the lifetime <a class="reference internal" href="#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code></a>.</p>
+<p>To create a volatile key:</p>
+<ol class="arabic simple">
+<li>Populate a <a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_attributes_t</span></code></a> object with the required type, size, policy and other key attributes.</li>
+<li>Create the key with one of the key creation functions. If successful, these functions output a transient <a class="reference internal" href="ids.html#key-identifiers"><span class="std std-ref">key identifier</span></a>.</li>
+</ol>
+<p>To destroy a volatile key: call <a class="reference internal" href="management.html#c.psa_destroy_key" title="psa_destroy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_destroy_key()</span></code></a> with the key identifier. There must be a matching call to <a class="reference internal" href="management.html#c.psa_destroy_key" title="psa_destroy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_destroy_key()</span></code></a> for each successful call to a create a volatile key.</p>
+</div>
+<div class="section" id="persistent-keys">
+<h2>9.3.2. Persistent keys</h2>
+<p>Persistent keys are preserved until the application explicitly destroys them or until an implementation-specific device management event occurs, for example, a factory reset.</p>
+<p>Each persistent key has a permanent key identifier, which acts as a name for the key.
+Within an application, the key identifier corresponds to a single key. The
+application specifies the key identifier when the key is created and when
+using the key.</p>
+<p>The lifetime attribute of a persistent key indicates how and where it is stored. The default lifetime value for a persistent key is <a class="reference internal" href="#c.PSA_KEY_LIFETIME_PERSISTENT" title="PSA_KEY_LIFETIME_PERSISTENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code></a>, which corresponds to a default storage area. This specification defines how implementations can provide other lifetime values corresponding to
+different storage areas with different retention policies, or to secure elements
+with different security characteristics.</p>
+<p>To create a persistent key:</p>
+<ol class="arabic simple">
+<li>Populate a <a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_attributes_t</span></code></a> object with the key’s type, size, policy and other attributes.</li>
+<li>In the attributes object, set the desired lifetime and persistent identifier for the key.</li>
+<li>Create the key with one of the key creation functions. If successful, these functions output the <a class="reference internal" href="ids.html#key-identifiers"><span class="std std-ref">key identifier</span></a> that was specified by the application in step 2.</li>
+</ol>
+<p>To access an existing persistent key: use the key identifier in any API that requires a key.</p>
+<p>To destroy a persistent key: call <a class="reference internal" href="management.html#c.psa_destroy_key" title="psa_destroy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_destroy_key()</span></code></a> with the key identifier. Destroying a persistent key permanently removes it from memory and storage.</p>
+<p>By default, persistent key material is removed from volatile memory when not in use. Frequently used persistent keys can benefit from caching, depending on the implementation and the application. Caching can be enabled by creating the key with the <a class="reference internal" href="policy.html#c.PSA_KEY_USAGE_CACHE" title="PSA_KEY_USAGE_CACHE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_CACHE</span></code></a> policy. Cached keys can be removed from volatile memory by calling <a class="reference internal" href="management.html#c.psa_purge_key" title="psa_purge_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_purge_key()</span></code></a>. See also <a class="reference internal" href="../../overview/implementation.html#memory-cleanup"><span class="secref">Memory cleanup</span></a> and <a class="reference internal" href="../../overview/implementation.html#key-material"><span class="secref">Managing key material</span></a>.</p>
+</div>
+<div class="section" id="lifetime-encodings">
+<h2>9.3.3. Lifetime encodings</h2>
+<div class="section" id="psa_key_lifetime_t">
+<span id="c.psa_key_lifetime_t"></span><h3><code class="docutils literal"><span class="pre">psa_key_lifetime_t</span></code> (type)</h3>
+<p>Encoding of key lifetimes.</p>
+<pre class="literal-block">
+typedef uint32_t <a class="reference internal" href="#c.psa_key_lifetime_t" title="psa_key_lifetime_t">psa_key_lifetime_t</a>;
+</pre>
+<p>The lifetime of a key indicates where it is stored and which application and system actions will create and destroy it.</p>
+<p>Lifetime values have the following structure:</p>
+<dl class="docutils">
+<dt>Bits[7:0]: Persistence level</dt>
+<dd><p class="first">This value indicates what device management actions can cause it to be destroyed. In particular, it indicates whether the key is <em>volatile</em> or <em>persistent</em>. See <a class="reference internal" href="#c.psa_key_persistence_t" title="psa_key_persistence_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_persistence_t</span></code></a> for more information.</p>
+<p class="last"><a class="reference internal" href="#c.PSA_KEY_LIFETIME_GET_PERSISTENCE" title="PSA_KEY_LIFETIME_GET_PERSISTENCE"><code class="docutils literal"><span class="pre">PSA_KEY_LIFETIME_GET_PERSISTENCE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">lifetime</span></code><code class="docutils literal"><span class="pre">)</span></code> returns the persistence level for a key <code class="docutils literal"><span class="pre">lifetime</span></code> value.</p>
+</dd>
+<dt>Bits[31:8]: Location indicator</dt>
+<dd><p class="first">This value indicates where the key material is stored (or at least where it is accessible in cleartext) and where operations on the key are performed. See <a class="reference internal" href="#c.psa_key_location_t" title="psa_key_location_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_location_t</span></code></a> for more information.</p>
+<p class="last"><a class="reference internal" href="#c.PSA_KEY_LIFETIME_GET_LOCATION" title="PSA_KEY_LIFETIME_GET_LOCATION"><code class="docutils literal"><span class="pre">PSA_KEY_LIFETIME_GET_LOCATION</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">lifetime</span></code><code class="docutils literal"><span class="pre">)</span></code> returns the location indicator for a key <code class="docutils literal"><span class="pre">lifetime</span></code> value.</p>
+</dd>
+</dl>
+<p>Volatile keys are automatically destroyed when the application instance terminates or on a power reset of the device. Persistent keys are preserved until the application explicitly destroys them or until an implementation-specific device management event occurs, for example, a factory reset.</p>
+<p>Persistent keys have a key identifier of type <a class="reference internal" href="ids.html#c.psa_key_id_t" title="psa_key_id_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_id_t</span></code></a>. This identifier remains valid throughout the lifetime of the key, even if the application instance that created the key terminates.</p>
+<p>This specification defines two basic lifetime values:</p>
+<ul class="simple">
+<li>Keys with the lifetime <a class="reference internal" href="#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code></a> are volatile. All implementations should support this lifetime.</li>
+<li>Keys with the lifetime <a class="reference internal" href="#c.PSA_KEY_LIFETIME_PERSISTENT" title="PSA_KEY_LIFETIME_PERSISTENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code></a> are persistent. All implementations that have access to persistent storage with appropriate security guarantees should support this lifetime.</li>
+</ul>
+</div>
+<div class="section" id="psa_key_persistence_t">
+<span id="c.psa_key_persistence_t"></span><h3><code class="docutils literal"><span class="pre">psa_key_persistence_t</span></code> (type)</h3>
+<p>Encoding of key persistence levels.</p>
+<pre class="literal-block">
+typedef uint8_t <a class="reference internal" href="#c.psa_key_persistence_t" title="psa_key_persistence_t">psa_key_persistence_t</a>;
+</pre>
+<p>What distinguishes different persistence levels is which device management events can cause keys to be destroyed. For example, power reset, transfer of device ownership, or a factory reset are device management events that can affect keys at different persistence levels. The specific management events which affect persistent keys at different levels is outside the scope of the PSA Cryptography specification.</p>
+<p>Values for persistence levels defined by this specification are shown in <span><a class="reference internal" href="#persistence-levels"><span class="numref">Table 3</span></a></span>.</p>
+<table border="1" class="colwidths-given longtable docutils align-left" id="persistence-levels">
+<caption><span class="caption-number">Table 3 </span><span class="caption-text">Key persistence level values</span></caption>
+<colgroup>
+<col width="40%" />
+<col width="60%" />
+</colgroup>
+<thead valign="bottom">
+<tr class="row-odd"><th class="head">Persistence level</th>
+<th class="head">Definition</th>
+</tr>
+</thead>
+<tbody valign="top">
+<tr class="row-even"><td><code class="docutils literal"><span class="pre">0</span> <span class="pre">=</span> </code><a class="reference internal" href="#c.PSA_KEY_PERSISTENCE_VOLATILE" title="PSA_KEY_PERSISTENCE_VOLATILE"><code class="docutils literal"><span class="pre">PSA_KEY_PERSISTENCE_VOLATILE</span></code></a></td>
+<td><p class="first">Volatile key.</p>
+<p class="last">A volatile key is automatically destroyed by the implementation when the application instance terminates. In particular, a volatile key is automatically destroyed on a power reset of the device.</p>
+</td>
+</tr>
+<tr class="row-odd"><td><code class="docutils literal"><span class="pre">1</span> <span class="pre">=</span> </code><a class="reference internal" href="#c.PSA_KEY_PERSISTENCE_DEFAULT" title="PSA_KEY_PERSISTENCE_DEFAULT"><code class="docutils literal"><span class="pre">PSA_KEY_PERSISTENCE_DEFAULT</span></code></a></td>
+<td><p class="first">Persistent key with a default lifetime.</p>
+<p class="last">Implementations should support this value if they support persistent keys at all. Applications should use this value if they have no specific needs that are only met by implementation-specific features.</p>
+</td>
+</tr>
+<tr class="row-even"><td><code class="docutils literal"><span class="pre">2</span> <span class="pre">-</span> <span class="pre">127</span></code></td>
+<td><p class="first">Persistent key with a PSA-specified lifetime.</p>
+<p class="last">The PSA Cryptography specification does not define the meaning of these values, but other PSA specifications may do so.</p>
+</td>
+</tr>
+<tr class="row-odd"><td><code class="docutils literal"><span class="pre">128</span> <span class="pre">-</span> <span class="pre">254</span></code></td>
+<td><p class="first">Persistent key with a vendor-specified lifetime.</p>
+<p class="last">No PSA specification will define the meaning of these values, so implementations may choose the meaning freely. As a guideline, higher persistence levels should cause a key to survive more management events than lower levels.</p>
+</td>
+</tr>
+<tr class="row-even"><td><code class="docutils literal"><span class="pre">255</span> <span class="pre">=</span> </code><a class="reference internal" href="#c.PSA_KEY_PERSISTENCE_READ_ONLY" title="PSA_KEY_PERSISTENCE_READ_ONLY"><code class="docutils literal"><span class="pre">PSA_KEY_PERSISTENCE_READ_ONLY</span></code></a></td>
+<td><p class="first">Read-only or write-once key.</p>
+<p>A key with this persistence level cannot be destroyed. Implementations that support such keys may either allow their creation through the PSA Cryptography API, preferably only to applications with the appropriate privilege, or only expose keys created through implementation-specific means such as a factory ROM engraving process.</p>
+<p class="last">Note that keys that are read-only due to policy restrictions rather than due to physical limitations should not have this persistence level.</p>
+</td>
+</tr>
+</tbody>
+</table>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">Key persistence levels are 8-bit values. Key management interfaces operate on lifetimes (type <a class="reference internal" href="#c.psa_key_lifetime_t" title="psa_key_lifetime_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_lifetime_t</span></code></a>), and encode the persistence value as the lower 8 bits of a 32-bit value.</p>
+</div>
+</div>
+<div class="section" id="psa_key_location_t">
+<span id="c.psa_key_location_t"></span><h3><code class="docutils literal"><span class="pre">psa_key_location_t</span></code> (type)</h3>
+<p>Encoding of key location indicators.</p>
+<pre class="literal-block">
+typedef uint32_t <a class="reference internal" href="#c.psa_key_location_t" title="psa_key_location_t">psa_key_location_t</a>;
+</pre>
+<p>If an implementation of this API can make calls to external cryptoprocessors such as secure elements, the location of a key indicates which secure element performs the operations on the key. If the key material is not stored persistently inside the secure element, it must be stored in a wrapped form such that only the secure element can access the key material in cleartext.</p>
+<p>Values for location indicators defined by this specification are shown in <span><a class="reference internal" href="#location-indicators"><span class="numref">Table 4</span></a></span>.</p>
+<table border="1" class="colwidths-given longtable docutils align-left" id="location-indicators">
+<caption><span class="caption-number">Table 4 </span><span class="caption-text">Key location indicator values</span></caption>
+<colgroup>
+<col width="25%" />
+<col width="75%" />
+</colgroup>
+<thead valign="bottom">
+<tr class="row-odd"><th class="head">Location indicator</th>
+<th class="head">Definition</th>
+</tr>
+</thead>
+<tbody valign="top">
+<tr class="row-even"><td><code class="docutils literal"><span class="pre">0</span></code></td>
+<td><p class="first">Primary local storage.</p>
+<p class="last">All implementations should support this value. The primary local storage is typically the same storage area that contains the key metadata.</p>
+</td>
+</tr>
+<tr class="row-odd"><td><code class="docutils literal"><span class="pre">1</span></code></td>
+<td><p class="first">Primary secure element.</p>
+<p class="last">Implementations should support this value if there is a secure element attached to the operating environment. As a guideline, secure elements may provide higher resistance against side channel and physical attacks than the primary local storage, but may have restrictions on supported key types, sizes, policies and operations and may have different performance characteristics.</p>
+</td>
+</tr>
+<tr class="row-even"><td><code class="docutils literal"><span class="pre">2</span> <span class="pre">-</span> <span class="pre">0x7fffff</span></code></td>
+<td><p class="first">Other locations defined by a PSA specification.</p>
+<p class="last">The PSA Cryptography API does not currently assign any meaning to these locations, but future versions of this specification or other PSA specifications may do so.</p>
+</td>
+</tr>
+<tr class="row-odd"><td><code class="docutils literal"><span class="pre">0x800000</span> <span class="pre">-</span> <span class="pre">0xffffff</span></code></td>
+<td><p class="first">Vendor-defined locations.</p>
+<p class="last">No PSA specification will assign a meaning to locations in this range.</p>
+</td>
+</tr>
+</tbody>
+</table>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">Key location indicators are 24-bit values. Key management interfaces operate on lifetimes (type <a class="reference internal" href="#c.psa_key_lifetime_t" title="psa_key_lifetime_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_lifetime_t</span></code></a>), and encode the location as the upper 24 bits of a 32-bit value.</p>
+</div>
+</div>
+</div>
+<div class="section" id="lifetime-values">
+<h2>9.3.4. Lifetime values</h2>
+<div class="section" id="PSA_KEY_LIFETIME_VOLATILE">
+<span id="c.PSA_KEY_LIFETIME_VOLATILE"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code> (macro)</h3>
+<p>The default lifetime for volatile keys.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE">PSA_KEY_LIFETIME_VOLATILE</a> ((<a class="reference internal" href="#c.psa_key_lifetime_t" title="psa_key_lifetime_t">psa_key_lifetime_t</a>) 0x00000000)
+</pre>
+<p>A volatile key only exists as long as its identifier is not destroyed. The key material is guaranteed to be erased on a power reset.</p>
+<p>A key with this lifetime is typically stored in the RAM area of the PSA Crypto subsystem. However this is an implementation choice. If an implementation stores data about the key in a non-volatile memory, it must release all the resources associated with the key and erase the key material if the calling application terminates.</p>
+</div>
+<div class="section" id="PSA_KEY_LIFETIME_PERSISTENT">
+<span id="c.PSA_KEY_LIFETIME_PERSISTENT"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code> (macro)</h3>
+<p>The default lifetime for persistent keys.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_LIFETIME_PERSISTENT" title="PSA_KEY_LIFETIME_PERSISTENT">PSA_KEY_LIFETIME_PERSISTENT</a> ((<a class="reference internal" href="#c.psa_key_lifetime_t" title="psa_key_lifetime_t">psa_key_lifetime_t</a>) 0x00000001)
+</pre>
+<p>A persistent key remains in storage until it is explicitly destroyed or until the corresponding storage area is wiped. This specification does not define any mechanism to wipe a storage area. Implementations are permitted to provide their own mechanism, for example, to perform a factory reset, to prepare for device refurbishment, or to uninstall an application.</p>
+<p>This lifetime value is the default storage area for the calling application. Implementations can offer other storage areas designated by other lifetime values as implementation-specific extensions.</p>
+</div>
+<div class="section" id="PSA_KEY_PERSISTENCE_VOLATILE">
+<span id="c.PSA_KEY_PERSISTENCE_VOLATILE"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_PERSISTENCE_VOLATILE</span></code> (macro)</h3>
+<p>The persistence level of volatile keys.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_PERSISTENCE_VOLATILE" title="PSA_KEY_PERSISTENCE_VOLATILE">PSA_KEY_PERSISTENCE_VOLATILE</a> ((<a class="reference internal" href="#c.psa_key_persistence_t" title="psa_key_persistence_t">psa_key_persistence_t</a>) 0x00)
+</pre>
+<p>See <a class="reference internal" href="#c.psa_key_persistence_t" title="psa_key_persistence_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_persistence_t</span></code></a> for more information.</p>
+</div>
+<div class="section" id="PSA_KEY_PERSISTENCE_DEFAULT">
+<span id="c.PSA_KEY_PERSISTENCE_DEFAULT"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_PERSISTENCE_DEFAULT</span></code> (macro)</h3>
+<p>The default persistence level for persistent keys.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_PERSISTENCE_DEFAULT" title="PSA_KEY_PERSISTENCE_DEFAULT">PSA_KEY_PERSISTENCE_DEFAULT</a> ((<a class="reference internal" href="#c.psa_key_persistence_t" title="psa_key_persistence_t">psa_key_persistence_t</a>) 0x01)
+</pre>
+<p>See <a class="reference internal" href="#c.psa_key_persistence_t" title="psa_key_persistence_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_persistence_t</span></code></a> for more information.</p>
+</div>
+<div class="section" id="PSA_KEY_PERSISTENCE_READ_ONLY">
+<span id="c.PSA_KEY_PERSISTENCE_READ_ONLY"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_PERSISTENCE_READ_ONLY</span></code> (macro)</h3>
+<p>A persistence level indicating that a key is never destroyed.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_PERSISTENCE_READ_ONLY" title="PSA_KEY_PERSISTENCE_READ_ONLY">PSA_KEY_PERSISTENCE_READ_ONLY</a> ((<a class="reference internal" href="#c.psa_key_persistence_t" title="psa_key_persistence_t">psa_key_persistence_t</a>) 0xff)
+</pre>
+<p>See <a class="reference internal" href="#c.psa_key_persistence_t" title="psa_key_persistence_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_persistence_t</span></code></a> for more information.</p>
+</div>
+<div class="section" id="PSA_KEY_LOCATION_LOCAL_STORAGE">
+<span id="c.PSA_KEY_LOCATION_LOCAL_STORAGE"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_LOCATION_LOCAL_STORAGE</span></code> (macro)</h3>
+<p>The local storage area for persistent keys.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_LOCATION_LOCAL_STORAGE" title="PSA_KEY_LOCATION_LOCAL_STORAGE">PSA_KEY_LOCATION_LOCAL_STORAGE</a> ((<a class="reference internal" href="#c.psa_key_location_t" title="psa_key_location_t">psa_key_location_t</a>) 0x000000)
+</pre>
+<p>This storage area is available on all systems that can store persistent keys without delegating the storage to a third-party cryptoprocessor.</p>
+<p>See <a class="reference internal" href="#c.psa_key_location_t" title="psa_key_location_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_location_t</span></code></a> for more information.</p>
+</div>
+<div class="section" id="PSA_KEY_LOCATION_PRIMARY_SECURE_ELEMENT">
+<span id="c.PSA_KEY_LOCATION_PRIMARY_SECURE_ELEMENT"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_LOCATION_PRIMARY_SECURE_ELEMENT</span></code> (macro)</h3>
+<p>The default secure element storage area for persistent keys.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_LOCATION_PRIMARY_SECURE_ELEMENT" title="PSA_KEY_LOCATION_PRIMARY_SECURE_ELEMENT">PSA_KEY_LOCATION_PRIMARY_SECURE_ELEMENT</a> ((<a class="reference internal" href="#c.psa_key_location_t" title="psa_key_location_t">psa_key_location_t</a>) 0x000001)
+</pre>
+<p>This storage location is available on systems that have one or more secure elements that are able to store keys.</p>
+<p>Vendor-defined locations must be provided by the system for storing keys in additional secure elements.</p>
+<p>See <a class="reference internal" href="#c.psa_key_location_t" title="psa_key_location_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_location_t</span></code></a> for more information.</p>
+</div>
+</div>
+<div class="section" id="attribute-accessors">
+<h2>9.3.5. Attribute accessors</h2>
+<div class="section" id="psa_set_key_lifetime">
+<span id="c.psa_set_key_lifetime"></span><h3><code class="docutils literal"><span class="pre">psa_set_key_lifetime</span></code> (function)</h3>
+<p>Set the location of a persistent key.</p>
+<pre class="literal-block">
+void <a class="reference internal" href="#c.psa_set_key_lifetime" title="psa_set_key_lifetime">psa_set_key_lifetime</a>(<a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
+ <a class="reference internal" href="#c.psa_key_lifetime_t" title="psa_key_lifetime_t">psa_key_lifetime_t</a> lifetime);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
+<dd>The attribute object to write to.</dd>
+<dt> <code class="docutils literal"><span class="pre">lifetime</span></code></dt>
+<dd>The lifetime for the key. If this is <a class="reference internal" href="#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code></a>, the key will be volatile, and the key identifier attribute is reset to <a class="reference internal" href="ids.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a>.</dd>
+</dl>
+<p class="rubric">Returns: <code class="docutils literal"><span class="pre">void</span></code></p>
+<p class="rubric">Description</p>
+<p>To make a key persistent, give it a persistent key identifier by using <a class="reference internal" href="ids.html#c.psa_set_key_id" title="psa_set_key_id"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_id()</span></code></a>. By default, a key that has a persistent identifier is stored in the default storage area identifier by <a class="reference internal" href="#c.PSA_KEY_LIFETIME_PERSISTENT" title="PSA_KEY_LIFETIME_PERSISTENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code></a>. Call this function to choose a storage area, or to explicitly declare the key as volatile.</p>
+<p>This function does not access storage, it merely stores the given value in the attribute object. The persistent key will be written to storage when the attribute object is passed to a key creation function such as <a class="reference internal" href="management.html#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_import_key()</span></code></a>, <a class="reference internal" href="management.html#c.psa_generate_key" title="psa_generate_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_generate_key()</span></code></a>, <a class="reference internal" href="../ops/kdf.html#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_key()</span></code></a> or <a class="reference internal" href="management.html#c.psa_copy_key" title="psa_copy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_copy_key()</span></code></a>.</p>
+<div class="admonition-implementation-note admonition">
+<p class="first admonition-title">Implementation note</p>
+<p>This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:</p>
+<ul class="last simple">
+<li>This function can be declared as <code class="docutils literal"><span class="pre">static</span></code> or <code class="docutils literal"><span class="pre">inline</span></code>, instead of using the default external linkage.</li>
+<li>This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.</li>
+</ul>
+</div>
+</div>
+<div class="section" id="psa_get_key_lifetime">
+<span id="c.psa_get_key_lifetime"></span><h3><code class="docutils literal"><span class="pre">psa_get_key_lifetime</span></code> (function)</h3>
+<p>Retrieve the lifetime from key attributes.</p>
+<pre class="literal-block">
+<a class="reference internal" href="#c.psa_key_lifetime_t" title="psa_key_lifetime_t">psa_key_lifetime_t</a> <a class="reference internal" href="#c.psa_get_key_lifetime" title="psa_get_key_lifetime">psa_get_key_lifetime</a>(const <a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
+<dd>The key attribute object to query.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="#c.psa_key_lifetime_t" title="psa_key_lifetime_t"><code class="docutils literal"><span class="pre">psa_key_lifetime_t</span></code></a></p>
+<p>The lifetime value stored in the attribute object.</p>
+<p class="rubric">Description</p>
+<div class="admonition-implementation-note admonition">
+<p class="first admonition-title">Implementation note</p>
+<p>This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:</p>
+<ul class="last simple">
+<li>This function can be declared as <code class="docutils literal"><span class="pre">static</span></code> or <code class="docutils literal"><span class="pre">inline</span></code>, instead of using the default external linkage.</li>
+<li>This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.</li>
+</ul>
+</div>
+</div>
+</div>
+<div class="section" id="support-macros">
+<h2>9.3.6. Support macros</h2>
+<div class="section" id="PSA_KEY_LIFETIME_GET_PERSISTENCE">
+<span id="c.PSA_KEY_LIFETIME_GET_PERSISTENCE"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_LIFETIME_GET_PERSISTENCE</span></code> (macro)</h3>
+<p>Extract the persistence level from a key lifetime.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_LIFETIME_GET_PERSISTENCE" title="PSA_KEY_LIFETIME_GET_PERSISTENCE">PSA_KEY_LIFETIME_GET_PERSISTENCE</a>(lifetime) \
+ ((<a class="reference internal" href="#c.psa_key_persistence_t" title="psa_key_persistence_t">psa_key_persistence_t</a>) ((lifetime) & 0x000000ff))
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">lifetime</span></code></dt>
+<dd>The lifetime value to query (value of type <a class="reference internal" href="#c.psa_key_lifetime_t" title="psa_key_lifetime_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_lifetime_t</span></code></a>).</dd>
+</dl>
+</div>
+<div class="section" id="PSA_KEY_LIFETIME_GET_LOCATION">
+<span id="c.PSA_KEY_LIFETIME_GET_LOCATION"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_LIFETIME_GET_LOCATION</span></code> (macro)</h3>
+<p>Extract the location indicator from a key lifetime.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_LIFETIME_GET_LOCATION" title="PSA_KEY_LIFETIME_GET_LOCATION">PSA_KEY_LIFETIME_GET_LOCATION</a>(lifetime) \
+ ((<a class="reference internal" href="#c.psa_key_location_t" title="psa_key_location_t">psa_key_location_t</a>) ((lifetime) >> 8))
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">lifetime</span></code></dt>
+<dd>The lifetime value to query (value of type <a class="reference internal" href="#c.psa_key_lifetime_t" title="psa_key_lifetime_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_lifetime_t</span></code></a>).</dd>
+</dl>
+</div>
+<div class="section" id="PSA_KEY_LIFETIME_IS_VOLATILE">
+<span id="c.PSA_KEY_LIFETIME_IS_VOLATILE"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_LIFETIME_IS_VOLATILE</span></code> (macro)</h3>
+<p>Whether a key lifetime indicates that the key is volatile.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_LIFETIME_IS_VOLATILE" title="PSA_KEY_LIFETIME_IS_VOLATILE">PSA_KEY_LIFETIME_IS_VOLATILE</a>(lifetime) \
+ (<a class="reference internal" href="#c.PSA_KEY_LIFETIME_GET_PERSISTENCE" title="PSA_KEY_LIFETIME_GET_PERSISTENCE">PSA_KEY_LIFETIME_GET_PERSISTENCE</a>(lifetime) == <a class="reference internal" href="#c.PSA_KEY_PERSISTENCE_VOLATILE" title="PSA_KEY_PERSISTENCE_VOLATILE">PSA_KEY_PERSISTENCE_VOLATILE</a>)
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">lifetime</span></code></dt>
+<dd>The lifetime value to query (value of type <a class="reference internal" href="#c.psa_key_lifetime_t" title="psa_key_lifetime_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_lifetime_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p><code class="docutils literal"><span class="pre">1</span></code> if the key is volatile, otherwise <code class="docutils literal"><span class="pre">0</span></code>.</p>
+<p class="rubric">Description</p>
+<p>A volatile key is automatically destroyed by the implementation when the application instance terminates. In particular, a volatile key is automatically destroyed on a power reset of the device.</p>
+<p>A key that is not volatile is persistent. Persistent keys are preserved until the application explicitly destroys them or until an implementation-specific device management event occurs, for example, a factory reset.</p>
+</div>
+<div class="section" id="PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION">
+<span id="c.PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION</span></code> (macro)</h3>
+<p>Construct a lifetime from a persistence level and a location.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION" title="PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION">PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION</a>(persistence, location) \
+ ((location) << 8 | (persistence))
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">persistence</span></code></dt>
+<dd>The persistence level (value of type <a class="reference internal" href="#c.psa_key_persistence_t" title="psa_key_persistence_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_persistence_t</span></code></a>).</dd>
+<dt> <code class="docutils literal"><span class="pre">location</span></code></dt>
+<dd>The location indicator (value of type <a class="reference internal" href="#c.psa_key_location_t" title="psa_key_location_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_location_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>The constructed lifetime value.</p>
+</div>
+</div>
+</div>
+
+
+ </div>
+ </div>
+ </div>
+ <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
+ <div class="sphinxsidebarwrapper"><h3><a href="../../index.html"><b>PSA Crypto API</b></a></h3>
+IHI 0086<br/>
+Non-confidential<br/>
+Version 1.0.1
+<span style="color: red; font-weight: bold;"></span>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../../about.html">About this document</a></li>
+</ul>
+<ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../../overview/intro.html">1. Introduction</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/goals.html">2. Design goals</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/functionality.html">3. Functionality overview</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/sample-arch.html">4. Sample architectures</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/conventions.html">5. Library conventions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/implementation.html">6. Implementation considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/usage.html">7. Usage considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../library/index.html">8. Library management reference</a></li>
+<li class="toctree-l1 current"><a class="reference internal" href="index.html">9. Key management reference</a><ul class="current">
+<li class="toctree-l2"><a class="reference internal" href="attributes.html">9.1. Key attributes</a></li>
+<li class="toctree-l2"><a class="reference internal" href="types.html">9.2. Key types</a></li>
+<li class="toctree-l2 current"><a class="current reference internal" href="#">9.3. Key lifetimes</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#volatile-keys">9.3.1. Volatile keys</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#persistent-keys">9.3.2. Persistent keys</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#lifetime-encodings">9.3.3. Lifetime encodings</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#lifetime-values">9.3.4. Lifetime values</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#attribute-accessors">9.3.5. Attribute accessors</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#support-macros">9.3.6. Support macros</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="ids.html">9.4. Key identifiers</a></li>
+<li class="toctree-l2"><a class="reference internal" href="policy.html">9.5. Key policies</a></li>
+<li class="toctree-l2"><a class="reference internal" href="management.html">9.6. Key management functions</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="../ops/index.html">10. Cryptographic operation reference</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/example_header.html">Example header file</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/specdef_values.html">Example macro implementations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/history.html">Changes to the API</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../../psa_c-identifiers.html">Index of API elements</a></li>
+</ul>
+<div id="searchbox" style="display: none" role="search">
+ <h3>Quick search</h3>
+ <form class="search" action="../../search.html" method="get">
+ <div><input type="text" name="q" /></div>
+ <div><input type="submit" value="Go" /></div>
+ <input type="hidden" name="check_keywords" value="yes" />
+ <input type="hidden" name="area" value="default" />
+ </form>
+</div>
+<script type="text/javascript">$('#searchbox').show(0);</script>
+ </div>
+ </div>
+ <div class="clearer"></div>
+ </div>
+ <div class="footer">
+ © 2018-2020, Arm Limited or its affiliates. All rights reserved.
+
+ |
+ Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
+ & <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
+
+ </div>
+
+
+
+
+ </body>
+</html>
\ No newline at end of file
diff --git a/docs/html/api/keys/locations.html b/docs/html/api/keys/locations.html
deleted file mode 100644
index 3a9d745..0000000
--- a/docs/html/api/keys/locations.html
+++ /dev/null
@@ -1,289 +0,0 @@
-
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>Key locations — PSA Crypto API 1.0.0 documentation</title>
- <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
- <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
- <script type="text/javascript">
- var DOCUMENTATION_OPTIONS = {
- URL_ROOT: '../../',
- VERSION: '1.0.0',
- COLLAPSE_INDEX: false,
- FILE_SUFFIX: '.html',
- HAS_SOURCE: true,
- SOURCELINK_SUFFIX: '.txt'
- };
- </script>
- <script type="text/javascript" src="../../_static/jquery.js"></script>
- <script type="text/javascript" src="../../_static/underscore.js"></script>
- <script type="text/javascript" src="../../_static/doctools.js"></script>
- <link rel="index" title="Index" href="../../genindex.html" />
- <link rel="search" title="Search" href="../../search.html" />
- <link rel="next" title="Key types" href="types.html" />
- <link rel="prev" title="Key attributes" href="attributes.html" />
-
- <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
-
- <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
-
- </head>
- <body>
-
-
- <div class="document">
- <div class="documentwrapper">
- <div class="bodywrapper">
- <div class="body" role="main">
-
- <div class="section" id="key-locations">
-<span id="id1"></span><h1>Key locations</h1>
-<div class="section" id="key-lifetimes">
-<h2>Key lifetimes</h2>
-<div class="section" id="PSA_KEY_LIFETIME_VOLATILE">
-<span id="c.PSA_KEY_LIFETIME_VOLATILE"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code> (macro)</h3>
-<p>A lifetime value that indicates a volatile key.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE">PSA_KEY_LIFETIME_VOLATILE</a> ((<a class="reference internal" href="attributes.html#c.psa_key_lifetime_t" title="psa_key_lifetime_t">psa_key_lifetime_t</a>)0x00000000)
-</pre>
-<p>A volatile key only exists as long as the identifier to it is not destroyed.</p>
-<p>The key material is guaranteed to be erased on a power reset.</p>
-</div>
-<div class="section" id="PSA_KEY_LIFETIME_PERSISTENT">
-<span id="c.PSA_KEY_LIFETIME_PERSISTENT"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code> (macro)</h3>
-<p>The default storage area for persistent keys.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_LIFETIME_PERSISTENT" title="PSA_KEY_LIFETIME_PERSISTENT">PSA_KEY_LIFETIME_PERSISTENT</a> ((<a class="reference internal" href="attributes.html#c.psa_key_lifetime_t" title="psa_key_lifetime_t">psa_key_lifetime_t</a>)0x00000001)
-</pre>
-<p>A persistent key remains in storage until it is explicitly destroyed or until the corresponding storage area is wiped. This specification does not define any mechanism to wipe a storage area. Implementations are permitted to provide their own mechanism, for example, to perform a factory reset, to prepare for device refurbishment, or to uninstall an application.</p>
-<p>This lifetime value is the default storage area for the calling application. Implementations can offer other storage areas designated by other lifetime values as implementation-specific extensions.</p>
-</div>
-</div>
-<div class="section" id="key-identifiers">
-<span id="id2"></span><h2>Key identifiers</h2>
-<div class="section" id="PSA_KEY_ID_NULL">
-<span id="c.PSA_KEY_ID_NULL"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code> (macro)</h3>
-<p>The null key identifier.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL">PSA_KEY_ID_NULL</a> ((<a class="reference internal" href="attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a>)0)
-</pre>
-<p>The null key identifier is always invalid, except when used without in a call to <a class="reference internal" href="management.html#c.psa_destroy_key" title="psa_destroy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_destroy_key()</span></code></a> which will return <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SUCCESS</span></code></a>.</p>
-</div>
-<div class="section" id="PSA_KEY_ID_USER_MIN">
-<span id="c.PSA_KEY_ID_USER_MIN"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_ID_USER_MIN</span></code> (macro)</h3>
-<p>The minimum value for a key identifier chosen by the application.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_ID_USER_MIN" title="PSA_KEY_ID_USER_MIN">PSA_KEY_ID_USER_MIN</a> ((<a class="reference internal" href="attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a>)0x00000001)
-</pre>
-</div>
-<div class="section" id="PSA_KEY_ID_USER_MAX">
-<span id="c.PSA_KEY_ID_USER_MAX"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_ID_USER_MAX</span></code> (macro)</h3>
-<p>The maximum value for a key identifier chosen by the application.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_ID_USER_MAX" title="PSA_KEY_ID_USER_MAX">PSA_KEY_ID_USER_MAX</a> ((<a class="reference internal" href="attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a>)0x3fffffff)
-</pre>
-</div>
-<div class="section" id="PSA_KEY_ID_VENDOR_MIN">
-<span id="c.PSA_KEY_ID_VENDOR_MIN"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_ID_VENDOR_MIN</span></code> (macro)</h3>
-<p>The minimum value for a key identifier chosen by the implementation.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_ID_VENDOR_MIN" title="PSA_KEY_ID_VENDOR_MIN">PSA_KEY_ID_VENDOR_MIN</a> ((<a class="reference internal" href="attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a>)0x40000000)
-</pre>
-</div>
-<div class="section" id="PSA_KEY_ID_VENDOR_MAX">
-<span id="c.PSA_KEY_ID_VENDOR_MAX"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_ID_VENDOR_MAX</span></code> (macro)</h3>
-<p>The maximum value for a key identifier chosen by the implementation.</p>
-<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_ID_VENDOR_MAX" title="PSA_KEY_ID_VENDOR_MAX">PSA_KEY_ID_VENDOR_MAX</a> ((<a class="reference internal" href="attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a>)0x7fffffff)
-</pre>
-</div>
-</div>
-<div class="section" id="attribute-accessors">
-<h2>Attribute accessors</h2>
-<div class="section" id="psa_set_key_lifetime">
-<span id="c.psa_set_key_lifetime"></span><h3><code class="docutils literal"><span class="pre">psa_set_key_lifetime</span></code> (function)</h3>
-<p>Set the location of a persistent key.</p>
-<pre class="literal-block">
-void <a class="reference internal" href="#c.psa_set_key_lifetime" title="psa_set_key_lifetime">psa_set_key_lifetime</a>(<a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
- <a class="reference internal" href="attributes.html#c.psa_key_lifetime_t" title="psa_key_lifetime_t">psa_key_lifetime_t</a> lifetime);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
-<dd>The attribute object to write to.</dd>
-<dt> <code class="docutils literal"><span class="pre">lifetime</span></code></dt>
-<dd>The lifetime for the key. If this is <a class="reference internal" href="#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code></a>, the key will be volatile, and the key identifier attribute is reset to <a class="reference internal" href="#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a>.</dd>
-</dl>
-<p class="rubric">Returns: <code class="docutils literal"><span class="pre">void</span></code></p>
-<p class="rubric">Description</p>
-<p>To make a key persistent, give it a persistent key identifier by using <a class="reference internal" href="#c.psa_set_key_id" title="psa_set_key_id"><code class="xref any c c-func docutils literal"><span class="pre">psa_set_key_id()</span></code></a>. By default, a key that has a persistent identifier is stored in the default storage area identifier by <a class="reference internal" href="#c.PSA_KEY_LIFETIME_PERSISTENT" title="PSA_KEY_LIFETIME_PERSISTENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code></a>. Call this function to choose a storage area, or to explicitly declare the key as volatile.</p>
-<p>This function does not access storage, it merely stores the given value in the attribute object. The persistent key will be written to storage when the attribute object is passed to a key creation function such as <a class="reference internal" href="management.html#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_import_key()</span></code></a>, <a class="reference internal" href="management.html#c.psa_generate_key" title="psa_generate_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_generate_key()</span></code></a>, <a class="reference internal" href="../ops/kdf.html#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_key()</span></code></a> or <a class="reference internal" href="management.html#c.psa_copy_key" title="psa_copy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_copy_key()</span></code></a>.</p>
-<div class="admonition-implementation-note admonition">
-<p class="first admonition-title">Implementation note</p>
-<p>This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:</p>
-<ul class="last simple">
-<li>This function can be declared as <code class="docutils literal"><span class="pre">static</span></code> or <code class="docutils literal"><span class="pre">inline</span></code>, instead of using the default external linkage.</li>
-<li>This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.</li>
-</ul>
-</div>
-</div>
-<div class="section" id="psa_get_key_lifetime">
-<span id="c.psa_get_key_lifetime"></span><h3><code class="docutils literal"><span class="pre">psa_get_key_lifetime</span></code> (function)</h3>
-<p>Retrieve the lifetime from key attributes.</p>
-<pre class="literal-block">
-<a class="reference internal" href="attributes.html#c.psa_key_lifetime_t" title="psa_key_lifetime_t">psa_key_lifetime_t</a> <a class="reference internal" href="#c.psa_get_key_lifetime" title="psa_get_key_lifetime">psa_get_key_lifetime</a>(const <a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
-<dd>The key attribute object to query.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="attributes.html#c.psa_key_lifetime_t" title="psa_key_lifetime_t"><code class="docutils literal"><span class="pre">psa_key_lifetime_t</span></code></a></p>
-<p>The lifetime value stored in the attribute object.</p>
-<p class="rubric">Description</p>
-<div class="admonition-implementation-note admonition">
-<p class="first admonition-title">Implementation note</p>
-<p>This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:</p>
-<ul class="last simple">
-<li>This function can be declared as <code class="docutils literal"><span class="pre">static</span></code> or <code class="docutils literal"><span class="pre">inline</span></code>, instead of using the default external linkage.</li>
-<li>This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.</li>
-</ul>
-</div>
-</div>
-<div class="section" id="psa_set_key_id">
-<span id="c.psa_set_key_id"></span><h3><code class="docutils literal"><span class="pre">psa_set_key_id</span></code> (function)</h3>
-<p>Declare a key as persistent and set its key identifier.</p>
-<pre class="literal-block">
-void <a class="reference internal" href="#c.psa_set_key_id" title="psa_set_key_id">psa_set_key_id</a>(<a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
- <a class="reference internal" href="attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> id);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
-<dd>The attribute object to write to.</dd>
-<dt> <code class="docutils literal"><span class="pre">id</span></code></dt>
-<dd>The persistent identifier for the key.</dd>
-</dl>
-<p class="rubric">Returns: <code class="docutils literal"><span class="pre">void</span></code></p>
-<p class="rubric">Description</p>
-<p>If the attribute object currently declares the key as volatile, which is the default lifetime of an attribute object, this function sets the lifetime attribute to <a class="reference internal" href="#c.PSA_KEY_LIFETIME_PERSISTENT" title="PSA_KEY_LIFETIME_PERSISTENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code></a>.</p>
-<p>This function does not access storage, it merely stores the given value in the attribute object. The persistent key will be written to storage when the attribute object is passed to a key creation function such as <a class="reference internal" href="management.html#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_import_key()</span></code></a>, <a class="reference internal" href="management.html#c.psa_generate_key" title="psa_generate_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_generate_key()</span></code></a>, <a class="reference internal" href="../ops/kdf.html#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_key()</span></code></a> or <a class="reference internal" href="management.html#c.psa_copy_key" title="psa_copy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_copy_key()</span></code></a>.</p>
-<div class="admonition-implementation-note admonition">
-<p class="first admonition-title">Implementation note</p>
-<p>This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:</p>
-<ul class="last simple">
-<li>This function can be declared as <code class="docutils literal"><span class="pre">static</span></code> or <code class="docutils literal"><span class="pre">inline</span></code>, instead of using the default external linkage.</li>
-<li>This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.</li>
-</ul>
-</div>
-</div>
-<div class="section" id="psa_get_key_id">
-<span id="c.psa_get_key_id"></span><h3><code class="docutils literal"><span class="pre">psa_get_key_id</span></code> (function)</h3>
-<p>Retrieve the key identifier from key attributes.</p>
-<pre class="literal-block">
-<a class="reference internal" href="attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> <a class="reference internal" href="#c.psa_get_key_id" title="psa_get_key_id">psa_get_key_id</a>(const <a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
-<dd>The key attribute object to query.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="attributes.html#c.psa_key_id_t" title="psa_key_id_t"><code class="docutils literal"><span class="pre">psa_key_id_t</span></code></a></p>
-<p>The persistent identifier stored in the attribute object. This value is unspecified if the attribute object declares the key as volatile.</p>
-<p class="rubric">Description</p>
-<div class="admonition-implementation-note admonition">
-<p class="first admonition-title">Implementation note</p>
-<p>This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:</p>
-<ul class="last simple">
-<li>This function can be declared as <code class="docutils literal"><span class="pre">static</span></code> or <code class="docutils literal"><span class="pre">inline</span></code>, instead of using the default external linkage.</li>
-<li>This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.</li>
-</ul>
-</div>
-</div>
-</div>
-</div>
-
-
- </div>
- </div>
- </div>
- <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper">
- <h3><a href="../../index.html">Table Of Contents</a></h3>
- <ul>
-<li><a class="reference internal" href="#">Key locations</a><ul>
-<li><a class="reference internal" href="#key-lifetimes">Key lifetimes</a><ul>
-<li><a class="reference internal" href="#PSA_KEY_LIFETIME_VOLATILE"><code class="docutils literal"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_LIFETIME_PERSISTENT"><code class="docutils literal"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code> (macro)</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#key-identifiers">Key identifiers</a><ul>
-<li><a class="reference internal" href="#PSA_KEY_ID_NULL"><code class="docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_ID_USER_MIN"><code class="docutils literal"><span class="pre">PSA_KEY_ID_USER_MIN</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_ID_USER_MAX"><code class="docutils literal"><span class="pre">PSA_KEY_ID_USER_MAX</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_ID_VENDOR_MIN"><code class="docutils literal"><span class="pre">PSA_KEY_ID_VENDOR_MIN</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_ID_VENDOR_MAX"><code class="docutils literal"><span class="pre">PSA_KEY_ID_VENDOR_MAX</span></code> (macro)</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#attribute-accessors">Attribute accessors</a><ul>
-<li><a class="reference internal" href="#psa_set_key_lifetime"><code class="docutils literal"><span class="pre">psa_set_key_lifetime</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_get_key_lifetime"><code class="docutils literal"><span class="pre">psa_get_key_lifetime</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_set_key_id"><code class="docutils literal"><span class="pre">psa_set_key_id</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_get_key_id"><code class="docutils literal"><span class="pre">psa_get_key_id</span></code> (function)</a></li>
-</ul>
-</li>
-</ul>
-</li>
-</ul>
-<div class="relations">
-<h3>Related Topics</h3>
-<ul>
- <li><a href="../../index.html">Documentation overview</a><ul>
- <li><a href="index.html">Key management reference</a><ul>
- <li>Previous: <a href="attributes.html" title="previous chapter">Key attributes</a></li>
- <li>Next: <a href="types.html" title="next chapter">Key types</a></li>
- </ul></li>
- </ul></li>
-</ul>
-</div>
- <div role="note" aria-label="source link">
- <h3>This Page</h3>
- <ul class="this-page-menu">
- <li><a href="../../_sources/api/keys/locations.rst.txt"
- rel="nofollow">Show Source</a></li>
- </ul>
- </div>
-<div id="searchbox" style="display: none" role="search">
- <h3>Quick search</h3>
- <form class="search" action="../../search.html" method="get">
- <div><input type="text" name="q" /></div>
- <div><input type="submit" value="Go" /></div>
- <input type="hidden" name="check_keywords" value="yes" />
- <input type="hidden" name="area" value="default" />
- </form>
-</div>
-<script type="text/javascript">$('#searchbox').show(0);</script>
- </div>
- </div>
- <div class="clearer"></div>
- </div>
- <div class="footer">
- © 2019-2020, Arm Limited or its affiliates. All rights reserved.
-
- |
- Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
- & <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
-
- |
- <a href="../../_sources/api/keys/locations.rst.txt"
- rel="nofollow">Page source</a>
- </div>
-
-
-
-
- </body>
-</html>
\ No newline at end of file
diff --git a/docs/html/api/keys/management.html b/docs/html/api/keys/management.html
index 234fa72..7452706 100644
--- a/docs/html/api/keys/management.html
+++ b/docs/html/api/keys/management.html
@@ -5,26 +5,27 @@
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>Key management functions — PSA Crypto API 1.0.0 documentation</title>
+ <title>9.6. Key management functions — PSA Crypto API 1.0.1 documentation</title>
<link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
<link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../../',
- VERSION: '1.0.0',
+ VERSION: '1.0.1',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
- HAS_SOURCE: true,
+ HAS_SOURCE: false,
SOURCELINK_SUFFIX: '.txt'
};
</script>
<script type="text/javascript" src="../../_static/jquery.js"></script>
<script type="text/javascript" src="../../_static/underscore.js"></script>
<script type="text/javascript" src="../../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../../about.html" />
<link rel="index" title="Index" href="../../genindex.html" />
<link rel="search" title="Search" href="../../search.html" />
- <link rel="next" title="Cryptographic operation reference" href="../ops/index.html" />
- <link rel="prev" title="Algorithms" href="algorithms.html" />
+ <link rel="next" title="10. Cryptographic operation reference" href="../ops/index.html" />
+ <link rel="prev" title="9.5. Key policies" href="policy.html" />
<link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
@@ -40,9 +41,22 @@
<div class="body" role="main">
<div class="section" id="key-management-functions">
-<h1>Key management functions</h1>
+<h1>9.6. Key management functions</h1>
<div class="section" id="key-creation">
-<span id="id1"></span><h2>Key creation</h2>
+<span id="id1"></span><h2>9.6.1. Key creation</h2>
+<p>New keys can be created in the following ways:</p>
+<ul class="simple">
+<li><a class="reference internal" href="#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_import_key()</span></code></a> creates a key from a data buffer provided by the application.</li>
+<li><a class="reference internal" href="#c.psa_generate_key" title="psa_generate_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_generate_key()</span></code></a> creates a key from randomly generated data.</li>
+<li><a class="reference internal" href="../ops/kdf.html#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_key()</span></code></a> creates a key from data generated by a pseudorandom derivation process. See <a class="reference internal" href="../ops/kdf.html#kdf"><span class="secref">Key derivation</span></a>.</li>
+<li><a class="reference internal" href="#c.psa_copy_key" title="psa_copy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_copy_key()</span></code></a> duplicates an existing key with a different lifetime or with a more restrictive usage policy.</li>
+</ul>
+<p>When creating a key, the attributes for the new key are specified in a <a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_attributes_t</span></code></a> object. Each key creation function defines how it uses the attributes.</p>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p>The attributes for a key are immutable after the key has been created.</p>
+<p class="last">The application must set the key algorithm policy and the appropriate key usage flags in the attributes in order for the key to be used in any cryptographic operations.</p>
+</div>
<div class="section" id="psa_import_key">
<span id="c.psa_import_key"></span><h3><code class="docutils literal"><span class="pre">psa_import_key</span></code> (function)</h3>
<p>Import a key in binary format.</p>
@@ -50,12 +64,25 @@
<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_import_key" title="psa_import_key">psa_import_key</a>(const <a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
const uint8_t * data,
size_t data_length,
- <a class="reference internal" href="attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> * key);
+ <a class="reference internal" href="ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> * key);
</pre>
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
-<dd>The attributes for the new key. The key size is always determined from the <code class="docutils literal"><span class="pre">data</span></code> buffer. If the key size in <code class="docutils literal"><span class="pre">attributes</span></code> is nonzero, it must be equal to the size from <code class="docutils literal"><span class="pre">data</span></code>.</dd>
+<dd><p class="first">The attributes for the new key.
+This function uses the attributes as follows:</p>
+<ul class="simple">
+<li>The key type is required, and determines how the <code class="docutils literal"><span class="pre">data</span></code> buffer is interpreted.</li>
+<li>The key size is always determined from the <code class="docutils literal"><span class="pre">data</span></code> buffer. If the key size in <code class="docutils literal"><span class="pre">attributes</span></code> is nonzero, it must be equal to the size determined from <code class="docutils literal"><span class="pre">data</span></code>.</li>
+<li>The key permitted-algorithm policy is required for keys that will be used for a cryptographic operation, see <a class="reference internal" href="policy.html#permitted-algorithms"><span class="secref">Permitted algorithms</span></a>.</li>
+<li>The key usage flags define what operations are permitted with the key, see <a class="reference internal" href="policy.html#key-usage-flags"><span class="secref">Key usage flags</span></a>.</li>
+<li>The key lifetime and identifier are required for a persistent key.</li>
+</ul>
+<div class="last admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">This is an input parameter: it is not updated with the final key attributes. The final attributes of the new key can be queried by calling <a class="reference internal" href="attributes.html#c.psa_get_key_attributes" title="psa_get_key_attributes"><code class="xref any c c-func docutils literal"><span class="pre">psa_get_key_attributes()</span></code></a> with the key’s identifier.</p>
+</div>
+</dd>
<dt> <code class="docutils literal"><span class="pre">data</span></code></dt>
<dd>Buffer containing the key data.
The content of this buffer is interpreted according to the type declared in <code class="docutils literal"><span class="pre">attributes</span></code>.
@@ -64,7 +91,7 @@
<dt> <code class="docutils literal"><span class="pre">data_length</span></code></dt>
<dd>Size of the <code class="docutils literal"><span class="pre">data</span></code> buffer in bytes.</dd>
<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
-<dd>On success, an identifier for the newly created key. <a class="reference internal" href="locations.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a> on failure.</dd>
+<dd>On success, an identifier for the newly created key. <a class="reference internal" href="ids.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a> on failure.</dd>
</dl>
<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
<dl class="docutils">
@@ -104,20 +131,37 @@
<p>The key data determines the key size. The attributes can optionally specify a key size; in this case it must match the size determined from the key data. A key size of <code class="docutils literal"><span class="pre">0</span></code> in <code class="docutils literal"><span class="pre">attributes</span></code> indicates that the key size is solely determined by the key data.</p>
<p>Implementations must reject an attempt to import a key of size <code class="docutils literal"><span class="pre">0</span></code>.</p>
<p>This specification defines a single format for each key type. Implementations can optionally support other formats in addition to the standard format. It is recommended that implementations that support other formats ensure that the formats are clearly unambiguous, to minimize the risk that an invalid input is accidentally interpreted according to a different format.</p>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">The PSA Crypto API does not support asymmetric private key objects outside of a key pair. To import a private key, the <code class="docutils literal"><span class="pre">attributes</span></code> must specify the corresponding key pair type. Depending on the key type, either the import format contains the public key data or the implementation will reconstruct the public key from the private key as needed.</p>
+</div>
</div>
<div class="section" id="psa_generate_key">
<span id="c.psa_generate_key"></span><h3><code class="docutils literal"><span class="pre">psa_generate_key</span></code> (function)</h3>
<p>Generate a key or key pair.</p>
<pre class="literal-block">
<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_generate_key" title="psa_generate_key">psa_generate_key</a>(const <a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
- <a class="reference internal" href="attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> * key);
+ <a class="reference internal" href="ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> * key);
</pre>
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
-<dd>The attributes for the new key.</dd>
+<dd><p class="first">The attributes for the new key.
+This function uses the attributes as follows:</p>
+<ul class="simple">
+<li>The key type is required. It cannot be an asymmetric public key.</li>
+<li>The key size is required. It must be a valid size for the key type.</li>
+<li>The key permitted-algorithm policy is required for keys that will be used for a cryptographic operation, see <a class="reference internal" href="policy.html#permitted-algorithms"><span class="secref">Permitted algorithms</span></a>.</li>
+<li>The key usage flags define what operations are permitted with the key, see <a class="reference internal" href="policy.html#key-usage-flags"><span class="secref">Key usage flags</span></a>.</li>
+<li>The key lifetime and identifier are required for a persistent key.</li>
+</ul>
+<div class="last admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">This is an input parameter: it is not updated with the final key attributes. The final attributes of the new key can be queried by calling <a class="reference internal" href="attributes.html#c.psa_get_key_attributes" title="psa_get_key_attributes"><code class="xref any c c-func docutils literal"><span class="pre">psa_get_key_attributes()</span></code></a> with the key’s identifier.</p>
+</div>
+</dd>
<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
-<dd>On success, an identifier for the newly created key. <a class="reference internal" href="locations.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a> on failure.</dd>
+<dd>On success, an identifier for the newly created key. <a class="reference internal" href="ids.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a> on failure.</dd>
</dl>
<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
<dl class="docutils">
@@ -126,9 +170,13 @@
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_ALREADY_EXISTS" title="PSA_ERROR_ALREADY_EXISTS"><code class="docutils literal"><span class="pre">PSA_ERROR_ALREADY_EXISTS</span></code></a></dt>
<dd>This is an attempt to create a persistent key, and there is already a persistent key with the given identifier.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
-<dd></dd>
+<dd>The key type or key size is not supported, either by the implementation in general or in this particular persistent location.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd></dd>
+<dd>The key attributes, as a whole, are invalid.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd>The key type is an asymmetric public key type.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd>The key size is not a valid size for the key type.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
<dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_ENTROPY" title="PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code></a></dt>
@@ -151,7 +199,7 @@
<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
</dl>
<p class="rubric">Description</p>
-<p>The key is generated randomly. Its location, usage policy, type and size are taken from <code class="docutils literal"><span class="pre">attributes</span></code>.</p>
+<p>The key is generated randomly. Its location, policy, type and size are taken from <code class="docutils literal"><span class="pre">attributes</span></code>.</p>
<p>Implementations must reject an attempt to generate a key of size <code class="docutils literal"><span class="pre">0</span></code>.</p>
<p>The following type-specific considerations apply:</p>
<ul class="simple">
@@ -162,31 +210,35 @@
<span id="c.psa_copy_key"></span><h3><code class="docutils literal"><span class="pre">psa_copy_key</span></code> (function)</h3>
<p>Make a copy of a key.</p>
<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_copy_key" title="psa_copy_key">psa_copy_key</a>(<a class="reference internal" href="attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> source_key,
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_copy_key" title="psa_copy_key">psa_copy_key</a>(<a class="reference internal" href="ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> source_key,
const <a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
- <a class="reference internal" href="attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> * target_key);
+ <a class="reference internal" href="ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> * target_key);
</pre>
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">source_key</span></code></dt>
<dd>The key to copy.
-It must allow the usage <a class="reference internal" href="usage.html#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_COPY</span></code></a>.
-If a private or secret key is being copied outside of a secure element it must also allow <a class="reference internal" href="usage.html#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code></a>.</dd>
+It must allow the usage <a class="reference internal" href="policy.html#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_COPY</span></code></a>.
+If a private or secret key is being copied outside of a secure element it must also allow <a class="reference internal" href="policy.html#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code></a>.</dd>
<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
-<dd><p class="first">The attributes for the new key. They are used as follows:</p>
-<ul class="last simple">
+<dd><p class="first">The attributes for the new key. This function uses the attributes as follows:</p>
+<ul class="simple">
<li>The key type and size can be <code class="docutils literal"><span class="pre">0</span></code>. If either is nonzero, it must match the corresponding attribute of the source key.</li>
<li>The key location (the lifetime and, for persistent keys, the key identifier) is used directly.</li>
-<li>The policy constraints (usage flags and algorithm policy) are combined from the source key and <code class="docutils literal"><span class="pre">attributes</span></code> so that both sets of restrictions apply, as described in the documentation of this function.</li>
+<li>The key policy (usage flags and permitted algorithm) are combined from the source key and <code class="docutils literal"><span class="pre">attributes</span></code> so that both sets of restrictions apply, as described in the documentation of this function.</li>
</ul>
+<div class="last admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">This is an input parameter: it is not updated with the final key attributes. The final attributes of the new key can be queried by calling <a class="reference internal" href="attributes.html#c.psa_get_key_attributes" title="psa_get_key_attributes"><code class="xref any c c-func docutils literal"><span class="pre">psa_get_key_attributes()</span></code></a> with the key’s identifier.</p>
+</div>
</dd>
<dt> <code class="docutils literal"><span class="pre">target_key</span></code></dt>
-<dd>On success, an identifier for the newly created key. <a class="reference internal" href="locations.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a> on failure.</dd>
+<dd>On success, an identifier for the newly created key. <a class="reference internal" href="ids.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a> on failure.</dd>
</dl>
<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
<dl class="docutils">
<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd></dd>
+<dd>Success. If the new key is persistent, the key material and the key’s metadata have been saved to persistent storage.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
<dd><code class="docutils literal"><span class="pre">source_key</span></code> is invalid.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_ALREADY_EXISTS" title="PSA_ERROR_ALREADY_EXISTS"><code class="docutils literal"><span class="pre">PSA_ERROR_ALREADY_EXISTS</span></code></a></dt>
@@ -194,13 +246,13 @@
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
<dd>The lifetime or identifier in <code class="docutils literal"><span class="pre">attributes</span></code> are invalid.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd>The policy constraints on <code class="docutils literal"><span class="pre">source_key</span></code> and specified in <code class="docutils literal"><span class="pre">attributes</span></code> are incompatible.</dd>
+<dd>The key policies from <code class="docutils literal"><span class="pre">source_key</span></code> and specified in <code class="docutils literal"><span class="pre">attributes</span></code> are incompatible.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
<dd><code class="docutils literal"><span class="pre">attributes</span></code> specifies a key type or key size which does not match the attributes of <code class="docutils literal"><span class="pre">source</span> <span class="pre">key</span></code>.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">source_key</span></code> does not have the <a class="reference internal" href="usage.html#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_COPY</span></code></a> usage flag.</dd>
+<dd><code class="docutils literal"><span class="pre">source_key</span></code> does not have the <a class="reference internal" href="policy.html#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_COPY</span></code></a> usage flag.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">source_key</span></code> does not have the <a class="reference internal" href="usage.html#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code></a> usage flag and its lifetime does not allow copying it to the target’s lifetime.</dd>
+<dd><code class="docutils literal"><span class="pre">source_key</span></code> does not have the <a class="reference internal" href="policy.html#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code></a> usage flag and its lifetime does not allow copying it to the target’s lifetime.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
<dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_STORAGE" title="PSA_ERROR_INSUFFICIENT_STORAGE"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_STORAGE</span></code></a></dt>
@@ -224,40 +276,40 @@
<p>Copy key material from one location to another.</p>
<p>This function is primarily useful to copy a key from one location to another, as it populates a key using the material from another key which can have a different lifetime.</p>
<p>This function can be used to share a key with a different party, subject to implementation-defined restrictions on key sharing.</p>
-<p>The policy on the source key must have the usage flag <a class="reference internal" href="usage.html#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_COPY</span></code></a> set. This flag is sufficient to permit the copy if the key has the lifetime <a class="reference internal" href="locations.html#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code></a> or <a class="reference internal" href="locations.html#c.PSA_KEY_LIFETIME_PERSISTENT" title="PSA_KEY_LIFETIME_PERSISTENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code></a>. Some secure elements do not provide a way to copy a key without making it extractable from the secure element. If a key is located in such a secure element, then the key must have both usage flags <a class="reference internal" href="usage.html#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_COPY</span></code></a> and <a class="reference internal" href="usage.html#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code></a> in order to make a copy of the key outside the secure element.</p>
+<p>The policy on the source key must have the usage flag <a class="reference internal" href="policy.html#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_COPY</span></code></a> set. This flag is sufficient to permit the copy if the key has the lifetime <a class="reference internal" href="lifetimes.html#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code></a> or <a class="reference internal" href="lifetimes.html#c.PSA_KEY_LIFETIME_PERSISTENT" title="PSA_KEY_LIFETIME_PERSISTENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code></a>. Some secure elements do not provide a way to copy a key without making it extractable from the secure element. If a key is located in such a secure element, then the key must have both usage flags <a class="reference internal" href="policy.html#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_COPY</span></code></a> and <a class="reference internal" href="policy.html#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code></a> in order to make a copy of the key outside the secure element.</p>
<p>The resulting key can only be used in a way that conforms to both the policy of the original key and the policy specified in the <code class="docutils literal"><span class="pre">attributes</span></code> parameter:</p>
<ul class="simple">
<li>The usage flags on the resulting key are the bitwise-and of the usage flags on the source policy and the usage flags in <code class="docutils literal"><span class="pre">attributes</span></code>.</li>
-<li>If both allow the same algorithm or wildcard-based algorithm policy, the resulting key has the same algorithm policy.</li>
-<li>If either of the policies allows an algorithm and the other policy allows a wildcard-based algorithm policy that includes this algorithm, the resulting key allows the same algorithm.</li>
-<li>If the policies do not allow any algorithm in common, this function fails with the status <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a>.</li>
+<li>If both permit the same algorithm or wildcard-based algorithm, the resulting key has the same permitted algorithm.</li>
+<li>If either of the policies permits an algorithm and the other policy allows a wildcard-based permitted algorithm that includes this algorithm, the resulting key uses this permitted algorithm.</li>
+<li>If the policies do not permit any algorithm in common, this function fails with the status <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a>.</li>
</ul>
<p>The effect of this function on implementation-defined attributes is implementation-defined.</p>
</div>
</div>
<div class="section" id="key-destruction">
-<span id="id2"></span><h2>Key destruction</h2>
+<span id="id2"></span><h2>9.6.2. Key destruction</h2>
<div class="section" id="psa_destroy_key">
<span id="c.psa_destroy_key"></span><h3><code class="docutils literal"><span class="pre">psa_destroy_key</span></code> (function)</h3>
<p>Destroy a key.</p>
<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_destroy_key" title="psa_destroy_key">psa_destroy_key</a>(<a class="reference internal" href="attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key);
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_destroy_key" title="psa_destroy_key">psa_destroy_key</a>(<a class="reference internal" href="ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key);
</pre>
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
<dd>Identifier of the key to erase.
-If this is <a class="reference internal" href="locations.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a>, do nothing and return <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SUCCESS</span></code></a>.</dd>
+If this is <a class="reference internal" href="ids.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a>, do nothing and return <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SUCCESS</span></code></a>.</dd>
</dl>
<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
<dl class="docutils">
<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
<dd><code class="docutils literal"><span class="pre">key</span></code> was a valid key identifier and the key material that it referred to has been erased.
-Alternatively, <code class="docutils literal"><span class="pre">key</span></code> is <a class="reference internal" href="locations.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a>.</dd>
+Alternatively, <code class="docutils literal"><span class="pre">key</span></code> is <a class="reference internal" href="ids.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a>.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
<dd>The key cannot be erased because it is read-only, either due to a policy or due to physical restrictions.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">key</span></code> is not a valid handle nor <a class="reference internal" href="locations.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a>.</dd>
+<dd><code class="docutils literal"><span class="pre">key</span></code> is not a valid handle nor <a class="reference internal" href="ids.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a>.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
<dd>There was an failure in communication with the cryptoprocessor. The key material might still be present in the cryptoprocessor.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_STORAGE_FAILURE" title="PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code></a></dt>
@@ -281,7 +333,7 @@
<span id="c.psa_purge_key"></span><h3><code class="docutils literal"><span class="pre">psa_purge_key</span></code> (function)</h3>
<p>Remove non-essential copies of key material from memory.</p>
<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_purge_key" title="psa_purge_key">psa_purge_key</a>(<a class="reference internal" href="attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key);
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_purge_key" title="psa_purge_key">psa_purge_key</a>(<a class="reference internal" href="ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key);
</pre>
<p class="rubric">Parameters</p>
<dl class="docutils">
@@ -308,24 +360,23 @@
<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
</dl>
<p class="rubric">Description</p>
-<p>An implementation is permitted to make additional copies of key material
-For keys that have been created with the <a class="reference internal" href="usage.html#c.PSA_KEY_USAGE_CACHE" title="PSA_KEY_USAGE_CACHE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_CACHE</span></code></a> policy, an implementation is permitted to make additional copies of the key material that are not in storage and not for the purpose of ongoing operations.</p>
+<p>For keys that have been created with the <a class="reference internal" href="policy.html#c.PSA_KEY_USAGE_CACHE" title="PSA_KEY_USAGE_CACHE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_CACHE</span></code></a> usage flag, an implementation is permitted to make additional copies of the key material that are not in storage and not for the purpose of ongoing operations.</p>
<p>This function will remove these extra copies of the key material from memory.</p>
<p>This function is not required to remove key material from memory in any of the following situations:</p>
<ul class="simple">
<li>The key is currently in use in a cryptographic operation.</li>
<li>The key is volatile.</li>
</ul>
-<p>See also <em><a class="reference internal" href="../../overview/implementation.html#key-material"><span class="std std-ref">Managing key material</span></a></em>.</p>
+<p>See also <a class="reference internal" href="../../overview/implementation.html#key-material"><span class="secref">Managing key material</span></a>.</p>
</div>
</div>
<div class="section" id="key-export">
-<span id="id3"></span><h2>Key export</h2>
+<span id="id3"></span><h2>9.6.3. Key export</h2>
<div class="section" id="psa_export_key">
<span id="c.psa_export_key"></span><h3><code class="docutils literal"><span class="pre">psa_export_key</span></code> (function)</h3>
<p>Export a key in binary format.</p>
<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_export_key" title="psa_export_key">psa_export_key</a>(<a class="reference internal" href="attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_export_key" title="psa_export_key">psa_export_key</a>(<a class="reference internal" href="ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
uint8_t * data,
size_t data_size,
size_t * data_length);
@@ -334,7 +385,7 @@
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
<dd>Identifier of the key to export.
-It must allow the usage <a class="reference internal" href="usage.html#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code></a>, unless it is a public key.</dd>
+It must allow the usage <a class="reference internal" href="policy.html#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code></a>, unless it is a public key.</dd>
<dt> <code class="docutils literal"><span class="pre">data</span></code></dt>
<dd>Buffer where the key data is to be written.</dd>
<dt> <code class="docutils literal"><span class="pre">data_size</span></code></dt>
@@ -342,7 +393,9 @@
This must be appropriate for the key:</p>
<ul class="last simple">
<li>The required output size is <a class="reference internal" href="#c.PSA_EXPORT_KEY_OUTPUT_SIZE" title="PSA_EXPORT_KEY_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_EXPORT_KEY_OUTPUT_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">bits</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">type</span></code> is the key type and <code class="docutils literal"><span class="pre">bits</span></code> is the key size in bits.</li>
-<li>For asymmetric keys, <a class="reference internal" href="#c.PSA_EXPORT_KEY_PAIR_MAX_SIZE" title="PSA_EXPORT_KEY_PAIR_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_EXPORT_KEY_PAIR_MAX_SIZE</span></code></a> evaluates to the maximum output size of any supported public key or key pair.</li>
+<li><a class="reference internal" href="#c.PSA_EXPORT_KEY_PAIR_MAX_SIZE" title="PSA_EXPORT_KEY_PAIR_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_EXPORT_KEY_PAIR_MAX_SIZE</span></code></a> evaluates to the maximum output size of any supported key pair.</li>
+<li><a class="reference internal" href="#c.PSA_EXPORT_PUBLIC_KEY_MAX_SIZE" title="PSA_EXPORT_PUBLIC_KEY_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_EXPORT_PUBLIC_KEY_MAX_SIZE</span></code></a> evaluates to the maximum output size of any supported public key.</li>
+<li>This API defines no maximum size for symmetric keys. Arbitrarily large data items can be stored in the key store, for example certificates that correspond to a stored private key or input material for key derivation.</li>
</ul>
</dd>
<dt> <code class="docutils literal"><span class="pre">data_length</span></code></dt>
@@ -355,7 +408,7 @@
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
<dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>The key does not have the <a class="reference internal" href="usage.html#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code></a> flag.</dd>
+<dd>The key does not have the <a class="reference internal" href="policy.html#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code></a> flag.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
<dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
@@ -382,26 +435,68 @@
<p>The output of this function can be passed to <a class="reference internal" href="#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_import_key()</span></code></a> to create an equivalent object.</p>
<p>If the implementation of <a class="reference internal" href="#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_import_key()</span></code></a> supports other formats beyond the format specified here, the output from <a class="reference internal" href="#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_key()</span></code></a> must use the representation specified here, not the original representation.</p>
<p>For standard key types, the output format is as follows:</p>
-<ul class="simple">
-<li>For symmetric keys, including MAC keys, the format is the raw bytes of the key.</li>
-<li>For DES, the key data consists of 8 bytes. The parity bits must be correct.</li>
-<li>For Triple-DES, the format is the concatenation of the two or three DES keys.</li>
-<li>For RSA key pairs, with key type <a class="reference internal" href="types.html#c.PSA_KEY_TYPE_RSA_KEY_PAIR" title="PSA_KEY_TYPE_RSA_KEY_PAIR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_RSA_KEY_PAIR</span></code></a>, the format is the non-encrypted DER encoding of the representation defined by PKCS#1 in <a class="reference external" href="https://tools.ietf.org/html/rfc8017.html">RFC 8017</a> as <code class="docutils literal"><span class="pre">RSAPrivateKey</span></code>, version <code class="docutils literal"><span class="pre">0</span></code>.</li>
-<li>For elliptic curve key pairs, with key types for which <a class="reference internal" href="types.html#c.PSA_KEY_TYPE_IS_ECC_KEY_PAIR" title="PSA_KEY_TYPE_IS_ECC_KEY_PAIR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ECC_KEY_PAIR()</span></code></a> is true, the format is a representation of the private value.<ul>
-<li>For Weierstrass curve families <code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECT_XX</span></code>, <code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECP_XX</span></code>, <a class="reference internal" href="types.html#c.PSA_ECC_FAMILY_FRP" title="PSA_ECC_FAMILY_FRP"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_FRP</span></code></a> and <a class="reference internal" href="types.html#c.PSA_ECC_FAMILY_BRAINPOOL_P_R1" title="PSA_ECC_FAMILY_BRAINPOOL_P_R1"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_BRAINPOOL_P_R1</span></code></a>, the content of the <code class="docutils literal"><span class="pre">privateKey</span></code> field of the <code class="docutils literal"><span class="pre">ECPrivateKey</span></code> format defined by <a class="reference external" href="https://tools.ietf.org/html/rfc5915.html">RFC 5915</a>. This is a <code class="docutils literal"><span class="pre">ceiling(m/8)</span></code>-byte string in big-endian order where <code class="docutils literal"><span class="pre">m</span></code> is the key size in bits.</li>
-<li>For curve family <a class="reference internal" href="types.html#c.PSA_ECC_FAMILY_MONTGOMERY" title="PSA_ECC_FAMILY_MONTGOMERY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_MONTGOMERY</span></code></a>, the scalar value of the ‘private key’ in little-endian order as defined by <a class="reference external" href="https://tools.ietf.org/html/rfc7748.html#section-6">RFC 7748 §6</a>. This is a <code class="docutils literal"><span class="pre">ceiling(m/8)</span></code>-byte string where <code class="docutils literal"><span class="pre">m</span></code> is the key size in bits. This is 32 bytes for Curve25519, and 56 bytes for Curve448.</li>
+<ul>
+<li><p class="first">For symmetric keys, excluding HMAC keys, the format is the raw bytes of the key.</p>
+</li>
+<li><p class="first">For HMAC keys that are shorter than, or equal in size to, the underlying hash algorithm block size, the format is the raw bytes of the key.</p>
+<p>For HMAC keys that are longer than the underlying hash algorithm block size, the format is an <a class="reference internal" href="../../about.html#term-implementation-defined"><span class="scterm">implementation defined</span></a> choice between the following formats:</p>
+<ol class="arabic simple">
+<li>The raw bytes of the key.</li>
+<li>The raw bytes of the hash of the key, using the underlying hash algorithm.</li>
+</ol>
+<p>See also <a class="reference internal" href="types.html#c.PSA_KEY_TYPE_HMAC" title="PSA_KEY_TYPE_HMAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_HMAC</span></code></a>.</p>
+</li>
+<li><p class="first">For DES, the key data consists of 8 bytes. The parity bits must be correct.</p>
+</li>
+<li><p class="first">For Triple-DES, the format is the concatenation of the two or three DES keys.</p>
+</li>
+<li><p class="first">For RSA key pairs, with key type <a class="reference internal" href="types.html#c.PSA_KEY_TYPE_RSA_KEY_PAIR" title="PSA_KEY_TYPE_RSA_KEY_PAIR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_RSA_KEY_PAIR</span></code></a>, the format is the non-encrypted DER encoding of the representation defined by in <span><em>PKCS #1: RSA Cryptography Specifications Version 2.2</em> <a class="reference internal" href="../../about.html#citation-rfc8017"><span class="cite">[RFC8017]</span></a></span> as <code class="docutils literal"><span class="pre">RSAPrivateKey</span></code>, version <code class="docutils literal"><span class="pre">0</span></code>.</p>
+<div class="system-message">
+<p class="system-message-title">System Message: WARNING/2 (<tt class="docutils">/var/lib/builds/sphinx-source/api/keys/management.rst</tt>, line 374)</p>
+<p>Cannot analyze code. No Pygments lexer found for “none”.</p>
+<div class="highlight-none"><div class="highlight"><pre><span></span>.. code:: none
+
+ RSAPrivateKey ::= SEQUENCE {
+ version INTEGER, -- must be 0
+ modulus INTEGER, -- n
+ publicExponent INTEGER, -- e
+ privateExponent INTEGER, -- d
+ prime1 INTEGER, -- p
+ prime2 INTEGER, -- q
+ exponent1 INTEGER, -- d mod (p-1)
+ exponent2 INTEGER, -- d mod (q-1)
+ coefficient INTEGER, -- (inverse of q) mod p
+ }
+</pre></div>
+</div>
+</div>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">Although it is possible to define an RSA key pair or private key using a subset of these elements, the output from <a class="reference internal" href="#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_key()</span></code></a> for an RSA key pair must include all of these elements.</p>
+</div>
+</li>
+<li><p class="first">For elliptic curve key pairs, with key types for which <a class="reference internal" href="types.html#c.PSA_KEY_TYPE_IS_ECC_KEY_PAIR" title="PSA_KEY_TYPE_IS_ECC_KEY_PAIR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ECC_KEY_PAIR()</span></code></a> is true, the format is a representation of the private value.</p>
+<ul>
+<li><p class="first">For Weierstrass curve families <code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECT_XX</span></code>, <code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECP_XX</span></code>, <a class="reference internal" href="types.html#c.PSA_ECC_FAMILY_FRP" title="PSA_ECC_FAMILY_FRP"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_FRP</span></code></a> and <a class="reference internal" href="types.html#c.PSA_ECC_FAMILY_BRAINPOOL_P_R1" title="PSA_ECC_FAMILY_BRAINPOOL_P_R1"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_BRAINPOOL_P_R1</span></code></a>, the content of the <code class="docutils literal"><span class="pre">privateKey</span></code> field of the <code class="docutils literal"><span class="pre">ECPrivateKey</span></code> format defined by <span><em>Elliptic Curve Private Key Structure</em> <a class="reference internal" href="../../about.html#citation-rfc5915"><span class="cite">[RFC5915]</span></a></span>.</p>
+<p>This is a <code class="docutils literal"><span class="pre">ceiling(m/8)</span></code>-byte string in big-endian order where <code class="docutils literal"><span class="pre">m</span></code> is the key size in bits.</p>
+</li>
+<li><p class="first">For curve family <a class="reference internal" href="types.html#c.PSA_ECC_FAMILY_MONTGOMERY" title="PSA_ECC_FAMILY_MONTGOMERY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_MONTGOMERY</span></code></a>, the scalar value of the ‘private key’ in little-endian order as defined by <span><em>Elliptic Curves for Security</em> <a class="reference internal" href="../../about.html#citation-rfc7748"><span class="cite">[RFC7748]</span></a></span> <a class="reference external" href="https://tools.ietf.org/html/rfc7748.html#section-6">§6</a>. The value must have the forced bits set to zero or one as specified by <code class="docutils literal"><span class="pre">decodeScalar25519()</span></code> and <code class="docutils literal"><span class="pre">decodeScalar448()</span></code> in <a class="reference internal" href="../../about.html#citation-rfc7748"><span class="cite">[RFC7748]</span></a> <a class="reference external" href="https://tools.ietf.org/html/rfc7748.html#section-5">§5</a>.</p>
+<p>This is a <code class="docutils literal"><span class="pre">ceiling(m/8)</span></code>-byte string where <code class="docutils literal"><span class="pre">m</span></code> is the key size in bits. This is 32 bytes for Curve25519, and 56 bytes for Curve448.</p>
+</li>
</ul>
</li>
-<li>For Diffie-Hellman key exchange key pairs, with key types for which <a class="reference internal" href="types.html#c.PSA_KEY_TYPE_IS_DH_KEY_PAIR" title="PSA_KEY_TYPE_IS_DH_KEY_PAIR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_IS_DH_KEY_PAIR()</span></code></a> is true, the format is the representation of the private key <code class="docutils literal"><span class="pre">x</span></code> as a big-endian byte string. The length of the byte string is the private key size in bytes, and leading zeroes are not stripped.</li>
-<li>For public keys, with key types for which <a class="reference internal" href="types.html#c.PSA_KEY_TYPE_IS_PUBLIC_KEY" title="PSA_KEY_TYPE_IS_PUBLIC_KEY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_IS_PUBLIC_KEY()</span></code></a> is true, the format is the same as for <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_public_key()</span></code></a>.</li>
+<li><p class="first">For Diffie-Hellman key exchange key pairs, with key types for which <a class="reference internal" href="types.html#c.PSA_KEY_TYPE_IS_DH_KEY_PAIR" title="PSA_KEY_TYPE_IS_DH_KEY_PAIR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_IS_DH_KEY_PAIR()</span></code></a> is true, the format is the representation of the private key <code class="docutils literal"><span class="pre">x</span></code> as a big-endian byte string. The length of the byte string is the private key size in bytes, and leading zeroes are not stripped.</p>
+</li>
+<li><p class="first">For public keys, with key types for which <a class="reference internal" href="types.html#c.PSA_KEY_TYPE_IS_PUBLIC_KEY" title="PSA_KEY_TYPE_IS_PUBLIC_KEY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_IS_PUBLIC_KEY()</span></code></a> is true, the format is the same as for <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_public_key()</span></code></a>.</p>
+</li>
</ul>
-<p>The policy on the key must have the usage flag <a class="reference internal" href="usage.html#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code></a> set.</p>
+<p>The policy on the key must have the usage flag <a class="reference internal" href="policy.html#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code></a> set.</p>
</div>
<div class="section" id="psa_export_public_key">
<span id="c.psa_export_public_key"></span><h3><code class="docutils literal"><span class="pre">psa_export_public_key</span></code> (function)</h3>
<p>Export a public key or the public part of a key pair in binary format.</p>
<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key">psa_export_public_key</a>(<a class="reference internal" href="attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key">psa_export_public_key</a>(<a class="reference internal" href="ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
uint8_t * data,
size_t data_size,
size_t * data_length);
@@ -457,23 +552,37 @@
<p>The output of this function can be passed to <a class="reference internal" href="#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_import_key()</span></code></a> to create an object that is equivalent to the public key.</p>
<p>If the implementation of <a class="reference internal" href="#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_import_key()</span></code></a> supports other formats beyond the format specified here, the output from <a class="reference internal" href="#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_public_key()</span></code></a> must use the representation specified here, not the original representation.</p>
<p>For standard key types, the output format is as follows:</p>
+<ul>
+<li><p class="first">For RSA public keys, with key type <a class="reference internal" href="types.html#c.PSA_KEY_TYPE_RSA_PUBLIC_KEY" title="PSA_KEY_TYPE_RSA_PUBLIC_KEY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_RSA_PUBLIC_KEY</span></code></a>, the DER encoding of the representation defined by <span><em>Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile</em> <a class="reference internal" href="../../about.html#citation-rfc3279"><span class="cite">[RFC3279]</span></a></span> <a class="reference external" href="https://tools.ietf.org/html/rfc3279.html#section-2.3.1">§2.3.1</a> as <code class="docutils literal"><span class="pre">RSAPublicKey</span></code>.</p>
+<div class="system-message">
+<p class="system-message-title">System Message: WARNING/2 (<tt class="docutils">/var/lib/builds/sphinx-source/api/keys/management.rst</tt>, line 454)</p>
+<p>Cannot analyze code. No Pygments lexer found for “none”.</p>
+<div class="highlight-none"><div class="highlight"><pre><span></span>.. code:: none
+
+ RSAPublicKey ::= SEQUENCE {
+ modulus INTEGER, -- n
+ publicExponent INTEGER } -- e
+</pre></div>
+</div>
+</div>
+</li>
+<li><p class="first">For elliptic curve key pairs, with key types for which <a class="reference internal" href="types.html#c.PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY" title="PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY()</span></code></a> is true, the format depends on the key family:</p>
<ul class="simple">
-<li>For RSA public keys, with key type <a class="reference internal" href="types.html#c.PSA_KEY_TYPE_RSA_PUBLIC_KEY" title="PSA_KEY_TYPE_RSA_PUBLIC_KEY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_RSA_PUBLIC_KEY</span></code></a>, the DER encoding of the representation defined by <a class="reference external" href="https://tools.ietf.org/html/rfc3279.html#section-2.3.1">RFC 3279 §2.3.1</a> as <code class="docutils literal"><span class="pre">RSAPublicKey</span></code>.</li>
-<li>For elliptic curve key pairs, with key types for which <a class="reference internal" href="types.html#c.PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY" title="PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY()</span></code></a> is true, the format depends on the key family:<ul>
-<li>For Weierstrass curve families <code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECT_XX</span></code>, <code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECP_XX</span></code>, <a class="reference internal" href="types.html#c.PSA_ECC_FAMILY_FRP" title="PSA_ECC_FAMILY_FRP"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_FRP</span></code></a> and <a class="reference internal" href="types.html#c.PSA_ECC_FAMILY_BRAINPOOL_P_R1" title="PSA_ECC_FAMILY_BRAINPOOL_P_R1"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_BRAINPOOL_P_R1</span></code></a>, the uncompressed representation defined by <em>Standards for Efficient Cryptography</em>, <a class="reference external" href="https://www.secg.org/sec1-v2.pdf"><em>SEC 1: Elliptic Curve Cryptography</em></a> §2.3.3 as the content of an <code class="docutils literal"><span class="pre">ECPoint</span></code>. If <code class="docutils literal"><span class="pre">m</span></code> is the bit size associated with the curve, i.e. the bit size of <code class="docutils literal"><span class="pre">q</span></code> for a curve over <code class="docutils literal"><span class="pre">F_q</span></code>. The representation consists of:<ul>
+<li>For Weierstrass curve families <code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECT_XX</span></code>, <code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECP_XX</span></code>, <a class="reference internal" href="types.html#c.PSA_ECC_FAMILY_FRP" title="PSA_ECC_FAMILY_FRP"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_FRP</span></code></a> and <a class="reference internal" href="types.html#c.PSA_ECC_FAMILY_BRAINPOOL_P_R1" title="PSA_ECC_FAMILY_BRAINPOOL_P_R1"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_BRAINPOOL_P_R1</span></code></a>, the uncompressed representation of an elliptic curve point as an octet string defined in <span><em>SEC 1: Elliptic Curve Cryptography</em> <a class="reference internal" href="../../about.html#citation-sec1"><span class="cite">[SEC1]</span></a></span> §2.3.3. If <code class="docutils literal"><span class="pre">m</span></code> is the bit size associated with the curve, i.e. the bit size of <code class="docutils literal"><span class="pre">q</span></code> for a curve over <code class="docutils literal"><span class="pre">F_q</span></code>. The representation consists of:<ul>
<li>The byte <code class="docutils literal"><span class="pre">0x04</span></code>;</li>
<li><code class="docutils literal"><span class="pre">x_P</span></code> as a <code class="docutils literal"><span class="pre">ceiling(m/8)</span></code>-byte string, big-endian;</li>
<li><code class="docutils literal"><span class="pre">y_P</span></code> as a <code class="docutils literal"><span class="pre">ceiling(m/8)</span></code>-byte string, big-endian.</li>
</ul>
</li>
-<li>For curve family <a class="reference internal" href="types.html#c.PSA_ECC_FAMILY_MONTGOMERY" title="PSA_ECC_FAMILY_MONTGOMERY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_MONTGOMERY</span></code></a>, the scalar value of the ‘public key’ in little-endian order as defined by <a class="reference external" href="https://tools.ietf.org/html/rfc7748.html#section-6">RFC 7748 §6</a>. This is a <code class="docutils literal"><span class="pre">ceiling(m/8)</span></code>-byte string where <code class="docutils literal"><span class="pre">m</span></code> is the key size in bits.<ul>
+<li>For curve family <a class="reference internal" href="types.html#c.PSA_ECC_FAMILY_MONTGOMERY" title="PSA_ECC_FAMILY_MONTGOMERY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_MONTGOMERY</span></code></a>, the scalar value of the ‘public key’ in little-endian order as defined by <span><em>Elliptic Curves for Security</em> <a class="reference internal" href="../../about.html#citation-rfc7748"><span class="cite">[RFC7748]</span></a></span> <a class="reference external" href="https://tools.ietf.org/html/rfc7748.html#section-6">§6</a>. This is a <code class="docutils literal"><span class="pre">ceiling(m/8)</span></code>-byte string where <code class="docutils literal"><span class="pre">m</span></code> is the key size in bits.<ul>
<li>This is 32 bytes for Curve25519, computed as <code class="docutils literal"><span class="pre">X25519(private_key,</span> <span class="pre">9)</span></code>.</li>
<li>This is 56 bytes for Curve448, computed as <code class="docutils literal"><span class="pre">X448(private_key,</span> <span class="pre">5)</span></code>.</li>
</ul>
</li>
</ul>
</li>
-<li>For Diffie-Hellman key exchange public keys, with key types for which <a class="reference internal" href="types.html#c.PSA_KEY_TYPE_IS_DH_PUBLIC_KEY" title="PSA_KEY_TYPE_IS_DH_PUBLIC_KEY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_IS_DH_PUBLIC_KEY</span></code></a> is true, the format is the representation of the public key <code class="docutils literal"><span class="pre">y</span> <span class="pre">=</span> <span class="pre">g^x</span> <span class="pre">mod</span> <span class="pre">p</span></code> as a big-endian byte string. The length of the byte string is the length of the base prime <code class="docutils literal"><span class="pre">p</span></code> in bytes.</li>
+<li><p class="first">For Diffie-Hellman key exchange public keys, with key types for which <a class="reference internal" href="types.html#c.PSA_KEY_TYPE_IS_DH_PUBLIC_KEY" title="PSA_KEY_TYPE_IS_DH_PUBLIC_KEY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_IS_DH_PUBLIC_KEY</span></code></a> is true, the format is the representation of the public key <code class="docutils literal"><span class="pre">y</span> <span class="pre">=</span> <span class="pre">g^x</span> <span class="pre">mod</span> <span class="pre">p</span></code> as a big-endian byte string. The length of the byte string is the length of the base prime <code class="docutils literal"><span class="pre">p</span></code> in bytes.</p>
+</li>
</ul>
<p>Exporting a public key object or the public part of a key pair is always permitted, regardless of the key’s usage flags.</p>
</div>
@@ -506,7 +615,7 @@
status = <a class="reference internal" href="attributes.html#c.psa_get_key_attributes" title="psa_get_key_attributes">psa_get_key_attributes</a>(key, &attributes);
if (status != <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS">PSA_SUCCESS</a>)
handle_error(...);
-<a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a> key_type = <a class="reference internal" href="types.html#c.psa_get_key_type" title="psa_get_key_type">psa_get_key_type</a>(&attributes);
+<a class="reference internal" href="types.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a> key_type = <a class="reference internal" href="types.html#c.psa_get_key_type" title="psa_get_key_type">psa_get_key_type</a>(&attributes);
size_t key_bits = <a class="reference internal" href="types.html#c.psa_get_key_bits" title="psa_get_key_bits">psa_get_key_bits</a>(&attributes);
size_t buffer_size = <a class="reference internal" href="#c.PSA_EXPORT_KEY_OUTPUT_SIZE" title="PSA_EXPORT_KEY_OUTPUT_SIZE">PSA_EXPORT_KEY_OUTPUT_SIZE</a>(key_type, key_bits);
<a class="reference internal" href="attributes.html#c.psa_reset_key_attributes" title="psa_reset_key_attributes">psa_reset_key_attributes</a>(&attributes);
@@ -550,7 +659,7 @@
status = <a class="reference internal" href="attributes.html#c.psa_get_key_attributes" title="psa_get_key_attributes">psa_get_key_attributes</a>(key, &attributes);
if (status != <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS">PSA_SUCCESS</a>)
handle_error(...);
-<a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a> key_type = <a class="reference internal" href="types.html#c.psa_get_key_type" title="psa_get_key_type">psa_get_key_type</a>(&attributes);
+<a class="reference internal" href="types.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a> key_type = <a class="reference internal" href="types.html#c.psa_get_key_type" title="psa_get_key_type">psa_get_key_type</a>(&attributes);
size_t key_bits = <a class="reference internal" href="types.html#c.psa_get_key_bits" title="psa_get_key_bits">psa_get_key_bits</a>(&attributes);
size_t buffer_size = <a class="reference internal" href="#c.PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE" title="PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE">PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE</a>(key_type, key_bits);
<a class="reference internal" href="attributes.html#c.psa_reset_key_attributes" title="psa_reset_key_attributes">psa_reset_key_attributes</a>(&attributes);
@@ -592,51 +701,47 @@
</div>
</div>
<div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper">
- <h3><a href="../../index.html">Table Of Contents</a></h3>
- <ul>
-<li><a class="reference internal" href="#">Key management functions</a><ul>
-<li><a class="reference internal" href="#key-creation">Key creation</a><ul>
-<li><a class="reference internal" href="#psa_import_key"><code class="docutils literal"><span class="pre">psa_import_key</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_generate_key"><code class="docutils literal"><span class="pre">psa_generate_key</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_copy_key"><code class="docutils literal"><span class="pre">psa_copy_key</span></code> (function)</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#key-destruction">Key destruction</a><ul>
-<li><a class="reference internal" href="#psa_destroy_key"><code class="docutils literal"><span class="pre">psa_destroy_key</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_purge_key"><code class="docutils literal"><span class="pre">psa_purge_key</span></code> (function)</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#key-export">Key export</a><ul>
-<li><a class="reference internal" href="#psa_export_key"><code class="docutils literal"><span class="pre">psa_export_key</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_export_public_key"><code class="docutils literal"><span class="pre">psa_export_public_key</span></code> (function)</a></li>
-<li><a class="reference internal" href="#PSA_EXPORT_KEY_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_EXPORT_KEY_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_EXPORT_KEY_PAIR_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_EXPORT_KEY_PAIR_MAX_SIZE</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_EXPORT_PUBLIC_KEY_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_EXPORT_PUBLIC_KEY_MAX_SIZE</span></code> (macro)</a></li>
-</ul>
-</li>
-</ul>
-</li>
-</ul>
-<div class="relations">
-<h3>Related Topics</h3>
+ <div class="sphinxsidebarwrapper"><h3><a href="../../index.html"><b>PSA Crypto API</b></a></h3>
+IHI 0086<br/>
+Non-confidential<br/>
+Version 1.0.1
+<span style="color: red; font-weight: bold;"></span>
<ul>
- <li><a href="../../index.html">Documentation overview</a><ul>
- <li><a href="index.html">Key management reference</a><ul>
- <li>Previous: <a href="algorithms.html" title="previous chapter">Algorithms</a></li>
- <li>Next: <a href="../ops/index.html" title="next chapter">Cryptographic operation reference</a></li>
- </ul></li>
- </ul></li>
+<li class="toctree-l1"><a class="reference internal" href="../../about.html">About this document</a></li>
</ul>
-</div>
- <div role="note" aria-label="source link">
- <h3>This Page</h3>
- <ul class="this-page-menu">
- <li><a href="../../_sources/api/keys/management.rst.txt"
- rel="nofollow">Show Source</a></li>
- </ul>
- </div>
+<ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../../overview/intro.html">1. Introduction</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/goals.html">2. Design goals</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/functionality.html">3. Functionality overview</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/sample-arch.html">4. Sample architectures</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/conventions.html">5. Library conventions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/implementation.html">6. Implementation considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/usage.html">7. Usage considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../library/index.html">8. Library management reference</a></li>
+<li class="toctree-l1 current"><a class="reference internal" href="index.html">9. Key management reference</a><ul class="current">
+<li class="toctree-l2"><a class="reference internal" href="attributes.html">9.1. Key attributes</a></li>
+<li class="toctree-l2"><a class="reference internal" href="types.html">9.2. Key types</a></li>
+<li class="toctree-l2"><a class="reference internal" href="lifetimes.html">9.3. Key lifetimes</a></li>
+<li class="toctree-l2"><a class="reference internal" href="ids.html">9.4. Key identifiers</a></li>
+<li class="toctree-l2"><a class="reference internal" href="policy.html">9.5. Key policies</a></li>
+<li class="toctree-l2 current"><a class="current reference internal" href="#">9.6. Key management functions</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#key-creation">9.6.1. Key creation</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#key-destruction">9.6.2. Key destruction</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#key-export">9.6.3. Key export</a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="../ops/index.html">10. Cryptographic operation reference</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/example_header.html">Example header file</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/specdef_values.html">Example macro implementations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/history.html">Changes to the API</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../../psa_c-identifiers.html">Index of API elements</a></li>
+</ul>
<div id="searchbox" style="display: none" role="search">
<h3>Quick search</h3>
<form class="search" action="../../search.html" method="get">
@@ -652,15 +757,12 @@
<div class="clearer"></div>
</div>
<div class="footer">
- © 2019-2020, Arm Limited or its affiliates. All rights reserved.
+ © 2018-2020, Arm Limited or its affiliates. All rights reserved.
|
Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
& <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
- |
- <a href="../../_sources/api/keys/management.rst.txt"
- rel="nofollow">Page source</a>
</div>
diff --git a/docs/html/api/keys/usage.html b/docs/html/api/keys/policy.html
similarity index 60%
rename from docs/html/api/keys/usage.html
rename to docs/html/api/keys/policy.html
index 984b37c..7cf34e4 100644
--- a/docs/html/api/keys/usage.html
+++ b/docs/html/api/keys/policy.html
@@ -5,26 +5,27 @@
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>Key policies — PSA Crypto API 1.0.0 documentation</title>
+ <title>9.5. Key policies — PSA Crypto API 1.0.1 documentation</title>
<link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
<link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../../',
- VERSION: '1.0.0',
+ VERSION: '1.0.1',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
- HAS_SOURCE: true,
+ HAS_SOURCE: false,
SOURCELINK_SUFFIX: '.txt'
};
</script>
<script type="text/javascript" src="../../_static/jquery.js"></script>
<script type="text/javascript" src="../../_static/underscore.js"></script>
<script type="text/javascript" src="../../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../../about.html" />
<link rel="index" title="Index" href="../../genindex.html" />
<link rel="search" title="Search" href="../../search.html" />
- <link rel="next" title="Algorithms" href="algorithms.html" />
- <link rel="prev" title="Key types" href="types.html" />
+ <link rel="next" title="9.6. Key management functions" href="management.html" />
+ <link rel="prev" title="9.4. Key identifiers" href="ids.html" />
<link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
@@ -40,14 +41,97 @@
<div class="body" role="main">
<div class="section" id="key-policies">
-<span id="key-usage"></span><h1>Key policies</h1>
+<span id="key-policy"></span><h1>9.5. Key policies</h1>
+<p>All keys have an associated policy that regulates which operations are permitted on the key. A key policy is composed of two elements:</p>
+<ul class="simple">
+<li>A set of usage flags. See <a class="reference internal" href="#key-usage-flags"><span class="secref">Key usage flags</span></a>.</li>
+<li>A specific algorithm that is permitted with the key. See <a class="reference internal" href="#permitted-algorithms"><span class="secref">Permitted algorithms</span></a>.</li>
+</ul>
+<p>The policy is part of the key attributes that are managed by a <a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_attributes_t</span></code></a> object.</p>
+<p>A highly constrained implementation might not be able to support all the policies that can be expressed through this interface. If an implementation cannot create a key with the required policy, it must return an appropriate error code when the key is created.</p>
+<div class="section" id="permitted-algorithms">
+<span id="id1"></span><h2>9.5.1. Permitted algorithms</h2>
+<p>The permitted algorithm is encoded using a algorithm identifier, as described in <a class="reference internal" href="../ops/algorithms.html#algorithms"><span class="secref">Algorithms</span></a>.</p>
+<p>This specification only defines policies that restrict keys to a single algorithm, which is consistent with both common practice and security good practice.</p>
+<p>The following algorithm policies are supported:</p>
+<ul class="simple">
+<li><a class="reference internal" href="../ops/algorithms.html#c.PSA_ALG_NONE" title="PSA_ALG_NONE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_NONE</span></code></a> does not allow any cryptographic operation with the key. The key can still be used for non-cryptographic actions such as exporting, if permitted by the usage flags.</li>
+<li>A specific algorithm value permits this particular algorithm.</li>
+<li>A signature algorithm wildcard built from <a class="reference internal" href="../ops/sign.html#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code></a> allows the specified signature scheme with any hash algorithm.</li>
+</ul>
+<p>When a key is used in a cryptographic operation, the application must supply the algorithm to use for the operation. This algorithm is checked against the key’s permitted algorithm policy.</p>
+<div class="section" id="psa_set_key_algorithm">
+<span id="c.psa_set_key_algorithm"></span><h3><code class="docutils literal"><span class="pre">psa_set_key_algorithm</span></code> (function)</h3>
+<p>Declare the permitted algorithm policy for a key.</p>
+<pre class="literal-block">
+void <a class="reference internal" href="#c.psa_set_key_algorithm" title="psa_set_key_algorithm">psa_set_key_algorithm</a>(<a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
+ <a class="reference internal" href="../ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
+<dd>The attribute object to write to.</dd>
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>The permitted algorithm to write.</dd>
+</dl>
+<p class="rubric">Returns: <code class="docutils literal"><span class="pre">void</span></code></p>
+<p class="rubric">Description</p>
+<p>The permitted algorithm policy of a key encodes which algorithm or algorithms are permitted to be used with this key.</p>
+<p>This function overwrites any permitted algorithm policy previously set in <code class="docutils literal"><span class="pre">attributes</span></code>.</p>
+<div class="admonition-implementation-note admonition">
+<p class="first admonition-title">Implementation note</p>
+<p>This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:</p>
+<ul class="last simple">
+<li>This function can be declared as <code class="docutils literal"><span class="pre">static</span></code> or <code class="docutils literal"><span class="pre">inline</span></code>, instead of using the default external linkage.</li>
+<li>This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.</li>
+</ul>
+</div>
+</div>
+<div class="section" id="psa_get_key_algorithm">
+<span id="c.psa_get_key_algorithm"></span><h3><code class="docutils literal"><span class="pre">psa_get_key_algorithm</span></code> (function)</h3>
+<p>Retrieve the permitted algorithm policy from key attributes.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> <a class="reference internal" href="#c.psa_get_key_algorithm" title="psa_get_key_algorithm">psa_get_key_algorithm</a>(const <a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
+<dd>The key attribute object to query.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="docutils literal"><span class="pre">psa_algorithm_t</span></code></a></p>
+<p>The algorithm stored in the attribute object.</p>
+<p class="rubric">Description</p>
+<div class="admonition-implementation-note admonition">
+<p class="first admonition-title">Implementation note</p>
+<p>This is a simple accessor function that is not required to validate its inputs. The following approaches can be used to provide an efficient implementation:</p>
+<ul class="last simple">
+<li>This function can be declared as <code class="docutils literal"><span class="pre">static</span></code> or <code class="docutils literal"><span class="pre">inline</span></code>, instead of using the default external linkage.</li>
+<li>This function can be provided as a function-like macro. In this form, the macro must evaluate each of its arguments exactly once, as if it was a function call.</li>
+</ul>
+</div>
+</div>
+</div>
<div class="section" id="key-usage-flags">
-<h2>Key usage flags</h2>
+<span id="id2"></span><h2>9.5.2. Key usage flags</h2>
+<p>The usage flags are encoded in a bitmask, which has the type <a class="reference internal" href="#c.psa_key_usage_t" title="psa_key_usage_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_usage_t</span></code></a>. Four kinds of usage flag can be specified:</p>
+<ul class="simple">
+<li>The extractable flag <a class="reference internal" href="#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code></a> determines whether the key material can be extracted.</li>
+<li>The copyable flag <a class="reference internal" href="#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_COPY</span></code></a> determines whether the key material can be copied into a new key, which can have a different lifetime or a more restrictive policy.</li>
+<li>The cacheable flag <a class="reference internal" href="#c.PSA_KEY_USAGE_CACHE" title="PSA_KEY_USAGE_CACHE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_CACHE</span></code></a> determines whether the implementation is permitted to retain non-essential copies of the key material in RAM. This policy only applies to persistent keys. See also <a class="reference internal" href="../../overview/implementation.html#key-material"><span class="secref">Managing key material</span></a>.</li>
+<li>The other usage flags, for example, <a class="reference internal" href="#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code></a> and <a class="reference internal" href="#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code></a>, determine whether the corresponding operation is permitted on the key.</li>
+</ul>
+<div class="section" id="psa_key_usage_t">
+<span id="c.psa_key_usage_t"></span><h3><code class="docutils literal"><span class="pre">psa_key_usage_t</span></code> (type)</h3>
+<p>Encoding of permitted usage on a key.</p>
+<pre class="literal-block">
+typedef uint32_t <a class="reference internal" href="#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>;
+</pre>
+</div>
<div class="section" id="PSA_KEY_USAGE_EXPORT">
<span id="c.PSA_KEY_USAGE_EXPORT"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code> (macro)</h3>
<p>Permission to export the key.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT">PSA_KEY_USAGE_EXPORT</a> ((<a class="reference internal" href="attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000001)
+#define <a class="reference internal" href="#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT">PSA_KEY_USAGE_EXPORT</a> ((<a class="reference internal" href="#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000001)
</pre>
<p>This flag allows the use of <a class="reference internal" href="management.html#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_key()</span></code></a> to export a key from the cryptoprocessor. A public key or the public part of a key pair can always be exported regardless of the value of this permission flag.</p>
<p>This flag can also be required to copy a key using <a class="reference internal" href="management.html#c.psa_copy_key" title="psa_copy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_copy_key()</span></code></a> outside of a secure element. See also <a class="reference internal" href="#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_COPY</span></code></a>.</p>
@@ -57,33 +141,33 @@
<span id="c.PSA_KEY_USAGE_COPY"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_COPY</span></code> (macro)</h3>
<p>Permission to copy the key.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY">PSA_KEY_USAGE_COPY</a> ((<a class="reference internal" href="attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000002)
+#define <a class="reference internal" href="#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY">PSA_KEY_USAGE_COPY</a> ((<a class="reference internal" href="#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000002)
</pre>
<p>This flag allows the use of <a class="reference internal" href="management.html#c.psa_copy_key" title="psa_copy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_copy_key()</span></code></a> to make a copy of the key with the same policy or a more restrictive policy.</p>
-<p>For lifetimes for which the key is located in a secure element which enforce the non-exportability of keys, copying a key outside the secure element also requires the usage flag <a class="reference internal" href="#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code></a>. Copying the key inside the secure element is permitted with just <a class="reference internal" href="#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_COPY</span></code></a> if the secure element supports it. For keys with the lifetime <a class="reference internal" href="locations.html#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code></a> or <a class="reference internal" href="locations.html#c.PSA_KEY_LIFETIME_PERSISTENT" title="PSA_KEY_LIFETIME_PERSISTENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code></a>, the usage flag <a class="reference internal" href="#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_COPY</span></code></a> is sufficient to permit the copy.</p>
+<p>For lifetimes for which the key is located in a secure element which enforce the non-exportability of keys, copying a key outside the secure element also requires the usage flag <a class="reference internal" href="#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code></a>. Copying the key inside the secure element is permitted with just <a class="reference internal" href="#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_COPY</span></code></a> if the secure element supports it. For keys with the lifetime <a class="reference internal" href="lifetimes.html#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code></a> or <a class="reference internal" href="lifetimes.html#c.PSA_KEY_LIFETIME_PERSISTENT" title="PSA_KEY_LIFETIME_PERSISTENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code></a>, the usage flag <a class="reference internal" href="#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_COPY</span></code></a> is sufficient to permit the copy.</p>
</div>
<div class="section" id="PSA_KEY_USAGE_CACHE">
<span id="c.PSA_KEY_USAGE_CACHE"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_CACHE</span></code> (macro)</h3>
<p>Permission for the implementation to cache the key.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_USAGE_CACHE" title="PSA_KEY_USAGE_CACHE">PSA_KEY_USAGE_CACHE</a> ((<a class="reference internal" href="attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000004)
+#define <a class="reference internal" href="#c.PSA_KEY_USAGE_CACHE" title="PSA_KEY_USAGE_CACHE">PSA_KEY_USAGE_CACHE</a> ((<a class="reference internal" href="#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000004)
</pre>
<p>This flag allows the implementation to make additional copies of the key material that are not in storage and not for the purpose of an ongoing operation. Applications can use it as a hint to keep the key around for repeated access.</p>
<p>An application can request that cached key material is removed from memory by calling <a class="reference internal" href="management.html#c.psa_purge_key" title="psa_purge_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_purge_key()</span></code></a>.</p>
-<p>The presence of this key policy when creating a key is a hint:</p>
+<p>The presence of this usage flag when creating a key is a hint:</p>
<ul class="simple">
-<li>An implementation is not required to cache keys that have this policy.</li>
+<li>An implementation is not required to cache keys that have this usage flag.</li>
<li>An implementation must not report an error if it does not cache keys.</li>
</ul>
-<p>If this key policy is not present, the implementation must ensure key material is removed from memory as soon as it is not required for an operation or for maintenance of a volatile key.</p>
+<p>If this usage flag is not present, the implementation must ensure key material is removed from memory as soon as it is not required for an operation or for maintenance of a volatile key.</p>
<p>This flag must be preserved when reading back the attributes for all keys, regardless of key type or implementation behavior.</p>
-<p>See also <em><a class="reference internal" href="../../overview/implementation.html#key-material"><span class="std std-ref">Managing key material</span></a></em>.</p>
+<p>See also <a class="reference internal" href="../../overview/implementation.html#key-material"><span class="secref">Managing key material</span></a>.</p>
</div>
<div class="section" id="PSA_KEY_USAGE_ENCRYPT">
<span id="c.PSA_KEY_USAGE_ENCRYPT"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code> (macro)</h3>
<p>Permission to encrypt a message with the key.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT">PSA_KEY_USAGE_ENCRYPT</a> ((<a class="reference internal" href="attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000100)
+#define <a class="reference internal" href="#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT">PSA_KEY_USAGE_ENCRYPT</a> ((<a class="reference internal" href="#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000100)
</pre>
<p>This flag allows the key to be used for a symmetric encryption operation, for an AEAD encryption-and-authentication operation, or for an asymmetric encryption operation, if otherwise permitted by the key’s type and policy. The flag must be present on keys used with the following APIs:</p>
<ul class="simple">
@@ -99,7 +183,7 @@
<span id="c.PSA_KEY_USAGE_DECRYPT"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code> (macro)</h3>
<p>Permission to decrypt a message with the key.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT">PSA_KEY_USAGE_DECRYPT</a> ((<a class="reference internal" href="attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000200)
+#define <a class="reference internal" href="#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT">PSA_KEY_USAGE_DECRYPT</a> ((<a class="reference internal" href="#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000200)
</pre>
<p>This flag allows the key to be used for a symmetric decryption operation, for an AEAD decryption-and-verification operation, or for an asymmetric decryption operation, if otherwise permitted by the key’s type and policy. The flag must be present on keys used with the following APIs:</p>
<ul class="simple">
@@ -115,7 +199,7 @@
<span id="c.PSA_KEY_USAGE_SIGN_MESSAGE"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code> (macro)</h3>
<p>Permission to sign a message with the key.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE">PSA_KEY_USAGE_SIGN_MESSAGE</a> ((<a class="reference internal" href="attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000400)
+#define <a class="reference internal" href="#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE">PSA_KEY_USAGE_SIGN_MESSAGE</a> ((<a class="reference internal" href="#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000400)
</pre>
<p>This flag allows the key to be used for a MAC calculation operation or for an asymmetric message signature operation, if otherwise permitted by the key’s type and policy. The flag must be present on keys used with the following APIs:</p>
<ul class="simple">
@@ -129,7 +213,7 @@
<span id="c.PSA_KEY_USAGE_VERIFY_MESSAGE"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code> (macro)</h3>
<p>Permission to verify a message signature with the key.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE">PSA_KEY_USAGE_VERIFY_MESSAGE</a> ((<a class="reference internal" href="attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000800)
+#define <a class="reference internal" href="#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE">PSA_KEY_USAGE_VERIFY_MESSAGE</a> ((<a class="reference internal" href="#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000800)
</pre>
<p>This flag allows the key to be used for a MAC verification operation or for an asymmetric message signature verification operation, if otherwise permitted by the key’s type and policy. The flag must be present on keys used with the following APIs:</p>
<ul class="simple">
@@ -143,27 +227,27 @@
<span id="c.PSA_KEY_USAGE_SIGN_HASH"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_HASH</span></code> (macro)</h3>
<p>Permission to sign a message hash with the key.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_USAGE_SIGN_HASH" title="PSA_KEY_USAGE_SIGN_HASH">PSA_KEY_USAGE_SIGN_HASH</a> ((<a class="reference internal" href="attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00001000)
+#define <a class="reference internal" href="#c.PSA_KEY_USAGE_SIGN_HASH" title="PSA_KEY_USAGE_SIGN_HASH">PSA_KEY_USAGE_SIGN_HASH</a> ((<a class="reference internal" href="#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00001000)
</pre>
<p>This flag allows the key to be used to sign a message hash as part of an asymmetric signature operation, if otherwise permitted by the key’s type and policy. The flag must be present on keys used when calling <a class="reference internal" href="../ops/sign.html#c.psa_sign_hash" title="psa_sign_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_hash()</span></code></a>.</p>
-<p>This flag automatically sets <a class="reference internal" href="#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code></a>: if an application sets the flag <a class="reference internal" href="#c.PSA_KEY_USAGE_SIGN_HASH" title="PSA_KEY_USAGE_SIGN_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_HASH</span></code></a> when creating a key, then the key always has the permissions conveyed by <a class="reference internal" href="#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code></a>, and the flag <a class="reference internal" href="#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code></a> will also be present when the application queries the usage policy of the key.</p>
+<p>This flag automatically sets <a class="reference internal" href="#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code></a>: if an application sets the flag <a class="reference internal" href="#c.PSA_KEY_USAGE_SIGN_HASH" title="PSA_KEY_USAGE_SIGN_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_HASH</span></code></a> when creating a key, then the key always has the permissions conveyed by <a class="reference internal" href="#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code></a>, and the flag <a class="reference internal" href="#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code></a> will also be present when the application queries the usage flags of the key.</p>
<p>For a key pair, this concerns the private key.</p>
</div>
<div class="section" id="PSA_KEY_USAGE_VERIFY_HASH">
<span id="c.PSA_KEY_USAGE_VERIFY_HASH"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_HASH</span></code> (macro)</h3>
<p>Permission to verify a message hash with the key.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_USAGE_VERIFY_HASH" title="PSA_KEY_USAGE_VERIFY_HASH">PSA_KEY_USAGE_VERIFY_HASH</a> ((<a class="reference internal" href="attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00002000)
+#define <a class="reference internal" href="#c.PSA_KEY_USAGE_VERIFY_HASH" title="PSA_KEY_USAGE_VERIFY_HASH">PSA_KEY_USAGE_VERIFY_HASH</a> ((<a class="reference internal" href="#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00002000)
</pre>
<p>This flag allows the key to be used to verify a message hash as part of an asymmetric signature verification operation, if otherwise permitted by the key’s type and policy. The flag must be present on keys used when calling <a class="reference internal" href="../ops/sign.html#c.psa_verify_hash" title="psa_verify_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_hash()</span></code></a>.</p>
-<p>This flag automatically sets <a class="reference internal" href="#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code></a>: if an application sets the flag <a class="reference internal" href="#c.PSA_KEY_USAGE_VERIFY_HASH" title="PSA_KEY_USAGE_VERIFY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_HASH</span></code></a> when creating a key, then the key always has the permissions conveyed by <a class="reference internal" href="#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code></a>, and the flag <a class="reference internal" href="#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code></a> will also be present when the application queries the usage policy of the key.</p>
+<p>This flag automatically sets <a class="reference internal" href="#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code></a>: if an application sets the flag <a class="reference internal" href="#c.PSA_KEY_USAGE_VERIFY_HASH" title="PSA_KEY_USAGE_VERIFY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_HASH</span></code></a> when creating a key, then the key always has the permissions conveyed by <a class="reference internal" href="#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code></a>, and the flag <a class="reference internal" href="#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code></a> will also be present when the application queries the usage flags of the key.</p>
<p>For a key pair, this concerns the public key.</p>
</div>
<div class="section" id="PSA_KEY_USAGE_DERIVE">
<span id="c.PSA_KEY_USAGE_DERIVE"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code> (macro)</h3>
<p>Permission to derive other keys from this key.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_USAGE_DERIVE" title="PSA_KEY_USAGE_DERIVE">PSA_KEY_USAGE_DERIVE</a> ((<a class="reference internal" href="attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00004000)
+#define <a class="reference internal" href="#c.PSA_KEY_USAGE_DERIVE" title="PSA_KEY_USAGE_DERIVE">PSA_KEY_USAGE_DERIVE</a> ((<a class="reference internal" href="#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00004000)
</pre>
<p>This flag allows the key to be used for a key derivation operation or for a key agreement operation, if otherwise permitted by by the key’s type and policy. The flag must be present on keys used with the following APIs:</p>
<ul class="simple">
@@ -172,15 +256,12 @@
<li><a class="reference internal" href="../ops/ka.html#c.psa_raw_key_agreement" title="psa_raw_key_agreement"><code class="xref any c c-func docutils literal"><span class="pre">psa_raw_key_agreement()</span></code></a></li>
</ul>
</div>
-</div>
-<div class="section" id="attribute-accessors">
-<h2>Attribute accessors</h2>
<div class="section" id="psa_set_key_usage_flags">
<span id="c.psa_set_key_usage_flags"></span><h3><code class="docutils literal"><span class="pre">psa_set_key_usage_flags</span></code> (function)</h3>
<p>Declare usage flags for a key.</p>
<pre class="literal-block">
void <a class="reference internal" href="#c.psa_set_key_usage_flags" title="psa_set_key_usage_flags">psa_set_key_usage_flags</a>(<a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
- <a class="reference internal" href="attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a> usage_flags);
+ <a class="reference internal" href="#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a> usage_flags);
</pre>
<p class="rubric">Parameters</p>
<dl class="docutils">
@@ -191,7 +272,7 @@
</dl>
<p class="rubric">Returns: <code class="docutils literal"><span class="pre">void</span></code></p>
<p class="rubric">Description</p>
-<p>Usage flags are part of a key’s usage policy. They encode what kind of operations are permitted on the key. For more details, refer to the documentation of the type <a class="reference internal" href="attributes.html#c.psa_key_usage_t" title="psa_key_usage_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_usage_t</span></code></a>.</p>
+<p>Usage flags are part of a key’s policy. They encode what kind of operations are permitted on the key. For more details, see <a class="reference internal" href="#key-policy"><span class="secref">Key policies</span></a>.</p>
<p>This function overwrites any usage flags previously set in <code class="docutils literal"><span class="pre">attributes</span></code>.</p>
<div class="admonition-implementation-note admonition">
<p class="first admonition-title">Implementation note</p>
@@ -206,14 +287,14 @@
<span id="c.psa_get_key_usage_flags"></span><h3><code class="docutils literal"><span class="pre">psa_get_key_usage_flags</span></code> (function)</h3>
<p>Retrieve the usage flags from key attributes.</p>
<pre class="literal-block">
-<a class="reference internal" href="attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a> <a class="reference internal" href="#c.psa_get_key_usage_flags" title="psa_get_key_usage_flags">psa_get_key_usage_flags</a>(const <a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
+<a class="reference internal" href="#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a> <a class="reference internal" href="#c.psa_get_key_usage_flags" title="psa_get_key_usage_flags">psa_get_key_usage_flags</a>(const <a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
</pre>
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
<dd>The key attribute object to query.</dd>
</dl>
-<p class="rubric">Returns: <a class="reference internal" href="attributes.html#c.psa_key_usage_t" title="psa_key_usage_t"><code class="docutils literal"><span class="pre">psa_key_usage_t</span></code></a></p>
+<p class="rubric">Returns: <a class="reference internal" href="#c.psa_key_usage_t" title="psa_key_usage_t"><code class="docutils literal"><span class="pre">psa_key_usage_t</span></code></a></p>
<p>The usage flags stored in the attribute object.</p>
<p class="rubric">Description</p>
<div class="admonition-implementation-note admonition">
@@ -233,49 +314,46 @@
</div>
</div>
<div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper">
- <h3><a href="../../index.html">Table Of Contents</a></h3>
- <ul>
-<li><a class="reference internal" href="#">Key policies</a><ul>
-<li><a class="reference internal" href="#key-usage-flags">Key usage flags</a><ul>
-<li><a class="reference internal" href="#PSA_KEY_USAGE_EXPORT"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_USAGE_COPY"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_COPY</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_USAGE_CACHE"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_CACHE</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_USAGE_ENCRYPT"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_USAGE_DECRYPT"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_USAGE_SIGN_MESSAGE"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_USAGE_SIGN_HASH"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_HASH</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_USAGE_VERIFY_HASH"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_HASH</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_USAGE_DERIVE"><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code> (macro)</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#attribute-accessors">Attribute accessors</a><ul>
-<li><a class="reference internal" href="#psa_set_key_usage_flags"><code class="docutils literal"><span class="pre">psa_set_key_usage_flags</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_get_key_usage_flags"><code class="docutils literal"><span class="pre">psa_get_key_usage_flags</span></code> (function)</a></li>
-</ul>
-</li>
-</ul>
-</li>
-</ul>
-<div class="relations">
-<h3>Related Topics</h3>
+ <div class="sphinxsidebarwrapper"><h3><a href="../../index.html"><b>PSA Crypto API</b></a></h3>
+IHI 0086<br/>
+Non-confidential<br/>
+Version 1.0.1
+<span style="color: red; font-weight: bold;"></span>
<ul>
- <li><a href="../../index.html">Documentation overview</a><ul>
- <li><a href="index.html">Key management reference</a><ul>
- <li>Previous: <a href="types.html" title="previous chapter">Key types</a></li>
- <li>Next: <a href="algorithms.html" title="next chapter">Algorithms</a></li>
- </ul></li>
- </ul></li>
+<li class="toctree-l1"><a class="reference internal" href="../../about.html">About this document</a></li>
</ul>
-</div>
- <div role="note" aria-label="source link">
- <h3>This Page</h3>
- <ul class="this-page-menu">
- <li><a href="../../_sources/api/keys/usage.rst.txt"
- rel="nofollow">Show Source</a></li>
- </ul>
- </div>
+<ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../../overview/intro.html">1. Introduction</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/goals.html">2. Design goals</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/functionality.html">3. Functionality overview</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/sample-arch.html">4. Sample architectures</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/conventions.html">5. Library conventions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/implementation.html">6. Implementation considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/usage.html">7. Usage considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../library/index.html">8. Library management reference</a></li>
+<li class="toctree-l1 current"><a class="reference internal" href="index.html">9. Key management reference</a><ul class="current">
+<li class="toctree-l2"><a class="reference internal" href="attributes.html">9.1. Key attributes</a></li>
+<li class="toctree-l2"><a class="reference internal" href="types.html">9.2. Key types</a></li>
+<li class="toctree-l2"><a class="reference internal" href="lifetimes.html">9.3. Key lifetimes</a></li>
+<li class="toctree-l2"><a class="reference internal" href="ids.html">9.4. Key identifiers</a></li>
+<li class="toctree-l2 current"><a class="current reference internal" href="#">9.5. Key policies</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#permitted-algorithms">9.5.1. Permitted algorithms</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#key-usage-flags">9.5.2. Key usage flags</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="management.html">9.6. Key management functions</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="../ops/index.html">10. Cryptographic operation reference</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/example_header.html">Example header file</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/specdef_values.html">Example macro implementations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/history.html">Changes to the API</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../../psa_c-identifiers.html">Index of API elements</a></li>
+</ul>
<div id="searchbox" style="display: none" role="search">
<h3>Quick search</h3>
<form class="search" action="../../search.html" method="get">
@@ -291,15 +369,12 @@
<div class="clearer"></div>
</div>
<div class="footer">
- © 2019-2020, Arm Limited or its affiliates. All rights reserved.
+ © 2018-2020, Arm Limited or its affiliates. All rights reserved.
|
Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
& <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
- |
- <a href="../../_sources/api/keys/usage.rst.txt"
- rel="nofollow">Page source</a>
</div>
diff --git a/docs/html/api/keys/types.html b/docs/html/api/keys/types.html
index ff01b00..ce27870 100644
--- a/docs/html/api/keys/types.html
+++ b/docs/html/api/keys/types.html
@@ -5,26 +5,27 @@
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>Key types — PSA Crypto API 1.0.0 documentation</title>
+ <title>9.2. Key types — PSA Crypto API 1.0.1 documentation</title>
<link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
<link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../../',
- VERSION: '1.0.0',
+ VERSION: '1.0.1',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
- HAS_SOURCE: true,
+ HAS_SOURCE: false,
SOURCELINK_SUFFIX: '.txt'
};
</script>
<script type="text/javascript" src="../../_static/jquery.js"></script>
<script type="text/javascript" src="../../_static/underscore.js"></script>
<script type="text/javascript" src="../../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../../about.html" />
<link rel="index" title="Index" href="../../genindex.html" />
<link rel="search" title="Search" href="../../search.html" />
- <link rel="next" title="Key policies" href="usage.html" />
- <link rel="prev" title="Key locations" href="locations.html" />
+ <link rel="next" title="9.3. Key lifetimes" href="lifetimes.html" />
+ <link rel="prev" title="9.1. Key attributes" href="attributes.html" />
<link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
@@ -40,17 +41,40 @@
<div class="body" role="main">
<div class="section" id="key-types">
-<span id="id1"></span><h1>Key types</h1>
-<div class="section" id="key-categories">
-<h2>Key categories</h2>
+<span id="id1"></span><h1>9.2. Key types</h1>
+<div class="section" id="key-type-encoding">
+<h2>9.2.1. Key type encoding</h2>
+<div class="section" id="psa_key_type_t">
+<span id="c.psa_key_type_t"></span><h3><code class="docutils literal"><span class="pre">psa_key_type_t</span></code> (type)</h3>
+<p>Encoding of a key type.</p>
+<pre class="literal-block">
+typedef uint16_t <a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>;
+</pre>
+<p>This is a structured bitfield that identifies the category and type of key. The range of key type values is divided as follows:</p>
+<dl class="docutils">
+<dt><a class="reference internal" href="#c.PSA_KEY_TYPE_NONE" title="PSA_KEY_TYPE_NONE"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_NONE</span></code></a><code class="docutils literal"> <span class="pre">==</span> <span class="pre">0</span></code></dt>
+<dd>Reserved as an invalid key type.</dd>
+<dt><code class="docutils literal"><span class="pre">0</span></code><code class="docutils literal"><span class="pre">x0001</span></code><code class="docutils literal"> <span class="pre">-</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7fff</span></code></dt>
+<dd>Specification-defined key types.
+Key types defined by this standard always have bit 15 clear.
+Unallocated key type values in this range are reserved for future use.</dd>
+<dt><code class="docutils literal"><span class="pre">0</span></code><code class="docutils literal"><span class="pre">x8000</span></code><code class="docutils literal"> <span class="pre">-</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">xffff</span></code></dt>
+<dd>Implementation-defined key types.
+Implementations that define additional key types must use an encoding with bit 15 set.
+The related support macros will be easier to write if these key encodings also respect the bitwise structure used by standard encodings.</dd>
+</dl>
+</div>
<div class="section" id="PSA_KEY_TYPE_NONE">
<span id="c.PSA_KEY_TYPE_NONE"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_NONE</span></code> (macro)</h3>
<p>An invalid key type value.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_TYPE_NONE" title="PSA_KEY_TYPE_NONE">PSA_KEY_TYPE_NONE</a> ((<a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x0000)
+#define <a class="reference internal" href="#c.PSA_KEY_TYPE_NONE" title="PSA_KEY_TYPE_NONE">PSA_KEY_TYPE_NONE</a> ((<a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x0000)
</pre>
<p>Zero is not the encoding of any key type.</p>
</div>
+</div>
+<div class="section" id="key-categories">
+<h2>9.2.2. Key categories</h2>
<div class="section" id="PSA_KEY_TYPE_IS_UNSTRUCTURED">
<span id="c.PSA_KEY_TYPE_IS_UNSTRUCTURED"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_UNSTRUCTURED</span></code> (macro)</h3>
<p>Whether a key type is an unstructured array of bytes.</p>
@@ -60,11 +84,11 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
-<dd>A key type (value of type <a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>).</dd>
+<dd>A key type (value of type <a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>).</dd>
</dl>
<p class="rubric">Description</p>
<p>This encompasses both symmetric keys and non-key data.</p>
-<p>See <em><a class="reference internal" href="#symmetric-keys"><span class="std std-ref">Symmetric keys</span></a></em> for a list of symmetric key types.</p>
+<p>See <a class="reference internal" href="#symmetric-keys"><span class="secref">Symmetric keys</span></a> for a list of symmetric key types.</p>
</div>
<div class="section" id="PSA_KEY_TYPE_IS_ASYMMETRIC">
<span id="c.PSA_KEY_TYPE_IS_ASYMMETRIC"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ASYMMETRIC</span></code> (macro)</h3>
@@ -75,10 +99,10 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
-<dd>A key type (value of type <a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>).</dd>
+<dd>A key type (value of type <a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>).</dd>
</dl>
<p class="rubric">Description</p>
-<p>See <em><a class="reference internal" href="#asymmetric-keys"><span class="std std-ref">RSA keys</span></a></em> for a list of asymmetric key types.</p>
+<p>See <a class="reference internal" href="#asymmetric-keys"><span class="secref">RSA keys</span></a> for a list of asymmetric key types.</p>
</div>
<div class="section" id="PSA_KEY_TYPE_IS_PUBLIC_KEY">
<span id="c.PSA_KEY_TYPE_IS_PUBLIC_KEY"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_PUBLIC_KEY</span></code> (macro)</h3>
@@ -89,7 +113,7 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
-<dd>A key type (value of type <a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>).</dd>
+<dd>A key type (value of type <a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>).</dd>
</dl>
</div>
<div class="section" id="PSA_KEY_TYPE_IS_KEY_PAIR">
@@ -101,108 +125,154 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
-<dd>A key type (value of type <a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>).</dd>
+<dd>A key type (value of type <a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>).</dd>
</dl>
</div>
</div>
<div class="section" id="symmetric-keys">
-<span id="id2"></span><h2>Symmetric keys</h2>
+<span id="id2"></span><h2>9.2.3. Symmetric keys</h2>
<div class="section" id="PSA_KEY_TYPE_RAW_DATA">
<span id="c.PSA_KEY_TYPE_RAW_DATA"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_RAW_DATA</span></code> (macro)</h3>
<p>Raw data.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_TYPE_RAW_DATA" title="PSA_KEY_TYPE_RAW_DATA">PSA_KEY_TYPE_RAW_DATA</a> ((<a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x1001)
+#define <a class="reference internal" href="#c.PSA_KEY_TYPE_RAW_DATA" title="PSA_KEY_TYPE_RAW_DATA">PSA_KEY_TYPE_RAW_DATA</a> ((<a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x1001)
</pre>
<p>A “key” of this type cannot be used for any cryptographic operation. Applications can use this type to store arbitrary data in the keystore.</p>
+<p>The bit size of a raw key must be a non-zero multiple of 8. The maximum size of a raw key is <a class="reference internal" href="../../about.html#term-implementation-defined"><span class="scterm">IMPLEMENTATION DEFINED</span></a>.</p>
</div>
<div class="section" id="PSA_KEY_TYPE_HMAC">
<span id="c.PSA_KEY_TYPE_HMAC"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_HMAC</span></code> (macro)</h3>
<p>HMAC key.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_TYPE_HMAC" title="PSA_KEY_TYPE_HMAC">PSA_KEY_TYPE_HMAC</a> ((<a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x1100)
+#define <a class="reference internal" href="#c.PSA_KEY_TYPE_HMAC" title="PSA_KEY_TYPE_HMAC">PSA_KEY_TYPE_HMAC</a> ((<a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x1100)
</pre>
<p>The key policy determines which underlying hash algorithm the key can be used for.</p>
-<p>HMAC keys typically have the same size as the underlying hash. This size can be calculated with <a class="reference internal" href="../ops/hashes.html#c.PSA_HASH_LENGTH" title="PSA_HASH_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">alg</span></code> is the HMAC algorithm or the underlying hash algorithm.</p>
+<p>The bit size of an HMAC key must be a non-zero multiple of 8. An HMAC key is typically the same size as the output of the underlying hash algorithm. An HMAC key that is longer than the block size of the underlying hash algorithm will be hashed before use.</p>
+<p>When an HMAC key is created that is longer than the block size, it is <a class="reference internal" href="../../about.html#term-implementation-defined"><span class="scterm">implementation defined</span></a> whether the implementation stores the original HMAC key, or the hash of the HMAC key. If the hash of the key is stored, the key size reported by <a class="reference internal" href="attributes.html#c.psa_get_key_attributes" title="psa_get_key_attributes"><code class="xref any c c-func docutils literal"><span class="pre">psa_get_key_attributes()</span></code></a> will be the size of the hashed key.</p>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p><a class="reference internal" href="../ops/hashes.html#c.PSA_HASH_LENGTH" title="PSA_HASH_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> provides the output size of hash algorithm <code class="docutils literal"><span class="pre">alg</span></code>, in bytes.</p>
+<p class="last"><a class="reference internal" href="../ops/hashes.html#c.PSA_HASH_BLOCK_LENGTH" title="PSA_HASH_BLOCK_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_BLOCK_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> provides the block size of hash algorithm <code class="docutils literal"><span class="pre">alg</span></code>, in bytes.</p>
+</div>
</div>
<div class="section" id="PSA_KEY_TYPE_DERIVE">
<span id="c.PSA_KEY_TYPE_DERIVE"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DERIVE</span></code> (macro)</h3>
<p>A secret for key derivation.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_TYPE_DERIVE" title="PSA_KEY_TYPE_DERIVE">PSA_KEY_TYPE_DERIVE</a> ((<a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x1200)
+#define <a class="reference internal" href="#c.PSA_KEY_TYPE_DERIVE" title="PSA_KEY_TYPE_DERIVE">PSA_KEY_TYPE_DERIVE</a> ((<a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x1200)
</pre>
<p>The key policy determines which key derivation algorithm the key can be used for.</p>
+<p>The bit size of a secret for key derivation must be a non-zero multiple of 8. The maximum size of a secret for key derivation is <a class="reference internal" href="../../about.html#term-implementation-defined"><span class="scterm">IMPLEMENTATION DEFINED</span></a>.</p>
</div>
<div class="section" id="PSA_KEY_TYPE_AES">
<span id="c.PSA_KEY_TYPE_AES"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_AES</span></code> (macro)</h3>
<p>Key for a cipher, AEAD or MAC algorithm based on the AES block cipher.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_TYPE_AES" title="PSA_KEY_TYPE_AES">PSA_KEY_TYPE_AES</a> ((<a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x2400)
+#define <a class="reference internal" href="#c.PSA_KEY_TYPE_AES" title="PSA_KEY_TYPE_AES">PSA_KEY_TYPE_AES</a> ((<a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x2400)
</pre>
-<p>The size of the key can be 16 bytes (AES-128), 24 bytes (AES-192) or 32 bytes (AES-256).</p>
+<p>The size of the key is related to the AES algorithm variant. For algorithms except the XTS block cipher mode, the following key sizes are used:</p>
+<ul class="simple">
+<li>AES-128 uses a 16-byte key : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">128</span></code></li>
+<li>AES-192 uses a 24-byte key : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">192</span></code></li>
+<li>AES-256 uses a 32-byte key : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">256</span></code></li>
+</ul>
+<p>For the XTS block cipher mode (<a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_XTS" title="PSA_ALG_XTS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_XTS</span></code></a>), the following key sizes are used:</p>
+<ul class="simple">
+<li>AES-128-XTS uses two 16-byte keys : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">256</span></code></li>
+<li>AES-192-XTS uses two 24-byte keys : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">384</span></code></li>
+<li>AES-256-XTS uses two 32-byte keys : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">512</span></code></li>
+</ul>
+<p>The AES block cipher is defined in <span><em>FIPS Publication 197: Advanced Encryption Standard (AES)</em> <a class="reference internal" href="../../about.html#citation-fips197"><span class="cite">[FIPS197]</span></a></span>.</p>
</div>
<div class="section" id="PSA_KEY_TYPE_DES">
<span id="c.PSA_KEY_TYPE_DES"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DES</span></code> (macro)</h3>
<p>Key for a cipher or MAC algorithm based on DES or 3DES (Triple-DES).</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_TYPE_DES" title="PSA_KEY_TYPE_DES">PSA_KEY_TYPE_DES</a> ((<a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x2301)
+#define <a class="reference internal" href="#c.PSA_KEY_TYPE_DES" title="PSA_KEY_TYPE_DES">PSA_KEY_TYPE_DES</a> ((<a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x2301)
</pre>
-<p>The size of the key can be 8 bytes (single DES), 16 bytes (2-key 3DES) or 24 bytes (3-key 3DES).</p>
+<p>The size of the key determines which DES algorithm is used:</p>
+<ul class="simple">
+<li>Single DES uses an 8-byte key : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">64</span></code></li>
+<li>2-key 3DES uses a 16-byte key : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">128</span></code></li>
+<li>3-key 3DES uses a 24-byte key : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">192</span></code></li>
+</ul>
<div class="admonition warning">
<p class="first admonition-title">Warning</p>
<p>Single DES and 2-key 3DES are weak and strongly deprecated and are only recommended for decrypting legacy data.</p>
<p class="last">3-key 3DES is weak and deprecated and is only recommended for use in legacy protocols.</p>
</div>
+<p>The DES and 3DES block ciphers are defined in <span><em>NIST Special Publication 800-67: Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher</em> <a class="reference internal" href="../../about.html#citation-sp800-67"><span class="cite">[SP800-67]</span></a></span>.</p>
</div>
<div class="section" id="PSA_KEY_TYPE_CAMELLIA">
<span id="c.PSA_KEY_TYPE_CAMELLIA"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_CAMELLIA</span></code> (macro)</h3>
<p>Key for a cipher, AEAD or MAC algorithm based on the Camellia block cipher.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_TYPE_CAMELLIA" title="PSA_KEY_TYPE_CAMELLIA">PSA_KEY_TYPE_CAMELLIA</a> ((<a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x2403)
+#define <a class="reference internal" href="#c.PSA_KEY_TYPE_CAMELLIA" title="PSA_KEY_TYPE_CAMELLIA">PSA_KEY_TYPE_CAMELLIA</a> ((<a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x2403)
</pre>
+<p>The size of the key is related to the Camellia algorithm variant. For algorithms except the XTS block cipher mode, the following key sizes are used:</p>
+<ul class="simple">
+<li>Camellia-128 uses a 16-byte key : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">128</span></code></li>
+<li>Camellia-192 uses a 24-byte key : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">192</span></code></li>
+<li>Camellia-256 uses a 32-byte key : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">256</span></code></li>
+</ul>
+<p>For the XTS block cipher mode (<a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_XTS" title="PSA_ALG_XTS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_XTS</span></code></a>), the following key sizes are used:</p>
+<ul class="simple">
+<li>Camellia-128-XTS uses two 16-byte keys : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">256</span></code></li>
+<li>Camellia-192-XTS uses two 24-byte keys : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">384</span></code></li>
+<li>Camellia-256-XTS uses two 32-byte keys : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">512</span></code></li>
+</ul>
+<p>The Camellia block cipher is defined in <span><em>Specification of Camellia — a 128-bit Block Cipher</em> <a class="reference internal" href="../../about.html#citation-ntt-cam"><span class="cite">[NTT-CAM]</span></a></span> and also described in <span><em>A Description of the Camellia Encryption Algorithm</em> <a class="reference internal" href="../../about.html#citation-rfc3713"><span class="cite">[RFC3713]</span></a></span>.</p>
+</div>
+<div class="section" id="PSA_KEY_TYPE_SM4">
+<span id="c.PSA_KEY_TYPE_SM4"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_SM4</span></code> (macro)</h3>
+<p>Key for a cipher, AEAD or MAC algorithm based on the SM4 block cipher.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_KEY_TYPE_SM4" title="PSA_KEY_TYPE_SM4">PSA_KEY_TYPE_SM4</a> ((<a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x2405)
+</pre>
+<p>For algorithms except the XTS block cipher mode, the SM4 key size is 128 bits (16 bytes).</p>
+<p>For the XTS block cipher mode (<a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_XTS" title="PSA_ALG_XTS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_XTS</span></code></a>), the SM4 key size is 256 bits (two 16-byte keys).</p>
+<p>The SM4 block cipher is defined in <span><em>GB/T 32907-2016: Information security technology — SM4 block cipher algorithm</em> <a class="reference internal" href="../../about.html#citation-prc-sm4"><span class="cite">[PRC-SM4]</span></a></span> and also described in <span><em>The SM4 Blockcipher Algorithm And Its Modes Of Operations</em> <a class="reference internal" href="../../about.html#citation-ietf-sm4"><span class="cite">[IETF-SM4]</span></a></span>.</p>
</div>
<div class="section" id="PSA_KEY_TYPE_ARC4">
<span id="c.PSA_KEY_TYPE_ARC4"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ARC4</span></code> (macro)</h3>
-<p>Key for the RC4 stream cipher.</p>
+<p>Key for the ARC4 stream cipher.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_TYPE_ARC4" title="PSA_KEY_TYPE_ARC4">PSA_KEY_TYPE_ARC4</a> ((<a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x2002)
+#define <a class="reference internal" href="#c.PSA_KEY_TYPE_ARC4" title="PSA_KEY_TYPE_ARC4">PSA_KEY_TYPE_ARC4</a> ((<a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x2002)
</pre>
-<p>Use algorithm <a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_STREAM_CIPHER" title="PSA_ALG_STREAM_CIPHER"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_STREAM_CIPHER</span></code></a> to use this key with the ARC4 cipher.</p>
<div class="admonition warning">
<p class="first admonition-title">Warning</p>
-<p class="last">The RC4 cipher is weak and deprecated and is only recommended for use in legacy protocols.</p>
+<p class="last">The ARC4 cipher is weak and deprecated and is only recommended for use in legacy protocols.</p>
</div>
-<p>The ARC4 cipher does not use an initialization vector (IV). When using a multi-part cipher operation with the <a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_STREAM_CIPHER" title="PSA_ALG_STREAM_CIPHER"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_STREAM_CIPHER</span></code></a> algorithm and an ARC4 key, <a class="reference internal" href="../ops/ciphers.html#c.psa_cipher_generate_iv" title="psa_cipher_generate_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_generate_iv()</span></code></a> and <a class="reference internal" href="../ops/ciphers.html#c.psa_cipher_set_iv" title="psa_cipher_set_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_set_iv()</span></code></a> must not be called.</p>
+<p>The ARC4 cipher supports key sizes between 40 and 2048 bits, that are multiples of 8. (5 to 256 bytes)</p>
+<p>Use algorithm <a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_STREAM_CIPHER" title="PSA_ALG_STREAM_CIPHER"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_STREAM_CIPHER</span></code></a> to use this key with the ARC4 cipher.</p>
</div>
<div class="section" id="PSA_KEY_TYPE_CHACHA20">
<span id="c.PSA_KEY_TYPE_CHACHA20"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_CHACHA20</span></code> (macro)</h3>
-<p>Key for the ChaCha20 stream cipher or the Chacha20-Poly1305 AEAD algorithm.</p>
+<p>Key for the ChaCha20 stream cipher or the ChaCha20-Poly1305 AEAD algorithm.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_TYPE_CHACHA20" title="PSA_KEY_TYPE_CHACHA20">PSA_KEY_TYPE_CHACHA20</a> ((<a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x2004)
+#define <a class="reference internal" href="#c.PSA_KEY_TYPE_CHACHA20" title="PSA_KEY_TYPE_CHACHA20">PSA_KEY_TYPE_CHACHA20</a> ((<a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x2004)
</pre>
-<p>ChaCha20 and the ChaCha20_Poly1305 construction are defined in <a class="reference external" href="https://tools.ietf.org/html/rfc7539.html">RFC 7539</a>.</p>
-<p>Variants of these algorithms are defined by the length of the nonce:</p>
+<p>The ChaCha20 key size is 256 bits (32 bytes).</p>
<ul class="simple">
-<li>Implementations must support a 12-byte nonce, as defined in <a class="reference external" href="https://tools.ietf.org/html/rfc7539.html">RFC 7539</a>.</li>
-<li>Implementations can optionally support an 8-byte nonce, the original variant.</li>
-<li>It is recommended that implementations do not support other sizes of nonce.</li>
+<li>Use algorithm <a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_STREAM_CIPHER" title="PSA_ALG_STREAM_CIPHER"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_STREAM_CIPHER</span></code></a> to use this key with the ChaCha20 cipher for unauthenticated encryption. See <a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_STREAM_CIPHER" title="PSA_ALG_STREAM_CIPHER"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_STREAM_CIPHER</span></code></a> for details of this algorithm.</li>
+<li>Use algorithm <a class="reference internal" href="../ops/aead.html#c.PSA_ALG_CHACHA20_POLY1305" title="PSA_ALG_CHACHA20_POLY1305"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CHACHA20_POLY1305</span></code></a> to use this key with the ChaCha20 cipher and Poly1305 authenticator for AEAD. See <a class="reference internal" href="../ops/aead.html#c.PSA_ALG_CHACHA20_POLY1305" title="PSA_ALG_CHACHA20_POLY1305"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CHACHA20_POLY1305</span></code></a> for details of this algorithm.</li>
</ul>
-<p>Use algorithm <a class="reference internal" href="../ops/ciphers.html#c.PSA_ALG_STREAM_CIPHER" title="PSA_ALG_STREAM_CIPHER"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_STREAM_CIPHER</span></code></a> to use this key with the ChaCha20 cipher for unauthenticated encryption.</p>
</div>
</div>
<div class="section" id="rsa-keys">
-<span id="asymmetric-keys"></span><h2>RSA keys</h2>
+<span id="asymmetric-keys"></span><h2>9.2.4. RSA keys</h2>
<div class="section" id="PSA_KEY_TYPE_RSA_PUBLIC_KEY">
<span id="c.PSA_KEY_TYPE_RSA_PUBLIC_KEY"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_RSA_PUBLIC_KEY</span></code> (macro)</h3>
<p>RSA public key.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_TYPE_RSA_PUBLIC_KEY" title="PSA_KEY_TYPE_RSA_PUBLIC_KEY">PSA_KEY_TYPE_RSA_PUBLIC_KEY</a> ((<a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x4001)
+#define <a class="reference internal" href="#c.PSA_KEY_TYPE_RSA_PUBLIC_KEY" title="PSA_KEY_TYPE_RSA_PUBLIC_KEY">PSA_KEY_TYPE_RSA_PUBLIC_KEY</a> ((<a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x4001)
</pre>
</div>
<div class="section" id="PSA_KEY_TYPE_RSA_KEY_PAIR">
<span id="c.PSA_KEY_TYPE_RSA_KEY_PAIR"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_RSA_KEY_PAIR</span></code> (macro)</h3>
<p>RSA key pair: both the private and public key.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_KEY_TYPE_RSA_KEY_PAIR" title="PSA_KEY_TYPE_RSA_KEY_PAIR">PSA_KEY_TYPE_RSA_KEY_PAIR</a> ((<a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x7001)
+#define <a class="reference internal" href="#c.PSA_KEY_TYPE_RSA_KEY_PAIR" title="PSA_KEY_TYPE_RSA_KEY_PAIR">PSA_KEY_TYPE_RSA_KEY_PAIR</a> ((<a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x7001)
</pre>
</div>
<div class="section" id="PSA_KEY_TYPE_IS_RSA">
@@ -214,12 +284,12 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
-<dd>A key type (value of type <a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>).</dd>
+<dd>A key type (value of type <a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>).</dd>
</dl>
</div>
</div>
<div class="section" id="elliptic-curve-keys">
-<h2>Elliptic Curve keys</h2>
+<h2>9.2.5. Elliptic Curve keys</h2>
<div class="section" id="psa_ecc_family_t">
<span id="c.psa_ecc_family_t"></span><h3><code class="docutils literal"><span class="pre">psa_ecc_family_t</span></code> (type)</h3>
<p>The type of PSA elliptic curve family identifiers.</p>
@@ -273,7 +343,7 @@
<li>secp224k1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">225</span></code></li>
<li>secp256k1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">256</span></code></li>
</ul>
-<p>They are defined in <em>Standards for Efficient Cryptography</em>, <a class="reference external" href="https://www.secg.org/sec2-v2.pdf"><em>SEC 2: Recommended Elliptic Curve Domain Parameters</em></a>.</p>
+<p>They are defined in <span><em>SEC 2: Recommended Elliptic Curve Domain Parameters</em> <a class="reference internal" href="../../about.html#citation-sec2"><span class="cite">[SEC2]</span></a></span>.</p>
</div>
<div class="section" id="PSA_ECC_FAMILY_SECP_R1">
<span id="c.PSA_ECC_FAMILY_SECP_R1"></span><h3><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECP_R1</span></code> (macro)</h3>
@@ -287,9 +357,9 @@
<li>secp224r1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">224</span></code></li>
<li>secp256r1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">256</span></code></li>
<li>secp384r1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">384</span></code></li>
-<li>secp521r1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">512</span></code></li>
+<li>secp521r1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">521</span></code></li>
</ul>
-<p>They are defined in <em>Standards for Efficient Cryptography</em>, <a class="reference external" href="https://www.secg.org/sec2-v2.pdf"><em>SEC 2: Recommended Elliptic Curve Domain Parameters</em></a></p>
+<p>They are defined in <a class="reference internal" href="../../about.html#citation-sec2"><span class="cite">[SEC2]</span></a>.</p>
</div>
<div class="section" id="PSA_ECC_FAMILY_SECP_R2">
<span id="c.PSA_ECC_FAMILY_SECP_R2"></span><h3><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECP_R2</span></code> (macro)</h3>
@@ -304,7 +374,7 @@
<ul class="simple">
<li>secp160r2 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">160</span></code> <em>(Deprecated)</em></li>
</ul>
-<p>It is defined in the superseded <a class="reference external" href="https://www.secg.org/SEC2-Ver-1.0.pdf"><em>SEC 2: Recommended Elliptic Curve Domain Parameters, Version 1.0</em></a>.</p>
+<p>It is defined in the superseded <span><em>SEC 2: Recommended Elliptic Curve Domain Parameters, Version 1.0</em> <a class="reference internal" href="../../about.html#citation-sec2v1"><span class="cite">[SEC2v1]</span></a></span>.</p>
</div>
<div class="section" id="PSA_ECC_FAMILY_SECT_K1">
<span id="c.PSA_ECC_FAMILY_SECT_K1"></span><h3><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECT_K1</span></code> (macro)</h3>
@@ -321,7 +391,7 @@
<li>sect409k1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">409</span></code></li>
<li>sect571k1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">571</span></code></li>
</ul>
-<p>They are defined in <em>Standards for Efficient Cryptography</em>, <a class="reference external" href="https://www.secg.org/sec2-v2.pdf"><em>SEC 2: Recommended Elliptic Curve Domain Parameters</em></a></p>
+<p>They are defined in <a class="reference internal" href="../../about.html#citation-sec2"><span class="cite">[SEC2]</span></a>.</p>
<div class="admonition warning">
<p class="first admonition-title">Warning</p>
<p class="last">The 163-bit curve sect163k1 is weak and deprecated and is only recommended for use in legacy protocols.</p>
@@ -341,7 +411,7 @@
<li>sect409r1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">409</span></code></li>
<li>sect571r1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">571</span></code></li>
</ul>
-<p>They are defined in <em>Standards for Efficient Cryptography</em>, <a class="reference external" href="https://www.secg.org/sec2-v2.pdf"><em>SEC 2: Recommended Elliptic Curve Domain Parameters</em></a></p>
+<p>They are defined in <a class="reference internal" href="../../about.html#citation-sec2"><span class="cite">[SEC2]</span></a>.</p>
<div class="admonition warning">
<p class="first admonition-title">Warning</p>
<p class="last">The 163-bit curve sect163r1 is weak and deprecated and is only recommended for use in legacy protocols.</p>
@@ -357,7 +427,7 @@
<ul class="simple">
<li>sect163r2 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">163</span></code> <em>(Deprecated)</em></li>
</ul>
-<p>It is defined in <em>Standards for Efficient Cryptography</em>, <a class="reference external" href="https://www.secg.org/sec2-v2.pdf"><em>SEC 2: Recommended Elliptic Curve Domain Parameters</em></a></p>
+<p>It is defined in <a class="reference internal" href="../../about.html#citation-sec2"><span class="cite">[SEC2]</span></a>.</p>
<div class="admonition warning">
<p class="first admonition-title">Warning</p>
<p class="last">The 163-bit curve sect163r2 is weak and deprecated and is only recommended for use in legacy protocols.</p>
@@ -379,7 +449,7 @@
<li>brainpoolP384r1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">384</span></code></li>
<li>brainpoolP512r1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">512</span></code></li>
</ul>
-<p>They are defined in <a class="reference external" href="https://tools.ietf.org/html/rfc5639.html">RFC 5639</a>.</p>
+<p>They are defined in <span><em>Elliptic Curve Cryptography (ECC) Brainpool Standard Curves and Curve Generation</em> <a class="reference internal" href="../../about.html#citation-rfc5639"><span class="cite">[RFC5639]</span></a></span>.</p>
<div class="admonition warning">
<p class="first admonition-title">Warning</p>
<p class="last">The 160-bit curve brainpoolP160r1 is weak and deprecated and is only recommended for use in legacy protocols.</p>
@@ -395,7 +465,7 @@
<ul class="simple">
<li>FRP256v1 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">256</span></code></li>
</ul>
-<p>This is defined by <em>Agence nationale de la sécurité des systèmes d’information</em> in <a class="reference external" href="https://www.ssi.gouv.fr/agence/publication/publication-dun-parametrage-de-courbe-elliptique-visant-des-applications-de-passeport-electronique-et-de-ladministration-electronique-francaise/"><em>Publication d’un paramétrage de courbe elliptique visant des applications de passeport électronique et de l’administration électronique française</em></a>, 21 November 2011.</p>
+<p>This is defined by <span><em>Publication d'un paramétrage de courbe elliptique visant des applications de passeport électronique et de l'administration électronique française</em> <a class="reference internal" href="../../about.html#citation-frp"><span class="cite">[FRP]</span></a></span>.</p>
</div>
<div class="section" id="PSA_ECC_FAMILY_MONTGOMERY">
<span id="c.PSA_ECC_FAMILY_MONTGOMERY"></span><h3><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_MONTGOMERY</span></code> (macro)</h3>
@@ -404,16 +474,12 @@
#define <a class="reference internal" href="#c.PSA_ECC_FAMILY_MONTGOMERY" title="PSA_ECC_FAMILY_MONTGOMERY">PSA_ECC_FAMILY_MONTGOMERY</a> ((<a class="reference internal" href="#c.psa_ecc_family_t" title="psa_ecc_family_t">psa_ecc_family_t</a>) 0x41)
</pre>
<p>This family comprises the following Montgomery curves:</p>
-<ul>
-<li><p class="first">Curve25519 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">255</span></code></p>
-<p>This curve is defined in Bernstein et al., <a class="reference external" href="https://www.iacr.org/archive/pkc2006/39580209/39580209.pdf"><em>Curve25519: new Diffie-Hellman speed records</em></a>, LNCS 3958, 2006.</p>
-<p>The algorithm <a class="reference internal" href="../ops/ka.html#c.PSA_ALG_ECDH" title="PSA_ALG_ECDH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDH</span></code></a> performs X25519 when used with this curve.</p>
-</li>
-<li><p class="first">Curve448 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">448</span></code></p>
-<p>This curve is defined in Hamburg, <a class="reference external" href="https://eprint.iacr.org/2015/625.pdf"><em>Ed448-Goldilocks, a new elliptic curve</em></a>, NIST ECC Workshop, 2015.</p>
-<p>The algorithm <a class="reference internal" href="../ops/ka.html#c.PSA_ALG_ECDH" title="PSA_ALG_ECDH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDH</span></code></a> performs X448 when used with this curve.</p>
-</li>
+<ul class="simple">
+<li>Curve25519 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">255</span></code></li>
+<li>Curve448 : <code class="docutils literal"><span class="pre">key_bits</span> <span class="pre">=</span> <span class="pre">448</span></code></li>
</ul>
+<p>Keys in this family can only be used with the <a class="reference internal" href="../ops/ka.html#c.PSA_ALG_ECDH" title="PSA_ALG_ECDH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDH</span></code></a> key agreement algorithm.</p>
+<p>Curve25519 is defined in <span><em>Curve25519: new Diffie-Hellman speed records</em> <a class="reference internal" href="../../about.html#citation-curve25519"><span class="cite">[Curve25519]</span></a></span>. Curve448 is defined in <span><em>Ed448-Goldilocks, a new elliptic curve</em> <a class="reference internal" href="../../about.html#citation-curve448"><span class="cite">[Curve448]</span></a></span>.</p>
</div>
<div class="section" id="PSA_KEY_TYPE_IS_ECC">
<span id="c.PSA_KEY_TYPE_IS_ECC"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ECC</span></code> (macro)</h3>
@@ -424,7 +490,7 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
-<dd>A key type (value of type <a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>).</dd>
+<dd>A key type (value of type <a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>).</dd>
</dl>
</div>
<div class="section" id="PSA_KEY_TYPE_IS_ECC_KEY_PAIR">
@@ -436,7 +502,7 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
-<dd>A key type (value of type <a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>).</dd>
+<dd>A key type (value of type <a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>).</dd>
</dl>
</div>
<div class="section" id="PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY">
@@ -448,7 +514,7 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
-<dd>A key type (value of type <a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>).</dd>
+<dd>A key type (value of type <a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>).</dd>
</dl>
</div>
<div class="section" id="PSA_KEY_TYPE_ECC_GET_FAMILY">
@@ -460,21 +526,21 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
-<dd>An elliptic curve key type (value of type <a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a> such that <a class="reference internal" href="#c.PSA_KEY_TYPE_IS_ECC" title="PSA_KEY_TYPE_IS_ECC"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ECC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dd>An elliptic curve key type (value of type <a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a> such that <a class="reference internal" href="#c.PSA_KEY_TYPE_IS_ECC" title="PSA_KEY_TYPE_IS_ECC"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ECC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
</dl>
<p class="rubric">Returns: <a class="reference internal" href="#c.psa_ecc_family_t" title="psa_ecc_family_t"><code class="docutils literal"><span class="pre">psa_ecc_family_t</span></code></a></p>
<p>The elliptic curve family id, if <code class="docutils literal"><span class="pre">type</span></code> is a supported elliptic curve key. Unspecified if <code class="docutils literal"><span class="pre">type</span></code> is not a supported elliptic curve key.</p>
</div>
</div>
<div class="section" id="diffie-hellman-keys">
-<h2>Diffie Hellman keys</h2>
+<h2>9.2.6. Diffie Hellman keys</h2>
<div class="section" id="psa_dh_family_t">
<span id="c.psa_dh_family_t"></span><h3><code class="docutils literal"><span class="pre">psa_dh_family_t</span></code> (type)</h3>
-<p>The type of PSA Diffie-Hellman group family identifiers.</p>
+<p>The type of PSA finite-field Diffie-Hellman group family identifiers.</p>
<pre class="literal-block">
typedef uint8_t <a class="reference internal" href="#c.psa_dh_family_t" title="psa_dh_family_t">psa_dh_family_t</a>;
</pre>
-<p>The group family identifier is required to create an Diffie-Hellman key using the <a class="reference internal" href="#c.PSA_KEY_TYPE_DH_KEY_PAIR" title="PSA_KEY_TYPE_DH_KEY_PAIR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_DH_KEY_PAIR()</span></code></a> or <a class="reference internal" href="#c.PSA_KEY_TYPE_DH_PUBLIC_KEY" title="PSA_KEY_TYPE_DH_PUBLIC_KEY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_DH_PUBLIC_KEY()</span></code></a> macros.</p>
+<p>The group family identifier is required to create a finite-field Diffie-Hellman key using the <a class="reference internal" href="#c.PSA_KEY_TYPE_DH_KEY_PAIR" title="PSA_KEY_TYPE_DH_KEY_PAIR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_DH_KEY_PAIR()</span></code></a> or <a class="reference internal" href="#c.PSA_KEY_TYPE_DH_PUBLIC_KEY" title="PSA_KEY_TYPE_DH_PUBLIC_KEY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_DH_PUBLIC_KEY()</span></code></a> macros.</p>
<p>The specific Diffie-Hellman group within a family is identified by the <code class="docutils literal"><span class="pre">key_bits</span></code> attribute of the key.</p>
<p>The range of Diffie-Hellman group family identifier values is divided as follows:</p>
<dl class="docutils">
@@ -487,7 +553,7 @@
</div>
<div class="section" id="PSA_KEY_TYPE_DH_KEY_PAIR">
<span id="c.PSA_KEY_TYPE_DH_KEY_PAIR"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DH_KEY_PAIR</span></code> (macro)</h3>
-<p>Diffie-Hellman key pair: both the private key and public key.</p>
+<p>Finite-field Diffie-Hellman key pair: both the private key and public key.</p>
<pre class="literal-block">
#define <a class="reference internal" href="#c.PSA_KEY_TYPE_DH_KEY_PAIR" title="PSA_KEY_TYPE_DH_KEY_PAIR">PSA_KEY_TYPE_DH_KEY_PAIR</a>(group) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
</pre>
@@ -499,7 +565,7 @@
</div>
<div class="section" id="PSA_KEY_TYPE_DH_PUBLIC_KEY">
<span id="c.PSA_KEY_TYPE_DH_PUBLIC_KEY"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DH_PUBLIC_KEY</span></code> (macro)</h3>
-<p>Diffie-Hellman public key.</p>
+<p>Finite-field Diffie-Hellman public key.</p>
<pre class="literal-block">
#define <a class="reference internal" href="#c.PSA_KEY_TYPE_DH_PUBLIC_KEY" title="PSA_KEY_TYPE_DH_PUBLIC_KEY">PSA_KEY_TYPE_DH_PUBLIC_KEY</a>(group) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
</pre>
@@ -511,12 +577,14 @@
</div>
<div class="section" id="PSA_DH_FAMILY_RFC7919">
<span id="c.PSA_DH_FAMILY_RFC7919"></span><h3><code class="docutils literal"><span class="pre">PSA_DH_FAMILY_RFC7919</span></code> (macro)</h3>
-<p>Diffie-Hellman groups defined in <a class="reference external" href="https://tools.ietf.org/html/rfc7919.html#appendix-A">RFC 7919 Appendix A</a>.</p>
+<p>Finite-field Diffie-Hellman groups defined for TLS in RFC 7919.</p>
<pre class="literal-block">
#define <a class="reference internal" href="#c.PSA_DH_FAMILY_RFC7919" title="PSA_DH_FAMILY_RFC7919">PSA_DH_FAMILY_RFC7919</a> ((<a class="reference internal" href="#c.psa_dh_family_t" title="psa_dh_family_t">psa_dh_family_t</a>) 0x03)
</pre>
<p>This family includes groups with the following key sizes (in bits): 2048, 3072, 4096, 6144, 8192.
An implementation can support all of these sizes or only a subset.</p>
+<p>Keys is this group can only be used with the <a class="reference internal" href="../ops/ka.html#c.PSA_ALG_FFDH" title="PSA_ALG_FFDH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_FFDH</span></code></a> key agreement algorithm.</p>
+<p>These groups are defined by <span><em>Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS)</em> <a class="reference internal" href="../../about.html#citation-rfc7919"><span class="cite">[RFC7919]</span></a></span> <a class="reference external" href="https://tools.ietf.org/html/rfc7919.html#appendix-A">Appendix A</a>.</p>
</div>
<div class="section" id="PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY">
<span id="c.PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY"></span><h3><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY</span></code> (macro)</h3>
@@ -561,7 +629,7 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
-<dd>A key type (value of type <a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>).</dd>
+<dd>A key type (value of type <a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>).</dd>
</dl>
</div>
<div class="section" id="PSA_KEY_TYPE_IS_DH_KEY_PAIR">
@@ -573,7 +641,7 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
-<dd>A key type (value of type <a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>).</dd>
+<dd>A key type (value of type <a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>).</dd>
</dl>
</div>
<div class="section" id="PSA_KEY_TYPE_IS_DH_PUBLIC_KEY">
@@ -585,7 +653,7 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
-<dd>A key type (value of type <a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>).</dd>
+<dd>A key type (value of type <a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>).</dd>
</dl>
</div>
<div class="section" id="PSA_KEY_TYPE_DH_GET_FAMILY">
@@ -597,20 +665,20 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
-<dd>A Diffie-Hellman key type (value of type <a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a> such that <a class="reference internal" href="#c.PSA_KEY_TYPE_IS_DH" title="PSA_KEY_TYPE_IS_DH"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_DH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dd>A Diffie-Hellman key type (value of type <a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a> such that <a class="reference internal" href="#c.PSA_KEY_TYPE_IS_DH" title="PSA_KEY_TYPE_IS_DH"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_DH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
</dl>
<p class="rubric">Returns: <a class="reference internal" href="#c.psa_dh_family_t" title="psa_dh_family_t"><code class="docutils literal"><span class="pre">psa_dh_family_t</span></code></a></p>
<p>The Diffie-Hellman group family id, if <code class="docutils literal"><span class="pre">type</span></code> is a supported Diffie-Hellman key. Unspecified if <code class="docutils literal"><span class="pre">type</span></code> is not a supported Diffie-Hellman key.</p>
</div>
</div>
<div class="section" id="attribute-accessors">
-<h2>Attribute accessors</h2>
+<h2>9.2.7. Attribute accessors</h2>
<div class="section" id="psa_set_key_type">
<span id="c.psa_set_key_type"></span><h3><code class="docutils literal"><span class="pre">psa_set_key_type</span></code> (function)</h3>
<p>Declare the type of a key.</p>
<pre class="literal-block">
void <a class="reference internal" href="#c.psa_set_key_type" title="psa_set_key_type">psa_set_key_type</a>(<a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
- <a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a> type);
+ <a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a> type);
</pre>
<p class="rubric">Parameters</p>
<dl class="docutils">
@@ -635,14 +703,14 @@
<span id="c.psa_get_key_type"></span><h3><code class="docutils literal"><span class="pre">psa_get_key_type</span></code> (function)</h3>
<p>Retrieve the key type from key attributes.</p>
<pre class="literal-block">
-<a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a> <a class="reference internal" href="#c.psa_get_key_type" title="psa_get_key_type">psa_get_key_type</a>(const <a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
+<a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a> <a class="reference internal" href="#c.psa_get_key_type" title="psa_get_key_type">psa_get_key_type</a>(const <a class="reference internal" href="attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
</pre>
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
<dd>The key attribute object to query.</dd>
</dl>
-<p class="rubric">Returns: <a class="reference internal" href="attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="docutils literal"><span class="pre">psa_key_type_t</span></code></a></p>
+<p class="rubric">Returns: <a class="reference internal" href="#c.psa_key_type_t" title="psa_key_type_t"><code class="docutils literal"><span class="pre">psa_key_type_t</span></code></a></p>
<p>The key type stored in the attribute object.</p>
<p class="rubric">Description</p>
<div class="admonition-implementation-note admonition">
@@ -711,95 +779,51 @@
</div>
</div>
<div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper">
- <h3><a href="../../index.html">Table Of Contents</a></h3>
- <ul>
-<li><a class="reference internal" href="#">Key types</a><ul>
-<li><a class="reference internal" href="#key-categories">Key categories</a><ul>
-<li><a class="reference internal" href="#PSA_KEY_TYPE_NONE"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_NONE</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_TYPE_IS_UNSTRUCTURED"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_UNSTRUCTURED</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_TYPE_IS_ASYMMETRIC"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ASYMMETRIC</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_TYPE_IS_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_PUBLIC_KEY</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_TYPE_IS_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_KEY_PAIR</span></code> (macro)</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#symmetric-keys">Symmetric keys</a><ul>
-<li><a class="reference internal" href="#PSA_KEY_TYPE_RAW_DATA"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_RAW_DATA</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_TYPE_HMAC"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_HMAC</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_TYPE_DERIVE"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DERIVE</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_TYPE_AES"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_AES</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_TYPE_DES"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DES</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_TYPE_CAMELLIA"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_CAMELLIA</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_TYPE_ARC4"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ARC4</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_TYPE_CHACHA20"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_CHACHA20</span></code> (macro)</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#rsa-keys">RSA keys</a><ul>
-<li><a class="reference internal" href="#PSA_KEY_TYPE_RSA_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_RSA_PUBLIC_KEY</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_TYPE_RSA_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_RSA_KEY_PAIR</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_TYPE_IS_RSA"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_RSA</span></code> (macro)</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#elliptic-curve-keys">Elliptic Curve keys</a><ul>
-<li><a class="reference internal" href="#psa_ecc_family_t"><code class="docutils literal"><span class="pre">psa_ecc_family_t</span></code> (type)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_TYPE_ECC_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_TYPE_ECC_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_PUBLIC_KEY</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ECC_FAMILY_SECP_K1"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECP_K1</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ECC_FAMILY_SECP_R1"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECP_R1</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ECC_FAMILY_SECP_R2"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECP_R2</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ECC_FAMILY_SECT_K1"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECT_K1</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ECC_FAMILY_SECT_R1"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECT_R1</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ECC_FAMILY_SECT_R2"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECT_R2</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ECC_FAMILY_BRAINPOOL_P_R1"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_BRAINPOOL_P_R1</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ECC_FAMILY_FRP"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_FRP</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ECC_FAMILY_MONTGOMERY"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_MONTGOMERY</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_TYPE_IS_ECC"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ECC</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_TYPE_IS_ECC_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ECC_KEY_PAIR</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_TYPE_ECC_GET_FAMILY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_GET_FAMILY</span></code> (macro)</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#diffie-hellman-keys">Diffie Hellman keys</a><ul>
-<li><a class="reference internal" href="#psa_dh_family_t"><code class="docutils literal"><span class="pre">psa_dh_family_t</span></code> (type)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_TYPE_DH_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DH_KEY_PAIR</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_TYPE_DH_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DH_PUBLIC_KEY</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_DH_FAMILY_RFC7919"><code class="docutils literal"><span class="pre">PSA_DH_FAMILY_RFC7919</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_TYPE_IS_DH"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_DH</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_TYPE_IS_DH_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_DH_KEY_PAIR</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_TYPE_IS_DH_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_DH_PUBLIC_KEY</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_TYPE_DH_GET_FAMILY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DH_GET_FAMILY</span></code> (macro)</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#attribute-accessors">Attribute accessors</a><ul>
-<li><a class="reference internal" href="#psa_set_key_type"><code class="docutils literal"><span class="pre">psa_set_key_type</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_get_key_type"><code class="docutils literal"><span class="pre">psa_get_key_type</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_get_key_bits"><code class="docutils literal"><span class="pre">psa_get_key_bits</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_set_key_bits"><code class="docutils literal"><span class="pre">psa_set_key_bits</span></code> (function)</a></li>
-</ul>
-</li>
-</ul>
-</li>
-</ul>
-<div class="relations">
-<h3>Related Topics</h3>
+ <div class="sphinxsidebarwrapper"><h3><a href="../../index.html"><b>PSA Crypto API</b></a></h3>
+IHI 0086<br/>
+Non-confidential<br/>
+Version 1.0.1
+<span style="color: red; font-weight: bold;"></span>
<ul>
- <li><a href="../../index.html">Documentation overview</a><ul>
- <li><a href="index.html">Key management reference</a><ul>
- <li>Previous: <a href="locations.html" title="previous chapter">Key locations</a></li>
- <li>Next: <a href="usage.html" title="next chapter">Key policies</a></li>
- </ul></li>
- </ul></li>
+<li class="toctree-l1"><a class="reference internal" href="../../about.html">About this document</a></li>
</ul>
-</div>
- <div role="note" aria-label="source link">
- <h3>This Page</h3>
- <ul class="this-page-menu">
- <li><a href="../../_sources/api/keys/types.rst.txt"
- rel="nofollow">Show Source</a></li>
- </ul>
- </div>
+<ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../../overview/intro.html">1. Introduction</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/goals.html">2. Design goals</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/functionality.html">3. Functionality overview</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/sample-arch.html">4. Sample architectures</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/conventions.html">5. Library conventions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/implementation.html">6. Implementation considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/usage.html">7. Usage considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../library/index.html">8. Library management reference</a></li>
+<li class="toctree-l1 current"><a class="reference internal" href="index.html">9. Key management reference</a><ul class="current">
+<li class="toctree-l2"><a class="reference internal" href="attributes.html">9.1. Key attributes</a></li>
+<li class="toctree-l2 current"><a class="current reference internal" href="#">9.2. Key types</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#key-type-encoding">9.2.1. Key type encoding</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#key-categories">9.2.2. Key categories</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#symmetric-keys">9.2.3. Symmetric keys</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#rsa-keys">9.2.4. RSA keys</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#elliptic-curve-keys">9.2.5. Elliptic Curve keys</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#diffie-hellman-keys">9.2.6. Diffie Hellman keys</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#attribute-accessors">9.2.7. Attribute accessors</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="lifetimes.html">9.3. Key lifetimes</a></li>
+<li class="toctree-l2"><a class="reference internal" href="ids.html">9.4. Key identifiers</a></li>
+<li class="toctree-l2"><a class="reference internal" href="policy.html">9.5. Key policies</a></li>
+<li class="toctree-l2"><a class="reference internal" href="management.html">9.6. Key management functions</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="../ops/index.html">10. Cryptographic operation reference</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/example_header.html">Example header file</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/specdef_values.html">Example macro implementations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/history.html">Changes to the API</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../../psa_c-identifiers.html">Index of API elements</a></li>
+</ul>
<div id="searchbox" style="display: none" role="search">
<h3>Quick search</h3>
<form class="search" action="../../search.html" method="get">
@@ -815,15 +839,12 @@
<div class="clearer"></div>
</div>
<div class="footer">
- © 2019-2020, Arm Limited or its affiliates. All rights reserved.
+ © 2018-2020, Arm Limited or its affiliates. All rights reserved.
|
Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
& <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
- |
- <a href="../../_sources/api/keys/types.rst.txt"
- rel="nofollow">Page source</a>
</div>
diff --git a/docs/html/api/library/index.html b/docs/html/api/library/index.html
index df8cde6..c30ca76 100644
--- a/docs/html/api/library/index.html
+++ b/docs/html/api/library/index.html
@@ -5,26 +5,27 @@
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>Library management reference — PSA Crypto API 1.0.0 documentation</title>
+ <title>8. Library management reference — PSA Crypto API 1.0.1 documentation</title>
<link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
<link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../../',
- VERSION: '1.0.0',
+ VERSION: '1.0.1',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
- HAS_SOURCE: true,
+ HAS_SOURCE: false,
SOURCELINK_SUFFIX: '.txt'
};
</script>
<script type="text/javascript" src="../../_static/jquery.js"></script>
<script type="text/javascript" src="../../_static/underscore.js"></script>
<script type="text/javascript" src="../../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../../about.html" />
<link rel="index" title="Index" href="../../genindex.html" />
<link rel="search" title="Search" href="../../search.html" />
- <link rel="next" title="PSA status codes" href="status.html" />
- <link rel="prev" title="Usage considerations" href="../../overview/usage.html" />
+ <link rel="next" title="8.1. PSA status codes" href="status.html" />
+ <link rel="prev" title="7. Usage considerations" href="../../overview/usage.html" />
<link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
@@ -40,19 +41,19 @@
<div class="body" role="main">
<div class="section" id="library-management-reference">
-<span id="library-management"></span><span id="api-reference"></span><h1>Library management reference</h1>
+<span id="library-management"></span><span id="api-reference"></span><h1>8. Library management reference</h1>
<div class="toctree-wrapper compound">
<ul>
-<li class="toctree-l1"><a class="reference internal" href="status.html">PSA status codes</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="status.html#status-type">Status type</a><ul>
+<li class="toctree-l1"><a class="reference internal" href="status.html">8.1. PSA status codes</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="status.html#status-type">8.1.1. Status type</a><ul>
<li class="toctree-l3"><a class="reference internal" href="status.html#psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code> (type)</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="status.html#success-codes">Success codes</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="status.html#success-codes">8.1.2. Success codes</a><ul>
<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code> (macro)</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="status.html#error-codes">Error codes</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="status.html#error-codes">8.1.3. Error codes</a><ul>
<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_ERROR_GENERIC_ERROR"><code class="docutils literal"><span class="pre">PSA_ERROR_GENERIC_ERROR</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="status.html#PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code> (macro)</a></li>
@@ -78,13 +79,13 @@
</li>
</ul>
</li>
-<li class="toctree-l1"><a class="reference internal" href="library.html">PSA Crypto library</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="library.html#api-version">API version</a><ul>
+<li class="toctree-l1"><a class="reference internal" href="library.html">8.2. PSA Crypto library</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="library.html#api-version">8.2.1. API version</a><ul>
<li class="toctree-l3"><a class="reference internal" href="library.html#PSA_CRYPTO_API_VERSION_MAJOR"><code class="docutils literal"><span class="pre">PSA_CRYPTO_API_VERSION_MAJOR</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="library.html#PSA_CRYPTO_API_VERSION_MINOR"><code class="docutils literal"><span class="pre">PSA_CRYPTO_API_VERSION_MINOR</span></code> (macro)</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="library.html#library-initialization">Library initialization</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="library.html#library-initialization">8.2.2. Library initialization</a><ul>
<li class="toctree-l3"><a class="reference internal" href="library.html#psa_crypto_init"><code class="docutils literal"><span class="pre">psa_crypto_init</span></code> (function)</a></li>
</ul>
</li>
@@ -99,22 +100,38 @@
</div>
</div>
<div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper"><div class="relations">
-<h3>Related Topics</h3>
+ <div class="sphinxsidebarwrapper"><h3><a href="../../index.html"><b>PSA Crypto API</b></a></h3>
+IHI 0086<br/>
+Non-confidential<br/>
+Version 1.0.1
+<span style="color: red; font-weight: bold;"></span>
<ul>
- <li><a href="../../index.html">Documentation overview</a><ul>
- <li>Previous: <a href="../../overview/usage.html" title="previous chapter">Usage considerations</a></li>
- <li>Next: <a href="status.html" title="next chapter">PSA status codes</a></li>
- </ul></li>
+<li class="toctree-l1"><a class="reference internal" href="../../about.html">About this document</a></li>
</ul>
-</div>
- <div role="note" aria-label="source link">
- <h3>This Page</h3>
- <ul class="this-page-menu">
- <li><a href="../../_sources/api/library/index.rst.txt"
- rel="nofollow">Show Source</a></li>
- </ul>
- </div>
+<ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../../overview/intro.html">1. Introduction</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/goals.html">2. Design goals</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/functionality.html">3. Functionality overview</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/sample-arch.html">4. Sample architectures</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/conventions.html">5. Library conventions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/implementation.html">6. Implementation considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/usage.html">7. Usage considerations</a></li>
+<li class="toctree-l1 current"><a class="current reference internal" href="#">8. Library management reference</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="status.html">8.1. PSA status codes</a></li>
+<li class="toctree-l2"><a class="reference internal" href="library.html">8.2. PSA Crypto library</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="../keys/index.html">9. Key management reference</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../ops/index.html">10. Cryptographic operation reference</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/example_header.html">Example header file</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/specdef_values.html">Example macro implementations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/history.html">Changes to the API</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../../psa_c-identifiers.html">Index of API elements</a></li>
+</ul>
<div id="searchbox" style="display: none" role="search">
<h3>Quick search</h3>
<form class="search" action="../../search.html" method="get">
@@ -130,15 +147,12 @@
<div class="clearer"></div>
</div>
<div class="footer">
- © 2019-2020, Arm Limited or its affiliates. All rights reserved.
+ © 2018-2020, Arm Limited or its affiliates. All rights reserved.
|
Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
& <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
- |
- <a href="../../_sources/api/library/index.rst.txt"
- rel="nofollow">Page source</a>
</div>
diff --git a/docs/html/api/library/library.html b/docs/html/api/library/library.html
index 5d2fd9c..97379e9 100644
--- a/docs/html/api/library/library.html
+++ b/docs/html/api/library/library.html
@@ -5,26 +5,27 @@
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>PSA Crypto library — PSA Crypto API 1.0.0 documentation</title>
+ <title>8.2. PSA Crypto library — PSA Crypto API 1.0.1 documentation</title>
<link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
<link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../../',
- VERSION: '1.0.0',
+ VERSION: '1.0.1',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
- HAS_SOURCE: true,
+ HAS_SOURCE: false,
SOURCELINK_SUFFIX: '.txt'
};
</script>
<script type="text/javascript" src="../../_static/jquery.js"></script>
<script type="text/javascript" src="../../_static/underscore.js"></script>
<script type="text/javascript" src="../../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../../about.html" />
<link rel="index" title="Index" href="../../genindex.html" />
<link rel="search" title="Search" href="../../search.html" />
- <link rel="next" title="Key management reference" href="../keys/index.html" />
- <link rel="prev" title="PSA status codes" href="status.html" />
+ <link rel="next" title="9. Key management reference" href="../keys/index.html" />
+ <link rel="prev" title="8.1. PSA status codes" href="status.html" />
<link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
@@ -40,9 +41,9 @@
<div class="body" role="main">
<div class="section" id="psa-crypto-library">
-<h1>PSA Crypto library</h1>
+<h1>8.2. PSA Crypto library</h1>
<div class="section" id="api-version">
-<span id="id1"></span><h2>API version</h2>
+<span id="id1"></span><h2>8.2.1. API version</h2>
<div class="section" id="PSA_CRYPTO_API_VERSION_MAJOR">
<span id="c.PSA_CRYPTO_API_VERSION_MAJOR"></span><h3><code class="docutils literal"><span class="pre">PSA_CRYPTO_API_VERSION_MAJOR</span></code> (macro)</h3>
<p>The major version of this implementation of the PSA Crypto API.</p>
@@ -59,7 +60,7 @@
</div>
</div>
<div class="section" id="library-initialization">
-<span id="library-init"></span><h2>Library initialization</h2>
+<span id="library-init"></span><h2>8.2.2. Library initialization</h2>
<div class="section" id="psa_crypto_init">
<span id="c.psa_crypto_init"></span><h3><code class="docutils literal"><span class="pre">psa_crypto_init</span></code> (function)</h3>
<p>Library initialization.</p>
@@ -98,40 +99,42 @@
</div>
</div>
<div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper">
- <h3><a href="../../index.html">Table Of Contents</a></h3>
- <ul>
-<li><a class="reference internal" href="#">PSA Crypto library</a><ul>
-<li><a class="reference internal" href="#api-version">API version</a><ul>
-<li><a class="reference internal" href="#PSA_CRYPTO_API_VERSION_MAJOR"><code class="docutils literal"><span class="pre">PSA_CRYPTO_API_VERSION_MAJOR</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_CRYPTO_API_VERSION_MINOR"><code class="docutils literal"><span class="pre">PSA_CRYPTO_API_VERSION_MINOR</span></code> (macro)</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#library-initialization">Library initialization</a><ul>
-<li><a class="reference internal" href="#psa_crypto_init"><code class="docutils literal"><span class="pre">psa_crypto_init</span></code> (function)</a></li>
-</ul>
-</li>
-</ul>
-</li>
-</ul>
-<div class="relations">
-<h3>Related Topics</h3>
+ <div class="sphinxsidebarwrapper"><h3><a href="../../index.html"><b>PSA Crypto API</b></a></h3>
+IHI 0086<br/>
+Non-confidential<br/>
+Version 1.0.1
+<span style="color: red; font-weight: bold;"></span>
<ul>
- <li><a href="../../index.html">Documentation overview</a><ul>
- <li><a href="index.html">Library management reference</a><ul>
- <li>Previous: <a href="status.html" title="previous chapter">PSA status codes</a></li>
- <li>Next: <a href="../keys/index.html" title="next chapter">Key management reference</a></li>
- </ul></li>
- </ul></li>
+<li class="toctree-l1"><a class="reference internal" href="../../about.html">About this document</a></li>
</ul>
-</div>
- <div role="note" aria-label="source link">
- <h3>This Page</h3>
- <ul class="this-page-menu">
- <li><a href="../../_sources/api/library/library.rst.txt"
- rel="nofollow">Show Source</a></li>
- </ul>
- </div>
+<ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../../overview/intro.html">1. Introduction</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/goals.html">2. Design goals</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/functionality.html">3. Functionality overview</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/sample-arch.html">4. Sample architectures</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/conventions.html">5. Library conventions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/implementation.html">6. Implementation considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/usage.html">7. Usage considerations</a></li>
+<li class="toctree-l1 current"><a class="reference internal" href="index.html">8. Library management reference</a><ul class="current">
+<li class="toctree-l2"><a class="reference internal" href="status.html">8.1. PSA status codes</a></li>
+<li class="toctree-l2 current"><a class="current reference internal" href="#">8.2. PSA Crypto library</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#api-version">8.2.1. API version</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#library-initialization">8.2.2. Library initialization</a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="../keys/index.html">9. Key management reference</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../ops/index.html">10. Cryptographic operation reference</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/example_header.html">Example header file</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/specdef_values.html">Example macro implementations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/history.html">Changes to the API</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../../psa_c-identifiers.html">Index of API elements</a></li>
+</ul>
<div id="searchbox" style="display: none" role="search">
<h3>Quick search</h3>
<form class="search" action="../../search.html" method="get">
@@ -147,15 +150,12 @@
<div class="clearer"></div>
</div>
<div class="footer">
- © 2019-2020, Arm Limited or its affiliates. All rights reserved.
+ © 2018-2020, Arm Limited or its affiliates. All rights reserved.
|
Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
& <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
- |
- <a href="../../_sources/api/library/library.rst.txt"
- rel="nofollow">Page source</a>
</div>
diff --git a/docs/html/api/library/status.html b/docs/html/api/library/status.html
index 36673ac..d669672 100644
--- a/docs/html/api/library/status.html
+++ b/docs/html/api/library/status.html
@@ -5,26 +5,27 @@
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>PSA status codes — PSA Crypto API 1.0.0 documentation</title>
+ <title>8.1. PSA status codes — PSA Crypto API 1.0.1 documentation</title>
<link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
<link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../../',
- VERSION: '1.0.0',
+ VERSION: '1.0.1',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
- HAS_SOURCE: true,
+ HAS_SOURCE: false,
SOURCELINK_SUFFIX: '.txt'
};
</script>
<script type="text/javascript" src="../../_static/jquery.js"></script>
<script type="text/javascript" src="../../_static/underscore.js"></script>
<script type="text/javascript" src="../../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../../about.html" />
<link rel="index" title="Index" href="../../genindex.html" />
<link rel="search" title="Search" href="../../search.html" />
- <link rel="next" title="PSA Crypto library" href="library.html" />
- <link rel="prev" title="Library management reference" href="index.html" />
+ <link rel="next" title="8.2. PSA Crypto library" href="library.html" />
+ <link rel="prev" title="8. Library management reference" href="index.html" />
<link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
@@ -40,9 +41,9 @@
<div class="body" role="main">
<div class="section" id="psa-status-codes">
-<span id="status-codes"></span><h1>PSA status codes</h1>
+<span id="status-codes"></span><h1>8.1. PSA status codes</h1>
<div class="section" id="status-type">
-<h2>Status type</h2>
+<h2>8.1.1. Status type</h2>
<div class="section" id="psa_status_t">
<span id="c.psa_status_t"></span><h3><code class="docutils literal"><span class="pre">psa_status_t</span></code> (type)</h3>
<p>Function return status.</p>
@@ -53,7 +54,7 @@
</div>
</div>
<div class="section" id="success-codes">
-<h2>Success codes</h2>
+<h2>8.1.2. Success codes</h2>
<div class="section" id="PSA_SUCCESS">
<span id="c.PSA_SUCCESS"></span><h3><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code> (macro)</h3>
<p>The action was completed successfully.</p>
@@ -63,7 +64,7 @@
</div>
</div>
<div class="section" id="error-codes">
-<h2>Error codes</h2>
+<h2>8.1.3. Error codes</h2>
<div class="section" id="PSA_ERROR_GENERIC_ERROR">
<span id="c.PSA_ERROR_GENERIC_ERROR"></span><h3><code class="docutils literal"><span class="pre">PSA_ERROR_GENERIC_ERROR</span></code> (macro)</h3>
<p>An error occurred that does not correspond to any defined failure cause.</p>
@@ -112,7 +113,7 @@
<pre class="literal-block">
#define <a class="reference internal" href="#c.PSA_ERROR_DOES_NOT_EXIST" title="PSA_ERROR_DOES_NOT_EXIST">PSA_ERROR_DOES_NOT_EXIST</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-140)
</pre>
-<p>It is recommended that implementations return this error code if a requested key does not exist.</p>
+<p>Implementations must not return this error code to indicate that a key identifier is invalid, but must return <a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a> instead.</p>
</div>
<div class="section" id="PSA_ERROR_BAD_STATE">
<span id="c.PSA_ERROR_BAD_STATE"></span><h3><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code> (macro)</h3>
@@ -121,7 +122,6 @@
#define <a class="reference internal" href="#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE">PSA_ERROR_BAD_STATE</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-137)
</pre>
<p>Multi-part operations return this error when one of the functions is called out of sequence. Refer to the function descriptions for permitted sequencing of functions.</p>
-<p>Implementations must not return this error code to indicate that a key either exists or not, but must instead return <a class="reference internal" href="#c.PSA_ERROR_ALREADY_EXISTS" title="PSA_ERROR_ALREADY_EXISTS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_ALREADY_EXISTS</span></code></a> or <a class="reference internal" href="#c.PSA_ERROR_DOES_NOT_EXIST" title="PSA_ERROR_DOES_NOT_EXIST"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_DOES_NOT_EXIST</span></code></a> as applicable.</p>
<p>Implementations must not return this error code to indicate that a key identifier is invalid, but must return <a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a> instead.</p>
</div>
<div class="section" id="PSA_ERROR_INVALID_ARGUMENT">
@@ -195,7 +195,7 @@
</ul>
<p>Note that a storage corruption does not indicate that any data that was previously read is invalid. However this previously read data might no longer be readable from storage.</p>
<p>When a storage failure occurs, it is no longer possible to ensure the global integrity of the keystore. Depending on the global integrity guarantees offered by the implementation, access to other data might fail even if the data is still readable but its integrity cannot be guaranteed.</p>
-<p>It is recommended to only use this error code to report when a storage component indicates that the stored data is corrupt, or fails an integrity check. For example, in situations that the PSA Internal Trusted Storage API reports <a class="reference internal" href="#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a> or <a class="reference internal" href="#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a>.</p>
+<p>It is recommended to only use this error code to report when a storage component indicates that the stored data is corrupt, or fails an integrity check. For example, in situations that the <span><em>PSA Storage API</em> <a class="reference internal" href="../../about.html#citation-psa-its"><span class="cite">[PSA-ITS]</span></a></span> reports <a class="reference internal" href="#c.PSA_ERROR_DATA_CORRUPT" title="PSA_ERROR_DATA_CORRUPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code></a> or <a class="reference internal" href="#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a>.</p>
</div>
<div class="section" id="PSA_ERROR_DATA_INVALID">
<span id="c.PSA_ERROR_DATA_INVALID"></span><h3><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code> (macro)</h3>
@@ -274,7 +274,7 @@
<pre class="literal-block">
#define <a class="reference internal" href="#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE">PSA_ERROR_INVALID_HANDLE</a> ((<a class="reference internal" href="#c.psa_status_t" title="psa_status_t">psa_status_t</a>)-136)
</pre>
-<p>See also <em><a class="reference internal" href="../../overview/functionality.html#key-ids"><span class="std std-ref">Key identifiers</span></a></em>.</p>
+<p>See also <a class="reference internal" href="../../overview/functionality.html#key-ids"><span class="secref">Key identifiers</span></a>.</p>
</div>
</div>
</div>
@@ -284,63 +284,43 @@
</div>
</div>
<div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper">
- <h3><a href="../../index.html">Table Of Contents</a></h3>
- <ul>
-<li><a class="reference internal" href="#">PSA status codes</a><ul>
-<li><a class="reference internal" href="#status-type">Status type</a><ul>
-<li><a class="reference internal" href="#psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code> (type)</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#success-codes">Success codes</a><ul>
-<li><a class="reference internal" href="#PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code> (macro)</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#error-codes">Error codes</a><ul>
-<li><a class="reference internal" href="#PSA_ERROR_GENERIC_ERROR"><code class="docutils literal"><span class="pre">PSA_ERROR_GENERIC_ERROR</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ERROR_ALREADY_EXISTS"><code class="docutils literal"><span class="pre">PSA_ERROR_ALREADY_EXISTS</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ERROR_DOES_NOT_EXIST"><code class="docutils literal"><span class="pre">PSA_ERROR_DOES_NOT_EXIST</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ERROR_INSUFFICIENT_STORAGE"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_STORAGE</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ERROR_STORAGE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_STORAGE_FAILURE</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ERROR_DATA_CORRUPT"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_CORRUPT</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_ENTROPY</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ERROR_INVALID_SIGNATURE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ERROR_INVALID_PADDING"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_PADDING</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ERROR_INSUFFICIENT_DATA"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_DATA</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code> (macro)</a></li>
-</ul>
-</li>
-</ul>
-</li>
-</ul>
-<div class="relations">
-<h3>Related Topics</h3>
+ <div class="sphinxsidebarwrapper"><h3><a href="../../index.html"><b>PSA Crypto API</b></a></h3>
+IHI 0086<br/>
+Non-confidential<br/>
+Version 1.0.1
+<span style="color: red; font-weight: bold;"></span>
<ul>
- <li><a href="../../index.html">Documentation overview</a><ul>
- <li><a href="index.html">Library management reference</a><ul>
- <li>Previous: <a href="index.html" title="previous chapter">Library management reference</a></li>
- <li>Next: <a href="library.html" title="next chapter">PSA Crypto library</a></li>
- </ul></li>
- </ul></li>
+<li class="toctree-l1"><a class="reference internal" href="../../about.html">About this document</a></li>
</ul>
-</div>
- <div role="note" aria-label="source link">
- <h3>This Page</h3>
- <ul class="this-page-menu">
- <li><a href="../../_sources/api/library/status.rst.txt"
- rel="nofollow">Show Source</a></li>
- </ul>
- </div>
+<ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../../overview/intro.html">1. Introduction</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/goals.html">2. Design goals</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/functionality.html">3. Functionality overview</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/sample-arch.html">4. Sample architectures</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/conventions.html">5. Library conventions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/implementation.html">6. Implementation considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/usage.html">7. Usage considerations</a></li>
+<li class="toctree-l1 current"><a class="reference internal" href="index.html">8. Library management reference</a><ul class="current">
+<li class="toctree-l2 current"><a class="current reference internal" href="#">8.1. PSA status codes</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#status-type">8.1.1. Status type</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#success-codes">8.1.2. Success codes</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#error-codes">8.1.3. Error codes</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="library.html">8.2. PSA Crypto library</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="../keys/index.html">9. Key management reference</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../ops/index.html">10. Cryptographic operation reference</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/example_header.html">Example header file</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/specdef_values.html">Example macro implementations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/history.html">Changes to the API</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../../psa_c-identifiers.html">Index of API elements</a></li>
+</ul>
<div id="searchbox" style="display: none" role="search">
<h3>Quick search</h3>
<form class="search" action="../../search.html" method="get">
@@ -356,15 +336,12 @@
<div class="clearer"></div>
</div>
<div class="footer">
- © 2019-2020, Arm Limited or its affiliates. All rights reserved.
+ © 2018-2020, Arm Limited or its affiliates. All rights reserved.
|
Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
& <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
- |
- <a href="../../_sources/api/library/status.rst.txt"
- rel="nofollow">Page source</a>
</div>
diff --git a/docs/html/api/ops/aead.html b/docs/html/api/ops/aead.html
index 720a890..a150b20 100644
--- a/docs/html/api/ops/aead.html
+++ b/docs/html/api/ops/aead.html
@@ -5,26 +5,27 @@
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>Authenticated encryption with associated data (AEAD) — PSA Crypto API 1.0.0 documentation</title>
+ <title>10.5. Authenticated encryption with associated data (AEAD) — PSA Crypto API 1.0.1 documentation</title>
<link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
<link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../../',
- VERSION: '1.0.0',
+ VERSION: '1.0.1',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
- HAS_SOURCE: true,
+ HAS_SOURCE: false,
SOURCELINK_SUFFIX: '.txt'
};
</script>
<script type="text/javascript" src="../../_static/jquery.js"></script>
<script type="text/javascript" src="../../_static/underscore.js"></script>
<script type="text/javascript" src="../../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../../about.html" />
<link rel="index" title="Index" href="../../genindex.html" />
<link rel="search" title="Search" href="../../search.html" />
- <link rel="next" title="Key derivation" href="kdf.html" />
- <link rel="prev" title="Unauthenticated ciphers" href="ciphers.html" />
+ <link rel="next" title="10.6. Key derivation" href="kdf.html" />
+ <link rel="prev" title="10.4. Unauthenticated ciphers" href="ciphers.html" />
<link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
@@ -40,37 +41,52 @@
<div class="body" role="main">
<div class="section" id="authenticated-encryption-with-associated-data-aead">
-<span id="aead"></span><h1>Authenticated encryption with associated data (AEAD)</h1>
+<span id="aead"></span><h1>10.5. Authenticated encryption with associated data (AEAD)</h1>
<div class="section" id="aead-algorithms">
-<span id="id1"></span><h2>AEAD algorithms</h2>
+<span id="id1"></span><h2>10.5.1. AEAD algorithms</h2>
<div class="section" id="PSA_ALG_CCM">
<span id="c.PSA_ALG_CCM"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_CCM</span></code> (macro)</h3>
-<p>The CCM authenticated encryption algorithm.</p>
+<p>The <em>Counter with CBC-MAC</em> (CCM) authenticated encryption algorithm.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_CCM" title="PSA_ALG_CCM">PSA_ALG_CCM</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x05500100)
+#define <a class="reference internal" href="#c.PSA_ALG_CCM" title="PSA_ALG_CCM">PSA_ALG_CCM</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x05500100)
</pre>
-<p>The underlying block cipher is determined by the key type.</p>
+<p>CCM is defined for block ciphers that have a 128-bit block size. The underlying block cipher is determined by the key type.</p>
+<p>To use <a class="reference internal" href="#c.PSA_ALG_CCM" title="PSA_ALG_CCM"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CCM</span></code></a> with a multi-part AEAD operation, the application must call <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_lengths()</span></code></a> before providing the nonce, the additional data and plaintext to the operation.</p>
+<p>CCM requires a nonce of between 7 and 13 bytes in length. The length of the nonce depends on the length of the plaintext:</p>
+<ul class="simple">
+<li>CCM encodes the plaintext length <em>pLen</em> in <em>L</em> octets, with <em>L</em> the smallest integer >= 2 where <em>pLen</em> < 2^(8<em>L</em>).</li>
+<li>The nonce length is then 15 - <em>L</em> bytes.</li>
+</ul>
+<p>If the application is generating a random nonce using <a class="reference internal" href="#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_generate_nonce()</span></code></a>, the size of the generated nonce is 15 - <em>L</em> bytes.</p>
+<p>CCM supports authentication tag sizes of 4, 6, 8, 10, 12, 14, and 16 bytes. The default tag length is 16. Shortened tag lengths can be requested using <a class="reference internal" href="#c.PSA_ALG_AEAD_WITH_SHORTENED_TAG" title="PSA_ALG_AEAD_WITH_SHORTENED_TAG"><code class="docutils literal"><span class="pre">PSA_ALG_AEAD_WITH_SHORTENED_TAG</span></code></a><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="#c.PSA_ALG_CCM" title="PSA_ALG_CCM"><code class="docutils literal"><span class="pre">PSA_ALG_CCM</span></code></a><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">tag_length</span></code><code class="docutils literal"><span class="pre">)</span></code>, where <code class="docutils literal"><span class="pre">tag_length</span></code> is a valid CCM tag length.</p>
+<p>The CCM block cipher mode is defined in <span><em>Counter with CBC-MAC (CCM)</em> <a class="reference internal" href="../../about.html#citation-rfc3610"><span class="cite">[RFC3610]</span></a></span>.</p>
</div>
<div class="section" id="PSA_ALG_GCM">
<span id="c.PSA_ALG_GCM"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_GCM</span></code> (macro)</h3>
-<p>The GCM authenticated encryption algorithm.</p>
+<p>The <em>Galois/Counter Mode</em> (GCM) authenticated encryption algorithm.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_GCM" title="PSA_ALG_GCM">PSA_ALG_GCM</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x05500200)
+#define <a class="reference internal" href="#c.PSA_ALG_GCM" title="PSA_ALG_GCM">PSA_ALG_GCM</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x05500200)
</pre>
-<p>The underlying block cipher is determined by the key type.</p>
+<p>GCM is defined for block ciphers that have a 128-bit block size. The underlying block cipher is determined by the key type.</p>
+<p>GCM requires a nonce of at least 1 byte in length. The maximum supported nonce size is <a class="reference internal" href="../../about.html#term-implementation-defined"><span class="scterm">implementation defined</span></a>. Calling <a class="reference internal" href="#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_generate_nonce()</span></code></a> will generate a random 12-byte nonce.</p>
+<p>GCM supports authentication tag sizes of 4, 8, 12, 13, 14, 15, and 16 bytes. The default tag length is 16. Shortened tag lengths can be requested using <a class="reference internal" href="#c.PSA_ALG_AEAD_WITH_SHORTENED_TAG" title="PSA_ALG_AEAD_WITH_SHORTENED_TAG"><code class="docutils literal"><span class="pre">PSA_ALG_AEAD_WITH_SHORTENED_TAG</span></code></a><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="#c.PSA_ALG_GCM" title="PSA_ALG_GCM"><code class="docutils literal"><span class="pre">PSA_ALG_GCM</span></code></a><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">tag_length</span></code><code class="docutils literal"><span class="pre">)</span></code>, where <code class="docutils literal"><span class="pre">tag_length</span></code> is a valid GCM tag length.</p>
+<p>The GCM block cipher mode is defined in <span><em>NIST Special Publication 800-38D: Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC</em> <a class="reference internal" href="../../about.html#citation-sp800-38d"><span class="cite">[SP800-38D]</span></a></span>.</p>
</div>
<div class="section" id="PSA_ALG_CHACHA20_POLY1305">
<span id="c.PSA_ALG_CHACHA20_POLY1305"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_CHACHA20_POLY1305</span></code> (macro)</h3>
-<p>The Chacha20-Poly1305 AEAD algorithm.</p>
+<p>The ChaCha20-Poly1305 AEAD algorithm.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_CHACHA20_POLY1305" title="PSA_ALG_CHACHA20_POLY1305">PSA_ALG_CHACHA20_POLY1305</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x05100500)
+#define <a class="reference internal" href="#c.PSA_ALG_CHACHA20_POLY1305" title="PSA_ALG_CHACHA20_POLY1305">PSA_ALG_CHACHA20_POLY1305</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x05100500)
</pre>
-<p>The ChaCha20_Poly1305 construction is defined in <a class="reference external" href="https://tools.ietf.org/html/rfc7539.html">RFC 7539</a>.</p>
-<p>Variants of this algorithm are defined by the length of the nonce:</p>
+<p>There are two defined variants of ChaCha20-Poly1305:</p>
<ul class="simple">
-<li>Implementations must support a 12-byte nonce, as defined in <a class="reference external" href="https://tools.ietf.org/html/rfc7539.html">RFC 7539</a>.</li>
-<li>Implementations can optionally support an 8-byte nonce, the original variant.</li>
-<li>It is recommended that implementations do not support other sizes of nonce.</li>
+<li>An implementation that supports ChaCha20-Poly1305 must support the variant defined by <span><em>ChaCha20 and Poly1305 for IETF Protocols</em> <a class="reference internal" href="../../about.html#citation-rfc7539"><span class="cite">[RFC7539]</span></a></span>, which has a 96-bit nonce and 32-bit counter.</li>
+<li>An implementation can optionally also support the original variant defined by <span><em>ChaCha, a variant of Salsa20</em> <a class="reference internal" href="../../about.html#citation-chacha20"><span class="cite">[CHACHA20]</span></a></span>, which has a 64-bit nonce and 64-bit counter.</li>
+</ul>
+<p>The variant used for the AEAD encryption or decryption operation, depends on the nonce provided for an AEAD operation using <a class="reference internal" href="#c.PSA_ALG_CHACHA20_POLY1305" title="PSA_ALG_CHACHA20_POLY1305"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CHACHA20_POLY1305</span></code></a>:</p>
+<ul class="simple">
+<li>A nonce provided in a call to <a class="reference internal" href="#c.psa_aead_encrypt" title="psa_aead_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_encrypt()</span></code></a>, <a class="reference internal" href="#c.psa_aead_decrypt" title="psa_aead_decrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_decrypt()</span></code></a> or <a class="reference internal" href="#c.psa_aead_set_nonce" title="psa_aead_set_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_nonce()</span></code></a> must be 8 or 12 bytes. The size of nonce will select the appropriate variant of the algorithm.</li>
+<li>A nonce generated by a call to <a class="reference internal" href="#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_generate_nonce()</span></code></a> will be 12 bytes, and will use the <a class="reference internal" href="../../about.html#citation-rfc7539"><span class="cite">[RFC7539]</span></a> variant.</li>
</ul>
<p>Implementations must support 16-byte tags. It is recommended that truncated tag sizes are rejected.</p>
</div>
@@ -84,7 +100,7 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">aead_alg</span></code></dt>
-<dd>An AEAD algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dd>An AEAD algorithm identifier (value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
<dt> <code class="docutils literal"><span class="pre">tag_length</span></code></dt>
<dd>Desired length of the authentication tag in bytes.</dd>
</dl>
@@ -97,13 +113,13 @@
</div>
</div>
<div class="section" id="single-part-aead-functions">
-<h2>Single-part AEAD functions</h2>
+<h2>10.5.2. Single-part AEAD functions</h2>
<div class="section" id="psa_aead_encrypt">
<span id="c.psa_aead_encrypt"></span><h3><code class="docutils literal"><span class="pre">psa_aead_encrypt</span></code> (function)</h3>
<p>Process an authenticated encryption operation.</p>
<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_aead_encrypt" title="psa_aead_encrypt">psa_aead_encrypt</a>(<a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_aead_encrypt" title="psa_aead_encrypt">psa_aead_encrypt</a>(<a class="reference internal" href="../keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+ <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
const uint8_t * nonce,
size_t nonce_length,
const uint8_t * additional_data,
@@ -118,9 +134,9 @@
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
<dd>Identifier of the key to use for the operation.
-It must allow the usage <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code></a>.</dd>
+It must allow the usage <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code></a>.</dd>
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>The AEAD algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dd>The AEAD algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
<dt> <code class="docutils literal"><span class="pre">nonce</span></code></dt>
<dd>Nonce or IV to use.</dd>
<dt> <code class="docutils literal"><span class="pre">nonce_length</span></code></dt>
@@ -152,7 +168,7 @@
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
<dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>The key does not have the <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code></a> flag, or it does not permit the requested algorithm.</dd>
+<dd>The key does not have the <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code></a> flag, or it does not permit the requested algorithm.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
<dd><code class="docutils literal"><span class="pre">key</span></code> is not compatible with <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
@@ -181,8 +197,8 @@
<span id="c.psa_aead_decrypt"></span><h3><code class="docutils literal"><span class="pre">psa_aead_decrypt</span></code> (function)</h3>
<p>Process an authenticated decryption operation.</p>
<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_aead_decrypt" title="psa_aead_decrypt">psa_aead_decrypt</a>(<a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_aead_decrypt" title="psa_aead_decrypt">psa_aead_decrypt</a>(<a class="reference internal" href="../keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+ <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
const uint8_t * nonce,
size_t nonce_length,
const uint8_t * additional_data,
@@ -197,9 +213,9 @@
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
<dd>Identifier of the key to use for the operation.
-It must allow the usage <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code></a>.</dd>
+It must allow the usage <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code></a>.</dd>
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>The AEAD algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dd>The AEAD algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
<dt> <code class="docutils literal"><span class="pre">nonce</span></code></dt>
<dd>Nonce or IV to use.</dd>
<dt> <code class="docutils literal"><span class="pre">nonce_length</span></code></dt>
@@ -233,7 +249,7 @@
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a></dt>
<dd>The ciphertext is not authentic.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>The key does not have the <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code></a> flag, or it does not permit the requested algorithm.</dd>
+<dd>The key does not have the <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code></a> flag, or it does not permit the requested algorithm.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
<dd><code class="docutils literal"><span class="pre">key</span></code> is not compatible with <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
@@ -260,7 +276,7 @@
</div>
</div>
<div class="section" id="multi-part-aead-operations">
-<h2>Multi-part AEAD operations</h2>
+<h2>10.5.3. Multi-part AEAD operations</h2>
<div class="admonition warning" id="aead-multi-part-warning">
<p class="first admonition-title">Warning</p>
<p>When decrypting using a multi-part AEAD operation, there is no guarantee that the input or output is valid until <a class="reference internal" href="#c.psa_aead_verify" title="psa_aead_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_verify()</span></code></a> has returned <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SUCCESS</span></code></a>.</p>
@@ -326,8 +342,8 @@
<p>Set the key for a multi-part authenticated encryption operation.</p>
<pre class="literal-block">
<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup">psa_aead_encrypt_setup</a>(<a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> * operation,
- <a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
+ <a class="reference internal" href="../keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+ <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
</pre>
<p class="rubric">Parameters</p>
<dl class="docutils">
@@ -335,9 +351,9 @@
<dd>The operation object to set up. It must have been initialized as per the documentation for <a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_aead_operation_t</span></code></a> and not yet in use.</dd>
<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
<dd>Identifier of the key to use for the operation. It must remain valid until the operation terminates.
-It must allow the usage <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code></a>.</dd>
+It must allow the usage <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code></a>.</dd>
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>The AEAD algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dd>The AEAD algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
</dl>
<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
<dl class="docutils">
@@ -348,7 +364,7 @@
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
<dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>The key does not have the <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code></a> flag, or it does not permit the requested algorithm.</dd>
+<dd>The key does not have the <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code></a> flag, or it does not permit the requested algorithm.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
<dd><code class="docutils literal"><span class="pre">key</span></code> is not compatible with <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
@@ -394,8 +410,8 @@
<p>Set the key for a multi-part authenticated decryption operation.</p>
<pre class="literal-block">
<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_aead_decrypt_setup" title="psa_aead_decrypt_setup">psa_aead_decrypt_setup</a>(<a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> * operation,
- <a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
+ <a class="reference internal" href="../keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+ <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
</pre>
<p class="rubric">Parameters</p>
<dl class="docutils">
@@ -403,9 +419,9 @@
<dd>The operation object to set up. It must have been initialized as per the documentation for <a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_aead_operation_t</span></code></a> and not yet in use.</dd>
<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
<dd>Identifier of the key to use for the operation. It must remain valid until the operation terminates.
-It must allow the usage <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code></a>.</dd>
+It must allow the usage <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code></a>.</dd>
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>The AEAD algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dd>The AEAD algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
</dl>
<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
<dl class="docutils">
@@ -416,7 +432,7 @@
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
<dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>The key does not have the <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code></a> flag, or it does not permit the requested algorithm.</dd>
+<dd>The key does not have the <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code></a> flag, or it does not permit the requested algorithm.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
<dd><code class="docutils literal"><span class="pre">key</span></code> is not compatible with <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
@@ -457,6 +473,51 @@
<li>A call to <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_abort()</span></code></a>.</li>
</ul>
</div>
+<div class="section" id="psa_aead_set_lengths">
+<span id="c.psa_aead_set_lengths"></span><h3><code class="docutils literal"><span class="pre">psa_aead_set_lengths</span></code> (function)</h3>
+<p>Declare the lengths of the message and additional data for AEAD.</p>
+<pre class="literal-block">
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths">psa_aead_set_lengths</a>(<a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> * operation,
+ size_t ad_length,
+ size_t plaintext_length);
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
+<dd>Active AEAD operation.</dd>
+<dt> <code class="docutils literal"><span class="pre">ad_length</span></code></dt>
+<dd>Size of the non-encrypted additional authenticated data in bytes.</dd>
+<dt> <code class="docutils literal"><span class="pre">plaintext_length</span></code></dt>
+<dd>Size of the plaintext to encrypt in bytes.</dd>
+</dl>
+<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
+<dl class="docutils">
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
+<dd>Success.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The operation state is not valid: it must be active, and <a class="reference internal" href="#c.psa_aead_set_nonce" title="psa_aead_set_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_nonce()</span></code></a> and <a class="reference internal" href="#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_generate_nonce()</span></code></a> must not have been called yet.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd>At least one of the lengths is not acceptable for the chosen algorithm.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
+<dd></dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
+</dl>
+<p class="rubric">Description</p>
+<p>The application must call this function before calling <a class="reference internal" href="#c.psa_aead_set_nonce" title="psa_aead_set_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_nonce()</span></code></a> or <a class="reference internal" href="#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_generate_nonce()</span></code></a>, if the algorithm for the operation requires it. If the algorithm does not require it, calling this function is optional, but if this function is called then the implementation must enforce the lengths.</p>
+<ul class="simple">
+<li>For <a class="reference internal" href="#c.PSA_ALG_CCM" title="PSA_ALG_CCM"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CCM</span></code></a>, calling this function is required.</li>
+<li>For the other AEAD algorithms defined in this specification, calling this function is not required.</li>
+<li>For vendor-defined algorithm, refer to the vendor documentation.</li>
+</ul>
+<p>If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_abort()</span></code></a>.</p>
+</div>
<div class="section" id="psa_aead_generate_nonce">
<span id="c.psa_aead_generate_nonce"></span><h3><code class="docutils literal"><span class="pre">psa_aead_generate_nonce</span></code> (function)</h3>
<p>Generate a random nonce for an authenticated encryption operation.</p>
@@ -483,6 +544,8 @@
<dd>Success.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
<dd>The operation state is not valid: it must be an active AEAD encryption operation, with no nonce set.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The operation state is not valid: this is an algorithm which requires <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_lengths()</span></code></a> to be called before setting the nonce.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
<dd>The size of the <code class="docutils literal"><span class="pre">nonce</span></code> buffer is too small. <a class="reference internal" href="#c.PSA_AEAD_NONCE_LENGTH" title="PSA_AEAD_NONCE_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_NONCE_LENGTH()</span></code></a> or <a class="reference internal" href="#c.PSA_AEAD_NONCE_MAX_SIZE" title="PSA_AEAD_NONCE_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_NONCE_MAX_SIZE</span></code></a> can be used to determine the required buffer size.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
@@ -504,7 +567,7 @@
</dl>
<p class="rubric">Description</p>
<p>This function generates a random nonce for the authenticated encryption operation with an appropriate size for the chosen algorithm, key type and key size.</p>
-<p>The application must call <a class="reference internal" href="#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_encrypt_setup()</span></code></a> before calling this function.</p>
+<p>The application must call <a class="reference internal" href="#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_encrypt_setup()</span></code></a> before calling this function. If applicable for the algorithm, the application must call <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_lengths()</span></code></a> before calling this function.</p>
<p>If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_abort()</span></code></a>.</p>
</div>
<div class="section" id="psa_aead_set_nonce">
@@ -530,6 +593,8 @@
<dd>Success.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
<dd>The operation state is not valid: it must be active, with no nonce set.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
+<dd>The operation state is not valid: this is an algorithm which requires <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_lengths()</span></code></a> to be called before setting the nonce.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
<dd>The size of <code class="docutils literal"><span class="pre">nonce</span></code> is not acceptable for the chosen algorithm.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
@@ -551,59 +616,13 @@
</dl>
<p class="rubric">Description</p>
<p>This function sets the nonce for the authenticated encryption or decryption operation.</p>
-<p>The application must call <a class="reference internal" href="#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_encrypt_setup()</span></code></a> or <a class="reference internal" href="#c.psa_aead_decrypt_setup" title="psa_aead_decrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_decrypt_setup()</span></code></a> before calling this function.</p>
+<p>The application must call <a class="reference internal" href="#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_encrypt_setup()</span></code></a> or <a class="reference internal" href="#c.psa_aead_decrypt_setup" title="psa_aead_decrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_decrypt_setup()</span></code></a> before calling this function. If applicable for the algorithm, the application must call <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_lengths()</span></code></a> before calling this function.</p>
<p>If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_abort()</span></code></a>.</p>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">When encrypting, <a class="reference internal" href="#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_generate_nonce()</span></code></a> is recommended instead of using this function, unless implementing a protocol that requires a non-random IV.</p>
</div>
</div>
-<div class="section" id="psa_aead_set_lengths">
-<span id="c.psa_aead_set_lengths"></span><h3><code class="docutils literal"><span class="pre">psa_aead_set_lengths</span></code> (function)</h3>
-<p>Declare the lengths of the message and additional data for AEAD.</p>
-<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_aead_set_lengths" title="psa_aead_set_lengths">psa_aead_set_lengths</a>(<a class="reference internal" href="#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> * operation,
- size_t ad_length,
- size_t plaintext_length);
-</pre>
-<p class="rubric">Parameters</p>
-<dl class="docutils">
-<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
-<dd>Active AEAD operation.</dd>
-<dt> <code class="docutils literal"><span class="pre">ad_length</span></code></dt>
-<dd>Size of the non-encrypted additional authenticated data in bytes.</dd>
-<dt> <code class="docutils literal"><span class="pre">plaintext_length</span></code></dt>
-<dd>Size of the plaintext to encrypt in bytes.</dd>
-</dl>
-<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
-<dl class="docutils">
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="docutils literal"><span class="pre">PSA_SUCCESS</span></code></a></dt>
-<dd>Success.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd>The operation state is not valid: it must be active, and <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update_ad()</span></code></a> and <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update()</span></code></a> must not have been called yet.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd>At least one of the lengths is not acceptable for the chosen algorithm.</dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_COMMUNICATION_FAILURE" title="PSA_ERROR_COMMUNICATION_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_COMMUNICATION_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_HARDWARE_FAILURE" title="PSA_ERROR_HARDWARE_FAILURE"><code class="docutils literal"><span class="pre">PSA_ERROR_HARDWARE_FAILURE</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></dt>
-<dd></dd>
-<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
-</dl>
-<p class="rubric">Description</p>
-<p>The application must call this function before calling <a class="reference internal" href="#c.psa_aead_update_ad" title="psa_aead_update_ad"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update_ad()</span></code></a> or <a class="reference internal" href="#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update()</span></code></a> if the algorithm for the operation requires it. If the algorithm does not require it, calling this function is optional, but if this function is called then the implementation must enforce the lengths.</p>
-<p>This function can be called before or after setting the nonce with <a class="reference internal" href="#c.psa_aead_set_nonce" title="psa_aead_set_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_set_nonce()</span></code></a> or <a class="reference internal" href="#c.psa_aead_generate_nonce" title="psa_aead_generate_nonce"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_generate_nonce()</span></code></a>.</p>
-<ul class="simple">
-<li>For <a class="reference internal" href="#c.PSA_ALG_CCM" title="PSA_ALG_CCM"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CCM</span></code></a>, calling this function is required.</li>
-<li>For the other AEAD algorithms defined in this specification, calling this function is not required.</li>
-<li>For vendor-defined algorithm, refer to the vendor documentation.</li>
-</ul>
-<p>If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_aead_abort" title="psa_aead_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_abort()</span></code></a>.</p>
-</div>
<div class="section" id="psa_aead_update_ad">
<span id="c.psa_aead_update_ad"></span><h3><code class="docutils literal"><span class="pre">psa_aead_update_ad</span></code> (function)</h3>
<p>Pass additional data to an active AEAD operation.</p>
@@ -927,7 +946,7 @@
</div>
</div>
<div class="section" id="support-macros">
-<h2>Support macros</h2>
+<h2>10.5.4. Support macros</h2>
<div class="section" id="PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER">
<span id="c.PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER</span></code> (macro)</h3>
<p>Whether the specified algorithm is an AEAD mode on a block cipher.</p>
@@ -937,7 +956,7 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
</dl>
<p class="rubric">Returns</p>
<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is an AEAD algorithm which is an AEAD mode based on a block cipher, <code class="docutils literal"><span class="pre">0</span></code> otherwise.</p>
@@ -953,7 +972,7 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">aead_alg</span></code></dt>
-<dd>An AEAD algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dd>An AEAD algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
</dl>
<p class="rubric">Returns</p>
<p>The corresponding AEAD algorithm with the default tag length for that algorithm.</p>
@@ -972,7 +991,7 @@
<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
<dd>A symmetric key type that is compatible with algorithm <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An AEAD algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dd>An AEAD algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
<dt> <code class="docutils literal"><span class="pre">plaintext_length</span></code></dt>
<dd>Size of the plaintext in bytes.</dd>
</dl>
@@ -1010,7 +1029,7 @@
<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
<dd>A symmetric key type that is compatible with algorithm <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An AEAD algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dd>An AEAD algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
<dt> <code class="docutils literal"><span class="pre">ciphertext_length</span></code></dt>
<dd>Size of the ciphertext in bytes.</dd>
</dl>
@@ -1047,7 +1066,7 @@
<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
<dd>A symmetric key type that is compatible with algorithm <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An AEAD algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dd>An AEAD algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
</dl>
<p class="rubric">Returns</p>
<p>The default nonce size for the specified key type and algorithm. If the key type or AEAD algorithm is not recognized, or the parameters are incompatible, return <code class="docutils literal"><span class="pre">0</span></code>. An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or a correct size for a key type and AEAD algorithm that it recognizes, but does not support.</p>
@@ -1075,7 +1094,7 @@
<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
<dd>A symmetric key type that is compatible with algorithm <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An AEAD algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dd>An AEAD algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
<dd>Size of the input in bytes.</dd>
</dl>
@@ -1113,7 +1132,7 @@
<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
<dd>A symmetric key type that is compatible with algorithm <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An AEAD algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dd>An AEAD algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
</dl>
<p class="rubric">Returns</p>
<p>A sufficient ciphertext buffer size for the specified key type and algorithm. If the key type or AEAD algorithm is not recognized, or the parameters are incompatible, return <code class="docutils literal"><span class="pre">0</span></code>. An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or a correct size for a key type and AEAD algorithm that it recognizes, but does not support.</p>
@@ -1143,7 +1162,7 @@
<dt> <code class="docutils literal"><span class="pre">key_bits</span></code></dt>
<dd>The size of the AEAD key in bits.</dd>
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An AEAD algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dd>An AEAD algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
</dl>
<p class="rubric">Returns</p>
<p>The tag length for the specified algorithm and key.
@@ -1172,7 +1191,7 @@
<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
<dd>A symmetric key type that is compatible with algorithm <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An AEAD algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dd>An AEAD algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
</dl>
<p class="rubric">Returns</p>
<p>A sufficient plaintext buffer size for the specified key type and algorithm. If the key type or AEAD algorithm is not recognized, or the parameters are incompatible, return <code class="docutils literal"><span class="pre">0</span></code>. An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or a correct size for a key type and AEAD algorithm that it recognizes, but does not support.</p>
@@ -1196,78 +1215,52 @@
</div>
</div>
<div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper">
- <h3><a href="../../index.html">Table Of Contents</a></h3>
- <ul>
-<li><a class="reference internal" href="#">Authenticated encryption with associated data (AEAD)</a><ul>
-<li><a class="reference internal" href="#aead-algorithms">AEAD algorithms</a><ul>
-<li><a class="reference internal" href="#PSA_ALG_CCM"><code class="docutils literal"><span class="pre">PSA_ALG_CCM</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_GCM"><code class="docutils literal"><span class="pre">PSA_ALG_GCM</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_CHACHA20_POLY1305"><code class="docutils literal"><span class="pre">PSA_ALG_CHACHA20_POLY1305</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_AEAD_WITH_SHORTENED_TAG"><code class="docutils literal"><span class="pre">PSA_ALG_AEAD_WITH_SHORTENED_TAG</span></code> (macro)</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#single-part-aead-functions">Single-part AEAD functions</a><ul>
-<li><a class="reference internal" href="#psa_aead_encrypt"><code class="docutils literal"><span class="pre">psa_aead_encrypt</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_aead_decrypt"><code class="docutils literal"><span class="pre">psa_aead_decrypt</span></code> (function)</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#multi-part-aead-operations">Multi-part AEAD operations</a><ul>
-<li><a class="reference internal" href="#psa_aead_operation_t"><code class="docutils literal"><span class="pre">psa_aead_operation_t</span></code> (type)</a></li>
-<li><a class="reference internal" href="#PSA_AEAD_OPERATION_INIT"><code class="docutils literal"><span class="pre">PSA_AEAD_OPERATION_INIT</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#psa_aead_operation_init"><code class="docutils literal"><span class="pre">psa_aead_operation_init</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_aead_encrypt_setup"><code class="docutils literal"><span class="pre">psa_aead_encrypt_setup</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_aead_decrypt_setup"><code class="docutils literal"><span class="pre">psa_aead_decrypt_setup</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_aead_generate_nonce"><code class="docutils literal"><span class="pre">psa_aead_generate_nonce</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_aead_set_nonce"><code class="docutils literal"><span class="pre">psa_aead_set_nonce</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_aead_set_lengths"><code class="docutils literal"><span class="pre">psa_aead_set_lengths</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_aead_update_ad"><code class="docutils literal"><span class="pre">psa_aead_update_ad</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_aead_update"><code class="docutils literal"><span class="pre">psa_aead_update</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_aead_finish"><code class="docutils literal"><span class="pre">psa_aead_finish</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_aead_verify"><code class="docutils literal"><span class="pre">psa_aead_verify</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_aead_abort"><code class="docutils literal"><span class="pre">psa_aead_abort</span></code> (function)</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#support-macros">Support macros</a><ul>
-<li><a class="reference internal" href="#PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG"><code class="docutils literal"><span class="pre">PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_AEAD_ENCRYPT_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_ENCRYPT_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_AEAD_DECRYPT_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_DECRYPT_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_AEAD_NONCE_LENGTH"><code class="docutils literal"><span class="pre">PSA_AEAD_NONCE_LENGTH</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_AEAD_NONCE_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_NONCE_MAX_SIZE</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_AEAD_UPDATE_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_UPDATE_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_AEAD_FINISH_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_FINISH_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_AEAD_FINISH_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_FINISH_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_AEAD_TAG_LENGTH"><code class="docutils literal"><span class="pre">PSA_AEAD_TAG_LENGTH</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_AEAD_TAG_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_TAG_MAX_SIZE</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_AEAD_VERIFY_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_VERIFY_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
-</ul>
-</li>
-</ul>
-</li>
-</ul>
-<div class="relations">
-<h3>Related Topics</h3>
+ <div class="sphinxsidebarwrapper"><h3><a href="../../index.html"><b>PSA Crypto API</b></a></h3>
+IHI 0086<br/>
+Non-confidential<br/>
+Version 1.0.1
+<span style="color: red; font-weight: bold;"></span>
<ul>
- <li><a href="../../index.html">Documentation overview</a><ul>
- <li><a href="index.html">Cryptographic operation reference</a><ul>
- <li>Previous: <a href="ciphers.html" title="previous chapter">Unauthenticated ciphers</a></li>
- <li>Next: <a href="kdf.html" title="next chapter">Key derivation</a></li>
- </ul></li>
- </ul></li>
+<li class="toctree-l1"><a class="reference internal" href="../../about.html">About this document</a></li>
</ul>
-</div>
- <div role="note" aria-label="source link">
- <h3>This Page</h3>
- <ul class="this-page-menu">
- <li><a href="../../_sources/api/ops/aead.rst.txt"
- rel="nofollow">Show Source</a></li>
- </ul>
- </div>
+<ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../../overview/intro.html">1. Introduction</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/goals.html">2. Design goals</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/functionality.html">3. Functionality overview</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/sample-arch.html">4. Sample architectures</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/conventions.html">5. Library conventions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/implementation.html">6. Implementation considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/usage.html">7. Usage considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../library/index.html">8. Library management reference</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../keys/index.html">9. Key management reference</a></li>
+<li class="toctree-l1 current"><a class="reference internal" href="index.html">10. Cryptographic operation reference</a><ul class="current">
+<li class="toctree-l2"><a class="reference internal" href="algorithms.html">10.1. Algorithms</a></li>
+<li class="toctree-l2"><a class="reference internal" href="hashes.html">10.2. Message digests</a></li>
+<li class="toctree-l2"><a class="reference internal" href="macs.html">10.3. Message authentication codes (MAC)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="ciphers.html">10.4. Unauthenticated ciphers</a></li>
+<li class="toctree-l2 current"><a class="current reference internal" href="#">10.5. Authenticated encryption with associated data (AEAD)</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#aead-algorithms">10.5.1. AEAD algorithms</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#single-part-aead-functions">10.5.2. Single-part AEAD functions</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#multi-part-aead-operations">10.5.3. Multi-part AEAD operations</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#support-macros">10.5.4. Support macros</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="kdf.html">10.6. Key derivation</a></li>
+<li class="toctree-l2"><a class="reference internal" href="sign.html">10.7. Asymmetric signature</a></li>
+<li class="toctree-l2"><a class="reference internal" href="pke.html">10.8. Asymmetric encryption</a></li>
+<li class="toctree-l2"><a class="reference internal" href="ka.html">10.9. Key agreement</a></li>
+<li class="toctree-l2"><a class="reference internal" href="rng.html">10.10. Other cryptographic services</a></li>
+</ul>
+</li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/example_header.html">Example header file</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/specdef_values.html">Example macro implementations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/history.html">Changes to the API</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../../psa_c-identifiers.html">Index of API elements</a></li>
+</ul>
<div id="searchbox" style="display: none" role="search">
<h3>Quick search</h3>
<form class="search" action="../../search.html" method="get">
@@ -1283,15 +1276,12 @@
<div class="clearer"></div>
</div>
<div class="footer">
- © 2019-2020, Arm Limited or its affiliates. All rights reserved.
+ © 2018-2020, Arm Limited or its affiliates. All rights reserved.
|
Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
& <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
- |
- <a href="../../_sources/api/ops/aead.rst.txt"
- rel="nofollow">Page source</a>
</div>
diff --git a/docs/html/api/ops/algorithms.html b/docs/html/api/ops/algorithms.html
new file mode 100644
index 0000000..58fdae7
--- /dev/null
+++ b/docs/html/api/ops/algorithms.html
@@ -0,0 +1,349 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+ <title>10.1. Algorithms — PSA Crypto API 1.0.1 documentation</title>
+ <link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
+ <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
+ <script type="text/javascript">
+ var DOCUMENTATION_OPTIONS = {
+ URL_ROOT: '../../',
+ VERSION: '1.0.1',
+ COLLAPSE_INDEX: false,
+ FILE_SUFFIX: '.html',
+ HAS_SOURCE: false,
+ SOURCELINK_SUFFIX: '.txt'
+ };
+ </script>
+ <script type="text/javascript" src="../../_static/jquery.js"></script>
+ <script type="text/javascript" src="../../_static/underscore.js"></script>
+ <script type="text/javascript" src="../../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../../about.html" />
+ <link rel="index" title="Index" href="../../genindex.html" />
+ <link rel="search" title="Search" href="../../search.html" />
+ <link rel="next" title="10.2. Message digests" href="hashes.html" />
+ <link rel="prev" title="10. Cryptographic operation reference" href="index.html" />
+
+ <link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
+
+ <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
+
+ </head>
+ <body>
+
+
+ <div class="document">
+ <div class="documentwrapper">
+ <div class="bodywrapper">
+ <div class="body" role="main">
+
+ <div class="section" id="algorithms">
+<span id="id1"></span><h1>10.1. Algorithms</h1>
+<p>This specification encodes algorithms into a structured 32-bit integer value.</p>
+<p>Algorithm identifiers are used for two purposes in this API:</p>
+<ol class="arabic simple">
+<li>To specify a specific algorithm to use in a cryptographic operation. These are all defined in <a class="reference internal" href="index.html#crypto-operations"><span class="secref">Cryptographic operation reference</span></a>.</li>
+<li>To specify the policy for a key, identifying the permitted algorithm for use with the key. This use is described in <a class="reference internal" href="../keys/policy.html#key-policy"><span class="secref">Key policies</span></a>.</li>
+</ol>
+<p>The specific algorithm identifiers are described alongside the cryptographic operation functions to which they apply:</p>
+<ul class="simple">
+<li><a class="reference internal" href="hashes.html#hash-algorithms"><span class="secref">Hash algorithms</span></a></li>
+<li><a class="reference internal" href="macs.html#mac-algorithms"><span class="secref">MAC algorithms</span></a></li>
+<li><a class="reference internal" href="ciphers.html#cipher-algorithms"><span class="secref">Cipher algorithms</span></a></li>
+<li><a class="reference internal" href="aead.html#aead-algorithms"><span class="secref">AEAD algorithms</span></a></li>
+<li><a class="reference internal" href="kdf.html#key-derivation-algorithms"><span class="secref">Key derivation algorithms</span></a></li>
+<li><a class="reference internal" href="sign.html#sign-algorithms"><span class="secref">Asymmetric signature algorithms</span></a></li>
+<li><a class="reference internal" href="pke.html#asymmetric-encryption-algorithms"><span class="secref">Asymmetric encryption algorithms</span></a></li>
+<li><a class="reference internal" href="ka.html#key-agreement-algorithms"><span class="secref">Key agreement algorithms</span></a></li>
+</ul>
+<div class="section" id="algorithm-encoding">
+<h2>10.1.1. Algorithm encoding</h2>
+<div class="section" id="psa_algorithm_t">
+<span id="c.psa_algorithm_t"></span><h3><code class="docutils literal"><span class="pre">psa_algorithm_t</span></code> (type)</h3>
+<p>Encoding of a cryptographic algorithm.</p>
+<pre class="literal-block">
+typedef uint32_t <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>;
+</pre>
+<p>This is a structured bitfield that identifies the category and type of algorithm. The range of algorithm identifier values is divided as follows:</p>
+<dl class="docutils">
+<dt><code class="docutils literal"><span class="pre">0</span></code><code class="docutils literal"><span class="pre">x00000000</span></code></dt>
+<dd>Reserved as an invalid algorithm identifier.</dd>
+<dt><code class="docutils literal"><span class="pre">0</span></code><code class="docutils literal"><span class="pre">x00000001</span></code><code class="docutils literal"> <span class="pre">-</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7fffffff</span></code></dt>
+<dd>Specification-defined algorithm identifiers.
+Algorithm identifiers defined by this standard always have bit 31 clear.
+Unallocated algorithm identifier values in this range are reserved for future use.</dd>
+<dt><code class="docutils literal"><span class="pre">0</span></code><code class="docutils literal"><span class="pre">x80000000</span></code><code class="docutils literal"> <span class="pre">-</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">xffffffff</span></code></dt>
+<dd>Implementation-defined algorithm identifiers.
+Implementations that define additional algorithms must use an encoding with bit 31 set.
+The related support macros will be easier to write if these algorithm identifier encodings also respect the bitwise structure used by standard encodings.</dd>
+</dl>
+<p>For algorithms that can be applied to multiple key types, this identifier does not encode the key type. For example, for symmetric ciphers based on a block cipher, <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> encodes the block cipher mode and the padding mode while the block cipher itself is encoded via <a class="reference internal" href="../keys/types.html#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>.</p>
+</div>
+<div class="section" id="PSA_ALG_NONE">
+<span id="c.PSA_ALG_NONE"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_NONE</span></code> (macro)</h3>
+<p>An invalid algorithm identifier value.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_NONE" title="PSA_ALG_NONE">PSA_ALG_NONE</a> ((<a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0)
+</pre>
+<p>Zero is not the encoding of any algorithm.</p>
+</div>
+</div>
+<div class="section" id="algorithm-categories">
+<h2>10.1.2. Algorithm categories</h2>
+<div class="section" id="PSA_ALG_IS_HASH">
+<span id="c.PSA_ALG_IS_HASH"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code> (macro)</h3>
+<p>Whether the specified algorithm is a hash algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH">PSA_ALG_IS_HASH</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a hash algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+<p class="rubric">Description</p>
+<p>See <a class="reference internal" href="hashes.html#hash-algorithms"><span class="secref">Hash algorithms</span></a> for a list of defined hash algorithms.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_MAC">
+<span id="c.PSA_ALG_IS_MAC"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_MAC</span></code> (macro)</h3>
+<p>Whether the specified algorithm is a MAC algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC">PSA_ALG_IS_MAC</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a MAC algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+<p class="rubric">Description</p>
+<p>See <a class="reference internal" href="macs.html#mac-algorithms"><span class="secref">MAC algorithms</span></a> for a list of defined MAC algorithms.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_CIPHER">
+<span id="c.PSA_ALG_IS_CIPHER"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code> (macro)</h3>
+<p>Whether the specified algorithm is a symmetric cipher algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER">PSA_ALG_IS_CIPHER</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a symmetric cipher algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+<p class="rubric">Description</p>
+<p>See <a class="reference internal" href="ciphers.html#cipher-algorithms"><span class="secref">Cipher algorithms</span></a> for a list of defined cipher algorithms.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_AEAD">
+<span id="c.PSA_ALG_IS_AEAD"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code> (macro)</h3>
+<p>Whether the specified algorithm is an authenticated encryption with associated data (AEAD) algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD">PSA_ALG_IS_AEAD</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is an AEAD algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+<p class="rubric">Description</p>
+<p>See <a class="reference internal" href="aead.html#aead-algorithms"><span class="secref">AEAD algorithms</span></a> for a list of defined AEAD algorithms.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_SIGN">
+<span id="c.PSA_ALG_IS_SIGN"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN</span></code> (macro)</h3>
+<p>Whether the specified algorithm is an asymmetric signature algorithm, also known as public-key signature algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_IS_SIGN" title="PSA_ALG_IS_SIGN">PSA_ALG_IS_SIGN</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is an asymmetric signature algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+<p class="rubric">Description</p>
+<p>See <a class="reference internal" href="sign.html#sign-algorithms"><span class="secref">Asymmetric signature algorithms</span></a> for a list of defined signature algorithms.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_ASYMMETRIC_ENCRYPTION">
+<span id="c.PSA_ALG_IS_ASYMMETRIC_ENCRYPTION"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_ASYMMETRIC_ENCRYPTION</span></code> (macro)</h3>
+<p>Whether the specified algorithm is an asymmetric encryption algorithm, also known as public-key encryption algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_IS_ASYMMETRIC_ENCRYPTION" title="PSA_ALG_IS_ASYMMETRIC_ENCRYPTION">PSA_ALG_IS_ASYMMETRIC_ENCRYPTION</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is an asymmetric encryption algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+<p class="rubric">Description</p>
+<p>See <a class="reference internal" href="pke.html#asymmetric-encryption-algorithms"><span class="secref">Asymmetric encryption algorithms</span></a> for a list of defined asymmetric encryption algorithms.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_KEY_AGREEMENT">
+<span id="c.PSA_ALG_IS_KEY_AGREEMENT"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_AGREEMENT</span></code> (macro)</h3>
+<p>Whether the specified algorithm is a key agreement algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_IS_KEY_AGREEMENT" title="PSA_ALG_IS_KEY_AGREEMENT">PSA_ALG_IS_KEY_AGREEMENT</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a key agreement algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+<p class="rubric">Description</p>
+<p>See <a class="reference internal" href="ka.html#key-agreement-algorithms"><span class="secref">Key agreement algorithms</span></a> for a list of defined key agreement algorithms.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_KEY_DERIVATION">
+<span id="c.PSA_ALG_IS_KEY_DERIVATION"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_DERIVATION</span></code> (macro)</h3>
+<p>Whether the specified algorithm is a key derivation algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_IS_KEY_DERIVATION" title="PSA_ALG_IS_KEY_DERIVATION">PSA_ALG_IS_KEY_DERIVATION</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a key derivation algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+<p class="rubric">Description</p>
+<p>See <a class="reference internal" href="kdf.html#key-derivation-algorithms"><span class="secref">Key derivation algorithms</span></a> for a list of defined key derivation algorithms.</p>
+</div>
+<div class="section" id="PSA_ALG_IS_WILDCARD">
+<span id="c.PSA_ALG_IS_WILDCARD"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_WILDCARD</span></code> (macro)</h3>
+<p>Whether the specified algorithm encoding is a wildcard.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_IS_WILDCARD" title="PSA_ALG_IS_WILDCARD">PSA_ALG_IS_WILDCARD</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a wildcard algorithm encoding.</p>
+<p><code class="docutils literal"><span class="pre">0</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a non-wildcard algorithm encoding that is suitable for an operation.</p>
+<p>This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
+<p class="rubric">Description</p>
+<p>Wildcard algorithm values can only be used to set the permitted algorithm field in a key policy, wildcard values cannot be used to perform an operation.</p>
+<p>See <a class="reference internal" href="sign.html#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code></a> for example of how a wildcard algorithm can be used in a key policy.</p>
+</div>
+<div class="section" id="PSA_ALG_GET_HASH">
+<span id="c.PSA_ALG_GET_HASH"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_GET_HASH</span></code> (macro)</h3>
+<p>Get the hash used by a composite algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_GET_HASH" title="PSA_ALG_GET_HASH">PSA_ALG_GET_HASH</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+</pre>
+<p class="rubric">Parameters</p>
+<dl class="docutils">
+<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+</dl>
+<p class="rubric">Returns</p>
+<p>The underlying hash algorithm if <code class="docutils literal"><span class="pre">alg</span></code> is a composite algorithm that uses a hash algorithm.</p>
+<p><a class="reference internal" href="#c.PSA_ALG_NONE" title="PSA_ALG_NONE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_NONE</span></code></a> if <code class="docutils literal"><span class="pre">alg</span></code> is not a composite algorithm that uses a hash.</p>
+<p class="rubric">Description</p>
+<p>The following composite algorithms require a hash algorithm:</p>
+<ul class="simple">
+<li><a class="reference internal" href="sign.html#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA()</span></code></a></li>
+<li><a class="reference internal" href="kdf.html#c.PSA_ALG_HKDF" title="PSA_ALG_HKDF"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_HKDF()</span></code></a></li>
+<li><a class="reference internal" href="macs.html#c.PSA_ALG_HMAC" title="PSA_ALG_HMAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_HMAC()</span></code></a></li>
+<li><a class="reference internal" href="pke.html#c.PSA_ALG_RSA_OAEP" title="PSA_ALG_RSA_OAEP"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_OAEP()</span></code></a></li>
+<li><a class="reference internal" href="sign.html#c.PSA_ALG_IS_RSA_PKCS1V15_SIGN" title="PSA_ALG_IS_RSA_PKCS1V15_SIGN"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_RSA_PKCS1V15_SIGN()</span></code></a></li>
+<li><a class="reference internal" href="sign.html#c.PSA_ALG_RSA_PSS" title="PSA_ALG_RSA_PSS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_RSA_PSS()</span></code></a></li>
+<li><a class="reference internal" href="kdf.html#c.PSA_ALG_TLS12_PRF" title="PSA_ALG_TLS12_PRF"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_TLS12_PRF()</span></code></a></li>
+<li><a class="reference internal" href="kdf.html#c.PSA_ALG_TLS12_PSK_TO_MS" title="PSA_ALG_TLS12_PSK_TO_MS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS()</span></code></a></li>
+</ul>
+</div>
+</div>
+</div>
+
+
+ </div>
+ </div>
+ </div>
+ <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
+ <div class="sphinxsidebarwrapper"><h3><a href="../../index.html"><b>PSA Crypto API</b></a></h3>
+IHI 0086<br/>
+Non-confidential<br/>
+Version 1.0.1
+<span style="color: red; font-weight: bold;"></span>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../../about.html">About this document</a></li>
+</ul>
+<ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../../overview/intro.html">1. Introduction</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/goals.html">2. Design goals</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/functionality.html">3. Functionality overview</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/sample-arch.html">4. Sample architectures</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/conventions.html">5. Library conventions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/implementation.html">6. Implementation considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/usage.html">7. Usage considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../library/index.html">8. Library management reference</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../keys/index.html">9. Key management reference</a></li>
+<li class="toctree-l1 current"><a class="reference internal" href="index.html">10. Cryptographic operation reference</a><ul class="current">
+<li class="toctree-l2 current"><a class="current reference internal" href="#">10.1. Algorithms</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#algorithm-encoding">10.1.1. Algorithm encoding</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#algorithm-categories">10.1.2. Algorithm categories</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="hashes.html">10.2. Message digests</a></li>
+<li class="toctree-l2"><a class="reference internal" href="macs.html">10.3. Message authentication codes (MAC)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="ciphers.html">10.4. Unauthenticated ciphers</a></li>
+<li class="toctree-l2"><a class="reference internal" href="aead.html">10.5. Authenticated encryption with associated data (AEAD)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="kdf.html">10.6. Key derivation</a></li>
+<li class="toctree-l2"><a class="reference internal" href="sign.html">10.7. Asymmetric signature</a></li>
+<li class="toctree-l2"><a class="reference internal" href="pke.html">10.8. Asymmetric encryption</a></li>
+<li class="toctree-l2"><a class="reference internal" href="ka.html">10.9. Key agreement</a></li>
+<li class="toctree-l2"><a class="reference internal" href="rng.html">10.10. Other cryptographic services</a></li>
+</ul>
+</li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/example_header.html">Example header file</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/specdef_values.html">Example macro implementations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/history.html">Changes to the API</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../../psa_c-identifiers.html">Index of API elements</a></li>
+</ul>
+<div id="searchbox" style="display: none" role="search">
+ <h3>Quick search</h3>
+ <form class="search" action="../../search.html" method="get">
+ <div><input type="text" name="q" /></div>
+ <div><input type="submit" value="Go" /></div>
+ <input type="hidden" name="check_keywords" value="yes" />
+ <input type="hidden" name="area" value="default" />
+ </form>
+</div>
+<script type="text/javascript">$('#searchbox').show(0);</script>
+ </div>
+ </div>
+ <div class="clearer"></div>
+ </div>
+ <div class="footer">
+ © 2018-2020, Arm Limited or its affiliates. All rights reserved.
+
+ |
+ Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
+ & <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
+
+ </div>
+
+
+
+
+ </body>
+</html>
\ No newline at end of file
diff --git a/docs/html/api/ops/ciphers.html b/docs/html/api/ops/ciphers.html
index 7826c94..56bc7f2 100644
--- a/docs/html/api/ops/ciphers.html
+++ b/docs/html/api/ops/ciphers.html
@@ -5,26 +5,27 @@
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>Unauthenticated ciphers — PSA Crypto API 1.0.0 documentation</title>
+ <title>10.4. Unauthenticated ciphers — PSA Crypto API 1.0.1 documentation</title>
<link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
<link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../../',
- VERSION: '1.0.0',
+ VERSION: '1.0.1',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
- HAS_SOURCE: true,
+ HAS_SOURCE: false,
SOURCELINK_SUFFIX: '.txt'
};
</script>
<script type="text/javascript" src="../../_static/jquery.js"></script>
<script type="text/javascript" src="../../_static/underscore.js"></script>
<script type="text/javascript" src="../../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../../about.html" />
<link rel="index" title="Index" href="../../genindex.html" />
<link rel="search" title="Search" href="../../search.html" />
- <link rel="next" title="Authenticated encryption with associated data (AEAD)" href="aead.html" />
- <link rel="prev" title="Message authentication codes (MAC)" href="macs.html" />
+ <link rel="next" title="10.5. Authenticated encryption with associated data (AEAD)" href="aead.html" />
+ <link rel="prev" title="10.3. Message authentication codes (MAC)" href="macs.html" />
<link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
@@ -40,101 +41,168 @@
<div class="body" role="main">
<div class="section" id="unauthenticated-ciphers">
-<span id="ciphers"></span><h1>Unauthenticated ciphers</h1>
+<span id="ciphers"></span><h1>10.4. Unauthenticated ciphers</h1>
<div class="admonition warning">
<p class="first admonition-title">Warning</p>
<p>The unauthenticated cipher API is provided to implement legacy protocols and
for use cases where the data integrity and authenticity is guaranteed by
non-cryptographic means.</p>
-<p class="last">It is recommended that newer protocols use <em><a class="reference internal" href="aead.html#aead"><span class="std std-ref">Authenticated encryption with associated data (AEAD)</span></a></em>.</p>
+<p class="last">It is recommended that newer protocols use <a class="reference internal" href="aead.html#aead"><span class="secref">Authenticated encryption with associated data (AEAD)</span></a>.</p>
</div>
<div class="section" id="cipher-algorithms">
-<span id="id1"></span><h2>Cipher algorithms</h2>
+<span id="id1"></span><h2>10.4.1. Cipher algorithms</h2>
<div class="section" id="PSA_ALG_STREAM_CIPHER">
<span id="c.PSA_ALG_STREAM_CIPHER"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_STREAM_CIPHER</span></code> (macro)</h3>
<p>The stream cipher mode of a stream cipher algorithm.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_STREAM_CIPHER" title="PSA_ALG_STREAM_CIPHER">PSA_ALG_STREAM_CIPHER</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04800100)
+#define <a class="reference internal" href="#c.PSA_ALG_STREAM_CIPHER" title="PSA_ALG_STREAM_CIPHER">PSA_ALG_STREAM_CIPHER</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04800100)
</pre>
-<p>The underlying stream cipher is determined by the key type:</p>
+<p>The underlying stream cipher is determined by the key type. The ARC4 and ChaCha20 ciphers use this algorithm identifier.</p>
+<p class="rubric">ARC4</p>
+<p>To use ARC4, use a key type of <a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_ARC4" title="PSA_KEY_TYPE_ARC4"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_ARC4</span></code></a> and algorithm id <a class="reference internal" href="#c.PSA_ALG_STREAM_CIPHER" title="PSA_ALG_STREAM_CIPHER"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_STREAM_CIPHER</span></code></a>.</p>
+<div class="admonition warning">
+<p class="first admonition-title">Warning</p>
+<p class="last">The ARC4 cipher is weak and deprecated and is only recommended for use in legacy protocols.</p>
+</div>
+<p>The ARC4 cipher does not use an initialization vector (IV). When using a multi-part cipher operation with the <a class="reference internal" href="#c.PSA_ALG_STREAM_CIPHER" title="PSA_ALG_STREAM_CIPHER"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_STREAM_CIPHER</span></code></a> algorithm and an ARC4 key, <a class="reference internal" href="#c.psa_cipher_generate_iv" title="psa_cipher_generate_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_generate_iv()</span></code></a> and <a class="reference internal" href="#c.psa_cipher_set_iv" title="psa_cipher_set_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_set_iv()</span></code></a> must not be called.</p>
+<p class="rubric">ChaCha20</p>
+<p>To use ChaCha20, use a key type of <a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_CHACHA20" title="PSA_KEY_TYPE_CHACHA20"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_CHACHA20</span></code></a> and algorithm id <a class="reference internal" href="#c.PSA_ALG_STREAM_CIPHER" title="PSA_ALG_STREAM_CIPHER"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_STREAM_CIPHER</span></code></a>.</p>
+<p>Implementations must support the variant that is defined in <span><em>ChaCha20 and Poly1305 for IETF Protocols</em> <a class="reference internal" href="../../about.html#citation-rfc7539"><span class="cite">[RFC7539]</span></a></span> <a class="reference external" href="https://tools.ietf.org/html/rfc7539.html#section-2.4">§2.4</a>, which has a 96-bit nonce and a 32-bit counter. Implementations can optionally also support the original variant, as defined in <span><em>ChaCha, a variant of Salsa20</em> <a class="reference internal" href="../../about.html#citation-chacha20"><span class="cite">[CHACHA20]</span></a></span>, which has a 64-bit nonce and a 64-bit counter. Except where noted, the <a class="reference internal" href="../../about.html#citation-rfc7539"><span class="cite">[RFC7539]</span></a> variant must be used.</p>
+<p>ChaCha20 defines a nonce and an initial counter to be provided to the encryption and decryption operations. When using a ChaCha20 key with the <a class="reference internal" href="#c.PSA_ALG_STREAM_CIPHER" title="PSA_ALG_STREAM_CIPHER"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_STREAM_CIPHER</span></code></a> algorithm, these values are provided using the initialization vector (IV) functions in the following ways:</p>
<ul class="simple">
-<li>To use ChaCha20, use a key type of <a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_CHACHA20" title="PSA_KEY_TYPE_CHACHA20"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_CHACHA20</span></code></a> and algorithm id <a class="reference internal" href="#c.PSA_ALG_STREAM_CIPHER" title="PSA_ALG_STREAM_CIPHER"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_STREAM_CIPHER</span></code></a>.</li>
-<li>To use ARC4, use a key type of <a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_ARC4" title="PSA_KEY_TYPE_ARC4"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_ARC4</span></code></a> and algorithm id <a class="reference internal" href="#c.PSA_ALG_STREAM_CIPHER" title="PSA_ALG_STREAM_CIPHER"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_STREAM_CIPHER</span></code></a>.</li>
+<li>A call to <a class="reference internal" href="#c.psa_cipher_encrypt" title="psa_cipher_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_encrypt()</span></code></a> will generate a random 12-byte nonce, and set the counter value to zero. The random nonce is output as a 12-byte IV value in the output.</li>
+<li>A call to <a class="reference internal" href="#c.psa_cipher_decrypt" title="psa_cipher_decrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_decrypt()</span></code></a> will use first 12 bytes of the input buffer as the nonce and set the counter value to zero.</li>
+<li>A call to <a class="reference internal" href="#c.psa_cipher_generate_iv" title="psa_cipher_generate_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_generate_iv()</span></code></a> on a multi-part cipher operation will generate and return a random 12-byte nonce and set the counter value to zero.</li>
+<li>A call to <a class="reference internal" href="#c.psa_cipher_set_iv" title="psa_cipher_set_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_set_iv()</span></code></a> on a multi-part cipher operation can support the following IV sizes:<ul>
+<li>12 bytes: the provided IV is used as the nonce, and the counter value is set to zero.</li>
+<li>16 bytes: the first four bytes of the IV are used as the counter value (encoded as little-endian), and the remaining 12 bytes is used as the nonce.</li>
+<li>8 bytes: the cipher operation uses the original <a class="reference internal" href="../../about.html#citation-chacha20"><span class="cite">[CHACHA20]</span></a> definition of ChaCha20: the provided IV is used as the 64-bit nonce, and the 64-bit counter value is set to zero.</li>
+<li>It is recommended that implementations do not support other sizes of IV.</li>
+</ul>
+</li>
</ul>
</div>
<div class="section" id="PSA_ALG_CTR">
<span id="c.PSA_ALG_CTR"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_CTR</span></code> (macro)</h3>
<p>A stream cipher built using the Counter (CTR) mode of a block cipher.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_CTR" title="PSA_ALG_CTR">PSA_ALG_CTR</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04c01000)
+#define <a class="reference internal" href="#c.PSA_ALG_CTR" title="PSA_ALG_CTR">PSA_ALG_CTR</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04c01000)
</pre>
-<p>CTR is a stream cipher which is built from a block cipher. The underlying block cipher is determined by the key type. For example, to use AES-128-CTR, use this algorithm with a key of type <a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_AES" title="PSA_KEY_TYPE_AES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_AES</span></code></a> and a length of 128 bits (16 bytes).</p>
+<p>CTR is a stream cipher which is built from a block cipher. The underlying block cipher is determined by the key type. For example, to use AES-128-CTR, use this algorithm with a key of type <a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_AES" title="PSA_KEY_TYPE_AES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_AES</span></code></a> and a size of 128 bits (16 bytes).</p>
+<p>The CTR block cipher mode is defined in <span><em>NIST Special Publication 800-38A: Recommendation for Block Cipher Modes of Operation: Methods and Techniques</em> <a class="reference internal" href="../../about.html#citation-sp800-38a"><span class="cite">[SP800-38A]</span></a></span>.</p>
+<p>CTR mode requires a <em>counter block</em> which is the same size as the cipher block length. The counter block is updated for each block (or a partial final block) that is encrypted or decrypted.</p>
+<p>A counter block value must only be used once across all messages encrypted using the same key value. This is typically achieved by splitting the counter block into a nonce, which is unique among all message encrypted with the key, and a counter which is incremented for each block of a message.</p>
+<p>For example, when using AES-CTR encryption, which uses a 16-byte block, the application can provide a 12-byte nonce when setting the IV. This leaves 4 bytes for the counter, allowing up to 2^32 blocks (64GB) of message data to be encrypted in each message.</p>
+<p>The first counter block is constructed from the initialization vector (IV). The initial counter block is is constructed in the following ways:</p>
+<ul class="simple">
+<li>A call to <a class="reference internal" href="#c.psa_cipher_encrypt" title="psa_cipher_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_encrypt()</span></code></a> will generate a random counter block value. This is the first block of output.</li>
+<li>A call to <a class="reference internal" href="#c.psa_cipher_decrypt" title="psa_cipher_decrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_decrypt()</span></code></a> will use first block of the input buffer as the initial counter block value.</li>
+<li>A call to <a class="reference internal" href="#c.psa_cipher_generate_iv" title="psa_cipher_generate_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_generate_iv()</span></code></a> on a multi-part cipher operation will generate and return a random counter block value.</li>
+<li>A call to <a class="reference internal" href="#c.psa_cipher_set_iv" title="psa_cipher_set_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_set_iv()</span></code></a> on a multi-part cipher operation requires an IV must be between <code class="docutils literal"><span class="pre">1</span></code> and <em>n</em> bytes in length, where <em>n</em> is the cipher block length. The counter block is initialized using the IV, and padded with zero bytes up to the block length.</li>
+</ul>
+<p>During the counter block update operation, the counter block is treated as a single big-endian encoded integer and the update operation increments this integer by <code class="docutils literal"><span class="pre">1</span></code>.</p>
+<p>This scheme meets the recommendations in Appendix B of <a class="reference internal" href="../../about.html#citation-sp800-38a"><span class="cite psa_c psa_c-cite">[SP800-38A]</span></a>.</p>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">The cipher block length can be determined using <a class="reference internal" href="#c.PSA_BLOCK_CIPHER_BLOCK_LENGTH" title="PSA_BLOCK_CIPHER_BLOCK_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_BLOCK_CIPHER_BLOCK_LENGTH()</span></code></a>.</p>
+</div>
</div>
<div class="section" id="PSA_ALG_CFB">
<span id="c.PSA_ALG_CFB"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_CFB</span></code> (macro)</h3>
<p>A stream cipher built using the Cipher Feedback (CFB) mode of a block cipher.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_CFB" title="PSA_ALG_CFB">PSA_ALG_CFB</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04c01100)
+#define <a class="reference internal" href="#c.PSA_ALG_CFB" title="PSA_ALG_CFB">PSA_ALG_CFB</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04c01100)
</pre>
-<p>The underlying block cipher is determined by the key type.</p>
+<p>The underlying block cipher is determined by the key type. This is the variant of CFB where each iteration encrypts or decrypts a segment of the input that is the same length as the cipher block size. For example, using <a class="reference internal" href="#c.PSA_ALG_CFB" title="PSA_ALG_CFB"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CFB</span></code></a> with a key of type <a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_AES" title="PSA_KEY_TYPE_AES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_AES</span></code></a> will result in the AES-CFB-128 cipher.</p>
+<p>CFB mode requires an initialization vector (IV) that is the same size as the cipher block length.</p>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">The cipher block length can be determined using <a class="reference internal" href="#c.PSA_BLOCK_CIPHER_BLOCK_LENGTH" title="PSA_BLOCK_CIPHER_BLOCK_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_BLOCK_CIPHER_BLOCK_LENGTH()</span></code></a>.</p>
+</div>
+<p>The CFB block cipher mode is defined in <span><em>NIST Special Publication 800-38A: Recommendation for Block Cipher Modes of Operation: Methods and Techniques</em> <a class="reference internal" href="../../about.html#citation-sp800-38a"><span class="cite">[SP800-38A]</span></a></span>, using a segment size <em>s</em> equal to the block size <em>b</em>. The definition in <a class="reference internal" href="../../about.html#citation-sp800-38a"><span class="cite psa_c psa_c-cite">[SP800-38A]</span></a> is extended to allow an incomplete final block of input, in which case the algorithm discards the final bytes of the key stream when encrypting or decrypting the final partial block.</p>
</div>
<div class="section" id="PSA_ALG_OFB">
<span id="c.PSA_ALG_OFB"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_OFB</span></code> (macro)</h3>
<p>A stream cipher built using the Output Feedback (OFB) mode of a block cipher.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_OFB" title="PSA_ALG_OFB">PSA_ALG_OFB</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04c01200)
+#define <a class="reference internal" href="#c.PSA_ALG_OFB" title="PSA_ALG_OFB">PSA_ALG_OFB</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04c01200)
</pre>
<p>The underlying block cipher is determined by the key type.</p>
+<p>OFB mode requires an initialization vector (IV) that is the same size as the cipher block length. OFB mode requires that the IV is a nonce, and must be unique for each use of the mode with the same key.</p>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">The cipher block length can be determined using <a class="reference internal" href="#c.PSA_BLOCK_CIPHER_BLOCK_LENGTH" title="PSA_BLOCK_CIPHER_BLOCK_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_BLOCK_CIPHER_BLOCK_LENGTH()</span></code></a>.</p>
+</div>
+<p>The OFB block cipher mode is defined in <span><em>NIST Special Publication 800-38A: Recommendation for Block Cipher Modes of Operation: Methods and Techniques</em> <a class="reference internal" href="../../about.html#citation-sp800-38a"><span class="cite">[SP800-38A]</span></a></span>.</p>
</div>
<div class="section" id="PSA_ALG_XTS">
<span id="c.PSA_ALG_XTS"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_XTS</span></code> (macro)</h3>
-<p>The XTS cipher mode of a block cipher.</p>
+<p>The XEX with Ciphertext Stealing (XTS) cipher mode of a block cipher.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_XTS" title="PSA_ALG_XTS">PSA_ALG_XTS</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x0440ff00)
+#define <a class="reference internal" href="#c.PSA_ALG_XTS" title="PSA_ALG_XTS">PSA_ALG_XTS</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x0440ff00)
</pre>
-<p>XTS is a cipher mode which is built from a block cipher. It requires at least one full block of input, but beyond this minimum the input does not need to be a whole number of blocks.</p>
+<p>XTS is a cipher mode which is built from a block cipher, designed for use in disk encryption. It requires at least one full cipher block length of input, but beyond this minimum the input does not need to be a whole number of blocks.</p>
+<p>XTS mode uses two keys for the underlying block cipher. These are provided by using a key that is twice the normal key size for the cipher. For example, to use AES-256-XTS the application must create a key with type <a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_AES" title="PSA_KEY_TYPE_AES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_AES</span></code></a> and bit size <code class="docutils literal"><span class="pre">512</span></code>.</p>
+<p>XTS mode requires an initialization vector (IV) that is the same size as the cipher block length. The IV for XTS is typically defined to be the sector number of the disk block being encrypted or decrypted.</p>
+<p>The XTS block cipher mode is defined in <span><em>1619-2018 - IEEE Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices</em> <a class="reference internal" href="../../about.html#citation-ieee-xts"><span class="cite">[IEEE-XTS]</span></a></span>.</p>
</div>
<div class="section" id="PSA_ALG_ECB_NO_PADDING">
<span id="c.PSA_ALG_ECB_NO_PADDING"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_ECB_NO_PADDING</span></code> (macro)</h3>
-<p>The Electronic Code Book (ECB) mode of a block cipher, with no padding.</p>
+<p>The Electronic Codebook (ECB) mode of a block cipher, with no padding.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_ECB_NO_PADDING" title="PSA_ALG_ECB_NO_PADDING">PSA_ALG_ECB_NO_PADDING</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04404400)
+#define <a class="reference internal" href="#c.PSA_ALG_ECB_NO_PADDING" title="PSA_ALG_ECB_NO_PADDING">PSA_ALG_ECB_NO_PADDING</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04404400)
</pre>
<div class="admonition warning">
<p class="first admonition-title">Warning</p>
<p class="last">ECB mode does not protect the confidentiality of the encrypted data except in extremely narrow circumstances. It is recommended that applications only use ECB if they need to construct an operating mode that the implementation does not provide. Implementations are encouraged to provide the modes that applications need in preference to supporting direct access to ECB.</p>
</div>
<p>The underlying block cipher is determined by the key type.</p>
-<p>This symmetric cipher mode can only be used with messages whose lengths are whole number of blocks for the chosen block cipher.</p>
+<p>This symmetric cipher mode can only be used with messages whose lengths are a multiple of the block size of the chosen block cipher.</p>
<p>ECB mode does not accept an initialization vector (IV). When using a multi-part cipher operation with this algorithm, <a class="reference internal" href="#c.psa_cipher_generate_iv" title="psa_cipher_generate_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_generate_iv()</span></code></a> and <a class="reference internal" href="#c.psa_cipher_set_iv" title="psa_cipher_set_iv"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_set_iv()</span></code></a> must not be called.</p>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">The cipher block length can be determined using <a class="reference internal" href="#c.PSA_BLOCK_CIPHER_BLOCK_LENGTH" title="PSA_BLOCK_CIPHER_BLOCK_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_BLOCK_CIPHER_BLOCK_LENGTH()</span></code></a>.</p>
+</div>
+<p>The ECB block cipher mode is defined in <span><em>NIST Special Publication 800-38A: Recommendation for Block Cipher Modes of Operation: Methods and Techniques</em> <a class="reference internal" href="../../about.html#citation-sp800-38a"><span class="cite">[SP800-38A]</span></a></span>.</p>
</div>
<div class="section" id="PSA_ALG_CBC_NO_PADDING">
<span id="c.PSA_ALG_CBC_NO_PADDING"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_CBC_NO_PADDING</span></code> (macro)</h3>
<p>The Cipher Block Chaining (CBC) mode of a block cipher, with no padding.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_CBC_NO_PADDING" title="PSA_ALG_CBC_NO_PADDING">PSA_ALG_CBC_NO_PADDING</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04404000)
+#define <a class="reference internal" href="#c.PSA_ALG_CBC_NO_PADDING" title="PSA_ALG_CBC_NO_PADDING">PSA_ALG_CBC_NO_PADDING</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04404000)
</pre>
<p>The underlying block cipher is determined by the key type.</p>
-<p>This symmetric cipher mode can only be used with messages whose lengths are whole number of blocks for the chosen block cipher.</p>
+<p>This symmetric cipher mode can only be used with messages whose lengths are a multiple of the block size of the chosen block cipher.</p>
+<p>CBC mode requires an initialization vector (IV) that is the same size as the cipher block length.</p>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">The cipher block length can be determined using <a class="reference internal" href="#c.PSA_BLOCK_CIPHER_BLOCK_LENGTH" title="PSA_BLOCK_CIPHER_BLOCK_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_BLOCK_CIPHER_BLOCK_LENGTH()</span></code></a>.</p>
+</div>
+<p>The CBC block cipher mode is defined in <span><em>NIST Special Publication 800-38A: Recommendation for Block Cipher Modes of Operation: Methods and Techniques</em> <a class="reference internal" href="../../about.html#citation-sp800-38a"><span class="cite">[SP800-38A]</span></a></span>.</p>
</div>
<div class="section" id="PSA_ALG_CBC_PKCS7">
<span id="c.PSA_ALG_CBC_PKCS7"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_CBC_PKCS7</span></code> (macro)</h3>
<p>The Cipher Block Chaining (CBC) mode of a block cipher, with PKCS#7 padding.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_CBC_PKCS7" title="PSA_ALG_CBC_PKCS7">PSA_ALG_CBC_PKCS7</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04404100)
+#define <a class="reference internal" href="#c.PSA_ALG_CBC_PKCS7" title="PSA_ALG_CBC_PKCS7">PSA_ALG_CBC_PKCS7</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04404100)
</pre>
<p>The underlying block cipher is determined by the key type.</p>
-<p>This is the padding method defined by PKCS#7 <a class="reference external" href="https://tools.ietf.org/html/rfc2315.html#section-10.3">RFC 2315 §10.3</a>.</p>
+<p>CBC mode requires an initialization vector (IV) that is the same size as the cipher block length.</p>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">The cipher block length can be determined using <a class="reference internal" href="#c.PSA_BLOCK_CIPHER_BLOCK_LENGTH" title="PSA_BLOCK_CIPHER_BLOCK_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_BLOCK_CIPHER_BLOCK_LENGTH()</span></code></a>.</p>
+</div>
+<p>The CBC block cipher mode is defined in <span><em>NIST Special Publication 800-38A: Recommendation for Block Cipher Modes of Operation: Methods and Techniques</em> <a class="reference internal" href="../../about.html#citation-sp800-38a"><span class="cite">[SP800-38A]</span></a></span>. The padding operation is defined by <span><em>PKCS #7: Cryptographic Message Syntax Version 1.5</em> <a class="reference internal" href="../../about.html#citation-rfc2315"><span class="cite">[RFC2315]</span></a></span> <a class="reference external" href="https://tools.ietf.org/html/rfc2315.html#section-10.3">§10.3</a>.</p>
</div>
</div>
<div class="section" id="single-part-cipher-functions">
-<h2>Single-part cipher functions</h2>
+<h2>10.4.2. Single-part cipher functions</h2>
<div class="section" id="psa_cipher_encrypt">
<span id="c.psa_cipher_encrypt"></span><h3><code class="docutils literal"><span class="pre">psa_cipher_encrypt</span></code> (function)</h3>
<p>Encrypt a message using a symmetric cipher.</p>
<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_cipher_encrypt" title="psa_cipher_encrypt">psa_cipher_encrypt</a>(<a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_cipher_encrypt" title="psa_cipher_encrypt">psa_cipher_encrypt</a>(<a class="reference internal" href="../keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+ <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
const uint8_t * input,
size_t input_length,
uint8_t * output,
@@ -145,9 +213,9 @@
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
<dd>Identifier of the key to use for the operation.
-It must allow the usage <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code></a>.</dd>
+It must allow the usage <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code></a>.</dd>
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>The cipher algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dd>The cipher algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
<dt> <code class="docutils literal"><span class="pre">input</span></code></dt>
<dd>Buffer containing the message to encrypt.</dd>
<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
@@ -171,9 +239,11 @@
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
<dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>The key does not have the <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code></a> flag, or it does not permit the requested algorithm.</dd>
+<dd>The key does not have the <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code></a> flag, or it does not permit the requested algorithm.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
<dd><code class="docutils literal"><span class="pre">key</span></code> is not compatible with <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd>The <code class="docutils literal"><span class="pre">input_length</span></code> is not valid for the algorithm and key type. For example, the algorithm is a based on block cipher and requires a whole number of blocks, but the total input size is not a multiple of the block size.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
<dd><code class="docutils literal"><span class="pre">alg</span></code> is not supported or is not a cipher algorithm.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
@@ -205,8 +275,8 @@
<span id="c.psa_cipher_decrypt"></span><h3><code class="docutils literal"><span class="pre">psa_cipher_decrypt</span></code> (function)</h3>
<p>Decrypt a message using a symmetric cipher.</p>
<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_cipher_decrypt" title="psa_cipher_decrypt">psa_cipher_decrypt</a>(<a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_cipher_decrypt" title="psa_cipher_decrypt">psa_cipher_decrypt</a>(<a class="reference internal" href="../keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+ <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
const uint8_t * input,
size_t input_length,
uint8_t * output,
@@ -217,9 +287,9 @@
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
<dd>Identifier of the key to use for the operation. It must remain valid until the operation terminates.
-It must allow the usage <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code></a>.</dd>
+It must allow the usage <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code></a>.</dd>
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>The cipher algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dd>The cipher algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
<dt> <code class="docutils literal"><span class="pre">input</span></code></dt>
<dd>Buffer containing the message to decrypt. This consists of the IV followed by the ciphertext proper.</dd>
<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
@@ -243,9 +313,11 @@
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
<dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>The key does not have the <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code></a> flag, or it does not permit the requested algorithm.</dd>
+<dd>The key does not have the <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code></a> flag, or it does not permit the requested algorithm.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
<dd><code class="docutils literal"><span class="pre">key</span></code> is not compatible with <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd>The <code class="docutils literal"><span class="pre">input_length</span></code> is not valid for the algorithm and key type. For example, the algorithm is a based on block cipher and requires a whole number of blocks, but the total input size is not a multiple of the block size.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
<dd><code class="docutils literal"><span class="pre">alg</span></code> is not supported or is not a cipher algorithm.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
@@ -274,7 +346,7 @@
</div>
</div>
<div class="section" id="multi-part-cipher-operations">
-<h2>Multi-part cipher operations</h2>
+<h2>10.4.3. Multi-part cipher operations</h2>
<div class="section" id="psa_cipher_operation_t">
<span id="c.psa_cipher_operation_t"></span><h3><code class="docutils literal"><span class="pre">psa_cipher_operation_t</span></code> (type)</h3>
<p>The type of the state object for multi-part cipher operations.</p>
@@ -328,8 +400,8 @@
<p>Set the key for a multi-part symmetric encryption operation.</p>
<pre class="literal-block">
<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_cipher_encrypt_setup" title="psa_cipher_encrypt_setup">psa_cipher_encrypt_setup</a>(<a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t">psa_cipher_operation_t</a> * operation,
- <a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
+ <a class="reference internal" href="../keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+ <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
</pre>
<p class="rubric">Parameters</p>
<dl class="docutils">
@@ -337,9 +409,9 @@
<dd>The operation object to set up. It must have been initialized as per the documentation for <a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_cipher_operation_t</span></code></a> and not yet in use.</dd>
<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
<dd>Identifier of the key to use for the operation. It must remain valid until the operation terminates.
-It must allow the usage <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code></a>.</dd>
+It must allow the usage <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code></a>.</dd>
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>The cipher algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dd>The cipher algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
</dl>
<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
<dl class="docutils">
@@ -348,7 +420,7 @@
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
<dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>The key does not have the <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code></a> flag, or it does not permit the requested algorithm.</dd>
+<dd>The key does not have the <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code></a> flag, or it does not permit the requested algorithm.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
<dd><code class="docutils literal"><span class="pre">key</span></code> is not compatible with <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
@@ -394,8 +466,8 @@
<p>Set the key for a multi-part symmetric decryption operation.</p>
<pre class="literal-block">
<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_cipher_decrypt_setup" title="psa_cipher_decrypt_setup">psa_cipher_decrypt_setup</a>(<a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t">psa_cipher_operation_t</a> * operation,
- <a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
+ <a class="reference internal" href="../keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+ <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
</pre>
<p class="rubric">Parameters</p>
<dl class="docutils">
@@ -403,9 +475,9 @@
<dd>The operation object to set up. It must have been initialized as per the documentation for <a class="reference internal" href="#c.psa_cipher_operation_t" title="psa_cipher_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_cipher_operation_t</span></code></a> and not yet in use.</dd>
<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
<dd>Identifier of the key to use for the operation. It must remain valid until the operation terminates.
-It must allow the usage <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code></a>.</dd>
+It must allow the usage <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code></a>.</dd>
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>The cipher algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dd>The cipher algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
</dl>
<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
<dl class="docutils">
@@ -414,7 +486,7 @@
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
<dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>The key does not have the <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code></a> flag, or it does not permit the requested algorithm.</dd>
+<dd>The key does not have the <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code></a> flag, or it does not permit the requested algorithm.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
<dd><code class="docutils literal"><span class="pre">key</span></code> is not compatible with <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
@@ -723,7 +795,7 @@
</div>
</div>
<div class="section" id="support-macros">
-<h2>Support macros</h2>
+<h2>10.4.4. Support macros</h2>
<div class="section" id="PSA_ALG_IS_STREAM_CIPHER">
<span id="c.PSA_ALG_IS_STREAM_CIPHER"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_STREAM_CIPHER</span></code> (macro)</h3>
<p>Whether the specified algorithm is a stream cipher.</p>
@@ -733,7 +805,7 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
</dl>
<p class="rubric">Returns</p>
<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a stream cipher algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier or if it is not a symmetric cipher algorithm.</p>
@@ -752,7 +824,7 @@
<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
<dd>A symmetric key type that is compatible with algorithm <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>A cipher algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dd>A cipher algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
<dd>Size of the input in bytes.</dd>
</dl>
@@ -790,7 +862,7 @@
<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
<dd>A symmetric key type that is compatible with algorithm <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>A cipher algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dd>A cipher algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
<dd>Size of the input in bytes.</dd>
</dl>
@@ -827,7 +899,7 @@
<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
<dd>A symmetric key type that is compatible with algorithm <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>A cipher algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dd>A cipher algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
</dl>
<p class="rubric">Returns</p>
<p>The default IV size for the specified key type and algorithm.
@@ -859,7 +931,7 @@
<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
<dd>A symmetric key type that is compatible with algorithm <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>A cipher algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dd>A cipher algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
<dd>Size of the input in bytes.</dd>
</dl>
@@ -897,7 +969,7 @@
<dt> <code class="docutils literal"><span class="pre">key_type</span></code></dt>
<dd>A symmetric key type that is compatible with algorithm <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>A cipher algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dd>A cipher algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
</dl>
<p class="rubric">Returns</p>
<p>A sufficient output size for the specified key type and algorithm. If the key type or cipher algorithm is not recognized, or the parameters are incompatible, return <code class="docutils literal"><span class="pre">0</span></code>. An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or a correct size for a key type and cipher algorithm that it recognizes, but does not support.</p>
@@ -922,7 +994,7 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">type</span></code></dt>
-<dd>A cipher key type (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>).</dd>
+<dd>A cipher key type (value of type <a class="reference internal" href="../keys/types.html#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a>).</dd>
</dl>
<p class="rubric">Returns</p>
<p>The block size for a block cipher, or <code class="docutils literal"><span class="pre">1</span></code> for a stream cipher. The return value is undefined if <code class="docutils literal"><span class="pre">type</span></code> is not a supported cipher key type.</p>
@@ -957,76 +1029,52 @@
</div>
</div>
<div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper">
- <h3><a href="../../index.html">Table Of Contents</a></h3>
- <ul>
-<li><a class="reference internal" href="#">Unauthenticated ciphers</a><ul>
-<li><a class="reference internal" href="#cipher-algorithms">Cipher algorithms</a><ul>
-<li><a class="reference internal" href="#PSA_ALG_STREAM_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_STREAM_CIPHER</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_CTR"><code class="docutils literal"><span class="pre">PSA_ALG_CTR</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_CFB"><code class="docutils literal"><span class="pre">PSA_ALG_CFB</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_OFB"><code class="docutils literal"><span class="pre">PSA_ALG_OFB</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_XTS"><code class="docutils literal"><span class="pre">PSA_ALG_XTS</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_ECB_NO_PADDING"><code class="docutils literal"><span class="pre">PSA_ALG_ECB_NO_PADDING</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_CBC_NO_PADDING"><code class="docutils literal"><span class="pre">PSA_ALG_CBC_NO_PADDING</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_CBC_PKCS7"><code class="docutils literal"><span class="pre">PSA_ALG_CBC_PKCS7</span></code> (macro)</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#single-part-cipher-functions">Single-part cipher functions</a><ul>
-<li><a class="reference internal" href="#psa_cipher_encrypt"><code class="docutils literal"><span class="pre">psa_cipher_encrypt</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_cipher_decrypt"><code class="docutils literal"><span class="pre">psa_cipher_decrypt</span></code> (function)</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#multi-part-cipher-operations">Multi-part cipher operations</a><ul>
-<li><a class="reference internal" href="#psa_cipher_operation_t"><code class="docutils literal"><span class="pre">psa_cipher_operation_t</span></code> (type)</a></li>
-<li><a class="reference internal" href="#PSA_CIPHER_OPERATION_INIT"><code class="docutils literal"><span class="pre">PSA_CIPHER_OPERATION_INIT</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#psa_cipher_operation_init"><code class="docutils literal"><span class="pre">psa_cipher_operation_init</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_cipher_encrypt_setup"><code class="docutils literal"><span class="pre">psa_cipher_encrypt_setup</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_cipher_decrypt_setup"><code class="docutils literal"><span class="pre">psa_cipher_decrypt_setup</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_cipher_generate_iv"><code class="docutils literal"><span class="pre">psa_cipher_generate_iv</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_cipher_set_iv"><code class="docutils literal"><span class="pre">psa_cipher_set_iv</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_cipher_update"><code class="docutils literal"><span class="pre">psa_cipher_update</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_cipher_finish"><code class="docutils literal"><span class="pre">psa_cipher_finish</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_cipher_abort"><code class="docutils literal"><span class="pre">psa_cipher_abort</span></code> (function)</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#support-macros">Support macros</a><ul>
-<li><a class="reference internal" href="#PSA_ALG_IS_STREAM_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_STREAM_CIPHER</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_CIPHER_ENCRYPT_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_ENCRYPT_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_CIPHER_DECRYPT_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_DECRYPT_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_CIPHER_IV_LENGTH"><code class="docutils literal"><span class="pre">PSA_CIPHER_IV_LENGTH</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_CIPHER_IV_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_IV_MAX_SIZE</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_CIPHER_UPDATE_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_UPDATE_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_CIPHER_FINISH_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_FINISH_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_BLOCK_CIPHER_BLOCK_LENGTH"><code class="docutils literal"><span class="pre">PSA_BLOCK_CIPHER_BLOCK_LENGTH</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE</span></code> (macro)</a></li>
-</ul>
-</li>
-</ul>
-</li>
-</ul>
-<div class="relations">
-<h3>Related Topics</h3>
+ <div class="sphinxsidebarwrapper"><h3><a href="../../index.html"><b>PSA Crypto API</b></a></h3>
+IHI 0086<br/>
+Non-confidential<br/>
+Version 1.0.1
+<span style="color: red; font-weight: bold;"></span>
<ul>
- <li><a href="../../index.html">Documentation overview</a><ul>
- <li><a href="index.html">Cryptographic operation reference</a><ul>
- <li>Previous: <a href="macs.html" title="previous chapter">Message authentication codes (MAC)</a></li>
- <li>Next: <a href="aead.html" title="next chapter">Authenticated encryption with associated data (AEAD)</a></li>
- </ul></li>
- </ul></li>
+<li class="toctree-l1"><a class="reference internal" href="../../about.html">About this document</a></li>
</ul>
-</div>
- <div role="note" aria-label="source link">
- <h3>This Page</h3>
- <ul class="this-page-menu">
- <li><a href="../../_sources/api/ops/ciphers.rst.txt"
- rel="nofollow">Show Source</a></li>
- </ul>
- </div>
+<ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../../overview/intro.html">1. Introduction</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/goals.html">2. Design goals</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/functionality.html">3. Functionality overview</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/sample-arch.html">4. Sample architectures</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/conventions.html">5. Library conventions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/implementation.html">6. Implementation considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/usage.html">7. Usage considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../library/index.html">8. Library management reference</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../keys/index.html">9. Key management reference</a></li>
+<li class="toctree-l1 current"><a class="reference internal" href="index.html">10. Cryptographic operation reference</a><ul class="current">
+<li class="toctree-l2"><a class="reference internal" href="algorithms.html">10.1. Algorithms</a></li>
+<li class="toctree-l2"><a class="reference internal" href="hashes.html">10.2. Message digests</a></li>
+<li class="toctree-l2"><a class="reference internal" href="macs.html">10.3. Message authentication codes (MAC)</a></li>
+<li class="toctree-l2 current"><a class="current reference internal" href="#">10.4. Unauthenticated ciphers</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#cipher-algorithms">10.4.1. Cipher algorithms</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#single-part-cipher-functions">10.4.2. Single-part cipher functions</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#multi-part-cipher-operations">10.4.3. Multi-part cipher operations</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#support-macros">10.4.4. Support macros</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="aead.html">10.5. Authenticated encryption with associated data (AEAD)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="kdf.html">10.6. Key derivation</a></li>
+<li class="toctree-l2"><a class="reference internal" href="sign.html">10.7. Asymmetric signature</a></li>
+<li class="toctree-l2"><a class="reference internal" href="pke.html">10.8. Asymmetric encryption</a></li>
+<li class="toctree-l2"><a class="reference internal" href="ka.html">10.9. Key agreement</a></li>
+<li class="toctree-l2"><a class="reference internal" href="rng.html">10.10. Other cryptographic services</a></li>
+</ul>
+</li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/example_header.html">Example header file</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/specdef_values.html">Example macro implementations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/history.html">Changes to the API</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../../psa_c-identifiers.html">Index of API elements</a></li>
+</ul>
<div id="searchbox" style="display: none" role="search">
<h3>Quick search</h3>
<form class="search" action="../../search.html" method="get">
@@ -1042,15 +1090,12 @@
<div class="clearer"></div>
</div>
<div class="footer">
- © 2019-2020, Arm Limited or its affiliates. All rights reserved.
+ © 2018-2020, Arm Limited or its affiliates. All rights reserved.
|
Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
& <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
- |
- <a href="../../_sources/api/ops/ciphers.rst.txt"
- rel="nofollow">Page source</a>
</div>
diff --git a/docs/html/api/ops/hashes.html b/docs/html/api/ops/hashes.html
index de98091..a87d91c 100644
--- a/docs/html/api/ops/hashes.html
+++ b/docs/html/api/ops/hashes.html
@@ -5,26 +5,27 @@
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>Message digests — PSA Crypto API 1.0.0 documentation</title>
+ <title>10.2. Message digests — PSA Crypto API 1.0.1 documentation</title>
<link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
<link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../../',
- VERSION: '1.0.0',
+ VERSION: '1.0.1',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
- HAS_SOURCE: true,
+ HAS_SOURCE: false,
SOURCELINK_SUFFIX: '.txt'
};
</script>
<script type="text/javascript" src="../../_static/jquery.js"></script>
<script type="text/javascript" src="../../_static/underscore.js"></script>
<script type="text/javascript" src="../../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../../about.html" />
<link rel="index" title="Index" href="../../genindex.html" />
<link rel="search" title="Search" href="../../search.html" />
- <link rel="next" title="Message authentication codes (MAC)" href="macs.html" />
- <link rel="prev" title="Cryptographic operation reference" href="index.html" />
+ <link rel="next" title="10.3. Message authentication codes (MAC)" href="macs.html" />
+ <link rel="prev" title="10.1. Algorithms" href="algorithms.html" />
<link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
@@ -40,138 +41,161 @@
<div class="body" role="main">
<div class="section" id="message-digests">
-<span id="hashes"></span><h1>Message digests</h1>
+<span id="hashes"></span><h1>10.2. Message digests</h1>
<div class="section" id="hash-algorithms">
-<span id="id1"></span><h2>Hash algorithms</h2>
+<span id="id1"></span><h2>10.2.1. Hash algorithms</h2>
<div class="section" id="PSA_ALG_MD2">
<span id="c.PSA_ALG_MD2"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_MD2</span></code> (macro)</h3>
-<p>MD2.</p>
+<p>The MD2 message-digest algorithm.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_MD2" title="PSA_ALG_MD2">PSA_ALG_MD2</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000001)
+#define <a class="reference internal" href="#c.PSA_ALG_MD2" title="PSA_ALG_MD2">PSA_ALG_MD2</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000001)
</pre>
<div class="admonition warning">
<p class="first admonition-title">Warning</p>
<p class="last">The MD2 hash is weak and deprecated and is only recommended for use in legacy protocols.</p>
</div>
+<p>MD2 is defined in <span><em>The MD2 Message-Digest Algorithm</em> <a class="reference internal" href="../../about.html#citation-rfc1319"><span class="cite">[RFC1319]</span></a></span>.</p>
</div>
<div class="section" id="PSA_ALG_MD4">
<span id="c.PSA_ALG_MD4"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_MD4</span></code> (macro)</h3>
-<p>MD4.</p>
+<p>The MD4 message-digest algorithm.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_MD4" title="PSA_ALG_MD4">PSA_ALG_MD4</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000002)
+#define <a class="reference internal" href="#c.PSA_ALG_MD4" title="PSA_ALG_MD4">PSA_ALG_MD4</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000002)
</pre>
<div class="admonition warning">
<p class="first admonition-title">Warning</p>
<p class="last">The MD4 hash is weak and deprecated and is only recommended for use in legacy protocols.</p>
</div>
+<p>MD4 is defined in <span><em>The MD4 Message-Digest Algorithm</em> <a class="reference internal" href="../../about.html#citation-rfc1320"><span class="cite">[RFC1320]</span></a></span>.</p>
</div>
<div class="section" id="PSA_ALG_MD5">
<span id="c.PSA_ALG_MD5"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_MD5</span></code> (macro)</h3>
-<p>MD5.</p>
+<p>The MD5 message-digest algorithm.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_MD5" title="PSA_ALG_MD5">PSA_ALG_MD5</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000003)
+#define <a class="reference internal" href="#c.PSA_ALG_MD5" title="PSA_ALG_MD5">PSA_ALG_MD5</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000003)
</pre>
<div class="admonition warning">
<p class="first admonition-title">Warning</p>
<p class="last">The MD5 hash is weak and deprecated and is only recommended for use in legacy protocols.</p>
</div>
+<p>MD5 is defined in <span><em>The MD5 Message-Digest Algorithm</em> <a class="reference internal" href="../../about.html#citation-rfc1321"><span class="cite">[RFC1321]</span></a></span>.</p>
</div>
<div class="section" id="PSA_ALG_RIPEMD160">
<span id="c.PSA_ALG_RIPEMD160"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_RIPEMD160</span></code> (macro)</h3>
-<p>RIPEMD-160.</p>
+<p>The RIPEMD-160 message-digest algorithm.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_RIPEMD160" title="PSA_ALG_RIPEMD160">PSA_ALG_RIPEMD160</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000004)
+#define <a class="reference internal" href="#c.PSA_ALG_RIPEMD160" title="PSA_ALG_RIPEMD160">PSA_ALG_RIPEMD160</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000004)
</pre>
+<p>RIPEMD-160 is defined in <span><em>RIPEMD-160: A Strengthened Version of RIPEMD</em> <a class="reference internal" href="../../about.html#citation-ripemd"><span class="cite">[RIPEMD]</span></a></span>, and also in <span><em>ISO/IEC 10118-3:2018 IT Security techniques — Hash-functions — Part 3: Dedicated hash-functions</em> <a class="reference internal" href="../../about.html#citation-iso10118"><span class="cite">[ISO10118]</span></a></span>.</p>
</div>
<div class="section" id="PSA_ALG_SHA_1">
<span id="c.PSA_ALG_SHA_1"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_SHA_1</span></code> (macro)</h3>
-<p>SHA-1.</p>
+<p>The SHA-1 message-digest algorithm.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_SHA_1" title="PSA_ALG_SHA_1">PSA_ALG_SHA_1</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000005)
+#define <a class="reference internal" href="#c.PSA_ALG_SHA_1" title="PSA_ALG_SHA_1">PSA_ALG_SHA_1</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000005)
</pre>
<div class="admonition warning">
<p class="first admonition-title">Warning</p>
<p class="last">The SHA-1 hash is weak and deprecated and is only recommended for use in legacy protocols.</p>
</div>
+<p>SHA-1 is defined in <span><em>FIPS Publication 180-4: Secure Hash Standard (SHS)</em> <a class="reference internal" href="../../about.html#citation-fips180-4"><span class="cite">[FIPS180-4]</span></a></span>.</p>
</div>
<div class="section" id="PSA_ALG_SHA_224">
<span id="c.PSA_ALG_SHA_224"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_SHA_224</span></code> (macro)</h3>
-<p>SHA-224.</p>
+<p>The SHA-224 message-digest algorithm.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_SHA_224" title="PSA_ALG_SHA_224">PSA_ALG_SHA_224</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000008)
+#define <a class="reference internal" href="#c.PSA_ALG_SHA_224" title="PSA_ALG_SHA_224">PSA_ALG_SHA_224</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000008)
</pre>
+<p>SHA-224 is defined in <a class="reference internal" href="../../about.html#citation-fips180-4"><span class="cite">[FIPS180-4]</span></a>.</p>
</div>
<div class="section" id="PSA_ALG_SHA_256">
<span id="c.PSA_ALG_SHA_256"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_SHA_256</span></code> (macro)</h3>
-<p>SHA-256.</p>
+<p>The SHA-256 message-digest algorithm.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_SHA_256" title="PSA_ALG_SHA_256">PSA_ALG_SHA_256</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000009)
+#define <a class="reference internal" href="#c.PSA_ALG_SHA_256" title="PSA_ALG_SHA_256">PSA_ALG_SHA_256</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000009)
</pre>
+<p>SHA-256 is defined in <a class="reference internal" href="../../about.html#citation-fips180-4"><span class="cite">[FIPS180-4]</span></a>.</p>
</div>
<div class="section" id="PSA_ALG_SHA_384">
<span id="c.PSA_ALG_SHA_384"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_SHA_384</span></code> (macro)</h3>
-<p>SHA-384.</p>
+<p>The SHA-384 message-digest algorithm.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_SHA_384" title="PSA_ALG_SHA_384">PSA_ALG_SHA_384</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x0200000a)
+#define <a class="reference internal" href="#c.PSA_ALG_SHA_384" title="PSA_ALG_SHA_384">PSA_ALG_SHA_384</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x0200000a)
</pre>
+<p>SHA-384 is defined in <a class="reference internal" href="../../about.html#citation-fips180-4"><span class="cite">[FIPS180-4]</span></a>.</p>
</div>
<div class="section" id="PSA_ALG_SHA_512">
<span id="c.PSA_ALG_SHA_512"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_SHA_512</span></code> (macro)</h3>
-<p>SHA-512.</p>
+<p>The SHA-512 message-digest algorithm.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_SHA_512" title="PSA_ALG_SHA_512">PSA_ALG_SHA_512</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x0200000b)
+#define <a class="reference internal" href="#c.PSA_ALG_SHA_512" title="PSA_ALG_SHA_512">PSA_ALG_SHA_512</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x0200000b)
</pre>
+<p>SHA-512 is defined in <a class="reference internal" href="../../about.html#citation-fips180-4"><span class="cite">[FIPS180-4]</span></a>.</p>
</div>
<div class="section" id="PSA_ALG_SHA_512_224">
<span id="c.PSA_ALG_SHA_512_224"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_SHA_512_224</span></code> (macro)</h3>
-<p>SHA-512/224.</p>
+<p>The SHA-512/224 message-digest algorithm.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_SHA_512_224" title="PSA_ALG_SHA_512_224">PSA_ALG_SHA_512_224</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x0200000c)
+#define <a class="reference internal" href="#c.PSA_ALG_SHA_512_224" title="PSA_ALG_SHA_512_224">PSA_ALG_SHA_512_224</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x0200000c)
</pre>
+<p>SHA-512/224 is defined in <a class="reference internal" href="../../about.html#citation-fips180-4"><span class="cite">[FIPS180-4]</span></a>.</p>
</div>
<div class="section" id="PSA_ALG_SHA_512_256">
<span id="c.PSA_ALG_SHA_512_256"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_SHA_512_256</span></code> (macro)</h3>
-<p>SHA-512/256.</p>
+<p>The SHA-512/256 message-digest algorithm.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_SHA_512_256" title="PSA_ALG_SHA_512_256">PSA_ALG_SHA_512_256</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x0200000d)
+#define <a class="reference internal" href="#c.PSA_ALG_SHA_512_256" title="PSA_ALG_SHA_512_256">PSA_ALG_SHA_512_256</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x0200000d)
</pre>
+<p>SHA-512/256 is defined in <a class="reference internal" href="../../about.html#citation-fips180-4"><span class="cite">[FIPS180-4]</span></a>.</p>
</div>
<div class="section" id="PSA_ALG_SHA3_224">
<span id="c.PSA_ALG_SHA3_224"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_SHA3_224</span></code> (macro)</h3>
-<p>SHA3-224.</p>
+<p>The SHA3-224 message-digest algorithm.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_SHA3_224" title="PSA_ALG_SHA3_224">PSA_ALG_SHA3_224</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000010)
+#define <a class="reference internal" href="#c.PSA_ALG_SHA3_224" title="PSA_ALG_SHA3_224">PSA_ALG_SHA3_224</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000010)
</pre>
+<p>SHA3-224 is defined in <span><em>FIPS Publication 202: SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions</em> <a class="reference internal" href="../../about.html#citation-fips202"><span class="cite">[FIPS202]</span></a></span>.</p>
</div>
<div class="section" id="PSA_ALG_SHA3_256">
<span id="c.PSA_ALG_SHA3_256"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_SHA3_256</span></code> (macro)</h3>
-<p>SHA3-256.</p>
+<p>The SHA3-256 message-digest algorithm.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_SHA3_256" title="PSA_ALG_SHA3_256">PSA_ALG_SHA3_256</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000011)
+#define <a class="reference internal" href="#c.PSA_ALG_SHA3_256" title="PSA_ALG_SHA3_256">PSA_ALG_SHA3_256</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000011)
</pre>
+<p>SHA3-256 is defined in <a class="reference internal" href="../../about.html#citation-fips202"><span class="cite">[FIPS202]</span></a>.</p>
</div>
<div class="section" id="PSA_ALG_SHA3_384">
<span id="c.PSA_ALG_SHA3_384"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_SHA3_384</span></code> (macro)</h3>
-<p>SHA3-384.</p>
+<p>The SHA3-384 message-digest algorithm.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_SHA3_384" title="PSA_ALG_SHA3_384">PSA_ALG_SHA3_384</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000012)
+#define <a class="reference internal" href="#c.PSA_ALG_SHA3_384" title="PSA_ALG_SHA3_384">PSA_ALG_SHA3_384</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000012)
</pre>
+<p>SHA3-384 is defined in <a class="reference internal" href="../../about.html#citation-fips202"><span class="cite">[FIPS202]</span></a>.</p>
</div>
<div class="section" id="PSA_ALG_SHA3_512">
<span id="c.PSA_ALG_SHA3_512"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_SHA3_512</span></code> (macro)</h3>
-<p>SHA3-512.</p>
+<p>The SHA3-512 message-digest algorithm.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_SHA3_512" title="PSA_ALG_SHA3_512">PSA_ALG_SHA3_512</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000013)
+#define <a class="reference internal" href="#c.PSA_ALG_SHA3_512" title="PSA_ALG_SHA3_512">PSA_ALG_SHA3_512</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000013)
</pre>
+<p>SHA3-512 is defined in <a class="reference internal" href="../../about.html#citation-fips202"><span class="cite">[FIPS202]</span></a>.</p>
+</div>
+<div class="section" id="PSA_ALG_SM3">
+<span id="c.PSA_ALG_SM3"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_SM3</span></code> (macro)</h3>
+<p>The SM3 message-digest algorithm.</p>
+<pre class="literal-block">
+#define <a class="reference internal" href="#c.PSA_ALG_SM3" title="PSA_ALG_SM3">PSA_ALG_SM3</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000014)
+</pre>
+<p>SM3 is defined in <span><em>GB/T 32905-2016: Information security techniques — SM3 cryptographic hash algorithm</em> <a class="reference internal" href="../../about.html#citation-prc-sm3"><span class="cite">[PRC-SM3]</span></a></span> and <span><em>The SM3 Cryptographic Hash Function</em> <a class="reference internal" href="../../about.html#citation-ietf-sm3"><span class="cite">[IETF-SM3]</span></a></span>.</p>
</div>
</div>
<div class="section" id="single-part-hashing-functions">
-<h2>Single-part hashing functions</h2>
+<h2>10.2.2. Single-part hashing functions</h2>
<div class="section" id="psa_hash_compute">
<span id="c.psa_hash_compute"></span><h3><code class="docutils literal"><span class="pre">psa_hash_compute</span></code> (function)</h3>
<p>Calculate the hash (digest) of a message.</p>
<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_hash_compute" title="psa_hash_compute">psa_hash_compute</a>(<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_hash_compute" title="psa_hash_compute">psa_hash_compute</a>(<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
const uint8_t * input,
size_t input_length,
uint8_t * hash,
@@ -181,7 +205,7 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>The hash algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dd>The hash algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
<dt> <code class="docutils literal"><span class="pre">input</span></code></dt>
<dd>Buffer containing the message to hash.</dd>
<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
@@ -228,7 +252,7 @@
<span id="c.psa_hash_compare"></span><h3><code class="docutils literal"><span class="pre">psa_hash_compare</span></code> (function)</h3>
<p>Calculate the hash (digest) of a message and compare it with a reference value.</p>
<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_hash_compare" title="psa_hash_compare">psa_hash_compare</a>(<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_hash_compare" title="psa_hash_compare">psa_hash_compare</a>(<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
const uint8_t * input,
size_t input_length,
const uint8_t * hash,
@@ -237,7 +261,7 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>The hash algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dd>The hash algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
<dt> <code class="docutils literal"><span class="pre">input</span></code></dt>
<dd>Buffer containing the message to hash.</dd>
<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
@@ -273,7 +297,7 @@
</div>
</div>
<div class="section" id="multi-part-hashing-operations">
-<span id="hash-mp"></span><h2>Multi-part hashing operations</h2>
+<span id="hash-mp"></span><h2>10.2.3. Multi-part hashing operations</h2>
<div class="section" id="psa_hash_operation_t">
<span id="c.psa_hash_operation_t"></span><h3><code class="docutils literal"><span class="pre">psa_hash_operation_t</span></code> (type)</h3>
<p>The type of the state object for multi-part hash operations.</p>
@@ -327,14 +351,14 @@
<p>Set up a multi-part hash operation.</p>
<pre class="literal-block">
<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup">psa_hash_setup</a>(<a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a> * operation,
- <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
+ <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
</pre>
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
<dd>The operation object to set up. It must have been initialized as per the documentation for <a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_hash_operation_t</span></code></a> and not yet in use.</dd>
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>The hash algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dd>The hash algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
</dl>
<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
<dl class="docutils">
@@ -585,7 +609,7 @@
<p>The application must call <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_setup()</span></code></a> or <a class="reference internal" href="#c.psa_hash_resume" title="psa_hash_resume"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_resume()</span></code></a> before calling this function. This function extracts an intermediate state of the hash computation of the message formed by concatenating the inputs passed to preceding calls to <a class="reference internal" href="#c.psa_hash_update" title="psa_hash_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_update()</span></code></a>.</p>
<p>This function can be used to halt a hash operation, and then resume the hash operation at a later time, or in another application, by transferring the extracted hash suspend state to a call to <a class="reference internal" href="#c.psa_hash_resume" title="psa_hash_resume"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_resume()</span></code></a>.</p>
<p>When this function returns successfully, the operation becomes inactive. If this function returns an error status, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_hash_abort" title="psa_hash_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_abort()</span></code></a>.</p>
-<p>Hash suspend and resume is not defined for the SHA3 family of hash algorithms. <em><a class="reference internal" href="#hash-suspend-state"><span class="std std-ref">Hash suspend state</span></a></em> defines the format of the output from <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a>.</p>
+<p>Hash suspend and resume is not defined for the SHA3 family of hash algorithms. <a class="reference internal" href="#hash-suspend-state"><span class="secref">Hash suspend state</span></a> defines the format of the output from <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a>.</p>
<div class="admonition warning">
<p class="first admonition-title">Warning</p>
<p class="last">Applications must not use any of the hash suspend state as if it was a hash output. Instead, the suspend state must only be used to resume a hash operation, and <a class="reference internal" href="#c.psa_hash_finish" title="psa_hash_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_finish()</span></code></a> or <a class="reference internal" href="#c.psa_hash_verify" title="psa_hash_verify"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_verify()</span></code></a> can then calculate or verify the final hash value.</p>
@@ -595,7 +619,7 @@
<ol class="arabic">
<li><p class="first">Compute the first part of the hash.</p>
<blockquote>
-<div><ol class="arabic simple">
+<div><ol class="loweralpha simple">
<li>Allocate an operation object and initialize it as described in the documentation for <a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_hash_operation_t</span></code></a>.</li>
<li>Call <a class="reference internal" href="#c.psa_hash_setup" title="psa_hash_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_setup()</span></code></a> to specify the algorithm.</li>
<li>Call <a class="reference internal" href="#c.psa_hash_update" title="psa_hash_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_update()</span></code></a> zero, one or more times, passing a fragment of the message each time.</li>
@@ -607,7 +631,7 @@
</li>
<li><p class="first">Compute the rest of the hash.</p>
<blockquote>
-<div><ol class="arabic simple">
+<div><ol class="loweralpha simple">
<li>Allocate an operation object and initialize it as described in the documentation for <a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_hash_operation_t</span></code></a>.</li>
<li>Call <a class="reference internal" href="#c.psa_hash_resume" title="psa_hash_resume"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_resume()</span></code></a> with the extracted hash state.</li>
<li>Call <a class="reference internal" href="#c.psa_hash_update" title="psa_hash_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_update()</span></code></a> zero, one or more times, passing a fragment of the message each time.</li>
@@ -631,7 +655,7 @@
<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
<dd>The operation object to set up. It must have been initialized as per the documentation for <a class="reference internal" href="#c.psa_hash_operation_t" title="psa_hash_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_hash_operation_t</span></code></a> and not yet in use.</dd>
<dt> <code class="docutils literal"><span class="pre">hash_state</span></code></dt>
-<dd>A buffer containing the suspended hash state which is to be resumed. This must be in the format output by <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a>, which is described in <em><a class="reference internal" href="#hash-suspend-state-format"><span class="std std-ref">Hash suspend state format</span></a></em>.</dd>
+<dd>A buffer containing the suspended hash state which is to be resumed. This must be in the format output by <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a>, which is described in <a class="reference internal" href="#hash-suspend-state-format"><span class="secref">Hash suspend state format</span></a>.</dd>
<dt> <code class="docutils literal"><span class="pre">hash_state_length</span></code></dt>
<dd>Length of <code class="docutils literal"><span class="pre">hash_state</span></code> in bytes.</dd>
</dl>
@@ -642,7 +666,7 @@
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
<dd>The provided hash suspend state is for an algorithm that is not supported.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd><code class="docutils literal"><span class="pre">hash_state</span></code> does not correspond to a valid hash suspend state. See <em><a class="reference internal" href="#hash-suspend-state-format"><span class="std std-ref">Hash suspend state format</span></a></em> for the definition.</dd>
+<dd><code class="docutils literal"><span class="pre">hash_state</span></code> does not correspond to a valid hash suspend state. See <a class="reference internal" href="#hash-suspend-state-format"><span class="secref">Hash suspend state format</span></a> for the definition.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
<dd>The operation state is not valid: it must be inactive.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
@@ -702,7 +726,7 @@
</div>
</div>
<div class="section" id="support-macros">
-<h2>Support macros</h2>
+<h2>10.2.4. Support macros</h2>
<div class="section" id="PSA_HASH_LENGTH">
<span id="c.PSA_HASH_LENGTH"></span><h3><code class="docutils literal"><span class="pre">PSA_HASH_LENGTH</span></code> (macro)</h3>
<p>The size of the output of <a class="reference internal" href="#c.psa_hash_compute" title="psa_hash_compute"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_compute()</span></code></a> and <a class="reference internal" href="#c.psa_hash_finish" title="psa_hash_finish"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_finish()</span></code></a>, in bytes.</p>
@@ -712,7 +736,7 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>A hash algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true), or an HMAC algorithm (<a class="reference internal" href="macs.html#c.PSA_ALG_HMAC" title="PSA_ALG_HMAC"><code class="docutils literal"><span class="pre">PSA_ALG_HMAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">hash_alg</span></code> is a hash algorithm).</dd>
+<dd>A hash algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true), or an HMAC algorithm (<a class="reference internal" href="macs.html#c.PSA_ALG_HMAC" title="PSA_ALG_HMAC"><code class="docutils literal"><span class="pre">PSA_ALG_HMAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">hash_alg</span></code> is a hash algorithm).</dd>
</dl>
<p class="rubric">Returns</p>
<p>The hash length for the specified hash algorithm. If the hash algorithm is not recognized, return <code class="docutils literal"><span class="pre">0</span></code>. An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or the correct size for a hash algorithm that it recognizes, but does not support.</p>
@@ -739,7 +763,7 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>A hash algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dd>A hash algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
</dl>
<p class="rubric">Returns</p>
<p>A sufficient output size for the algorithm. If the hash algorithm is not recognized, or is not supported by <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a>, return <code class="docutils literal"><span class="pre">0</span></code>. An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or a correct size for a hash algorithm that it recognizes, but does not support.</p>
@@ -780,11 +804,11 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>A hash algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dd>A hash algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
</dl>
<p class="rubric">Returns</p>
<p>The size, in bytes, of the <em>input-length</em> field of the hash suspend state for the specified hash algorithm. If the hash algorithm is not recognized, return <code class="docutils literal"><span class="pre">0</span></code>. An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or the correct size for a hash algorithm that it recognizes, but does not support.</p>
-<p>The algorithm-specific values are defined in <em><a class="reference internal" href="#hash-suspend-state-constants"><span class="std std-ref">Hash suspend state field sizes</span></a></em>.</p>
+<p>The algorithm-specific values are defined in <a class="reference internal" href="#hash-suspend-state-constants"><span class="secref">Hash suspend state field sizes</span></a>.</p>
<p class="rubric">Description</p>
<p>Applications can use this value to unpack the hash suspend state that is output by <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a>.</p>
</div>
@@ -798,60 +822,53 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>A hash algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dd>A hash algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
</dl>
<p class="rubric">Returns</p>
<p>The size, in bytes, of the <em>hash-state</em> field of the hash suspend state for the specified hash algorithm. If the hash algorithm is not recognized, return <code class="docutils literal"><span class="pre">0</span></code>. An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or the correct size for a hash algorithm that it recognizes, but does not support.</p>
-<p>The algorithm-specific values are defined in <em><a class="reference internal" href="#hash-suspend-state-constants"><span class="std std-ref">Hash suspend state field sizes</span></a></em>.</p>
+<p>The algorithm-specific values are defined in <a class="reference internal" href="#hash-suspend-state-constants"><span class="secref">Hash suspend state field sizes</span></a>.</p>
<p class="rubric">Description</p>
<p>Applications can use this value to unpack the hash suspend state that is output by <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a>.</p>
</div>
<div class="section" id="PSA_HASH_BLOCK_LENGTH">
<span id="c.PSA_HASH_BLOCK_LENGTH"></span><h3><code class="docutils literal"><span class="pre">PSA_HASH_BLOCK_LENGTH</span></code> (macro)</h3>
-<p>The input block size of a hash algorithm.</p>
+<p>The input block size of a hash algorithm, in bytes.</p>
<pre class="literal-block">
#define <a class="reference internal" href="#c.PSA_HASH_BLOCK_LENGTH" title="PSA_HASH_BLOCK_LENGTH">PSA_HASH_BLOCK_LENGTH</a>(alg) <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
</pre>
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>A hash algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dd>A hash algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
</dl>
<p class="rubric">Returns</p>
-<p>The block size for the specified hash algorithm. If the hash algorithm is not recognized, return <code class="docutils literal"><span class="pre">0</span></code>. An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or the correct size for a hash algorithm that it recognizes, but does not support.</p>
+<p>The block size in bytes for the specified hash algorithm. If the hash algorithm is not recognized, return <code class="docutils literal"><span class="pre">0</span></code>. An implementation can return either <code class="docutils literal"><span class="pre">0</span></code> or the correct size for a hash algorithm that it recognizes, but does not support.</p>
<p class="rubric">Description</p>
<p>Hash algorithms process their input data in blocks. Hash operations will retain any partial blocks until they have enough input to fill the block or until the operation is finished.</p>
<p>This affects the output from <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a>.</p>
</div>
</div>
<div class="section" id="hash-suspend-state">
-<span id="id2"></span><h2>Hash suspend state</h2>
+<span id="id2"></span><h2>10.2.5. Hash suspend state</h2>
<p>The hash suspend state is output by <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a> and input to <a class="reference internal" href="#c.psa_hash_resume" title="psa_hash_resume"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_resume()</span></code></a>.</p>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">Hash suspend and resume is not defined for the SHA3 family of hash algorithms.</p>
</div>
-<p class="rubric" id="hash-suspend-state-format">Hash suspend state format</p>
+<div class="section" id="hash-suspend-state-format">
+<span id="id3"></span><h3>Hash suspend state format</h3>
<p>The hash suspend state has the following format:</p>
<p><em>hash-suspend-state</em> = <em>algorithm</em> || <em>input-length</em> || <em>hash-state</em> || <em>unprocessed-input</em></p>
<p>The fields in the hash suspend state are defined as follows:</p>
-<table border="1" class="colwidths-given docutils">
-<colgroup>
-<col width="25%" />
-<col width="75%" />
-</colgroup>
-<tbody valign="top">
-<tr class="row-odd"><td><p class="first"><em>algorithm</em></p>
-<p class="last">big-endian 32-bit unsigned integer</p>
-</td>
-<td><p class="first">The PSA Crypto API algorithm identifier. Encoded as a big-endian 32-bit unsigned integer.</p>
+<dl class="docutils">
+<dt><em>algorithm</em></dt>
+<dd><p class="first">A big-endian 32-bit unsigned integer.</p>
+<p>The PSA Crypto API algorithm identifier value.</p>
<p class="last">The byte length of the <em>algorithm</em> field can be evaluated using <a class="reference internal" href="#c.PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH" title="PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH</span></code></a>.</p>
-</td>
-</tr>
-<tr class="row-even"><td><p class="first"><em>input-length</em></p>
-<p class="last">big-endian unsigned integer</p>
-</td>
-<td><p class="first">The content of this field is algorithm-specific:</p>
+</dd>
+<dt><em>input-length</em></dt>
+<dd><p class="first">A big-endian unsigned integer</p>
+<p>The content of this field is algorithm-specific:</p>
<ul class="simple">
<li>For MD2, this is the number of bytes in the <em>unprocessed-input</em>.</li>
<li>For all other hash algorithms, this is the total number of bytes of input to the hash computation. This includes the <em>unprocessed-input</em> bytes.</li>
@@ -863,13 +880,11 @@
<li>For SHA-512, SHA-384 and SHA-512/256: <em>input-length</em> is a 128-bit unsigned integer.</li>
</ul>
<p class="last">The length, in bytes, of the <em>input-length</em> field can be calculated using <a class="reference internal" href="#c.PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH" title="PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">alg</span></code> is a hash algorithm.
-See <em><a class="reference internal" href="#hash-suspend-state-constants"><span class="std std-ref">Hash suspend state field sizes</span></a></em>.</p>
-</td>
-</tr>
-<tr class="row-odd"><td><p class="first"><em>hash-state</em></p>
-<p class="last">array of bytes</p>
-</td>
-<td><p class="first">Algorithm-specific intermediate hash state:</p>
+See <a class="reference internal" href="#hash-suspend-state-constants"><span class="secref">Hash suspend state field sizes</span></a>.</p>
+</dd>
+<dt><em>hash-state</em></dt>
+<dd><p class="first">An array of bytes</p>
+<p>Algorithm-specific intermediate hash state:</p>
<ul class="simple">
<li>For MD2: 16 bytes of internal checksum, then 48 bytes of intermediate digest.</li>
<li>For MD4 and MD5: 4x 32-bit integers, in little-endian encoding.</li>
@@ -880,22 +895,20 @@
</ul>
<p class="last">The length of this field is specific to the algorithm.
The length, in bytes, of the <em>hash-state</em> field can be calculated using <a class="reference internal" href="#c.PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH" title="PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">alg</span></code> is a hash algorithm.
-See <em><a class="reference internal" href="#hash-suspend-state-constants"><span class="std std-ref">Hash suspend state field sizes</span></a></em>.</p>
-</td>
-</tr>
-<tr class="row-even"><td><p class="first"><em>unprocessed-input</em></p>
-<p class="last">0 to (<em>hash-block-size</em>-1) bytes</p>
-</td>
-<td><p class="first">A partial block of unprocessed input data. This is between zero and <em>hash-block-size</em>-1 bytes of data, the length can be calculated by:</p>
+See <a class="reference internal" href="#hash-suspend-state-constants"><span class="secref">Hash suspend state field sizes</span></a>.</p>
+</dd>
+<dt><em>unprocessed-input</em></dt>
+<dd><p class="first">0 to (<em>hash-block-size</em>-1) bytes</p>
+<p>A partial block of unprocessed input data. This is between zero and <em>hash-block-size</em>-1 bytes of data, the length can be calculated by:</p>
<p><code class="docutils literal"><span class="pre">length(</span></code><em>unprocessed-input</em><code class="docutils literal"><span class="pre">)</span></code> <code class="docutils literal"><span class="pre">=</span></code> <em>input-length</em> <code class="docutils literal"><span class="pre">%</span></code> <em>hash-block-size</em>.</p>
<p class="last">The <em>hash-block-size</em> is specific to the algorithm.
The size of a hash block can be calculated using <a class="reference internal" href="#c.PSA_HASH_BLOCK_LENGTH" title="PSA_HASH_BLOCK_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_BLOCK_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">alg</span></code> is a hash algorithm.
-See <em><a class="reference internal" href="#hash-suspend-state-constants"><span class="std std-ref">Hash suspend state field sizes</span></a></em>.</p>
-</td>
-</tr>
-</tbody>
-</table>
-<p class="rubric" id="hash-suspend-state-constants">Hash suspend state field sizes</p>
+See <a class="reference internal" href="#hash-suspend-state-constants"><span class="secref">Hash suspend state field sizes</span></a>.</p>
+</dd>
+</dl>
+</div>
+<div class="section" id="hash-suspend-state-field-sizes">
+<span id="hash-suspend-state-constants"></span><h3>Hash suspend state field sizes</h3>
<p>The following table defines the algorithm-specific field lengths for the hash suspend state returned by <a class="reference internal" href="#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a>. All of the field lengths are in bytes. To compute the field lengths for algorithm <code class="docutils literal"><span class="pre">alg</span></code>, use the following expressions:</p>
<ul class="simple">
<li><a class="reference internal" href="#c.PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH" title="PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH</span></code></a> returns the length of the <em>algorithm</em> field.</li>
@@ -904,13 +917,7 @@
<li><a class="reference internal" href="#c.PSA_HASH_BLOCK_LENGTH" title="PSA_HASH_BLOCK_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_BLOCK_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)-1</span></code> is the maximum length of the <em>unprocessed-bytes</em> field.</li>
<li><a class="reference internal" href="#c.PSA_HASH_SUSPEND_OUTPUT_SIZE" title="PSA_HASH_SUSPEND_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_OUTPUT_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">slg</span></code><code class="docutils literal"><span class="pre">)</span></code> returns the maximum size of the hash suspend state.</li>
</ul>
-<table border="1" class="docutils">
-<colgroup>
-<col width="25%" />
-<col width="25%" />
-<col width="25%" />
-<col width="25%" />
-</colgroup>
+<table border="1" class="colwidths-auto docutils align-left">
<thead valign="bottom">
<tr class="row-odd"><th class="head">Hash algorithm</th>
<th class="head"><em>input-length</em> size (bytes)</th>
@@ -973,86 +980,60 @@
</table>
</div>
</div>
+</div>
</div>
</div>
</div>
<div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper">
- <h3><a href="../../index.html">Table Of Contents</a></h3>
- <ul>
-<li><a class="reference internal" href="#">Message digests</a><ul>
-<li><a class="reference internal" href="#hash-algorithms">Hash algorithms</a><ul>
-<li><a class="reference internal" href="#PSA_ALG_MD2"><code class="docutils literal"><span class="pre">PSA_ALG_MD2</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_MD4"><code class="docutils literal"><span class="pre">PSA_ALG_MD4</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_MD5"><code class="docutils literal"><span class="pre">PSA_ALG_MD5</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_RIPEMD160"><code class="docutils literal"><span class="pre">PSA_ALG_RIPEMD160</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_SHA_1"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_1</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_SHA_224"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_224</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_SHA_256"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_256</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_SHA_384"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_384</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_SHA_512"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_512</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_SHA_512_224"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_512_224</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_SHA_512_256"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_512_256</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_SHA3_224"><code class="docutils literal"><span class="pre">PSA_ALG_SHA3_224</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_SHA3_256"><code class="docutils literal"><span class="pre">PSA_ALG_SHA3_256</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_SHA3_384"><code class="docutils literal"><span class="pre">PSA_ALG_SHA3_384</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_SHA3_512"><code class="docutils literal"><span class="pre">PSA_ALG_SHA3_512</span></code> (macro)</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#single-part-hashing-functions">Single-part hashing functions</a><ul>
-<li><a class="reference internal" href="#psa_hash_compute"><code class="docutils literal"><span class="pre">psa_hash_compute</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_hash_compare"><code class="docutils literal"><span class="pre">psa_hash_compare</span></code> (function)</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#multi-part-hashing-operations">Multi-part hashing operations</a><ul>
-<li><a class="reference internal" href="#psa_hash_operation_t"><code class="docutils literal"><span class="pre">psa_hash_operation_t</span></code> (type)</a></li>
-<li><a class="reference internal" href="#PSA_HASH_OPERATION_INIT"><code class="docutils literal"><span class="pre">PSA_HASH_OPERATION_INIT</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#psa_hash_operation_init"><code class="docutils literal"><span class="pre">psa_hash_operation_init</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_hash_setup"><code class="docutils literal"><span class="pre">psa_hash_setup</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_hash_update"><code class="docutils literal"><span class="pre">psa_hash_update</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_hash_finish"><code class="docutils literal"><span class="pre">psa_hash_finish</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_hash_verify"><code class="docutils literal"><span class="pre">psa_hash_verify</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_hash_abort"><code class="docutils literal"><span class="pre">psa_hash_abort</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_hash_suspend"><code class="docutils literal"><span class="pre">psa_hash_suspend</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_hash_resume"><code class="docutils literal"><span class="pre">psa_hash_resume</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_hash_clone"><code class="docutils literal"><span class="pre">psa_hash_clone</span></code> (function)</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#support-macros">Support macros</a><ul>
-<li><a class="reference internal" href="#PSA_HASH_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_LENGTH</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_HASH_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_HASH_MAX_SIZE</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_HASH_SUSPEND_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_HASH_BLOCK_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_BLOCK_LENGTH</span></code> (macro)</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#hash-suspend-state">Hash suspend state</a></li>
-</ul>
-</li>
-</ul>
-<div class="relations">
-<h3>Related Topics</h3>
+ <div class="sphinxsidebarwrapper"><h3><a href="../../index.html"><b>PSA Crypto API</b></a></h3>
+IHI 0086<br/>
+Non-confidential<br/>
+Version 1.0.1
+<span style="color: red; font-weight: bold;"></span>
<ul>
- <li><a href="../../index.html">Documentation overview</a><ul>
- <li><a href="index.html">Cryptographic operation reference</a><ul>
- <li>Previous: <a href="index.html" title="previous chapter">Cryptographic operation reference</a></li>
- <li>Next: <a href="macs.html" title="next chapter">Message authentication codes (MAC)</a></li>
- </ul></li>
- </ul></li>
+<li class="toctree-l1"><a class="reference internal" href="../../about.html">About this document</a></li>
</ul>
-</div>
- <div role="note" aria-label="source link">
- <h3>This Page</h3>
- <ul class="this-page-menu">
- <li><a href="../../_sources/api/ops/hashes.rst.txt"
- rel="nofollow">Show Source</a></li>
- </ul>
- </div>
+<ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../../overview/intro.html">1. Introduction</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/goals.html">2. Design goals</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/functionality.html">3. Functionality overview</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/sample-arch.html">4. Sample architectures</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/conventions.html">5. Library conventions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/implementation.html">6. Implementation considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/usage.html">7. Usage considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../library/index.html">8. Library management reference</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../keys/index.html">9. Key management reference</a></li>
+<li class="toctree-l1 current"><a class="reference internal" href="index.html">10. Cryptographic operation reference</a><ul class="current">
+<li class="toctree-l2"><a class="reference internal" href="algorithms.html">10.1. Algorithms</a></li>
+<li class="toctree-l2 current"><a class="current reference internal" href="#">10.2. Message digests</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#hash-algorithms">10.2.1. Hash algorithms</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#single-part-hashing-functions">10.2.2. Single-part hashing functions</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#multi-part-hashing-operations">10.2.3. Multi-part hashing operations</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#support-macros">10.2.4. Support macros</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#hash-suspend-state">10.2.5. Hash suspend state</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="macs.html">10.3. Message authentication codes (MAC)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="ciphers.html">10.4. Unauthenticated ciphers</a></li>
+<li class="toctree-l2"><a class="reference internal" href="aead.html">10.5. Authenticated encryption with associated data (AEAD)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="kdf.html">10.6. Key derivation</a></li>
+<li class="toctree-l2"><a class="reference internal" href="sign.html">10.7. Asymmetric signature</a></li>
+<li class="toctree-l2"><a class="reference internal" href="pke.html">10.8. Asymmetric encryption</a></li>
+<li class="toctree-l2"><a class="reference internal" href="ka.html">10.9. Key agreement</a></li>
+<li class="toctree-l2"><a class="reference internal" href="rng.html">10.10. Other cryptographic services</a></li>
+</ul>
+</li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/example_header.html">Example header file</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/specdef_values.html">Example macro implementations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/history.html">Changes to the API</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../../psa_c-identifiers.html">Index of API elements</a></li>
+</ul>
<div id="searchbox" style="display: none" role="search">
<h3>Quick search</h3>
<form class="search" action="../../search.html" method="get">
@@ -1068,15 +1049,12 @@
<div class="clearer"></div>
</div>
<div class="footer">
- © 2019-2020, Arm Limited or its affiliates. All rights reserved.
+ © 2018-2020, Arm Limited or its affiliates. All rights reserved.
|
Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
& <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
- |
- <a href="../../_sources/api/ops/hashes.rst.txt"
- rel="nofollow">Page source</a>
</div>
diff --git a/docs/html/api/ops/index.html b/docs/html/api/ops/index.html
index 9fe1155..69f903e 100644
--- a/docs/html/api/ops/index.html
+++ b/docs/html/api/ops/index.html
@@ -5,26 +5,27 @@
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>Cryptographic operation reference — PSA Crypto API 1.0.0 documentation</title>
+ <title>10. Cryptographic operation reference — PSA Crypto API 1.0.1 documentation</title>
<link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
<link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../../',
- VERSION: '1.0.0',
+ VERSION: '1.0.1',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
- HAS_SOURCE: true,
+ HAS_SOURCE: false,
SOURCELINK_SUFFIX: '.txt'
};
</script>
<script type="text/javascript" src="../../_static/jquery.js"></script>
<script type="text/javascript" src="../../_static/underscore.js"></script>
<script type="text/javascript" src="../../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../../about.html" />
<link rel="index" title="Index" href="../../genindex.html" />
<link rel="search" title="Search" href="../../search.html" />
- <link rel="next" title="Message digests" href="hashes.html" />
- <link rel="prev" title="Key management functions" href="../keys/management.html" />
+ <link rel="next" title="10.1. Algorithms" href="algorithms.html" />
+ <link rel="prev" title="9.6. Key management functions" href="../keys/management.html" />
<link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
@@ -40,11 +41,32 @@
<div class="body" role="main">
<div class="section" id="cryptographic-operation-reference">
-<span id="crypto-operations"></span><h1>Cryptographic operation reference</h1>
+<span id="crypto-operations"></span><h1>10. Cryptographic operation reference</h1>
<div class="toctree-wrapper compound">
<ul>
-<li class="toctree-l1"><a class="reference internal" href="hashes.html">Message digests</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="hashes.html#hash-algorithms">Hash algorithms</a><ul>
+<li class="toctree-l1"><a class="reference internal" href="algorithms.html">10.1. Algorithms</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="algorithms.html#algorithm-encoding">10.1.1. Algorithm encoding</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="algorithms.html#psa_algorithm_t"><code class="docutils literal"><span class="pre">psa_algorithm_t</span></code> (type)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="algorithms.html#PSA_ALG_NONE"><code class="docutils literal"><span class="pre">PSA_ALG_NONE</span></code> (macro)</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="algorithms.html#algorithm-categories">10.1.2. Algorithm categories</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="algorithms.html#PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="algorithms.html#PSA_ALG_IS_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_MAC</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="algorithms.html#PSA_ALG_IS_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="algorithms.html#PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="algorithms.html#PSA_ALG_IS_SIGN"><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="algorithms.html#PSA_ALG_IS_ASYMMETRIC_ENCRYPTION"><code class="docutils literal"><span class="pre">PSA_ALG_IS_ASYMMETRIC_ENCRYPTION</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="algorithms.html#PSA_ALG_IS_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_AGREEMENT</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="algorithms.html#PSA_ALG_IS_KEY_DERIVATION"><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_DERIVATION</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="algorithms.html#PSA_ALG_IS_WILDCARD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_WILDCARD</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="algorithms.html#PSA_ALG_GET_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_GET_HASH</span></code> (macro)</a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="hashes.html">10.2. Message digests</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="hashes.html#hash-algorithms">10.2.1. Hash algorithms</a><ul>
<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_ALG_MD2"><code class="docutils literal"><span class="pre">PSA_ALG_MD2</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_ALG_MD4"><code class="docutils literal"><span class="pre">PSA_ALG_MD4</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_ALG_MD5"><code class="docutils literal"><span class="pre">PSA_ALG_MD5</span></code> (macro)</a></li>
@@ -60,14 +82,15 @@
<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_ALG_SHA3_256"><code class="docutils literal"><span class="pre">PSA_ALG_SHA3_256</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_ALG_SHA3_384"><code class="docutils literal"><span class="pre">PSA_ALG_SHA3_384</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_ALG_SHA3_512"><code class="docutils literal"><span class="pre">PSA_ALG_SHA3_512</span></code> (macro)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_ALG_SM3"><code class="docutils literal"><span class="pre">PSA_ALG_SM3</span></code> (macro)</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="hashes.html#single-part-hashing-functions">Single-part hashing functions</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="hashes.html#single-part-hashing-functions">10.2.2. Single-part hashing functions</a><ul>
<li class="toctree-l3"><a class="reference internal" href="hashes.html#psa_hash_compute"><code class="docutils literal"><span class="pre">psa_hash_compute</span></code> (function)</a></li>
<li class="toctree-l3"><a class="reference internal" href="hashes.html#psa_hash_compare"><code class="docutils literal"><span class="pre">psa_hash_compare</span></code> (function)</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="hashes.html#multi-part-hashing-operations">Multi-part hashing operations</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="hashes.html#multi-part-hashing-operations">10.2.3. Multi-part hashing operations</a><ul>
<li class="toctree-l3"><a class="reference internal" href="hashes.html#psa_hash_operation_t"><code class="docutils literal"><span class="pre">psa_hash_operation_t</span></code> (type)</a></li>
<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_HASH_OPERATION_INIT"><code class="docutils literal"><span class="pre">PSA_HASH_OPERATION_INIT</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="hashes.html#psa_hash_operation_init"><code class="docutils literal"><span class="pre">psa_hash_operation_init</span></code> (function)</a></li>
@@ -81,7 +104,7 @@
<li class="toctree-l3"><a class="reference internal" href="hashes.html#psa_hash_clone"><code class="docutils literal"><span class="pre">psa_hash_clone</span></code> (function)</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="hashes.html#support-macros">Support macros</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="hashes.html#support-macros">10.2.4. Support macros</a><ul>
<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_HASH_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_LENGTH</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_HASH_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_HASH_MAX_SIZE</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_HASH_SUSPEND_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_OUTPUT_SIZE</span></code> (macro)</a></li>
@@ -92,23 +115,27 @@
<li class="toctree-l3"><a class="reference internal" href="hashes.html#PSA_HASH_BLOCK_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_BLOCK_LENGTH</span></code> (macro)</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="hashes.html#hash-suspend-state">Hash suspend state</a></li>
+<li class="toctree-l2"><a class="reference internal" href="hashes.html#hash-suspend-state">10.2.5. Hash suspend state</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="hashes.html#hash-suspend-state-format">Hash suspend state format</a></li>
+<li class="toctree-l3"><a class="reference internal" href="hashes.html#hash-suspend-state-field-sizes">Hash suspend state field sizes</a></li>
</ul>
</li>
-<li class="toctree-l1"><a class="reference internal" href="macs.html">Message authentication codes (MAC)</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="macs.html#mac-algorithms">MAC algorithms</a><ul>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="macs.html">10.3. Message authentication codes (MAC)</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="macs.html#mac-algorithms">10.3.1. MAC algorithms</a><ul>
<li class="toctree-l3"><a class="reference internal" href="macs.html#PSA_ALG_HMAC"><code class="docutils literal"><span class="pre">PSA_ALG_HMAC</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="macs.html#PSA_ALG_TRUNCATED_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_TRUNCATED_MAC</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="macs.html#PSA_ALG_CBC_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_CBC_MAC</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="macs.html#PSA_ALG_CMAC"><code class="docutils literal"><span class="pre">PSA_ALG_CMAC</span></code> (macro)</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="macs.html#single-part-mac-functions">Single-part MAC functions</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="macs.html#single-part-mac-functions">10.3.2. Single-part MAC functions</a><ul>
<li class="toctree-l3"><a class="reference internal" href="macs.html#psa_mac_compute"><code class="docutils literal"><span class="pre">psa_mac_compute</span></code> (function)</a></li>
<li class="toctree-l3"><a class="reference internal" href="macs.html#psa_mac_verify"><code class="docutils literal"><span class="pre">psa_mac_verify</span></code> (function)</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="macs.html#multi-part-mac-operations">Multi-part MAC operations</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="macs.html#multi-part-mac-operations">10.3.3. Multi-part MAC operations</a><ul>
<li class="toctree-l3"><a class="reference internal" href="macs.html#psa_mac_operation_t"><code class="docutils literal"><span class="pre">psa_mac_operation_t</span></code> (type)</a></li>
<li class="toctree-l3"><a class="reference internal" href="macs.html#PSA_MAC_OPERATION_INIT"><code class="docutils literal"><span class="pre">PSA_MAC_OPERATION_INIT</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="macs.html#psa_mac_operation_init"><code class="docutils literal"><span class="pre">psa_mac_operation_init</span></code> (function)</a></li>
@@ -120,7 +147,7 @@
<li class="toctree-l3"><a class="reference internal" href="macs.html#psa_mac_abort"><code class="docutils literal"><span class="pre">psa_mac_abort</span></code> (function)</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="macs.html#support-macros">Support macros</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="macs.html#support-macros">10.3.4. Support macros</a><ul>
<li class="toctree-l3"><a class="reference internal" href="macs.html#PSA_ALG_IS_HMAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HMAC</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="macs.html#PSA_ALG_IS_BLOCK_CIPHER_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_BLOCK_CIPHER_MAC</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="macs.html#PSA_ALG_FULL_LENGTH_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_FULL_LENGTH_MAC</span></code> (macro)</a></li>
@@ -130,8 +157,8 @@
</li>
</ul>
</li>
-<li class="toctree-l1"><a class="reference internal" href="ciphers.html">Unauthenticated ciphers</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="ciphers.html#cipher-algorithms">Cipher algorithms</a><ul>
+<li class="toctree-l1"><a class="reference internal" href="ciphers.html">10.4. Unauthenticated ciphers</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="ciphers.html#cipher-algorithms">10.4.1. Cipher algorithms</a><ul>
<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_ALG_STREAM_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_STREAM_CIPHER</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_ALG_CTR"><code class="docutils literal"><span class="pre">PSA_ALG_CTR</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_ALG_CFB"><code class="docutils literal"><span class="pre">PSA_ALG_CFB</span></code> (macro)</a></li>
@@ -142,12 +169,12 @@
<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_ALG_CBC_PKCS7"><code class="docutils literal"><span class="pre">PSA_ALG_CBC_PKCS7</span></code> (macro)</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="ciphers.html#single-part-cipher-functions">Single-part cipher functions</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="ciphers.html#single-part-cipher-functions">10.4.2. Single-part cipher functions</a><ul>
<li class="toctree-l3"><a class="reference internal" href="ciphers.html#psa_cipher_encrypt"><code class="docutils literal"><span class="pre">psa_cipher_encrypt</span></code> (function)</a></li>
<li class="toctree-l3"><a class="reference internal" href="ciphers.html#psa_cipher_decrypt"><code class="docutils literal"><span class="pre">psa_cipher_decrypt</span></code> (function)</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="ciphers.html#multi-part-cipher-operations">Multi-part cipher operations</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="ciphers.html#multi-part-cipher-operations">10.4.3. Multi-part cipher operations</a><ul>
<li class="toctree-l3"><a class="reference internal" href="ciphers.html#psa_cipher_operation_t"><code class="docutils literal"><span class="pre">psa_cipher_operation_t</span></code> (type)</a></li>
<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_CIPHER_OPERATION_INIT"><code class="docutils literal"><span class="pre">PSA_CIPHER_OPERATION_INIT</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="ciphers.html#psa_cipher_operation_init"><code class="docutils literal"><span class="pre">psa_cipher_operation_init</span></code> (function)</a></li>
@@ -160,7 +187,7 @@
<li class="toctree-l3"><a class="reference internal" href="ciphers.html#psa_cipher_abort"><code class="docutils literal"><span class="pre">psa_cipher_abort</span></code> (function)</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="ciphers.html#support-macros">Support macros</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="ciphers.html#support-macros">10.4.4. Support macros</a><ul>
<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_ALG_IS_STREAM_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_STREAM_CIPHER</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_CIPHER_ENCRYPT_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_ENCRYPT_OUTPUT_SIZE</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="ciphers.html#PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
@@ -178,28 +205,28 @@
</li>
</ul>
</li>
-<li class="toctree-l1"><a class="reference internal" href="aead.html">Authenticated encryption with associated data (AEAD)</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="aead.html#aead-algorithms">AEAD algorithms</a><ul>
+<li class="toctree-l1"><a class="reference internal" href="aead.html">10.5. Authenticated encryption with associated data (AEAD)</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="aead.html#aead-algorithms">10.5.1. AEAD algorithms</a><ul>
<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_ALG_CCM"><code class="docutils literal"><span class="pre">PSA_ALG_CCM</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_ALG_GCM"><code class="docutils literal"><span class="pre">PSA_ALG_GCM</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_ALG_CHACHA20_POLY1305"><code class="docutils literal"><span class="pre">PSA_ALG_CHACHA20_POLY1305</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_ALG_AEAD_WITH_SHORTENED_TAG"><code class="docutils literal"><span class="pre">PSA_ALG_AEAD_WITH_SHORTENED_TAG</span></code> (macro)</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="aead.html#single-part-aead-functions">Single-part AEAD functions</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="aead.html#single-part-aead-functions">10.5.2. Single-part AEAD functions</a><ul>
<li class="toctree-l3"><a class="reference internal" href="aead.html#psa_aead_encrypt"><code class="docutils literal"><span class="pre">psa_aead_encrypt</span></code> (function)</a></li>
<li class="toctree-l3"><a class="reference internal" href="aead.html#psa_aead_decrypt"><code class="docutils literal"><span class="pre">psa_aead_decrypt</span></code> (function)</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="aead.html#multi-part-aead-operations">Multi-part AEAD operations</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="aead.html#multi-part-aead-operations">10.5.3. Multi-part AEAD operations</a><ul>
<li class="toctree-l3"><a class="reference internal" href="aead.html#psa_aead_operation_t"><code class="docutils literal"><span class="pre">psa_aead_operation_t</span></code> (type)</a></li>
<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_AEAD_OPERATION_INIT"><code class="docutils literal"><span class="pre">PSA_AEAD_OPERATION_INIT</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="aead.html#psa_aead_operation_init"><code class="docutils literal"><span class="pre">psa_aead_operation_init</span></code> (function)</a></li>
<li class="toctree-l3"><a class="reference internal" href="aead.html#psa_aead_encrypt_setup"><code class="docutils literal"><span class="pre">psa_aead_encrypt_setup</span></code> (function)</a></li>
<li class="toctree-l3"><a class="reference internal" href="aead.html#psa_aead_decrypt_setup"><code class="docutils literal"><span class="pre">psa_aead_decrypt_setup</span></code> (function)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="aead.html#psa_aead_set_lengths"><code class="docutils literal"><span class="pre">psa_aead_set_lengths</span></code> (function)</a></li>
<li class="toctree-l3"><a class="reference internal" href="aead.html#psa_aead_generate_nonce"><code class="docutils literal"><span class="pre">psa_aead_generate_nonce</span></code> (function)</a></li>
<li class="toctree-l3"><a class="reference internal" href="aead.html#psa_aead_set_nonce"><code class="docutils literal"><span class="pre">psa_aead_set_nonce</span></code> (function)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="aead.html#psa_aead_set_lengths"><code class="docutils literal"><span class="pre">psa_aead_set_lengths</span></code> (function)</a></li>
<li class="toctree-l3"><a class="reference internal" href="aead.html#psa_aead_update_ad"><code class="docutils literal"><span class="pre">psa_aead_update_ad</span></code> (function)</a></li>
<li class="toctree-l3"><a class="reference internal" href="aead.html#psa_aead_update"><code class="docutils literal"><span class="pre">psa_aead_update</span></code> (function)</a></li>
<li class="toctree-l3"><a class="reference internal" href="aead.html#psa_aead_finish"><code class="docutils literal"><span class="pre">psa_aead_finish</span></code> (function)</a></li>
@@ -207,7 +234,7 @@
<li class="toctree-l3"><a class="reference internal" href="aead.html#psa_aead_abort"><code class="docutils literal"><span class="pre">psa_aead_abort</span></code> (function)</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="aead.html#support-macros">Support macros</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="aead.html#support-macros">10.5.4. Support macros</a><ul>
<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG"><code class="docutils literal"><span class="pre">PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="aead.html#PSA_AEAD_ENCRYPT_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_AEAD_ENCRYPT_OUTPUT_SIZE</span></code> (macro)</a></li>
@@ -228,14 +255,14 @@
</li>
</ul>
</li>
-<li class="toctree-l1"><a class="reference internal" href="kdf.html">Key derivation</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="kdf.html#key-derivation-algorithms">Key derivation algorithms</a><ul>
+<li class="toctree-l1"><a class="reference internal" href="kdf.html">10.6. Key derivation</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="kdf.html#key-derivation-algorithms">10.6.1. Key derivation algorithms</a><ul>
<li class="toctree-l3"><a class="reference internal" href="kdf.html#PSA_ALG_HKDF"><code class="docutils literal"><span class="pre">PSA_ALG_HKDF</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="kdf.html#PSA_ALG_TLS12_PRF"><code class="docutils literal"><span class="pre">PSA_ALG_TLS12_PRF</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="kdf.html#PSA_ALG_TLS12_PSK_TO_MS"><code class="docutils literal"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS</span></code> (macro)</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="kdf.html#input-step-types">Input step types</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="kdf.html#input-step-types">10.6.2. Input step types</a><ul>
<li class="toctree-l3"><a class="reference internal" href="kdf.html#psa_key_derivation_step_t"><code class="docutils literal"><span class="pre">psa_key_derivation_step_t</span></code> (type)</a></li>
<li class="toctree-l3"><a class="reference internal" href="kdf.html#PSA_KEY_DERIVATION_INPUT_SECRET"><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="kdf.html#PSA_KEY_DERIVATION_INPUT_LABEL"><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_LABEL</span></code> (macro)</a></li>
@@ -245,7 +272,7 @@
<li class="toctree-l3"><a class="reference internal" href="kdf.html#PSA_KEY_DERIVATION_INPUT_SEED"><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SEED</span></code> (macro)</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="kdf.html#key-derivation-functions">Key derivation functions</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="kdf.html#key-derivation-functions">10.6.3. Key derivation functions</a><ul>
<li class="toctree-l3"><a class="reference internal" href="kdf.html#psa_key_derivation_operation_t"><code class="docutils literal"><span class="pre">psa_key_derivation_operation_t</span></code> (type)</a></li>
<li class="toctree-l3"><a class="reference internal" href="kdf.html#PSA_KEY_DERIVATION_OPERATION_INIT"><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_OPERATION_INIT</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="kdf.html#psa_key_derivation_operation_init"><code class="docutils literal"><span class="pre">psa_key_derivation_operation_init</span></code> (function)</a></li>
@@ -259,7 +286,7 @@
<li class="toctree-l3"><a class="reference internal" href="kdf.html#psa_key_derivation_abort"><code class="docutils literal"><span class="pre">psa_key_derivation_abort</span></code> (function)</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="kdf.html#support-macros">Support macros</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="kdf.html#support-macros">10.6.4. Support macros</a><ul>
<li class="toctree-l3"><a class="reference internal" href="kdf.html#PSA_ALG_IS_HKDF"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HKDF</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="kdf.html#PSA_ALG_IS_TLS12_PRF"><code class="docutils literal"><span class="pre">PSA_ALG_IS_TLS12_PRF</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="kdf.html#PSA_ALG_IS_TLS12_PSK_TO_MS"><code class="docutils literal"><span class="pre">PSA_ALG_IS_TLS12_PSK_TO_MS</span></code> (macro)</a></li>
@@ -269,8 +296,8 @@
</li>
</ul>
</li>
-<li class="toctree-l1"><a class="reference internal" href="sign.html">Asymmetric signature</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="sign.html#asymmetric-signature-algorithms">Asymmetric signature algorithms</a><ul>
+<li class="toctree-l1"><a class="reference internal" href="sign.html">10.7. Asymmetric signature</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="sign.html#asymmetric-signature-algorithms">10.7.1. Asymmetric signature algorithms</a><ul>
<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_ALG_RSA_PKCS1V15_SIGN"><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_ALG_RSA_PKCS1V15_SIGN_RAW"><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_ALG_RSA_PSS"><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PSS</span></code> (macro)</a></li>
@@ -279,14 +306,14 @@
<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_ALG_DETERMINISTIC_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code> (macro)</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="sign.html#asymmetric-signature-functions">Asymmetric signature functions</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="sign.html#asymmetric-signature-functions">10.7.2. Asymmetric signature functions</a><ul>
<li class="toctree-l3"><a class="reference internal" href="sign.html#psa_sign_message"><code class="docutils literal"><span class="pre">psa_sign_message</span></code> (function)</a></li>
<li class="toctree-l3"><a class="reference internal" href="sign.html#psa_verify_message"><code class="docutils literal"><span class="pre">psa_verify_message</span></code> (function)</a></li>
<li class="toctree-l3"><a class="reference internal" href="sign.html#psa_sign_hash"><code class="docutils literal"><span class="pre">psa_sign_hash</span></code> (function)</a></li>
<li class="toctree-l3"><a class="reference internal" href="sign.html#psa_verify_hash"><code class="docutils literal"><span class="pre">psa_verify_hash</span></code> (function)</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="sign.html#support-macros">Support macros</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="sign.html#support-macros">10.7.3. Support macros</a><ul>
<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_ALG_IS_SIGN_MESSAGE"><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN_MESSAGE</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_ALG_IS_SIGN_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN_HASH</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="sign.html#PSA_ALG_IS_RSA_PKCS1V15_SIGN"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RSA_PKCS1V15_SIGN</span></code> (macro)</a></li>
@@ -302,18 +329,18 @@
</li>
</ul>
</li>
-<li class="toctree-l1"><a class="reference internal" href="pke.html">Asymmetric encryption</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="pke.html#asymmetric-encryption-algorithms">Asymmetric encryption algorithms</a><ul>
+<li class="toctree-l1"><a class="reference internal" href="pke.html">10.8. Asymmetric encryption</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="pke.html#asymmetric-encryption-algorithms">10.8.1. Asymmetric encryption algorithms</a><ul>
<li class="toctree-l3"><a class="reference internal" href="pke.html#PSA_ALG_RSA_PKCS1V15_CRYPT"><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_CRYPT</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="pke.html#PSA_ALG_RSA_OAEP"><code class="docutils literal"><span class="pre">PSA_ALG_RSA_OAEP</span></code> (macro)</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="pke.html#asymmetric-encryption-functions">Asymmetric encryption functions</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="pke.html#asymmetric-encryption-functions">10.8.2. Asymmetric encryption functions</a><ul>
<li class="toctree-l3"><a class="reference internal" href="pke.html#psa_asymmetric_encrypt"><code class="docutils literal"><span class="pre">psa_asymmetric_encrypt</span></code> (function)</a></li>
<li class="toctree-l3"><a class="reference internal" href="pke.html#psa_asymmetric_decrypt"><code class="docutils literal"><span class="pre">psa_asymmetric_decrypt</span></code> (function)</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="pke.html#support-macros">Support macros</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="pke.html#support-macros">10.8.3. Support macros</a><ul>
<li class="toctree-l3"><a class="reference internal" href="pke.html#PSA_ALG_IS_RSA_OAEP"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RSA_OAEP</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="pke.html#PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="pke.html#PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
@@ -323,22 +350,22 @@
</li>
</ul>
</li>
-<li class="toctree-l1"><a class="reference internal" href="ka.html">Key agreement</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="ka.html#key-agreement-algorithms">Key agreement algorithms</a><ul>
+<li class="toctree-l1"><a class="reference internal" href="ka.html">10.9. Key agreement</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="ka.html#key-agreement-algorithms">10.9.1. Key agreement algorithms</a><ul>
<li class="toctree-l3"><a class="reference internal" href="ka.html#PSA_ALG_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="ka.html#PSA_ALG_FFDH"><code class="docutils literal"><span class="pre">PSA_ALG_FFDH</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="ka.html#PSA_ALG_ECDH"><code class="docutils literal"><span class="pre">PSA_ALG_ECDH</span></code> (macro)</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="ka.html#standalone-key-agreement">Standalone key agreement</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="ka.html#standalone-key-agreement">10.9.2. Standalone key agreement</a><ul>
<li class="toctree-l3"><a class="reference internal" href="ka.html#psa_raw_key_agreement"><code class="docutils literal"><span class="pre">psa_raw_key_agreement</span></code> (function)</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="ka.html#combining-key-agreement-and-key-derivation">Combining key agreement and key derivation</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="ka.html#combining-key-agreement-and-key-derivation">10.9.3. Combining key agreement and key derivation</a><ul>
<li class="toctree-l3"><a class="reference internal" href="ka.html#psa_key_derivation_key_agreement"><code class="docutils literal"><span class="pre">psa_key_derivation_key_agreement</span></code> (function)</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="ka.html#support-macros">Support macros</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="ka.html#support-macros">10.9.4. Support macros</a><ul>
<li class="toctree-l3"><a class="reference internal" href="ka.html#PSA_ALG_KEY_AGREEMENT_GET_BASE"><code class="docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_BASE</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="ka.html#PSA_ALG_KEY_AGREEMENT_GET_KDF"><code class="docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_KDF</span></code> (macro)</a></li>
<li class="toctree-l3"><a class="reference internal" href="ka.html#PSA_ALG_IS_RAW_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RAW_KEY_AGREEMENT</span></code> (macro)</a></li>
@@ -350,8 +377,8 @@
</li>
</ul>
</li>
-<li class="toctree-l1"><a class="reference internal" href="rng.html">Other cryptographic services</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="rng.html#random-number-generation">Random number generation</a><ul>
+<li class="toctree-l1"><a class="reference internal" href="rng.html">10.10. Other cryptographic services</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="rng.html#random-number-generation">10.10.1. Random number generation</a><ul>
<li class="toctree-l3"><a class="reference internal" href="rng.html#psa_generate_random"><code class="docutils literal"><span class="pre">psa_generate_random</span></code> (function)</a></li>
</ul>
</li>
@@ -366,22 +393,46 @@
</div>
</div>
<div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper"><div class="relations">
-<h3>Related Topics</h3>
+ <div class="sphinxsidebarwrapper"><h3><a href="../../index.html"><b>PSA Crypto API</b></a></h3>
+IHI 0086<br/>
+Non-confidential<br/>
+Version 1.0.1
+<span style="color: red; font-weight: bold;"></span>
<ul>
- <li><a href="../../index.html">Documentation overview</a><ul>
- <li>Previous: <a href="../keys/management.html" title="previous chapter">Key management functions</a></li>
- <li>Next: <a href="hashes.html" title="next chapter">Message digests</a></li>
- </ul></li>
+<li class="toctree-l1"><a class="reference internal" href="../../about.html">About this document</a></li>
</ul>
-</div>
- <div role="note" aria-label="source link">
- <h3>This Page</h3>
- <ul class="this-page-menu">
- <li><a href="../../_sources/api/ops/index.rst.txt"
- rel="nofollow">Show Source</a></li>
- </ul>
- </div>
+<ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../../overview/intro.html">1. Introduction</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/goals.html">2. Design goals</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/functionality.html">3. Functionality overview</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/sample-arch.html">4. Sample architectures</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/conventions.html">5. Library conventions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/implementation.html">6. Implementation considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/usage.html">7. Usage considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../library/index.html">8. Library management reference</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../keys/index.html">9. Key management reference</a></li>
+<li class="toctree-l1 current"><a class="current reference internal" href="#">10. Cryptographic operation reference</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="algorithms.html">10.1. Algorithms</a></li>
+<li class="toctree-l2"><a class="reference internal" href="hashes.html">10.2. Message digests</a></li>
+<li class="toctree-l2"><a class="reference internal" href="macs.html">10.3. Message authentication codes (MAC)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="ciphers.html">10.4. Unauthenticated ciphers</a></li>
+<li class="toctree-l2"><a class="reference internal" href="aead.html">10.5. Authenticated encryption with associated data (AEAD)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="kdf.html">10.6. Key derivation</a></li>
+<li class="toctree-l2"><a class="reference internal" href="sign.html">10.7. Asymmetric signature</a></li>
+<li class="toctree-l2"><a class="reference internal" href="pke.html">10.8. Asymmetric encryption</a></li>
+<li class="toctree-l2"><a class="reference internal" href="ka.html">10.9. Key agreement</a></li>
+<li class="toctree-l2"><a class="reference internal" href="rng.html">10.10. Other cryptographic services</a></li>
+</ul>
+</li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/example_header.html">Example header file</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/specdef_values.html">Example macro implementations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/history.html">Changes to the API</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../../psa_c-identifiers.html">Index of API elements</a></li>
+</ul>
<div id="searchbox" style="display: none" role="search">
<h3>Quick search</h3>
<form class="search" action="../../search.html" method="get">
@@ -397,15 +448,12 @@
<div class="clearer"></div>
</div>
<div class="footer">
- © 2019-2020, Arm Limited or its affiliates. All rights reserved.
+ © 2018-2020, Arm Limited or its affiliates. All rights reserved.
|
Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
& <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
- |
- <a href="../../_sources/api/ops/index.rst.txt"
- rel="nofollow">Page source</a>
</div>
diff --git a/docs/html/api/ops/ka.html b/docs/html/api/ops/ka.html
index 36f38a7..afdf394 100644
--- a/docs/html/api/ops/ka.html
+++ b/docs/html/api/ops/ka.html
@@ -5,26 +5,27 @@
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>Key agreement — PSA Crypto API 1.0.0 documentation</title>
+ <title>10.9. Key agreement — PSA Crypto API 1.0.1 documentation</title>
<link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
<link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../../',
- VERSION: '1.0.0',
+ VERSION: '1.0.1',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
- HAS_SOURCE: true,
+ HAS_SOURCE: false,
SOURCELINK_SUFFIX: '.txt'
};
</script>
<script type="text/javascript" src="../../_static/jquery.js"></script>
<script type="text/javascript" src="../../_static/underscore.js"></script>
<script type="text/javascript" src="../../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../../about.html" />
<link rel="index" title="Index" href="../../genindex.html" />
<link rel="search" title="Search" href="../../search.html" />
- <link rel="next" title="Other cryptographic services" href="rng.html" />
- <link rel="prev" title="Asymmetric encryption" href="pke.html" />
+ <link rel="next" title="10.10. Other cryptographic services" href="rng.html" />
+ <link rel="prev" title="10.8. Asymmetric encryption" href="pke.html" />
<link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
@@ -40,9 +41,9 @@
<div class="body" role="main">
<div class="section" id="key-agreement">
-<span id="id1"></span><h1>Key agreement</h1>
+<span id="id1"></span><h1>10.9. Key agreement</h1>
<div class="section" id="key-agreement-algorithms">
-<span id="id2"></span><h2>Key agreement algorithms</h2>
+<span id="id2"></span><h2>10.9.1. Key agreement algorithms</h2>
<div class="section" id="PSA_ALG_KEY_AGREEMENT">
<span id="c.PSA_ALG_KEY_AGREEMENT"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT</span></code> (macro)</h3>
<p>Macro to build a combined algorithm that chains a key agreement with a key derivation.</p>
@@ -53,46 +54,65 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">ka_alg</span></code></dt>
-<dd>A key agreement algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_KEY_AGREEMENT" title="PSA_ALG_IS_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_AGREEMENT</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">ka_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dd>A key agreement algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_KEY_AGREEMENT" title="PSA_ALG_IS_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_AGREEMENT</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">ka_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
<dt> <code class="docutils literal"><span class="pre">kdf_alg</span></code></dt>
-<dd>A key derivation algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_KEY_DERIVATION" title="PSA_ALG_IS_KEY_DERIVATION"><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_DERIVATION</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">kdf_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dd>A key derivation algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_KEY_DERIVATION" title="PSA_ALG_IS_KEY_DERIVATION"><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_DERIVATION</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">kdf_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
</dl>
<p class="rubric">Returns</p>
<p>The corresponding key agreement and derivation algorithm.</p>
<p>Unspecified if <code class="docutils literal"><span class="pre">ka_alg</span></code> is not a supported key agreement algorithm or <code class="docutils literal"><span class="pre">kdf_alg</span></code> is not a supported key derivation algorithm.</p>
<p class="rubric">Description</p>
+<p>A combined key agreement algorithm is used with a multi-part key derivation operation, using a call to <a class="reference internal" href="#c.psa_key_derivation_key_agreement" title="psa_key_derivation_key_agreement"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_key_agreement()</span></code></a>.</p>
<p>The component parts of a key agreement algorithm can be extracted using <a class="reference internal" href="#c.PSA_ALG_KEY_AGREEMENT_GET_BASE" title="PSA_ALG_KEY_AGREEMENT_GET_BASE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_BASE()</span></code></a> and <a class="reference internal" href="#c.PSA_ALG_KEY_AGREEMENT_GET_KDF" title="PSA_ALG_KEY_AGREEMENT_GET_KDF"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_KDF()</span></code></a>.</p>
</div>
<div class="section" id="PSA_ALG_FFDH">
<span id="c.PSA_ALG_FFDH"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_FFDH</span></code> (macro)</h3>
<p>The finite-field Diffie-Hellman (DH) key agreement algorithm.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_FFDH" title="PSA_ALG_FFDH">PSA_ALG_FFDH</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x09010000)
+#define <a class="reference internal" href="#c.PSA_ALG_FFDH" title="PSA_ALG_FFDH">PSA_ALG_FFDH</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x09010000)
</pre>
-<p>The shared secret produced by key agreement is <code class="docutils literal"><span class="pre">g^{ab}</span></code> in big-endian format. It is <code class="docutils literal"><span class="pre">ceiling(m</span> <span class="pre">/</span> <span class="pre">8)</span></code> bytes long where <code class="docutils literal"><span class="pre">m</span></code> is the size of the prime <code class="docutils literal"><span class="pre">p</span></code> in bits.</p>
+<p>This algorithm can be used directly in a call to <a class="reference internal" href="#c.psa_raw_key_agreement" title="psa_raw_key_agreement"><code class="xref any c c-func docutils literal"><span class="pre">psa_raw_key_agreement()</span></code></a>, or combined with a key derivation operation using <a class="reference internal" href="#c.PSA_ALG_KEY_AGREEMENT" title="PSA_ALG_KEY_AGREEMENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT()</span></code></a> for use with <a class="reference internal" href="#c.psa_key_derivation_key_agreement" title="psa_key_derivation_key_agreement"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_key_agreement()</span></code></a>.</p>
+<p>When used as part of a multi-part key derivation operation, this implements a Diffie-Hellman key agreement scheme using a single Diffie-Hellman key-pair for each participant. This includes the <em>dhEphem</em>, <em>dhOneFlow</em>, and <em>dhStatic</em> schemes. The input step <a class="reference internal" href="kdf.html#c.PSA_KEY_DERIVATION_INPUT_SECRET" title="PSA_KEY_DERIVATION_INPUT_SECRET"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code></a> is used when providing the secret and peer keys to the operation.</p>
+<p>The shared secret produced by this key agreement algorithm is <code class="docutils literal"><span class="pre">g^{ab}</span></code> in big-endian format. It is <code class="docutils literal"><span class="pre">ceiling(m</span> <span class="pre">/</span> <span class="pre">8)</span></code> bytes long where <code class="docutils literal"><span class="pre">m</span></code> is the size of the prime <code class="docutils literal"><span class="pre">p</span></code> in bits.</p>
+<p>This key agreement scheme is defined by <span><em>NIST Special Publication 800-56A: Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography</em> <a class="reference internal" href="../../about.html#citation-sp800-56a"><span class="cite">[SP800-56A]</span></a></span> §5.7.1.1 under the name FFC DH.</p>
</div>
<div class="section" id="PSA_ALG_ECDH">
<span id="c.PSA_ALG_ECDH"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_ECDH</span></code> (macro)</h3>
<p>The elliptic curve Diffie-Hellman (ECDH) key agreement algorithm.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_ECDH" title="PSA_ALG_ECDH">PSA_ALG_ECDH</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x09020000)
+#define <a class="reference internal" href="#c.PSA_ALG_ECDH" title="PSA_ALG_ECDH">PSA_ALG_ECDH</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x09020000)
</pre>
+<p>This algorithm can be used directly in a call to <a class="reference internal" href="#c.psa_raw_key_agreement" title="psa_raw_key_agreement"><code class="xref any c c-func docutils literal"><span class="pre">psa_raw_key_agreement()</span></code></a>, or combined with a key derivation operation using <a class="reference internal" href="#c.PSA_ALG_KEY_AGREEMENT" title="PSA_ALG_KEY_AGREEMENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT()</span></code></a> for use with <a class="reference internal" href="#c.psa_key_derivation_key_agreement" title="psa_key_derivation_key_agreement"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_key_agreement()</span></code></a>.</p>
+<p>When used as part of a multi-part key derivation operation, this implements a Diffie-Hellman key agreement scheme using a single elliptic curve key-pair for each participant. This includes the <em>Ephemeral unified model</em>, the <em>Static unified model</em>, and the <em>One-pass Diffie-Hellman</em> schemes. The input step <a class="reference internal" href="kdf.html#c.PSA_KEY_DERIVATION_INPUT_SECRET" title="PSA_KEY_DERIVATION_INPUT_SECRET"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code></a> is used when providing the secret and peer keys to the operation.</p>
<p>The shared secret produced by key agreement is the x-coordinate of the shared secret point. It is always <code class="docutils literal"><span class="pre">ceiling(m</span> <span class="pre">/</span> <span class="pre">8)</span></code> bytes long where <code class="docutils literal"><span class="pre">m</span></code> is the bit size associated with the curve, i.e. the bit size of the order of the curve’s coordinate field. When <code class="docutils literal"><span class="pre">m</span></code> is not a multiple of 8, the byte containing the most significant bit of the shared secret is padded with zero bits. The byte order is either little-endian or big-endian depending on the curve type.</p>
+<ul>
+<li><p class="first">For Montgomery curves (curve family <a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_MONTGOMERY" title="PSA_ECC_FAMILY_MONTGOMERY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_MONTGOMERY</span></code></a>), the shared secret is the x-coordinate of <code class="docutils literal"><span class="pre">Z</span> <span class="pre">=</span> <span class="pre">d_A</span> <span class="pre">Q_B</span> <span class="pre">=</span> <span class="pre">d_B</span> <span class="pre">Q_A</span></code> in little-endian byte order.</p>
<ul class="simple">
-<li>For Montgomery curves (curve family <a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_MONTGOMERY" title="PSA_ECC_FAMILY_MONTGOMERY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_MONTGOMERY</span></code></a>), the shared secret is the x-coordinate of <code class="docutils literal"><span class="pre">d_A</span> <span class="pre">Q_B</span> <span class="pre">=</span> <span class="pre">d_B</span> <span class="pre">Q_A</span></code> in little-endian byte order. The bit size is 448 for Curve448 and 255 for Curve25519.</li>
-<li>For Weierstrass curves over prime fields (curve families <code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECP_XX</span></code>, <a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_BRAINPOOL_P_R1" title="PSA_ECC_FAMILY_BRAINPOOL_P_R1"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_BRAINPOOL_P_R1</span></code></a> and <a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_FRP" title="PSA_ECC_FAMILY_FRP"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_FRP</span></code></a>), the shared secret is the x-coordinate of <code class="docutils literal"><span class="pre">d_A</span> <span class="pre">Q_B</span> <span class="pre">=</span> <span class="pre">d_B</span> <span class="pre">Q_A</span></code> in big-endian byte order. The bit size is <code class="docutils literal"><span class="pre">m</span> <span class="pre">=</span> <span class="pre">ceiling(log_2(p))</span></code> for the field <code class="docutils literal"><span class="pre">F_p</span></code>.</li>
-<li>For Weierstrass curves over binary fields (curve families <code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECT_XX</span></code>), the shared secret is the x-coordinate of <code class="docutils literal"><span class="pre">d_A</span> <span class="pre">Q_B</span> <span class="pre">=</span> <span class="pre">d_B</span> <span class="pre">Q_A</span></code> in big-endian byte order. The bit size is <code class="docutils literal"><span class="pre">m</span></code> for the field <code class="docutils literal"><span class="pre">F_{2^m}</span></code>.</li>
+<li>For Curve25519, this is the X25519 function defined in <span><em>Curve25519: new Diffie-Hellman speed records</em> <a class="reference internal" href="../../about.html#citation-curve25519"><span class="cite">[Curve25519]</span></a></span>. The bit size <code class="docutils literal"><span class="pre">m</span></code> is 255.</li>
+<li>For Curve448, this is the X448 function defined in <span><em>Ed448-Goldilocks, a new elliptic curve</em> <a class="reference internal" href="../../about.html#citation-curve448"><span class="cite">[Curve448]</span></a></span>. The bit size <code class="docutils literal"><span class="pre">m</span></code> is 448.</li>
+</ul>
+</li>
+<li><p class="first">For Weierstrass curves (curve families <code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECP_XX</span></code>, <code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECT_XX</span></code>, <a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_BRAINPOOL_P_R1" title="PSA_ECC_FAMILY_BRAINPOOL_P_R1"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_BRAINPOOL_P_R1</span></code></a> and <a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_FRP" title="PSA_ECC_FAMILY_FRP"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_FRP</span></code></a>) the shared secret is the x-coordinate of <code class="docutils literal"><span class="pre">Z</span> <span class="pre">=</span> <span class="pre">h</span> <span class="pre">d_A</span> <span class="pre">Q_B</span> <span class="pre">=</span> <span class="pre">h</span> <span class="pre">d_B</span> <span class="pre">Q_A</span></code> in big-endian byte order. This is the Elliptic Curve Cryptography Cofactor Diffie-Hellman primitive defined by <span><em>SEC 1: Elliptic Curve Cryptography</em> <a class="reference internal" href="../../about.html#citation-sec1"><span class="cite">[SEC1]</span></a></span> §3.3.2 as, and also as ECC CDH by <span><em>NIST Special Publication 800-56A: Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography</em> <a class="reference internal" href="../../about.html#citation-sp800-56a"><span class="cite">[SP800-56A]</span></a></span> §5.7.1.2.</p>
+<ul class="simple">
+<li>Over prime fields (curve families <code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECP_XX</span></code>, <a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_BRAINPOOL_P_R1" title="PSA_ECC_FAMILY_BRAINPOOL_P_R1"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_BRAINPOOL_P_R1</span></code></a> and <a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_FRP" title="PSA_ECC_FAMILY_FRP"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_FRP</span></code></a>), the bit size is <code class="docutils literal"><span class="pre">m</span> <span class="pre">=</span> <span class="pre">ceiling(log_2(p))</span></code> for the field <code class="docutils literal"><span class="pre">F_p</span></code>.</li>
+<li>Over binary fields (curve families <code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECT_XX</span></code>), the bit size is <code class="docutils literal"><span class="pre">m</span></code> for the field <code class="docutils literal"><span class="pre">F_{2^m}</span></code>.</li>
+</ul>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">The cofactor Diffie-Hellman primitive is equivalent to the standard elliptic curve Diffie-Hellman calculation <code class="docutils literal"><span class="pre">Z</span> <span class="pre">=</span> <span class="pre">d_A</span> <span class="pre">Q_B</span> <span class="pre">=</span> <span class="pre">d_B</span> <span class="pre">Q_A</span></code> (<a class="reference internal" href="../../about.html#citation-sec1"><span class="cite psa_c psa_c-cite">[SEC1]</span></a> §3.3.1) for curves where the cofactor <code class="docutils literal"><span class="pre">h</span></code> is <code class="docutils literal"><span class="pre">1</span></code>. This is true for all curves in the <code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_SECP_XX</span></code>, <a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_BRAINPOOL_P_R1" title="PSA_ECC_FAMILY_BRAINPOOL_P_R1"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_BRAINPOOL_P_R1</span></code></a>, and <a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_FRP" title="PSA_ECC_FAMILY_FRP"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_FRP</span></code></a> families.</p>
+</div>
+</li>
</ul>
</div>
</div>
<div class="section" id="standalone-key-agreement">
-<h2>Standalone key agreement</h2>
+<h2>10.9.2. Standalone key agreement</h2>
<div class="section" id="psa_raw_key_agreement">
<span id="c.psa_raw_key_agreement"></span><h3><code class="docutils literal"><span class="pre">psa_raw_key_agreement</span></code> (function)</h3>
<p>Perform a key agreement and return the raw shared secret.</p>
<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_raw_key_agreement" title="psa_raw_key_agreement">psa_raw_key_agreement</a>(<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
- <a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> private_key,
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_raw_key_agreement" title="psa_raw_key_agreement">psa_raw_key_agreement</a>(<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+ <a class="reference internal" href="../keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> private_key,
const uint8_t * peer_key,
size_t peer_key_length,
uint8_t * output,
@@ -105,13 +125,13 @@
<dd>The key agreement algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_RAW_KEY_AGREEMENT" title="PSA_ALG_IS_RAW_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RAW_KEY_AGREEMENT</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
<dt> <code class="docutils literal"><span class="pre">private_key</span></code></dt>
<dd>Identifier of the private key to use.
-It must allow the usage <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_DERIVE" title="PSA_KEY_USAGE_DERIVE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code></a>.</dd>
+It must allow the usage <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_DERIVE" title="PSA_KEY_USAGE_DERIVE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code></a>.</dd>
<dt> <code class="docutils literal"><span class="pre">peer_key</span></code></dt>
<dd>Public key of the peer. It must be in the same format that <a class="reference internal" href="../keys/management.html#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_import_key()</span></code></a> accepts. The standard formats for public keys are documented in the documentation of <a class="reference internal" href="../keys/management.html#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_public_key()</span></code></a>.</dd>
<dt> <code class="docutils literal"><span class="pre">peer_key_length</span></code></dt>
<dd>Size of <code class="docutils literal"><span class="pre">peer_key</span></code> in bytes.</dd>
<dt> <code class="docutils literal"><span class="pre">output</span></code></dt>
-<dd>Buffer where the decrypted message is to be written.</dd>
+<dd>Buffer where the raw shared secret is to be written.</dd>
<dt> <code class="docutils literal"><span class="pre">output_size</span></code></dt>
<dd><p class="first">Size of the <code class="docutils literal"><span class="pre">output</span></code> buffer in bytes.
This must be appropriate for the keys:</p>
@@ -130,7 +150,7 @@
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
<dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>The key does not have the <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_DERIVE" title="PSA_KEY_USAGE_DERIVE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code></a> flag, or it does not permit the requested algorithm.</dd>
+<dd>The key does not have the <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_DERIVE" title="PSA_KEY_USAGE_DERIVE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code></a> flag, or it does not permit the requested algorithm.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
<dd><code class="docutils literal"><span class="pre">alg</span></code> is not a key agreement algorithm</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
@@ -165,26 +185,26 @@
</div>
</div>
<div class="section" id="combining-key-agreement-and-key-derivation">
-<h2>Combining key agreement and key derivation</h2>
+<h2>10.9.3. Combining key agreement and key derivation</h2>
<div class="section" id="psa_key_derivation_key_agreement">
<span id="c.psa_key_derivation_key_agreement"></span><h3><code class="docutils literal"><span class="pre">psa_key_derivation_key_agreement</span></code> (function)</h3>
<p>Perform a key agreement and use the shared secret as input to a key derivation.</p>
<pre class="literal-block">
<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_key_derivation_key_agreement" title="psa_key_derivation_key_agreement">psa_key_derivation_key_agreement</a>(<a class="reference internal" href="kdf.html#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> * operation,
<a class="reference internal" href="kdf.html#c.psa_key_derivation_step_t" title="psa_key_derivation_step_t">psa_key_derivation_step_t</a> step,
- <a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> private_key,
+ <a class="reference internal" href="../keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> private_key,
const uint8_t * peer_key,
size_t peer_key_length);
</pre>
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
-<dd>The key derivation operation object to use. It must have been set up with <a class="reference internal" href="kdf.html#c.psa_key_derivation_setup" title="psa_key_derivation_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_setup()</span></code></a> with a key agreement and derivation algorithm <code class="docutils literal"><span class="pre">alg</span></code> (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_KEY_AGREEMENT" title="PSA_ALG_IS_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_AGREEMENT</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true and <a class="reference internal" href="#c.PSA_ALG_IS_RAW_KEY_AGREEMENT" title="PSA_ALG_IS_RAW_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RAW_KEY_AGREEMENT</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is false). The operation must be ready for an input of the type given by <code class="docutils literal"><span class="pre">step</span></code>.</dd>
+<dd>The key derivation operation object to use. It must have been set up with <a class="reference internal" href="kdf.html#c.psa_key_derivation_setup" title="psa_key_derivation_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_setup()</span></code></a> with a key agreement and derivation algorithm <code class="docutils literal"><span class="pre">alg</span></code> (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_KEY_AGREEMENT" title="PSA_ALG_IS_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_AGREEMENT</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true and <a class="reference internal" href="#c.PSA_ALG_IS_RAW_KEY_AGREEMENT" title="PSA_ALG_IS_RAW_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RAW_KEY_AGREEMENT</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is false). The operation must be ready for an input of the type given by <code class="docutils literal"><span class="pre">step</span></code>.</dd>
<dt> <code class="docutils literal"><span class="pre">step</span></code></dt>
<dd>Which step the input data is for.</dd>
<dt> <code class="docutils literal"><span class="pre">private_key</span></code></dt>
<dd>Identifier of the private key to use.
-It must allow the usage <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_DERIVE" title="PSA_KEY_USAGE_DERIVE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code></a>.</dd>
+It must allow the usage <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_DERIVE" title="PSA_KEY_USAGE_DERIVE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code></a>.</dd>
<dt> <code class="docutils literal"><span class="pre">peer_key</span></code></dt>
<dd>Public key of the peer. The peer key must be in the same format that <a class="reference internal" href="../keys/management.html#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_import_key()</span></code></a> accepts for the public key type corresponding to the type of private_key. That is, this function performs the equivalent of <a class="reference internal" href="../keys/management.html#c.psa_import_key" title="psa_import_key"><code class="docutils literal"><span class="pre">psa_import_key</span></code></a><code class="docutils literal"><span class="pre">(...,</span> </code><code class="docutils literal"><span class="pre">peer_key</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">peer_key_length</span></code><code class="docutils literal"><span class="pre">)</span></code> where with key attributes indicating the public key type corresponding to the type of <code class="docutils literal"><span class="pre">private_key</span></code>. For example, for EC keys, this means that peer_key is interpreted as a point on the curve that the private key is on. The standard formats for public keys are documented in the documentation of <a class="reference internal" href="../keys/management.html#c.psa_export_public_key" title="psa_export_public_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_public_key()</span></code></a>.</dd>
<dt> <code class="docutils literal"><span class="pre">peer_key_length</span></code></dt>
@@ -199,7 +219,7 @@
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
<dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>The key does not have the <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_DERIVE" title="PSA_KEY_USAGE_DERIVE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code></a> flag, or it does not permit the requested algorithm.</dd>
+<dd>The key does not have the <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_DERIVE" title="PSA_KEY_USAGE_DERIVE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code></a> flag, or it does not permit the requested algorithm.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
<dd><code class="docutils literal"><span class="pre">private_key</span></code> is not compatible with <code class="docutils literal"><span class="pre">alg</span></code>, or <code class="docutils literal"><span class="pre">peer_key</span></code> is not valid for <code class="docutils literal"><span class="pre">alg</span></code> or not compatible with <code class="docutils literal"><span class="pre">private_key</span></code>.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
@@ -229,7 +249,7 @@
</div>
</div>
<div class="section" id="support-macros">
-<h2>Support macros</h2>
+<h2>10.9.4. Support macros</h2>
<div class="section" id="PSA_ALG_KEY_AGREEMENT_GET_BASE">
<span id="c.PSA_ALG_KEY_AGREEMENT_GET_BASE"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_BASE</span></code> (macro)</h3>
<p>Get the raw key agreement algorithm from a full key agreement algorithm.</p>
@@ -239,7 +259,7 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>A key agreement algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_KEY_AGREEMENT" title="PSA_ALG_IS_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_AGREEMENT</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dd>A key agreement algorithm identifier (value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_KEY_AGREEMENT" title="PSA_ALG_IS_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_AGREEMENT</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
</dl>
<p class="rubric">Returns</p>
<p>The underlying raw key agreement algorithm if <code class="docutils literal"><span class="pre">alg</span></code> is a key agreement algorithm.</p>
@@ -256,7 +276,7 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>A key agreement algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_KEY_AGREEMENT" title="PSA_ALG_IS_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_AGREEMENT</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dd>A key agreement algorithm identifier (value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_KEY_AGREEMENT" title="PSA_ALG_IS_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_AGREEMENT</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
</dl>
<p class="rubric">Returns</p>
<p>The underlying key derivation algorithm if <code class="docutils literal"><span class="pre">alg</span></code> is a key agreement algorithm.</p>
@@ -273,7 +293,7 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
</dl>
<p class="rubric">Returns</p>
<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a raw key agreement algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
@@ -290,7 +310,7 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
</dl>
<p class="rubric">Returns</p>
<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a finite field Diffie-Hellman algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported key agreement algorithm identifier.</p>
@@ -306,7 +326,7 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
</dl>
<p class="rubric">Returns</p>
<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is an elliptic curve Diffie-Hellman algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported key agreement algorithm identifier.</p>
@@ -356,55 +376,52 @@
</div>
</div>
<div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper">
- <h3><a href="../../index.html">Table Of Contents</a></h3>
- <ul>
-<li><a class="reference internal" href="#">Key agreement</a><ul>
-<li><a class="reference internal" href="#key-agreement-algorithms">Key agreement algorithms</a><ul>
-<li><a class="reference internal" href="#PSA_ALG_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_FFDH"><code class="docutils literal"><span class="pre">PSA_ALG_FFDH</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_ECDH"><code class="docutils literal"><span class="pre">PSA_ALG_ECDH</span></code> (macro)</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#standalone-key-agreement">Standalone key agreement</a><ul>
-<li><a class="reference internal" href="#psa_raw_key_agreement"><code class="docutils literal"><span class="pre">psa_raw_key_agreement</span></code> (function)</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#combining-key-agreement-and-key-derivation">Combining key agreement and key derivation</a><ul>
-<li><a class="reference internal" href="#psa_key_derivation_key_agreement"><code class="docutils literal"><span class="pre">psa_key_derivation_key_agreement</span></code> (function)</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#support-macros">Support macros</a><ul>
-<li><a class="reference internal" href="#PSA_ALG_KEY_AGREEMENT_GET_BASE"><code class="docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_BASE</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_KEY_AGREEMENT_GET_KDF"><code class="docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_KDF</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_IS_RAW_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RAW_KEY_AGREEMENT</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_IS_FFDH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_FFDH</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_IS_ECDH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_ECDH</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
-</ul>
-</li>
-</ul>
-</li>
-</ul>
-<div class="relations">
-<h3>Related Topics</h3>
+ <div class="sphinxsidebarwrapper"><h3><a href="../../index.html"><b>PSA Crypto API</b></a></h3>
+IHI 0086<br/>
+Non-confidential<br/>
+Version 1.0.1
+<span style="color: red; font-weight: bold;"></span>
<ul>
- <li><a href="../../index.html">Documentation overview</a><ul>
- <li><a href="index.html">Cryptographic operation reference</a><ul>
- <li>Previous: <a href="pke.html" title="previous chapter">Asymmetric encryption</a></li>
- <li>Next: <a href="rng.html" title="next chapter">Other cryptographic services</a></li>
- </ul></li>
- </ul></li>
+<li class="toctree-l1"><a class="reference internal" href="../../about.html">About this document</a></li>
</ul>
-</div>
- <div role="note" aria-label="source link">
- <h3>This Page</h3>
- <ul class="this-page-menu">
- <li><a href="../../_sources/api/ops/ka.rst.txt"
- rel="nofollow">Show Source</a></li>
- </ul>
- </div>
+<ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../../overview/intro.html">1. Introduction</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/goals.html">2. Design goals</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/functionality.html">3. Functionality overview</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/sample-arch.html">4. Sample architectures</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/conventions.html">5. Library conventions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/implementation.html">6. Implementation considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/usage.html">7. Usage considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../library/index.html">8. Library management reference</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../keys/index.html">9. Key management reference</a></li>
+<li class="toctree-l1 current"><a class="reference internal" href="index.html">10. Cryptographic operation reference</a><ul class="current">
+<li class="toctree-l2"><a class="reference internal" href="algorithms.html">10.1. Algorithms</a></li>
+<li class="toctree-l2"><a class="reference internal" href="hashes.html">10.2. Message digests</a></li>
+<li class="toctree-l2"><a class="reference internal" href="macs.html">10.3. Message authentication codes (MAC)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="ciphers.html">10.4. Unauthenticated ciphers</a></li>
+<li class="toctree-l2"><a class="reference internal" href="aead.html">10.5. Authenticated encryption with associated data (AEAD)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="kdf.html">10.6. Key derivation</a></li>
+<li class="toctree-l2"><a class="reference internal" href="sign.html">10.7. Asymmetric signature</a></li>
+<li class="toctree-l2"><a class="reference internal" href="pke.html">10.8. Asymmetric encryption</a></li>
+<li class="toctree-l2 current"><a class="current reference internal" href="#">10.9. Key agreement</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#key-agreement-algorithms">10.9.1. Key agreement algorithms</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#standalone-key-agreement">10.9.2. Standalone key agreement</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#combining-key-agreement-and-key-derivation">10.9.3. Combining key agreement and key derivation</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#support-macros">10.9.4. Support macros</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="rng.html">10.10. Other cryptographic services</a></li>
+</ul>
+</li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/example_header.html">Example header file</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/specdef_values.html">Example macro implementations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/history.html">Changes to the API</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../../psa_c-identifiers.html">Index of API elements</a></li>
+</ul>
<div id="searchbox" style="display: none" role="search">
<h3>Quick search</h3>
<form class="search" action="../../search.html" method="get">
@@ -420,15 +437,12 @@
<div class="clearer"></div>
</div>
<div class="footer">
- © 2019-2020, Arm Limited or its affiliates. All rights reserved.
+ © 2018-2020, Arm Limited or its affiliates. All rights reserved.
|
Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
& <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
- |
- <a href="../../_sources/api/ops/ka.rst.txt"
- rel="nofollow">Page source</a>
</div>
diff --git a/docs/html/api/ops/kdf.html b/docs/html/api/ops/kdf.html
index 0fa88a6..38371cc 100644
--- a/docs/html/api/ops/kdf.html
+++ b/docs/html/api/ops/kdf.html
@@ -5,26 +5,27 @@
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>Key derivation — PSA Crypto API 1.0.0 documentation</title>
+ <title>10.6. Key derivation — PSA Crypto API 1.0.1 documentation</title>
<link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
<link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../../',
- VERSION: '1.0.0',
+ VERSION: '1.0.1',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
- HAS_SOURCE: true,
+ HAS_SOURCE: false,
SOURCELINK_SUFFIX: '.txt'
};
</script>
<script type="text/javascript" src="../../_static/jquery.js"></script>
<script type="text/javascript" src="../../_static/underscore.js"></script>
<script type="text/javascript" src="../../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../../about.html" />
<link rel="index" title="Index" href="../../genindex.html" />
<link rel="search" title="Search" href="../../search.html" />
- <link rel="next" title="Asymmetric signature" href="sign.html" />
- <link rel="prev" title="Authenticated encryption with associated data (AEAD)" href="aead.html" />
+ <link rel="next" title="10.7. Asymmetric signature" href="sign.html" />
+ <link rel="prev" title="10.5. Authenticated encryption with associated data (AEAD)" href="aead.html" />
<link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
@@ -40,9 +41,9 @@
<div class="body" role="main">
<div class="section" id="key-derivation">
-<span id="kdf"></span><h1>Key derivation</h1>
+<span id="kdf"></span><h1>10.6. Key derivation</h1>
<div class="section" id="key-derivation-algorithms">
-<span id="id1"></span><h2>Key derivation algorithms</h2>
+<span id="id1"></span><h2>10.6.1. Key derivation algorithms</h2>
<div class="section" id="PSA_ALG_HKDF">
<span id="c.PSA_ALG_HKDF"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_HKDF</span></code> (macro)</h3>
<p>Macro to build an HKDF algorithm.</p>
@@ -52,12 +53,13 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">hash_alg</span></code></dt>
-<dd>A hash algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dd>A hash algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
</dl>
<p class="rubric">Returns</p>
<p>The corresponding HKDF algorithm. For example, <a class="reference internal" href="#c.PSA_ALG_HKDF" title="PSA_ALG_HKDF"><code class="docutils literal"><span class="pre">PSA_ALG_HKDF</span></code></a><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="hashes.html#c.PSA_ALG_SHA_256" title="PSA_ALG_SHA_256"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_256</span></code></a><code class="docutils literal"><span class="pre">)</span></code> is HKDF using HMAC-SHA-256.</p>
<p>Unspecified if <code class="docutils literal"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
<p class="rubric">Description</p>
+<p>This is the HMAC-based Extract-and-Expand Key Derivation Function (HKDF) specified by <span><em>HMAC-based Extract-and-Expand Key Derivation Function (HKDF)</em> <a class="reference internal" href="../../about.html#citation-rfc5869"><span class="cite">[RFC5869]</span></a></span>.</p>
<p>This key derivation algorithm uses the following inputs:</p>
<ul class="simple">
<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SALT" title="PSA_KEY_DERIVATION_INPUT_SALT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SALT</span></code></a> is the salt used in the “extract” step. It is optional; if omitted, the derivation uses an empty salt.</li>
@@ -65,6 +67,7 @@
<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_INFO" title="PSA_KEY_DERIVATION_INPUT_INFO"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_INFO</span></code></a> is the info string used in the “expand” step.</li>
</ul>
<p>If <a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SALT" title="PSA_KEY_DERIVATION_INPUT_SALT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SALT</span></code></a> is provided, it must be before <a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SECRET" title="PSA_KEY_DERIVATION_INPUT_SECRET"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code></a>. <a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_INFO" title="PSA_KEY_DERIVATION_INPUT_INFO"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_INFO</span></code></a> can be provided at any time after setup and before starting to generate output.</p>
+<p>Each input may only be passed once.</p>
</div>
<div class="section" id="PSA_ALG_TLS12_PRF">
<span id="c.PSA_ALG_TLS12_PRF"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_TLS12_PRF</span></code> (macro)</h3>
@@ -75,19 +78,20 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">hash_alg</span></code></dt>
-<dd>A hash algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dd>A hash algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
</dl>
<p class="rubric">Returns</p>
<p>The corresponding TLS-1.2 PRF algorithm. For example, <a class="reference internal" href="#c.PSA_ALG_TLS12_PRF" title="PSA_ALG_TLS12_PRF"><code class="docutils literal"><span class="pre">PSA_ALG_TLS12_PRF</span></code></a><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="hashes.html#c.PSA_ALG_SHA_256" title="PSA_ALG_SHA_256"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_256</span></code></a><code class="docutils literal"><span class="pre">)</span></code> represents the TLS 1.2 PRF using HMAC-SHA-256.</p>
<p>Unspecified if <code class="docutils literal"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
<p class="rubric">Description</p>
-<p>TLS 1.2 uses a custom pseudorandom function (PRF) for key schedule, specified in <a class="reference external" href="https://tools.ietf.org/html/rfc5246.html#section-5">RFC 5246 §5</a>. It is based on HMAC and can be used with either SHA-256 or SHA-384.</p>
+<p>TLS 1.2 uses a custom pseudorandom function (PRF) for key schedule, specified in <span><em>The Transport Layer Security (TLS) Protocol Version 1.2</em> <a class="reference internal" href="../../about.html#citation-rfc5246"><span class="cite">[RFC5246]</span></a></span> <a class="reference external" href="https://tools.ietf.org/html/rfc5246.html#section-5">§5</a>. It is based on HMAC and can be used with either SHA-256 or SHA-384.</p>
<p>This key derivation algorithm uses the following inputs, which must be passed in the order given here:</p>
<ul class="simple">
<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SEED" title="PSA_KEY_DERIVATION_INPUT_SEED"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SEED</span></code></a> is the seed.</li>
<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SECRET" title="PSA_KEY_DERIVATION_INPUT_SECRET"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code></a> is the secret key.</li>
<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_LABEL" title="PSA_KEY_DERIVATION_INPUT_LABEL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_LABEL</span></code></a> is the label.</li>
</ul>
+<p>Each input may only be passed once.</p>
<p>For the application to TLS-1.2 key expansion:</p>
<ul class="simple">
<li>The seed is the concatenation of <code class="docutils literal"><span class="pre">ServerHello.Random</span> <span class="pre">+</span> <span class="pre">ClientHello.Random</span></code>.</li>
@@ -103,19 +107,20 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">hash_alg</span></code></dt>
-<dd>A hash algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dd>A hash algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
</dl>
<p class="rubric">Returns</p>
<p>The corresponding TLS-1.2 PSK to MS algorithm. For example, <a class="reference internal" href="#c.PSA_ALG_TLS12_PSK_TO_MS" title="PSA_ALG_TLS12_PSK_TO_MS"><code class="docutils literal"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS</span></code></a><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="hashes.html#c.PSA_ALG_SHA_256" title="PSA_ALG_SHA_256"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_256</span></code></a><code class="docutils literal"><span class="pre">)</span></code> represents the TLS-1.2 PSK to MasterSecret derivation PRF using HMAC-SHA-256.</p>
<p>Unspecified if <code class="docutils literal"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
<p class="rubric">Description</p>
-<p>In a pure-PSK handshake in TLS 1.2, the master secret (MS) is derived from the pre-shared key (PSK) through the application of padding (<a class="reference external" href="https://tools.ietf.org/html/rfc4279.html#section-2">RFC 4279 §2</a>) and the TLS-1.2 PRF (<a class="reference external" href="https://tools.ietf.org/html/rfc5246.html#section-5">RFC 5246 §5</a>). The latter is based on HMAC and can be used with either SHA-256 or SHA-384.</p>
+<p>In a pure-PSK handshake in TLS 1.2, the master secret (MS) is derived from the pre-shared key (PSK) through the application of padding (<span><em>Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)</em> <a class="reference internal" href="../../about.html#citation-rfc4279"><span class="cite">[RFC4279]</span></a></span> <a class="reference external" href="https://tools.ietf.org/html/rfc4279.html#section-2">§2</a>) and the TLS-1.2 PRF (<span><em>The Transport Layer Security (TLS) Protocol Version 1.2</em> <a class="reference internal" href="../../about.html#citation-rfc5246"><span class="cite">[RFC5246]</span></a></span> <a class="reference external" href="https://tools.ietf.org/html/rfc5246.html#section-5">§5</a>). The latter is based on HMAC and can be used with either SHA-256 or SHA-384.</p>
<p>This key derivation algorithm uses the following inputs, which must be passed in the order given here:</p>
<ul class="simple">
<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SEED" title="PSA_KEY_DERIVATION_INPUT_SEED"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SEED</span></code></a> is the seed.</li>
<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SECRET" title="PSA_KEY_DERIVATION_INPUT_SECRET"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code></a> is the PSK. The PSK must not be larger than <a class="reference internal" href="#c.PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE" title="PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE</span></code></a>.</li>
<li><a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_LABEL" title="PSA_KEY_DERIVATION_INPUT_LABEL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_LABEL</span></code></a> is the label.</li>
</ul>
+<p>Each input may only be passed once.</p>
<p>For the application to TLS-1.2:</p>
<ul class="simple">
<li>The seed, which is forwarded to the TLS-1.2 PRF, is the concatenation of the <code class="docutils literal"><span class="pre">ClientHello.Random</span> <span class="pre">+</span> <span class="pre">ServerHello.Random</span></code>.</li>
@@ -124,7 +129,7 @@
</div>
</div>
<div class="section" id="input-step-types">
-<h2>Input step types</h2>
+<h2>10.6.2. Input step types</h2>
<div class="section" id="psa_key_derivation_step_t">
<span id="c.psa_key_derivation_step_t"></span><h3><code class="docutils literal"><span class="pre">psa_key_derivation_step_t</span></code> (type)</h3>
<p>Encoding of the step of a key derivation.</p>
@@ -183,7 +188,7 @@
</div>
</div>
<div class="section" id="key-derivation-functions">
-<h2>Key derivation functions</h2>
+<h2>10.6.3. Key derivation functions</h2>
<div class="section" id="psa_key_derivation_operation_t">
<span id="c.psa_key_derivation_operation_t"></span><h3><code class="docutils literal"><span class="pre">psa_key_derivation_operation_t</span></code> (type)</h3>
<p>The type of the state object for key derivation operations.</p>
@@ -237,14 +242,14 @@
<p>Set up a key derivation operation.</p>
<pre class="literal-block">
<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_key_derivation_setup" title="psa_key_derivation_setup">psa_key_derivation_setup</a>(<a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> * operation,
- <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
+ <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
</pre>
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
<dd>The key derivation operation object to set up. It must have been initialized but not set up yet.</dd>
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>The key derivation algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_KEY_DERIVATION" title="PSA_ALG_IS_KEY_DERIVATION"><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_DERIVATION</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dd>The key derivation algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_KEY_DERIVATION" title="PSA_ALG_IS_KEY_DERIVATION"><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_DERIVATION</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
</dl>
<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
<dl class="docutils">
@@ -401,7 +406,7 @@
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
<dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd>The operation state is not valid for this input <code class="docutils literal"><span class="pre">step</span></code>.</dd>
+<dd>The operation state is not valid for this input <code class="docutils literal"><span class="pre">step</span></code>. This can happen if the application provides a step out of order or repeats a step that may not be repeated.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
</dl>
@@ -416,7 +421,7 @@
<pre class="literal-block">
<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_key_derivation_input_key" title="psa_key_derivation_input_key">psa_key_derivation_input_key</a>(<a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> * operation,
<a class="reference internal" href="#c.psa_key_derivation_step_t" title="psa_key_derivation_step_t">psa_key_derivation_step_t</a> step,
- <a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key);
+ <a class="reference internal" href="../keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key);
</pre>
<p class="rubric">Parameters</p>
<dl class="docutils">
@@ -425,7 +430,7 @@
<dt> <code class="docutils literal"><span class="pre">step</span></code></dt>
<dd>Which step the input data is for.</dd>
<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
-<dd>Identifier of the key. It must have an appropriate type for <code class="docutils literal"><span class="pre">step</span></code> and must allow the usage <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_DERIVE" title="PSA_KEY_USAGE_DERIVE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code></a>.</dd>
+<dd>Identifier of the key. It must have an appropriate type for <code class="docutils literal"><span class="pre">step</span></code> and must allow the usage <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_DERIVE" title="PSA_KEY_USAGE_DERIVE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code></a>.</dd>
</dl>
<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
<dl class="docutils">
@@ -434,7 +439,7 @@
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
<dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>The key does not have the <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_DERIVE" title="PSA_KEY_USAGE_DERIVE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code></a> flag.</dd>
+<dd>The key does not have the <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_DERIVE" title="PSA_KEY_USAGE_DERIVE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code></a> flag.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
<dd><code class="docutils literal"><span class="pre">step</span></code> is not compatible with the operation’s algorithm.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
@@ -454,7 +459,7 @@
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_DATA_INVALID" title="PSA_ERROR_DATA_INVALID"><code class="docutils literal"><span class="pre">PSA_ERROR_DATA_INVALID</span></code></a></dt>
<dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
-<dd>The operation state is not valid for this input <code class="docutils literal"><span class="pre">step</span></code>.</dd>
+<dd>The operation state is not valid for this input <code class="docutils literal"><span class="pre">step</span></code>. This can happen if the application provides a step out of order or repeats a step that may not be repeated.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
</dl>
@@ -506,7 +511,7 @@
<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
</dl>
<p class="rubric">Description</p>
-<p>This function calculates output bytes from a key derivation algorithm and return those bytes. If the key derivation’s output is viewed as a stream of bytes, this function consumes the requested number of bytes from the stream and returns them to the caller. The operation’s capacity decreases by the number of bytes read.</p>
+<p>This function calculates output bytes from a key derivation algorithm and returns those bytes. If the key derivation’s output is viewed as a stream of bytes, this function consumes the requested number of bytes from the stream and returns them to the caller. The operation’s capacity decreases by the number of bytes read.</p>
<p>If this function returns an error status other than <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_DATA" title="PSA_ERROR_INSUFFICIENT_DATA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_DATA</span></code></a>, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_key_derivation_abort" title="psa_key_derivation_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_abort()</span></code></a>.</p>
</div>
<div class="section" id="psa_key_derivation_output_key">
@@ -515,16 +520,29 @@
<pre class="literal-block">
<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key">psa_key_derivation_output_key</a>(const <a class="reference internal" href="../keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
<a class="reference internal" href="#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> * operation,
- <a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> * key);
+ <a class="reference internal" href="../keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> * key);
</pre>
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">attributes</span></code></dt>
-<dd>The attributes for the new key.</dd>
+<dd><p class="first">The attributes for the new key.
+This function uses the attributes as follows:</p>
+<ul class="simple">
+<li>The key type is required. It cannot be an asymmetric public key.</li>
+<li>The key size is required. It must be a valid size for the key type.</li>
+<li>The key permitted-algorithm policy is required for keys that will be used for a cryptographic operation, see <a class="reference internal" href="../keys/policy.html#permitted-algorithms"><span class="secref">Permitted algorithms</span></a>.</li>
+<li>The key usage flags define what operations are permitted with the key, see <a class="reference internal" href="../keys/policy.html#key-usage-flags"><span class="secref">Key usage flags</span></a>.</li>
+<li>The key lifetime and identifier are required for a persistent key.</li>
+</ul>
+<div class="last admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">This is an input parameter: it is not updated with the final key attributes. The final attributes of the new key can be queried by calling <a class="reference internal" href="../keys/attributes.html#c.psa_get_key_attributes" title="psa_get_key_attributes"><code class="xref any c c-func docutils literal"><span class="pre">psa_get_key_attributes()</span></code></a> with the key’s identifier.</p>
+</div>
+</dd>
<dt> <code class="docutils literal"><span class="pre">operation</span></code></dt>
<dd>The key derivation operation object to read from.</dd>
<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
-<dd>On success, an identifier for the newly created key. <a class="reference internal" href="../keys/locations.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a> on failure.</dd>
+<dd>On success, an identifier for the newly created key. <a class="reference internal" href="../keys/ids.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a> on failure.</dd>
</dl>
<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
<dl class="docutils">
@@ -537,9 +555,13 @@
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
<dd>The key type or key size is not supported, either by the implementation in general or in this particular location.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
-<dd>The provided key attributes are not valid for the operation.</dd>
+<dd>The key attributes, as a whole, are invalid.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd>The key type is an asymmetric public key type.</dd>
+<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
+<dd>The key size is not a valid size for the key type.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>The <a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SECRET" title="PSA_KEY_DERIVATION_INPUT_SECRET"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code></a> input was not provided through a key.</dd>
+<dd>The <a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SECRET" title="PSA_KEY_DERIVATION_INPUT_SECRET"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code></a> input was neither provided through a key nor the result of a key agreement.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BAD_STATE" title="PSA_ERROR_BAD_STATE"><code class="docutils literal"><span class="pre">PSA_ERROR_BAD_STATE</span></code></a></dt>
<dd>The operation state is not valid: it must be active and completed all required input steps.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a></dt>
@@ -562,43 +584,98 @@
<dd>The library has not been previously initialized by <a class="reference internal" href="../library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>. It is implementation-dependent whether a failure to initialize results in this error code.</dd>
</dl>
<p class="rubric">Description</p>
-<p>This function calculates output bytes from a key derivation algorithm and uses those bytes to generate a key deterministically. The key’s location, usage policy, type and size are taken from <code class="docutils literal"><span class="pre">attributes</span></code>.</p>
+<p>This function calculates output bytes from a key derivation algorithm and uses those bytes to generate a key deterministically. The key’s location, policy, type and size are taken from <code class="docutils literal"><span class="pre">attributes</span></code>.</p>
<p>If the key derivation’s output is viewed as a stream of bytes, this function consumes the required number of bytes from the stream. The operation’s capacity decreases by the number of bytes used to derive the key.</p>
<p>If this function returns an error status other than <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INSUFFICIENT_DATA" title="PSA_ERROR_INSUFFICIENT_DATA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_DATA</span></code></a>, the operation enters an error state and must be aborted by calling <a class="reference internal" href="#c.psa_key_derivation_abort" title="psa_key_derivation_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_abort()</span></code></a>.</p>
-<p>How much output is produced and consumed from the operation, and how the key is derived, depends on the key type:</p>
-<ul>
-<li><p class="first">For key types for which the key is an arbitrary sequence of bytes of a given size, this function is functionally equivalent to calling <a class="reference internal" href="#c.psa_key_derivation_output_bytes" title="psa_key_derivation_output_bytes"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_bytes()</span></code></a> and passing the resulting output to <a class="reference internal" href="../keys/management.html#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_import_key()</span></code></a>. However, this function has a security benefit: if the implementation provides an isolation boundary then the key material is not exposed outside the isolation boundary. As a consequence, for these key types, this function always consumes exactly <code class="docutils literal"><span class="pre">(bits/8)</span></code> bytes from the operation. The following key types defined in this specification follow this scheme:</p>
-<ul class="simple">
-<li><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_AES" title="PSA_KEY_TYPE_AES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_AES</span></code></a>;</li>
-<li><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_ARC4" title="PSA_KEY_TYPE_ARC4"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_ARC4</span></code></a>;</li>
-<li><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_CAMELLIA" title="PSA_KEY_TYPE_CAMELLIA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_CAMELLIA</span></code></a>;</li>
-<li><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_DERIVE" title="PSA_KEY_TYPE_DERIVE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_DERIVE</span></code></a>;</li>
-<li><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_HMAC" title="PSA_KEY_TYPE_HMAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_HMAC</span></code></a>.</li>
-</ul>
-</li>
-<li><p class="first">For ECC keys on a Montgomery elliptic curve (<a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_ECC_KEY_PAIR" title="PSA_KEY_TYPE_ECC_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR</span></code></a><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_MONTGOMERY" title="PSA_ECC_FAMILY_MONTGOMERY"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_MONTGOMERY</span></code></a><code class="docutils literal"><span class="pre">)</span></code>), this function always draws a byte string whose length is determined by the curve, and sets the mandatory bits accordingly. That is:</p>
-<ul class="simple">
-<li>Curve25519 (<a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_MONTGOMERY" title="PSA_ECC_FAMILY_MONTGOMERY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_MONTGOMERY</span></code></a>, 255 bits): draw a 32-byte string and process it as specified in <a class="reference external" href="https://tools.ietf.org/html/rfc7748.html#section-5">RFC 7748 §5</a>.</li>
-<li>Curve448 (<a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_MONTGOMERY" title="PSA_ECC_FAMILY_MONTGOMERY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_MONTGOMERY</span></code></a>, 448 bits): draw a 56-byte string and process it as specified in <a class="reference external" href="https://tools.ietf.org/html/rfc7748.html#section-5">RFC 7748 §5</a>.</li>
-</ul>
-</li>
-<li><p class="first">For key types for which the key is represented by a single sequence of <code class="docutils literal"><span class="pre">bits</span></code> bits with constraints as to which bit sequences are acceptable, this function draws a byte string of length <code class="docutils literal"><span class="pre">ceiling(bits/8)</span></code> bytes. If the resulting byte string is acceptable, it becomes the key, otherwise the drawn bytes are discarded. This process is repeated until an acceptable byte string is drawn. The byte string drawn from the operation is interpreted as specified for the output produced by <a class="reference internal" href="../keys/management.html#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_key()</span></code></a>. The following key types defined in this specification follow this scheme:</p>
-<ul>
-<li><p class="first"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_DES" title="PSA_KEY_TYPE_DES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_DES</span></code></a>. Force-set the parity bits, but discard forbidden weak keys. For 2-key and 3-key triple-DES, the three keys are generated successively. For example, for 3-key triple-DES, if the first 8 bytes specify a weak key and the next 8 bytes do not, discard the first 8 bytes, use the next 8 bytes as the first key, and continue reading output from the operation to derive the other two keys.</p>
-</li>
-<li><p class="first">Finite-field Diffie-Hellman keys (<a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_DH_KEY_PAIR" title="PSA_KEY_TYPE_DH_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DH_KEY_PAIR</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">dh_family</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">dh_family</span></code> designates any Diffie-Hellman family) and ECC keys on a Weierstrass elliptic curve (<a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_ECC_KEY_PAIR" title="PSA_KEY_TYPE_ECC_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">ecc_family</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">ecc_family</span></code> designates a Weierstrass curve family). For these key types, interpret the byte string as integer in big-endian order. Discard it if it is not in the range [0, <em>N</em> - 2] where <em>N</em> is the boundary of the private key domain: <em>N</em> is the prime <em>p</em> for Diffie-Hellman, or the order of the curve’s base point for ECC. Add <code class="docutils literal"><span class="pre">1</span></code> to the resulting integer and use this as the private key <em>x</em>.</p>
-<p>This method allows compliance to NIST standards, specifically the methods titled <em>Key-Pair Generation by Testing Candidates</em> in the following publications:</p>
-<ul class="simple">
-<li><a class="reference external" href="https://doi.org/10.6028/NIST.SP.800-56Ar3"><em>NIST Special Publication 800-56A: Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography</em></a> (NIST SP 800-56A) §5.6.1.1.4 for Diffie-Hellman keys.</li>
-<li><a class="reference external" href="https://doi.org/10.6028/NIST.SP.800-56Ar3">NIST SP 800-56A</a> §5.6.1.2.2 or <a class="reference external" href="https://doi.org/10.6028/NIST.FIPS.186-4"><em>FIPS Publication 186-4: Digital Signature Standard (DSS)</em></a> (FIPS 186-4) §B.4.2 for elliptic curve keys.</li>
-</ul>
-</li>
-</ul>
-</li>
-<li><p class="first">For other key types, including <a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_RSA_KEY_PAIR" title="PSA_KEY_TYPE_RSA_KEY_PAIR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_RSA_KEY_PAIR</span></code></a>, the way in which the operation output is consumed is implementation-defined.</p>
-</li>
-</ul>
+<p>How much output is produced and consumed from the operation, and how the key is derived, depends on the key type. <span><a class="reference internal" href="#std-key-derivation"><span class="numref">Table 5</span></a></span> describes the required key derivation procedures for standard key derivation algorithms. Implementations can use other methods for implementation-specific algorithms.</p>
<p>In all cases, the data that is read is discarded from the operation. The operation’s capacity is decreased by the number of bytes read.</p>
+<table border="1" class="colwidths-given longtable docutils align-right" id="std-key-derivation">
+<caption><span class="caption-number">Table 5 </span><span class="caption-text">Standard key derivation process</span></caption>
+<colgroup>
+<col width="29%" />
+<col width="71%" />
+</colgroup>
+<thead valign="bottom">
+<tr class="row-odd"><th class="head">Key type</th>
+<th class="head">Key type details and derivation procedure</th>
+</tr>
+</thead>
+<tbody valign="top">
+<tr class="row-even"><td><p class="first">AES</p>
+<p>ARC4</p>
+<p>CAMELLIA</p>
+<p>ChaCha20</p>
+<p>SM4</p>
+<p>Secrets for derivation</p>
+<p class="last">HMAC</p>
+</td>
+<td><p class="first"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_AES" title="PSA_KEY_TYPE_AES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_AES</span></code></a></p>
+<p><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_ARC4" title="PSA_KEY_TYPE_ARC4"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_ARC4</span></code></a></p>
+<p><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_CAMELLIA" title="PSA_KEY_TYPE_CAMELLIA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_CAMELLIA</span></code></a></p>
+<p><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_CHACHA20" title="PSA_KEY_TYPE_CHACHA20"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_CHACHA20</span></code></a></p>
+<p><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_SM4" title="PSA_KEY_TYPE_SM4"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_SM4</span></code></a></p>
+<p><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_DERIVE" title="PSA_KEY_TYPE_DERIVE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_DERIVE</span></code></a></p>
+<p><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_HMAC" title="PSA_KEY_TYPE_HMAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_HMAC</span></code></a></p>
+<p class="last">For key types for which the key is an arbitrary sequence of bytes of a given size, this function is functionally equivalent to calling <a class="reference internal" href="#c.psa_key_derivation_output_bytes" title="psa_key_derivation_output_bytes"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_bytes()</span></code></a> and passing the resulting output to <a class="reference internal" href="../keys/management.html#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_import_key()</span></code></a>. However, this function has a security benefit: if the implementation provides an isolation boundary then the key material is not exposed outside the isolation boundary. As a consequence, for these key types, this function always consumes exactly <code class="docutils literal"><span class="pre">(bits/8)</span></code> bytes from the operation.</p>
+</td>
+</tr>
+<tr class="row-odd"><td>DES</td>
+<td><p class="first"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_DES" title="PSA_KEY_TYPE_DES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_DES</span></code></a>, 64 bits.</p>
+<p>This function generates a key using the following process:</p>
+<ol class="last arabic simple">
+<li>Draw an 8-byte string.</li>
+<li>Set/clear the parity bits in each byte.</li>
+<li>If the result is a forbidden weak key, discard the result and return to step 1.</li>
+<li>Output the string.</li>
+</ol>
+</td>
+</tr>
+<tr class="row-even"><td><p class="first">2-key 3DES</p>
+<p class="last">3-key 3DES</p>
+</td>
+<td><p class="first"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_DES" title="PSA_KEY_TYPE_DES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_DES</span></code></a>, 192 bits.</p>
+<p><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_DES" title="PSA_KEY_TYPE_DES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_DES</span></code></a>, 128 bits.</p>
+<p>The two or three keys are generated by repeated application of the process used to generate a DES key.</p>
+<p class="last">For example, for 3-key 3DES, if the first 8 bytes specify a weak key and the next 8 bytes do not, discard the first 8 bytes, use the next 8 bytes as the first key, and continue reading output from the operation to derive the other two keys.</p>
+</td>
+</tr>
+<tr class="row-odd"><td><p class="first">Finite-field Diffie-Hellman keys</p>
+<p class="last">ECC keys on a Weierstrass elliptic curve</p>
+</td>
+<td><p class="first"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_DH_KEY_PAIR" title="PSA_KEY_TYPE_DH_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DH_KEY_PAIR</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">dh_family</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">dh_family</span></code> designates any Diffie-Hellman family.</p>
+<p><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_ECC_KEY_PAIR" title="PSA_KEY_TYPE_ECC_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">ecc_family</span></code><code class="docutils literal"><span class="pre">)</span></code> where <code class="docutils literal"><span class="pre">ecc_family</span></code> designates a Weierstrass curve family.</p>
+<p>These key types require the generation of a private key which is an integer in the range [1, <em>N</em> - 1], where <em>N</em> is the boundary of the private key domain: <em>N</em> is the prime <em>p</em> for Diffie-Hellman, or the order of the curve’s base point for ECC.</p>
+<p>Let <code class="docutils literal"><span class="pre">m</span></code> be the bit size of <em>N</em>, such that <code class="docutils literal"><span class="pre">2^m</span></code> > <em>N</em> >= <code class="docutils literal"><span class="pre">2^(m-1)</span></code>. This function generates the private key using the following process:</p>
+<ol class="arabic simple">
+<li>Draw a byte string of length <code class="docutils literal"><span class="pre">ceiling(m/8)</span></code> bytes.</li>
+<li>If <code class="docutils literal"><span class="pre">m</span></code> is not a multiple of <code class="docutils literal"><span class="pre">8</span></code>, set the most significant <code class="docutils literal"><span class="pre">(8</span> <span class="pre">*</span> <span class="pre">ceiling(m/8)</span> <span class="pre">-</span> <span class="pre">m)</span></code> bits of the first byte in the string to zero.</li>
+<li>Convert the string to integer <em>k</em> by decoding it as a big-endian byte string.</li>
+<li>If <em>k</em> > <em>N</em> - <code class="docutils literal"><span class="pre">2</span></code>, discard the result and return to step 1.</li>
+<li>Output <em>k</em> + <code class="docutils literal"><span class="pre">1</span></code> as the private key.</li>
+</ol>
+<p>This method allows compliance to NIST standards, specifically the methods titled <em>Key-Pair Generation by Testing Candidates</em> in the following publications:</p>
+<ul class="last simple">
+<li><span><em>NIST Special Publication 800-56A: Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography</em> <a class="reference internal" href="../../about.html#citation-sp800-56a"><span class="cite">[SP800-56A]</span></a></span> §5.6.1.1.4 for Diffie-Hellman keys.</li>
+<li><a class="reference internal" href="../../about.html#citation-sp800-56a"><span class="cite">[SP800-56A]</span></a> §5.6.1.2.2 or <span><em>FIPS Publication 186-4: Digital Signature Standard (DSS)</em> <a class="reference internal" href="../../about.html#citation-fips186-4"><span class="cite">[FIPS186-4]</span></a></span> §B.4.2 for elliptic curve keys.</li>
+</ul>
+</td>
+</tr>
+<tr class="row-even"><td>ECC keys on a Montgomery elliptic curve</td>
+<td><p class="first"><a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_ECC_KEY_PAIR" title="PSA_KEY_TYPE_ECC_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR</span></code></a><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_MONTGOMERY" title="PSA_ECC_FAMILY_MONTGOMERY"><code class="docutils literal"><span class="pre">PSA_ECC_FAMILY_MONTGOMERY</span></code></a><code class="docutils literal"><span class="pre">)</span></code></p>
+<p>This function always draws a byte string whose length is determined by the curve, and sets the mandatory bits accordingly. That is:</p>
+<ul class="last simple">
+<li>Curve25519 (<a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_MONTGOMERY" title="PSA_ECC_FAMILY_MONTGOMERY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_MONTGOMERY</span></code></a>, 255 bits): draw a 32-byte string and process it as specified in <span><em>Elliptic Curves for Security</em> <a class="reference internal" href="../../about.html#citation-rfc7748"><span class="cite">[RFC7748]</span></a></span> <a class="reference external" href="https://tools.ietf.org/html/rfc7748.html#section-5">§5</a>.</li>
+<li>Curve448 (<a class="reference internal" href="../keys/types.html#c.PSA_ECC_FAMILY_MONTGOMERY" title="PSA_ECC_FAMILY_MONTGOMERY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_MONTGOMERY</span></code></a>, 448 bits): draw a 56-byte string and process it as specified in <a class="reference internal" href="../../about.html#citation-rfc7748"><span class="cite">[RFC7748]</span></a> <a class="reference external" href="https://tools.ietf.org/html/rfc7748.html#section-5">§5</a>.</li>
+</ul>
+</td>
+</tr>
+<tr class="row-odd"><td><em>Other key types</em></td>
+<td><p class="first">This includes <a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_RSA_KEY_PAIR" title="PSA_KEY_TYPE_RSA_KEY_PAIR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_RSA_KEY_PAIR</span></code></a>.</p>
+<p class="last">The way in which the operation output is consumed is implementation-defined.</p>
+</td>
+</tr>
+</tbody>
+</table>
<p>For algorithms that take an input step <a class="reference internal" href="#c.PSA_KEY_DERIVATION_INPUT_SECRET" title="PSA_KEY_DERIVATION_INPUT_SECRET"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code></a>, the input to that step must be provided with <a class="reference internal" href="#c.psa_key_derivation_input_key" title="psa_key_derivation_input_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_input_key()</span></code></a>. Future versions of this specification might include additional restrictions on the derived key based on the attributes and strength of the secret key.</p>
</div>
<div class="section" id="psa_key_derivation_abort">
@@ -632,7 +709,7 @@
</div>
</div>
<div class="section" id="support-macros">
-<h2>Support macros</h2>
+<h2>10.6.4. Support macros</h2>
<div class="section" id="PSA_ALG_IS_HKDF">
<span id="c.PSA_ALG_IS_HKDF"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_HKDF</span></code> (macro)</h3>
<p>Whether the specified algorithm is an HKDF algorithm.</p>
@@ -642,7 +719,7 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
</dl>
<p class="rubric">Returns</p>
<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is an HKDF algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported key derivation algorithm identifier.</p>
@@ -658,7 +735,7 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
</dl>
<p class="rubric">Returns</p>
<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a TLS-1.2 PRF algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported key derivation algorithm identifier.</p>
@@ -672,7 +749,7 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
</dl>
<p class="rubric">Returns</p>
<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a TLS-1.2 PSK to MS algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported key derivation algorithm identifier.</p>
@@ -693,9 +770,9 @@
#define <a class="reference internal" href="#c.PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE" title="PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE">PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE</a> <em><a class="reference internal" href="../../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
</pre>
<p>This implementation-defined value specifies the maximum length for the PSK input used with a <a class="reference internal" href="#c.PSA_ALG_TLS12_PSK_TO_MS" title="PSA_ALG_TLS12_PSK_TO_MS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS()</span></code></a> key agreement algorithm.</p>
-<p>Quoting <a class="reference external" href="https://tools.ietf.org/html/rfc4279.html#section-5.3">RFC 4279 §5.3</a>:</p>
+<p>Quoting <span><em>Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)</em> <a class="reference internal" href="../../about.html#citation-rfc4279"><span class="cite">[RFC4279]</span></a></span> <a class="reference external" href="https://tools.ietf.org/html/rfc4279.html#section-5.3">§5.3</a>:</p>
<blockquote>
-<div>TLS implementations supporting these ciphersuites MUST support arbitrary PSK identities up to 128 octets in length, and arbitrary PSKs up to 64 octets in length. Supporting longer identities and keys is RECOMMENDED.</div></blockquote>
+<div>TLS implementations supporting these cipher suites MUST support arbitrary PSK identities up to 128 octets in length, and arbitrary PSKs up to 64 octets in length. Supporting longer identities and keys is RECOMMENDED.</div></blockquote>
<p>Therefore, it is recommended that implementations define <a class="reference internal" href="#c.PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE" title="PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE</span></code></a> with a value greater than or equal to <code class="docutils literal"><span class="pre">64</span></code>.</p>
</div>
</div>
@@ -706,69 +783,52 @@
</div>
</div>
<div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper">
- <h3><a href="../../index.html">Table Of Contents</a></h3>
- <ul>
-<li><a class="reference internal" href="#">Key derivation</a><ul>
-<li><a class="reference internal" href="#key-derivation-algorithms">Key derivation algorithms</a><ul>
-<li><a class="reference internal" href="#PSA_ALG_HKDF"><code class="docutils literal"><span class="pre">PSA_ALG_HKDF</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_TLS12_PRF"><code class="docutils literal"><span class="pre">PSA_ALG_TLS12_PRF</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_TLS12_PSK_TO_MS"><code class="docutils literal"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS</span></code> (macro)</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#input-step-types">Input step types</a><ul>
-<li><a class="reference internal" href="#psa_key_derivation_step_t"><code class="docutils literal"><span class="pre">psa_key_derivation_step_t</span></code> (type)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_DERIVATION_INPUT_SECRET"><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_DERIVATION_INPUT_LABEL"><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_LABEL</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_DERIVATION_INPUT_CONTEXT"><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_CONTEXT</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_DERIVATION_INPUT_SALT"><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SALT</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_DERIVATION_INPUT_INFO"><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_INFO</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_DERIVATION_INPUT_SEED"><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SEED</span></code> (macro)</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#key-derivation-functions">Key derivation functions</a><ul>
-<li><a class="reference internal" href="#psa_key_derivation_operation_t"><code class="docutils literal"><span class="pre">psa_key_derivation_operation_t</span></code> (type)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_DERIVATION_OPERATION_INIT"><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_OPERATION_INIT</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#psa_key_derivation_operation_init"><code class="docutils literal"><span class="pre">psa_key_derivation_operation_init</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_key_derivation_setup"><code class="docutils literal"><span class="pre">psa_key_derivation_setup</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_key_derivation_get_capacity"><code class="docutils literal"><span class="pre">psa_key_derivation_get_capacity</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_key_derivation_set_capacity"><code class="docutils literal"><span class="pre">psa_key_derivation_set_capacity</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_key_derivation_input_bytes"><code class="docutils literal"><span class="pre">psa_key_derivation_input_bytes</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_key_derivation_input_key"><code class="docutils literal"><span class="pre">psa_key_derivation_input_key</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_key_derivation_output_bytes"><code class="docutils literal"><span class="pre">psa_key_derivation_output_bytes</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_key_derivation_output_key"><code class="docutils literal"><span class="pre">psa_key_derivation_output_key</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_key_derivation_abort"><code class="docutils literal"><span class="pre">psa_key_derivation_abort</span></code> (function)</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#support-macros">Support macros</a><ul>
-<li><a class="reference internal" href="#PSA_ALG_IS_HKDF"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HKDF</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_IS_TLS12_PRF"><code class="docutils literal"><span class="pre">PSA_ALG_IS_TLS12_PRF</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_IS_TLS12_PSK_TO_MS"><code class="docutils literal"><span class="pre">PSA_ALG_IS_TLS12_PSK_TO_MS</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_KEY_DERIVATION_UNLIMITED_CAPACITY"><code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_UNLIMITED_CAPACITY</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE</span></code> (macro)</a></li>
-</ul>
-</li>
-</ul>
-</li>
-</ul>
-<div class="relations">
-<h3>Related Topics</h3>
+ <div class="sphinxsidebarwrapper"><h3><a href="../../index.html"><b>PSA Crypto API</b></a></h3>
+IHI 0086<br/>
+Non-confidential<br/>
+Version 1.0.1
+<span style="color: red; font-weight: bold;"></span>
<ul>
- <li><a href="../../index.html">Documentation overview</a><ul>
- <li><a href="index.html">Cryptographic operation reference</a><ul>
- <li>Previous: <a href="aead.html" title="previous chapter">Authenticated encryption with associated data (AEAD)</a></li>
- <li>Next: <a href="sign.html" title="next chapter">Asymmetric signature</a></li>
- </ul></li>
- </ul></li>
+<li class="toctree-l1"><a class="reference internal" href="../../about.html">About this document</a></li>
</ul>
-</div>
- <div role="note" aria-label="source link">
- <h3>This Page</h3>
- <ul class="this-page-menu">
- <li><a href="../../_sources/api/ops/kdf.rst.txt"
- rel="nofollow">Show Source</a></li>
- </ul>
- </div>
+<ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../../overview/intro.html">1. Introduction</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/goals.html">2. Design goals</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/functionality.html">3. Functionality overview</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/sample-arch.html">4. Sample architectures</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/conventions.html">5. Library conventions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/implementation.html">6. Implementation considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/usage.html">7. Usage considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../library/index.html">8. Library management reference</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../keys/index.html">9. Key management reference</a></li>
+<li class="toctree-l1 current"><a class="reference internal" href="index.html">10. Cryptographic operation reference</a><ul class="current">
+<li class="toctree-l2"><a class="reference internal" href="algorithms.html">10.1. Algorithms</a></li>
+<li class="toctree-l2"><a class="reference internal" href="hashes.html">10.2. Message digests</a></li>
+<li class="toctree-l2"><a class="reference internal" href="macs.html">10.3. Message authentication codes (MAC)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="ciphers.html">10.4. Unauthenticated ciphers</a></li>
+<li class="toctree-l2"><a class="reference internal" href="aead.html">10.5. Authenticated encryption with associated data (AEAD)</a></li>
+<li class="toctree-l2 current"><a class="current reference internal" href="#">10.6. Key derivation</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#key-derivation-algorithms">10.6.1. Key derivation algorithms</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#input-step-types">10.6.2. Input step types</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#key-derivation-functions">10.6.3. Key derivation functions</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#support-macros">10.6.4. Support macros</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="sign.html">10.7. Asymmetric signature</a></li>
+<li class="toctree-l2"><a class="reference internal" href="pke.html">10.8. Asymmetric encryption</a></li>
+<li class="toctree-l2"><a class="reference internal" href="ka.html">10.9. Key agreement</a></li>
+<li class="toctree-l2"><a class="reference internal" href="rng.html">10.10. Other cryptographic services</a></li>
+</ul>
+</li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/example_header.html">Example header file</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/specdef_values.html">Example macro implementations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/history.html">Changes to the API</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../../psa_c-identifiers.html">Index of API elements</a></li>
+</ul>
<div id="searchbox" style="display: none" role="search">
<h3>Quick search</h3>
<form class="search" action="../../search.html" method="get">
@@ -784,15 +844,12 @@
<div class="clearer"></div>
</div>
<div class="footer">
- © 2019-2020, Arm Limited or its affiliates. All rights reserved.
+ © 2018-2020, Arm Limited or its affiliates. All rights reserved.
|
Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
& <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
- |
- <a href="../../_sources/api/ops/kdf.rst.txt"
- rel="nofollow">Page source</a>
</div>
diff --git a/docs/html/api/ops/macs.html b/docs/html/api/ops/macs.html
index c53a533..38e608c 100644
--- a/docs/html/api/ops/macs.html
+++ b/docs/html/api/ops/macs.html
@@ -5,26 +5,27 @@
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>Message authentication codes (MAC) — PSA Crypto API 1.0.0 documentation</title>
+ <title>10.3. Message authentication codes (MAC) — PSA Crypto API 1.0.1 documentation</title>
<link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
<link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../../',
- VERSION: '1.0.0',
+ VERSION: '1.0.1',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
- HAS_SOURCE: true,
+ HAS_SOURCE: false,
SOURCELINK_SUFFIX: '.txt'
};
</script>
<script type="text/javascript" src="../../_static/jquery.js"></script>
<script type="text/javascript" src="../../_static/underscore.js"></script>
<script type="text/javascript" src="../../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../../about.html" />
<link rel="index" title="Index" href="../../genindex.html" />
<link rel="search" title="Search" href="../../search.html" />
- <link rel="next" title="Unauthenticated ciphers" href="ciphers.html" />
- <link rel="prev" title="Message digests" href="hashes.html" />
+ <link rel="next" title="10.4. Unauthenticated ciphers" href="ciphers.html" />
+ <link rel="prev" title="10.2. Message digests" href="hashes.html" />
<link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
@@ -40,25 +41,26 @@
<div class="body" role="main">
<div class="section" id="message-authentication-codes-mac">
-<span id="macs"></span><h1>Message authentication codes (MAC)</h1>
+<span id="macs"></span><h1>10.3. Message authentication codes (MAC)</h1>
<div class="section" id="mac-algorithms">
-<span id="id1"></span><h2>MAC algorithms</h2>
+<span id="id1"></span><h2>10.3.1. MAC algorithms</h2>
<div class="section" id="PSA_ALG_HMAC">
<span id="c.PSA_ALG_HMAC"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_HMAC</span></code> (macro)</h3>
-<p>Macro to build an HMAC algorithm.</p>
+<p>Macro to build an HMAC message-authentication-code algorithm from an underlying hash algorithm.</p>
<pre class="literal-block">
#define <a class="reference internal" href="#c.PSA_ALG_HMAC" title="PSA_ALG_HMAC">PSA_ALG_HMAC</a>(hash_alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
</pre>
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">hash_alg</span></code></dt>
-<dd>A hash algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dd>A hash algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
</dl>
<p class="rubric">Returns</p>
<p>The corresponding HMAC algorithm.</p>
<p>Unspecified if <code class="docutils literal"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
<p class="rubric">Description</p>
<p>For example, <a class="reference internal" href="#c.PSA_ALG_HMAC" title="PSA_ALG_HMAC"><code class="docutils literal"><span class="pre">PSA_ALG_HMAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="hashes.html#c.PSA_ALG_SHA_256" title="PSA_ALG_SHA_256"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_256</span></code></a><code class="docutils literal"><span class="pre">)</span></code> is HMAC-SHA-256.</p>
+<p>The HMAC construction is defined in <span><em>HMAC: Keyed-Hashing for Message Authentication</em> <a class="reference internal" href="../../about.html#citation-rfc2104"><span class="cite">[RFC2104]</span></a></span>.</p>
</div>
<div class="section" id="PSA_ALG_TRUNCATED_MAC">
<span id="c.PSA_ALG_TRUNCATED_MAC"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_TRUNCATED_MAC</span></code> (macro)</h3>
@@ -70,7 +72,7 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">mac_alg</span></code></dt>
-<dd>A MAC algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_MAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true). This can be a truncated or untruncated MAC algorithm.</dd>
+<dd>A MAC algorithm identifier (value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_MAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true). This can be a truncated or untruncated MAC algorithm.</dd>
<dt> <code class="docutils literal"><span class="pre">mac_length</span></code></dt>
<dd>Desired length of the truncated MAC in bytes. This must be at most the full length of the MAC and must be at least an implementation-specified minimum. The implementation-specified minimum must not be zero.</dd>
</dl>
@@ -91,31 +93,35 @@
</div>
<div class="section" id="PSA_ALG_CBC_MAC">
<span id="c.PSA_ALG_CBC_MAC"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_CBC_MAC</span></code> (macro)</h3>
-<p>The CBC-MAC construction over a block cipher.</p>
+<p>The CBC-MAC message-authentication-code algorithm, constructed over a block cipher.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_CBC_MAC" title="PSA_ALG_CBC_MAC">PSA_ALG_CBC_MAC</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x03c00100)
+#define <a class="reference internal" href="#c.PSA_ALG_CBC_MAC" title="PSA_ALG_CBC_MAC">PSA_ALG_CBC_MAC</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x03c00100)
</pre>
<div class="admonition warning">
<p class="first admonition-title">Warning</p>
<p class="last">CBC-MAC is insecure in many cases. A more secure mode, such as <a class="reference internal" href="#c.PSA_ALG_CMAC" title="PSA_ALG_CMAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_CMAC</span></code></a>, is recommended.</p>
</div>
+<p>The CBC-MAC algorithm must be used with a key for a block cipher. For example, one of <a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_AES" title="PSA_KEY_TYPE_AES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_AES</span></code></a>.</p>
+<p>CBC-MAC is defined as <em>MAC Algorithm 1</em> in <span><em>ISO/IEC 9797-1:2011 Information technology — Security techniques — Message Authentication Codes (MACs) — Part 1: Mechanisms using a block cipher</em> <a class="reference internal" href="../../about.html#citation-iso9797"><span class="cite">[ISO9797]</span></a></span>.</p>
</div>
<div class="section" id="PSA_ALG_CMAC">
<span id="c.PSA_ALG_CMAC"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_CMAC</span></code> (macro)</h3>
-<p>The CMAC construction over a block cipher.</p>
+<p>The CMAC message-authentication-code algorithm, constructed over a block cipher.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_CMAC" title="PSA_ALG_CMAC">PSA_ALG_CMAC</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x03c00200)
+#define <a class="reference internal" href="#c.PSA_ALG_CMAC" title="PSA_ALG_CMAC">PSA_ALG_CMAC</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x03c00200)
</pre>
+<p>The CMAC algorithm must be used with a key for a block cipher. For example, when used with a key with type <a class="reference internal" href="../keys/types.html#c.PSA_KEY_TYPE_AES" title="PSA_KEY_TYPE_AES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_AES</span></code></a>, the resulting operation is AES-CMAC.</p>
+<p>CMAC is defined in <span><em>NIST Special Publication 800-38B: Recommendation for Block Cipher Modes of Operation: the CMAC Mode for Authentication</em> <a class="reference internal" href="../../about.html#citation-sp800-38b"><span class="cite">[SP800-38B]</span></a></span>.</p>
</div>
</div>
<div class="section" id="single-part-mac-functions">
-<h2>Single-part MAC functions</h2>
+<h2>10.3.2. Single-part MAC functions</h2>
<div class="section" id="psa_mac_compute">
<span id="c.psa_mac_compute"></span><h3><code class="docutils literal"><span class="pre">psa_mac_compute</span></code> (function)</h3>
<p>Calculate the message authentication code (MAC) of a message.</p>
<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_mac_compute" title="psa_mac_compute">psa_mac_compute</a>(<a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_mac_compute" title="psa_mac_compute">psa_mac_compute</a>(<a class="reference internal" href="../keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+ <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
const uint8_t * input,
size_t input_length,
uint8_t * mac,
@@ -126,9 +132,9 @@
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
<dd>Identifier of the key to use for the operation.
-It must allow the usage <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code></a>.</dd>
+It must allow the usage <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code></a>.</dd>
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>The MAC algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_MAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dd>The MAC algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_MAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
<dt> <code class="docutils literal"><span class="pre">input</span></code></dt>
<dd>Buffer containing the input message.</dd>
<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
@@ -153,7 +159,7 @@
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
<dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>The key does not have the <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code></a> flag, or it does not permit the requested algorithm.</dd>
+<dd>The key does not have the <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code></a> flag, or it does not permit the requested algorithm.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
<dd><code class="docutils literal"><span class="pre">key</span></code> is not compatible with <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
@@ -188,8 +194,8 @@
<span id="c.psa_mac_verify"></span><h3><code class="docutils literal"><span class="pre">psa_mac_verify</span></code> (function)</h3>
<p>Calculate the MAC of a message and compare it with a reference value.</p>
<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_mac_verify" title="psa_mac_verify">psa_mac_verify</a>(<a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_mac_verify" title="psa_mac_verify">psa_mac_verify</a>(<a class="reference internal" href="../keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+ <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
const uint8_t * input,
size_t input_length,
const uint8_t * mac,
@@ -199,9 +205,9 @@
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
<dd>Identifier of the key to use for the operation.
-It must allow the usage <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code></a>.</dd>
+It must allow the usage <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code></a>.</dd>
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>The MAC algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_MAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dd>The MAC algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_MAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
<dt> <code class="docutils literal"><span class="pre">input</span></code></dt>
<dd>Buffer containing the input message.</dd>
<dt> <code class="docutils literal"><span class="pre">input_length</span></code></dt>
@@ -220,7 +226,7 @@
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
<dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>The key does not have the <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code></a> flag, or it does not permit the requested algorithm.</dd>
+<dd>The key does not have the <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code></a> flag, or it does not permit the requested algorithm.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
<dd><code class="docutils literal"><span class="pre">key</span></code> is not compatible with <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
@@ -245,7 +251,7 @@
</div>
</div>
<div class="section" id="multi-part-mac-operations">
-<h2>Multi-part MAC operations</h2>
+<h2>10.3.3. Multi-part MAC operations</h2>
<div class="section" id="psa_mac_operation_t">
<span id="c.psa_mac_operation_t"></span><h3><code class="docutils literal"><span class="pre">psa_mac_operation_t</span></code> (type)</h3>
<p>The type of the state object for multi-part MAC operations.</p>
@@ -299,8 +305,8 @@
<p>Set up a multi-part MAC calculation operation.</p>
<pre class="literal-block">
<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_mac_sign_setup" title="psa_mac_sign_setup">psa_mac_sign_setup</a>(<a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t">psa_mac_operation_t</a> * operation,
- <a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
+ <a class="reference internal" href="../keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+ <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
</pre>
<p class="rubric">Parameters</p>
<dl class="docutils">
@@ -308,9 +314,9 @@
<dd>The operation object to set up. It must have been initialized as per the documentation for <a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_mac_operation_t</span></code></a> and not yet in use.</dd>
<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
<dd>Identifier of the key to use for the operation. It must remain valid until the operation terminates.
-It must allow the usage <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code></a>.</dd>
+It must allow the usage <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code></a>.</dd>
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>The MAC algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_MAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dd>The MAC algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_MAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
</dl>
<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
<dl class="docutils">
@@ -319,7 +325,7 @@
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
<dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>The key does not have the <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code></a> flag, or it does not permit the requested algorithm.</dd>
+<dd>The key does not have the <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code></a> flag, or it does not permit the requested algorithm.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
<dd><code class="docutils literal"><span class="pre">key</span></code> is not compatible with <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
@@ -365,8 +371,8 @@
<p>Set up a multi-part MAC verification operation.</p>
<pre class="literal-block">
<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_mac_verify_setup" title="psa_mac_verify_setup">psa_mac_verify_setup</a>(<a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t">psa_mac_operation_t</a> * operation,
- <a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
+ <a class="reference internal" href="../keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+ <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
</pre>
<p class="rubric">Parameters</p>
<dl class="docutils">
@@ -374,9 +380,9 @@
<dd>The operation object to set up. It must have been initialized as per the documentation for <a class="reference internal" href="#c.psa_mac_operation_t" title="psa_mac_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_mac_operation_t</span></code></a> and not yet in use.</dd>
<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
<dd>Identifier of the key to use for the operation. It must remain valid until the operation terminates.
-It must allow the usage <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code></a>.</dd>
+It must allow the usage <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code></a>.</dd>
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>The MAC algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_MAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dd>The MAC algorithm to compute (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_MAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
</dl>
<p class="rubric">Returns: <a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t"><code class="docutils literal"><span class="pre">psa_status_t</span></code></a></p>
<dl class="docutils">
@@ -385,7 +391,7 @@
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
<dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>The key does not have the <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code></a> flag, or it does not permit the requested algorithm.</dd>
+<dd>The key does not have the <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code></a> flag, or it does not permit the requested algorithm.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_ARGUMENT" title="PSA_ERROR_INVALID_ARGUMENT"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_ARGUMENT</span></code></a></dt>
<dd><code class="docutils literal"><span class="pre">key</span></code> is not compatible with <code class="docutils literal"><span class="pre">alg</span></code>.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
@@ -612,7 +618,7 @@
</div>
</div>
<div class="section" id="support-macros">
-<h2>Support macros</h2>
+<h2>10.3.4. Support macros</h2>
<div class="section" id="PSA_ALG_IS_HMAC">
<span id="c.PSA_ALG_IS_HMAC"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_HMAC</span></code> (macro)</h3>
<p>Whether the specified algorithm is an HMAC algorithm.</p>
@@ -622,7 +628,7 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
</dl>
<p class="rubric">Returns</p>
<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is an HMAC algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
@@ -638,7 +644,7 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
</dl>
<p class="rubric">Returns</p>
<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a MAC algorithm based on a block cipher, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
@@ -652,7 +658,7 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">mac_alg</span></code></dt>
-<dd>A MAC algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_MAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true). This can be a truncated or untruncated MAC algorithm.</dd>
+<dd>A MAC algorithm identifier (value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_MAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true). This can be a truncated or untruncated MAC algorithm.</dd>
</dl>
<p class="rubric">Returns</p>
<p>The corresponding MAC algorithm with a full length MAC.</p>
@@ -672,7 +678,7 @@
<dt> <code class="docutils literal"><span class="pre">key_bits</span></code></dt>
<dd>The size of the MAC key in bits.</dd>
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>A MAC algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_MAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
+<dd>A MAC algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_MAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true).</dd>
</dl>
<p class="rubric">Returns</p>
<p>The MAC length for the specified algorithm with the specified key parameters.</p>
@@ -701,63 +707,52 @@
</div>
</div>
<div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper">
- <h3><a href="../../index.html">Table Of Contents</a></h3>
- <ul>
-<li><a class="reference internal" href="#">Message authentication codes (MAC)</a><ul>
-<li><a class="reference internal" href="#mac-algorithms">MAC algorithms</a><ul>
-<li><a class="reference internal" href="#PSA_ALG_HMAC"><code class="docutils literal"><span class="pre">PSA_ALG_HMAC</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_TRUNCATED_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_TRUNCATED_MAC</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_CBC_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_CBC_MAC</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_CMAC"><code class="docutils literal"><span class="pre">PSA_ALG_CMAC</span></code> (macro)</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#single-part-mac-functions">Single-part MAC functions</a><ul>
-<li><a class="reference internal" href="#psa_mac_compute"><code class="docutils literal"><span class="pre">psa_mac_compute</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_mac_verify"><code class="docutils literal"><span class="pre">psa_mac_verify</span></code> (function)</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#multi-part-mac-operations">Multi-part MAC operations</a><ul>
-<li><a class="reference internal" href="#psa_mac_operation_t"><code class="docutils literal"><span class="pre">psa_mac_operation_t</span></code> (type)</a></li>
-<li><a class="reference internal" href="#PSA_MAC_OPERATION_INIT"><code class="docutils literal"><span class="pre">PSA_MAC_OPERATION_INIT</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#psa_mac_operation_init"><code class="docutils literal"><span class="pre">psa_mac_operation_init</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_mac_sign_setup"><code class="docutils literal"><span class="pre">psa_mac_sign_setup</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_mac_verify_setup"><code class="docutils literal"><span class="pre">psa_mac_verify_setup</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_mac_update"><code class="docutils literal"><span class="pre">psa_mac_update</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_mac_sign_finish"><code class="docutils literal"><span class="pre">psa_mac_sign_finish</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_mac_verify_finish"><code class="docutils literal"><span class="pre">psa_mac_verify_finish</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_mac_abort"><code class="docutils literal"><span class="pre">psa_mac_abort</span></code> (function)</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#support-macros">Support macros</a><ul>
-<li><a class="reference internal" href="#PSA_ALG_IS_HMAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HMAC</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_IS_BLOCK_CIPHER_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_BLOCK_CIPHER_MAC</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_FULL_LENGTH_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_FULL_LENGTH_MAC</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_MAC_LENGTH"><code class="docutils literal"><span class="pre">PSA_MAC_LENGTH</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_MAC_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_MAC_MAX_SIZE</span></code> (macro)</a></li>
-</ul>
-</li>
-</ul>
-</li>
-</ul>
-<div class="relations">
-<h3>Related Topics</h3>
+ <div class="sphinxsidebarwrapper"><h3><a href="../../index.html"><b>PSA Crypto API</b></a></h3>
+IHI 0086<br/>
+Non-confidential<br/>
+Version 1.0.1
+<span style="color: red; font-weight: bold;"></span>
<ul>
- <li><a href="../../index.html">Documentation overview</a><ul>
- <li><a href="index.html">Cryptographic operation reference</a><ul>
- <li>Previous: <a href="hashes.html" title="previous chapter">Message digests</a></li>
- <li>Next: <a href="ciphers.html" title="next chapter">Unauthenticated ciphers</a></li>
- </ul></li>
- </ul></li>
+<li class="toctree-l1"><a class="reference internal" href="../../about.html">About this document</a></li>
</ul>
-</div>
- <div role="note" aria-label="source link">
- <h3>This Page</h3>
- <ul class="this-page-menu">
- <li><a href="../../_sources/api/ops/macs.rst.txt"
- rel="nofollow">Show Source</a></li>
- </ul>
- </div>
+<ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../../overview/intro.html">1. Introduction</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/goals.html">2. Design goals</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/functionality.html">3. Functionality overview</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/sample-arch.html">4. Sample architectures</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/conventions.html">5. Library conventions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/implementation.html">6. Implementation considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/usage.html">7. Usage considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../library/index.html">8. Library management reference</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../keys/index.html">9. Key management reference</a></li>
+<li class="toctree-l1 current"><a class="reference internal" href="index.html">10. Cryptographic operation reference</a><ul class="current">
+<li class="toctree-l2"><a class="reference internal" href="algorithms.html">10.1. Algorithms</a></li>
+<li class="toctree-l2"><a class="reference internal" href="hashes.html">10.2. Message digests</a></li>
+<li class="toctree-l2 current"><a class="current reference internal" href="#">10.3. Message authentication codes (MAC)</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#mac-algorithms">10.3.1. MAC algorithms</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#single-part-mac-functions">10.3.2. Single-part MAC functions</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#multi-part-mac-operations">10.3.3. Multi-part MAC operations</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#support-macros">10.3.4. Support macros</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="ciphers.html">10.4. Unauthenticated ciphers</a></li>
+<li class="toctree-l2"><a class="reference internal" href="aead.html">10.5. Authenticated encryption with associated data (AEAD)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="kdf.html">10.6. Key derivation</a></li>
+<li class="toctree-l2"><a class="reference internal" href="sign.html">10.7. Asymmetric signature</a></li>
+<li class="toctree-l2"><a class="reference internal" href="pke.html">10.8. Asymmetric encryption</a></li>
+<li class="toctree-l2"><a class="reference internal" href="ka.html">10.9. Key agreement</a></li>
+<li class="toctree-l2"><a class="reference internal" href="rng.html">10.10. Other cryptographic services</a></li>
+</ul>
+</li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/example_header.html">Example header file</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/specdef_values.html">Example macro implementations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/history.html">Changes to the API</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../../psa_c-identifiers.html">Index of API elements</a></li>
+</ul>
<div id="searchbox" style="display: none" role="search">
<h3>Quick search</h3>
<form class="search" action="../../search.html" method="get">
@@ -773,15 +768,12 @@
<div class="clearer"></div>
</div>
<div class="footer">
- © 2019-2020, Arm Limited or its affiliates. All rights reserved.
+ © 2018-2020, Arm Limited or its affiliates. All rights reserved.
|
Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
& <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
- |
- <a href="../../_sources/api/ops/macs.rst.txt"
- rel="nofollow">Page source</a>
</div>
diff --git a/docs/html/api/ops/pke.html b/docs/html/api/ops/pke.html
index 0d364c5..27d7a3e 100644
--- a/docs/html/api/ops/pke.html
+++ b/docs/html/api/ops/pke.html
@@ -5,26 +5,27 @@
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>Asymmetric encryption — PSA Crypto API 1.0.0 documentation</title>
+ <title>10.8. Asymmetric encryption — PSA Crypto API 1.0.1 documentation</title>
<link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
<link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../../',
- VERSION: '1.0.0',
+ VERSION: '1.0.1',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
- HAS_SOURCE: true,
+ HAS_SOURCE: false,
SOURCELINK_SUFFIX: '.txt'
};
</script>
<script type="text/javascript" src="../../_static/jquery.js"></script>
<script type="text/javascript" src="../../_static/underscore.js"></script>
<script type="text/javascript" src="../../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../../about.html" />
<link rel="index" title="Index" href="../../genindex.html" />
<link rel="search" title="Search" href="../../search.html" />
- <link rel="next" title="Key agreement" href="ka.html" />
- <link rel="prev" title="Asymmetric signature" href="sign.html" />
+ <link rel="next" title="10.9. Key agreement" href="ka.html" />
+ <link rel="prev" title="10.7. Asymmetric signature" href="sign.html" />
<link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
@@ -40,42 +41,43 @@
<div class="body" role="main">
<div class="section" id="asymmetric-encryption">
-<span id="pke"></span><h1>Asymmetric encryption</h1>
+<span id="pke"></span><h1>10.8. Asymmetric encryption</h1>
<div class="section" id="asymmetric-encryption-algorithms">
-<span id="id1"></span><h2>Asymmetric encryption algorithms</h2>
+<span id="id1"></span><h2>10.8.1. Asymmetric encryption algorithms</h2>
<div class="section" id="PSA_ALG_RSA_PKCS1V15_CRYPT">
<span id="c.PSA_ALG_RSA_PKCS1V15_CRYPT"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_CRYPT</span></code> (macro)</h3>
-<p>RSA PKCS#1 v1.5 encryption.</p>
+<p>The RSA PKCS#1 v1.5 asymmetric encryption algorithm.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_RSA_PKCS1V15_CRYPT" title="PSA_ALG_RSA_PKCS1V15_CRYPT">PSA_ALG_RSA_PKCS1V15_CRYPT</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x07000200)
+#define <a class="reference internal" href="#c.PSA_ALG_RSA_PKCS1V15_CRYPT" title="PSA_ALG_RSA_PKCS1V15_CRYPT">PSA_ALG_RSA_PKCS1V15_CRYPT</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x07000200)
</pre>
+<p>This encryption scheme is defined by <span><em>PKCS #1: RSA Cryptography Specifications Version 2.2</em> <a class="reference internal" href="../../about.html#citation-rfc8017"><span class="cite">[RFC8017]</span></a></span> <a class="reference external" href="https://tools.ietf.org/html/rfc8017.html#section-7.2">§7.2</a> under the name RSAES-PKCS-v1_5.</p>
</div>
<div class="section" id="PSA_ALG_RSA_OAEP">
<span id="c.PSA_ALG_RSA_OAEP"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_RSA_OAEP</span></code> (macro)</h3>
-<p>RSA OAEP encryption.</p>
+<p>The RSA OAEP asymmetric encryption algorithm.</p>
<pre class="literal-block">
#define <a class="reference internal" href="#c.PSA_ALG_RSA_OAEP" title="PSA_ALG_RSA_OAEP">PSA_ALG_RSA_OAEP</a>(hash_alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
</pre>
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">hash_alg</span></code></dt>
-<dd>The hash algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true) to use for MGF1.</dd>
+<dd>The hash algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true) to use for <em>MGF1</em>.</dd>
</dl>
<p class="rubric">Returns</p>
-<p>The corresponding RSA OAEP signature algorithm.</p>
+<p>The corresponding RSA OAEP encryption algorithm.</p>
<p>Unspecified if <code class="docutils literal"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
<p class="rubric">Description</p>
-<p>This is the encryption scheme defined by <a class="reference external" href="https://tools.ietf.org/html/rfc8017.html">RFC 8017</a> (PKCS#1: RSA Cryptography Specifications) under the name RSAES-OAEP, with the message generation function MGF1.</p>
+<p>This encryption scheme is defined by <a class="reference internal" href="../../about.html#citation-rfc8017"><span class="cite">[RFC8017]</span></a> <a class="reference external" href="https://tools.ietf.org/html/rfc8017.html#section-7.1">§7.1</a> under the name RSAES-OAEP, with the mask generation function <em>MGF1</em> defined in <a class="reference internal" href="../../about.html#citation-rfc8017"><span class="cite">[RFC8017]</span></a> <a class="reference external" href="https://tools.ietf.org/html/rfc8017.html#appendix-B">Appendix B</a>.</p>
</div>
</div>
<div class="section" id="asymmetric-encryption-functions">
-<h2>Asymmetric encryption functions</h2>
+<h2>10.8.2. Asymmetric encryption functions</h2>
<div class="section" id="psa_asymmetric_encrypt">
<span id="c.psa_asymmetric_encrypt"></span><h3><code class="docutils literal"><span class="pre">psa_asymmetric_encrypt</span></code> (function)</h3>
<p>Encrypt a short message with a public key.</p>
<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_asymmetric_encrypt" title="psa_asymmetric_encrypt">psa_asymmetric_encrypt</a>(<a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_asymmetric_encrypt" title="psa_asymmetric_encrypt">psa_asymmetric_encrypt</a>(<a class="reference internal" href="../keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+ <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
const uint8_t * input,
size_t input_length,
const uint8_t * salt,
@@ -88,7 +90,7 @@
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
<dd>Identifer of the key to use for the operation. It must be a public key or an asymmetric key pair.
-It must allow the usage <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code></a>.</dd>
+It must allow the usage <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code></a>.</dd>
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
<dd>An asymmetric encryption algorithm that is compatible with the type of <code class="docutils literal"><span class="pre">key</span></code>.</dd>
<dt> <code class="docutils literal"><span class="pre">input</span></code></dt>
@@ -119,7 +121,7 @@
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
<dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>The key does not have the <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code></a> flag, or it does not permit the requested algorithm.</dd>
+<dd>The key does not have the <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code></a> flag, or it does not permit the requested algorithm.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
<dd>The size of the <code class="docutils literal"><span class="pre">output</span></code> buffer is too small.
<a class="reference internal" href="#c.PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE" title="PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE()</span></code></a> or <a class="reference internal" href="#c.PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE" title="PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE</span></code></a> can be used to determine the required buffer size.</dd>
@@ -155,8 +157,8 @@
<span id="c.psa_asymmetric_decrypt"></span><h3><code class="docutils literal"><span class="pre">psa_asymmetric_decrypt</span></code> (function)</h3>
<p>Decrypt a short message with a private key.</p>
<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_asymmetric_decrypt" title="psa_asymmetric_decrypt">psa_asymmetric_decrypt</a>(<a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_asymmetric_decrypt" title="psa_asymmetric_decrypt">psa_asymmetric_decrypt</a>(<a class="reference internal" href="../keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+ <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
const uint8_t * input,
size_t input_length,
const uint8_t * salt,
@@ -169,7 +171,7 @@
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
<dd>Identifier of the key to use for the operation. It must be an asymmetric key pair.
-It must allow the usage <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code></a>.</dd>
+It must allow the usage <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code></a>.</dd>
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
<dd>An asymmetric encryption algorithm that is compatible with the type of <code class="docutils literal"><span class="pre">key</span></code>.</dd>
<dt> <code class="docutils literal"><span class="pre">input</span></code></dt>
@@ -200,7 +202,7 @@
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
<dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>The key does not have the <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code></a> flag, or it does not permit the requested algorithm.</dd>
+<dd>The key does not have the <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DECRYPT</span></code></a> flag, or it does not permit the requested algorithm.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
<dd>The size of the <code class="docutils literal"><span class="pre">output</span></code> buffer is too small.
<a class="reference internal" href="#c.PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE" title="PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE()</span></code></a> or <a class="reference internal" href="#c.PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE" title="PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE</span></code></a> can be used to determine the required buffer size.</dd>
@@ -236,7 +238,7 @@
</div>
</div>
<div class="section" id="support-macros">
-<h2>Support macros</h2>
+<h2>10.8.3. Support macros</h2>
<div class="section" id="PSA_ALG_IS_RSA_OAEP">
<span id="c.PSA_ALG_IS_RSA_OAEP"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_RSA_OAEP</span></code> (macro)</h3>
<p>Whether the specified algorithm is an RSA OAEP encryption algorithm.</p>
@@ -246,7 +248,7 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
</dl>
<p class="rubric">Returns</p>
<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is an RSA OAEP algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise.</p>
@@ -266,7 +268,7 @@
<dt> <code class="docutils literal"><span class="pre">key_bits</span></code></dt>
<dd>The size of the key in bits.</dd>
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>The signature algorithm.</dd>
+<dd>The asymmetric encryption algorithm.</dd>
</dl>
<p class="rubric">Returns</p>
<p>If the parameters are valid and supported, return a buffer size in bytes that guarantees that <a class="reference internal" href="#c.psa_asymmetric_encrypt" title="psa_asymmetric_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_asymmetric_encrypt()</span></code></a> will not fail with <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a>. If the parameters are a valid combination that is not supported by the implementation, this macro must return either a sensible size or <code class="docutils literal"><span class="pre">0</span></code>. If the parameters are not valid, the return value is unspecified.</p>
@@ -301,12 +303,12 @@
<dt> <code class="docutils literal"><span class="pre">key_bits</span></code></dt>
<dd>The size of the key in bits.</dd>
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>The signature algorithm.</dd>
+<dd>The asymmetric encryption algorithm.</dd>
</dl>
<p class="rubric">Returns</p>
<p>If the parameters are valid and supported, return a buffer size in bytes that guarantees that <a class="reference internal" href="#c.psa_asymmetric_decrypt" title="psa_asymmetric_decrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_asymmetric_decrypt()</span></code></a> will not fail with <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a>. If the parameters are a valid combination that is not supported by the implementation, this macro must return either a sensible size or <code class="docutils literal"><span class="pre">0</span></code>. If the parameters are not valid, the return value is unspecified.</p>
<p class="rubric">Description</p>
-<p>This macro returns a sufficient buffer size for a ciphertext produced using a key of the specified type and size, with the specified algorithm. Note that the actual size of the ciphertext might be smaller, depending on the algorithm.</p>
+<p>This macro returns a sufficient buffer size for a plaintext produced using a key of the specified type and size, with the specified algorithm. Note that the actual size of the plaintext might be smaller, depending on the algorithm.</p>
<div class="admonition warning">
<p class="first admonition-title">Warning</p>
<p class="last">This function might evaluate its arguments multiple times or zero times. Providing arguments that have side effects will result in implementation-specific behavior, and is non-portable.</p>
@@ -330,49 +332,51 @@
</div>
</div>
<div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper">
- <h3><a href="../../index.html">Table Of Contents</a></h3>
- <ul>
-<li><a class="reference internal" href="#">Asymmetric encryption</a><ul>
-<li><a class="reference internal" href="#asymmetric-encryption-algorithms">Asymmetric encryption algorithms</a><ul>
-<li><a class="reference internal" href="#PSA_ALG_RSA_PKCS1V15_CRYPT"><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_CRYPT</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_RSA_OAEP"><code class="docutils literal"><span class="pre">PSA_ALG_RSA_OAEP</span></code> (macro)</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#asymmetric-encryption-functions">Asymmetric encryption functions</a><ul>
-<li><a class="reference internal" href="#psa_asymmetric_encrypt"><code class="docutils literal"><span class="pre">psa_asymmetric_encrypt</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_asymmetric_decrypt"><code class="docutils literal"><span class="pre">psa_asymmetric_decrypt</span></code> (function)</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#support-macros">Support macros</a><ul>
-<li><a class="reference internal" href="#PSA_ALG_IS_RSA_OAEP"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RSA_OAEP</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE</span></code> (macro)</a></li>
-</ul>
-</li>
-</ul>
-</li>
-</ul>
-<div class="relations">
-<h3>Related Topics</h3>
+ <div class="sphinxsidebarwrapper"><h3><a href="../../index.html"><b>PSA Crypto API</b></a></h3>
+IHI 0086<br/>
+Non-confidential<br/>
+Version 1.0.1
+<span style="color: red; font-weight: bold;"></span>
<ul>
- <li><a href="../../index.html">Documentation overview</a><ul>
- <li><a href="index.html">Cryptographic operation reference</a><ul>
- <li>Previous: <a href="sign.html" title="previous chapter">Asymmetric signature</a></li>
- <li>Next: <a href="ka.html" title="next chapter">Key agreement</a></li>
- </ul></li>
- </ul></li>
+<li class="toctree-l1"><a class="reference internal" href="../../about.html">About this document</a></li>
</ul>
-</div>
- <div role="note" aria-label="source link">
- <h3>This Page</h3>
- <ul class="this-page-menu">
- <li><a href="../../_sources/api/ops/pke.rst.txt"
- rel="nofollow">Show Source</a></li>
- </ul>
- </div>
+<ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../../overview/intro.html">1. Introduction</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/goals.html">2. Design goals</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/functionality.html">3. Functionality overview</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/sample-arch.html">4. Sample architectures</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/conventions.html">5. Library conventions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/implementation.html">6. Implementation considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/usage.html">7. Usage considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../library/index.html">8. Library management reference</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../keys/index.html">9. Key management reference</a></li>
+<li class="toctree-l1 current"><a class="reference internal" href="index.html">10. Cryptographic operation reference</a><ul class="current">
+<li class="toctree-l2"><a class="reference internal" href="algorithms.html">10.1. Algorithms</a></li>
+<li class="toctree-l2"><a class="reference internal" href="hashes.html">10.2. Message digests</a></li>
+<li class="toctree-l2"><a class="reference internal" href="macs.html">10.3. Message authentication codes (MAC)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="ciphers.html">10.4. Unauthenticated ciphers</a></li>
+<li class="toctree-l2"><a class="reference internal" href="aead.html">10.5. Authenticated encryption with associated data (AEAD)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="kdf.html">10.6. Key derivation</a></li>
+<li class="toctree-l2"><a class="reference internal" href="sign.html">10.7. Asymmetric signature</a></li>
+<li class="toctree-l2 current"><a class="current reference internal" href="#">10.8. Asymmetric encryption</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#asymmetric-encryption-algorithms">10.8.1. Asymmetric encryption algorithms</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#asymmetric-encryption-functions">10.8.2. Asymmetric encryption functions</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#support-macros">10.8.3. Support macros</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="ka.html">10.9. Key agreement</a></li>
+<li class="toctree-l2"><a class="reference internal" href="rng.html">10.10. Other cryptographic services</a></li>
+</ul>
+</li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/example_header.html">Example header file</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/specdef_values.html">Example macro implementations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/history.html">Changes to the API</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../../psa_c-identifiers.html">Index of API elements</a></li>
+</ul>
<div id="searchbox" style="display: none" role="search">
<h3>Quick search</h3>
<form class="search" action="../../search.html" method="get">
@@ -388,15 +392,12 @@
<div class="clearer"></div>
</div>
<div class="footer">
- © 2019-2020, Arm Limited or its affiliates. All rights reserved.
+ © 2018-2020, Arm Limited or its affiliates. All rights reserved.
|
Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
& <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
- |
- <a href="../../_sources/api/ops/pke.rst.txt"
- rel="nofollow">Page source</a>
</div>
diff --git a/docs/html/api/ops/rng.html b/docs/html/api/ops/rng.html
index 23476b5..949fe20 100644
--- a/docs/html/api/ops/rng.html
+++ b/docs/html/api/ops/rng.html
@@ -5,26 +5,27 @@
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>Other cryptographic services — PSA Crypto API 1.0.0 documentation</title>
+ <title>10.10. Other cryptographic services — PSA Crypto API 1.0.1 documentation</title>
<link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
<link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../../',
- VERSION: '1.0.0',
+ VERSION: '1.0.1',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
- HAS_SOURCE: true,
+ HAS_SOURCE: false,
SOURCELINK_SUFFIX: '.txt'
};
</script>
<script type="text/javascript" src="../../_static/jquery.js"></script>
<script type="text/javascript" src="../../_static/underscore.js"></script>
<script type="text/javascript" src="../../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../../about.html" />
<link rel="index" title="Index" href="../../genindex.html" />
<link rel="search" title="Search" href="../../search.html" />
<link rel="next" title="Example header file" href="../../appendix/example_header.html" />
- <link rel="prev" title="Key agreement" href="ka.html" />
+ <link rel="prev" title="10.9. Key agreement" href="ka.html" />
<link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
@@ -40,9 +41,9 @@
<div class="body" role="main">
<div class="section" id="other-cryptographic-services">
-<h1>Other cryptographic services</h1>
+<h1>10.10. Other cryptographic services</h1>
<div class="section" id="random-number-generation">
-<span id="rng"></span><h2>Random number generation</h2>
+<span id="rng"></span><h2>10.10.1. Random number generation</h2>
<div class="section" id="psa_generate_random">
<span id="c.psa_generate_random"></span><h3><code class="docutils literal"><span class="pre">psa_generate_random</span></code> (function)</h3>
<p>Generate random bytes.</p>
@@ -94,35 +95,49 @@
</div>
</div>
<div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper">
- <h3><a href="../../index.html">Table Of Contents</a></h3>
- <ul>
-<li><a class="reference internal" href="#">Other cryptographic services</a><ul>
-<li><a class="reference internal" href="#random-number-generation">Random number generation</a><ul>
-<li><a class="reference internal" href="#psa_generate_random"><code class="docutils literal"><span class="pre">psa_generate_random</span></code> (function)</a></li>
-</ul>
-</li>
-</ul>
-</li>
-</ul>
-<div class="relations">
-<h3>Related Topics</h3>
+ <div class="sphinxsidebarwrapper"><h3><a href="../../index.html"><b>PSA Crypto API</b></a></h3>
+IHI 0086<br/>
+Non-confidential<br/>
+Version 1.0.1
+<span style="color: red; font-weight: bold;"></span>
<ul>
- <li><a href="../../index.html">Documentation overview</a><ul>
- <li><a href="index.html">Cryptographic operation reference</a><ul>
- <li>Previous: <a href="ka.html" title="previous chapter">Key agreement</a></li>
- <li>Next: <a href="../../appendix/example_header.html" title="next chapter">Example header file</a></li>
- </ul></li>
- </ul></li>
+<li class="toctree-l1"><a class="reference internal" href="../../about.html">About this document</a></li>
</ul>
-</div>
- <div role="note" aria-label="source link">
- <h3>This Page</h3>
- <ul class="this-page-menu">
- <li><a href="../../_sources/api/ops/rng.rst.txt"
- rel="nofollow">Show Source</a></li>
- </ul>
- </div>
+<ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../../overview/intro.html">1. Introduction</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/goals.html">2. Design goals</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/functionality.html">3. Functionality overview</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/sample-arch.html">4. Sample architectures</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/conventions.html">5. Library conventions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/implementation.html">6. Implementation considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/usage.html">7. Usage considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../library/index.html">8. Library management reference</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../keys/index.html">9. Key management reference</a></li>
+<li class="toctree-l1 current"><a class="reference internal" href="index.html">10. Cryptographic operation reference</a><ul class="current">
+<li class="toctree-l2"><a class="reference internal" href="algorithms.html">10.1. Algorithms</a></li>
+<li class="toctree-l2"><a class="reference internal" href="hashes.html">10.2. Message digests</a></li>
+<li class="toctree-l2"><a class="reference internal" href="macs.html">10.3. Message authentication codes (MAC)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="ciphers.html">10.4. Unauthenticated ciphers</a></li>
+<li class="toctree-l2"><a class="reference internal" href="aead.html">10.5. Authenticated encryption with associated data (AEAD)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="kdf.html">10.6. Key derivation</a></li>
+<li class="toctree-l2"><a class="reference internal" href="sign.html">10.7. Asymmetric signature</a></li>
+<li class="toctree-l2"><a class="reference internal" href="pke.html">10.8. Asymmetric encryption</a></li>
+<li class="toctree-l2"><a class="reference internal" href="ka.html">10.9. Key agreement</a></li>
+<li class="toctree-l2 current"><a class="current reference internal" href="#">10.10. Other cryptographic services</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#random-number-generation">10.10.1. Random number generation</a></li>
+</ul>
+</li>
+</ul>
+</li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/example_header.html">Example header file</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/specdef_values.html">Example macro implementations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/history.html">Changes to the API</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../../psa_c-identifiers.html">Index of API elements</a></li>
+</ul>
<div id="searchbox" style="display: none" role="search">
<h3>Quick search</h3>
<form class="search" action="../../search.html" method="get">
@@ -138,15 +153,12 @@
<div class="clearer"></div>
</div>
<div class="footer">
- © 2019-2020, Arm Limited or its affiliates. All rights reserved.
+ © 2018-2020, Arm Limited or its affiliates. All rights reserved.
|
Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
& <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
- |
- <a href="../../_sources/api/ops/rng.rst.txt"
- rel="nofollow">Page source</a>
</div>
diff --git a/docs/html/api/ops/sign.html b/docs/html/api/ops/sign.html
index c8fb817..9a1cb86 100644
--- a/docs/html/api/ops/sign.html
+++ b/docs/html/api/ops/sign.html
@@ -5,26 +5,27 @@
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>Asymmetric signature — PSA Crypto API 1.0.0 documentation</title>
+ <title>10.7. Asymmetric signature — PSA Crypto API 1.0.1 documentation</title>
<link rel="stylesheet" href="../../_static/alabaster.css" type="text/css" />
<link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../../',
- VERSION: '1.0.0',
+ VERSION: '1.0.1',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
- HAS_SOURCE: true,
+ HAS_SOURCE: false,
SOURCELINK_SUFFIX: '.txt'
};
</script>
<script type="text/javascript" src="../../_static/jquery.js"></script>
<script type="text/javascript" src="../../_static/underscore.js"></script>
<script type="text/javascript" src="../../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../../about.html" />
<link rel="index" title="Index" href="../../genindex.html" />
<link rel="search" title="Search" href="../../search.html" />
- <link rel="next" title="Asymmetric encryption" href="pke.html" />
- <link rel="prev" title="Key derivation" href="kdf.html" />
+ <link rel="next" title="10.8. Asymmetric encryption" href="pke.html" />
+ <link rel="prev" title="10.6. Key derivation" href="kdf.html" />
<link rel="stylesheet" href="../../_static/custom.css" type="text/css" />
@@ -40,105 +41,131 @@
<div class="body" role="main">
<div class="section" id="asymmetric-signature">
-<span id="sign"></span><h1>Asymmetric signature</h1>
+<span id="sign"></span><h1>10.7. Asymmetric signature</h1>
<div class="section" id="asymmetric-signature-algorithms">
-<span id="sign-algorithms"></span><h2>Asymmetric signature algorithms</h2>
+<span id="sign-algorithms"></span><h2>10.7.1. Asymmetric signature algorithms</h2>
<div class="section" id="PSA_ALG_RSA_PKCS1V15_SIGN">
<span id="c.PSA_ALG_RSA_PKCS1V15_SIGN"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN</span></code> (macro)</h3>
-<p>RSA PKCS#1 v1.5 signature with hashing.</p>
+<p>The RSA PKCS#1 v1.5 message signature scheme, with hashing.</p>
<pre class="literal-block">
#define <a class="reference internal" href="#c.PSA_ALG_RSA_PKCS1V15_SIGN" title="PSA_ALG_RSA_PKCS1V15_SIGN">PSA_ALG_RSA_PKCS1V15_SIGN</a>(hash_alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
</pre>
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">hash_alg</span></code></dt>
-<dd>A hash algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true). This includes <a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code></a> when specifying the algorithm in a usage policy.</dd>
+<dd>A hash algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true). This includes <a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code></a> when specifying the algorithm in a key policy.</dd>
</dl>
<p class="rubric">Returns</p>
<p>The corresponding RSA PKCS#1 v1.5 signature algorithm.</p>
<p>Unspecified if <code class="docutils literal"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
<p class="rubric">Description</p>
-<p>This is the signature scheme defined by <a class="reference external" href="https://tools.ietf.org/html/rfc8017.html">RFC 8017</a> (PKCS#1: RSA Cryptography Specifications) under the name RSASSA-PKCS1-v1_5.</p>
+<p>This algorithm can be used with both the message and hash signature functions.</p>
+<p>This signature scheme is defined by <span><em>PKCS #1: RSA Cryptography Specifications Version 2.2</em> <a class="reference internal" href="../../about.html#citation-rfc8017"><span class="cite">[RFC8017]</span></a></span> <a class="reference external" href="https://tools.ietf.org/html/rfc8017.html#section-8.2">§8.2</a> under the name RSASSA-PKCS1-v1_5.</p>
+<p>When used with <a class="reference internal" href="#c.psa_sign_hash" title="psa_sign_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_hash()</span></code></a> or <a class="reference internal" href="#c.psa_verify_hash" title="psa_verify_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_hash()</span></code></a>, the provided <code class="docutils literal"><span class="pre">hash</span></code> parameter is used as <em>H</em> from step 2 onwards in the message encoding algorithm <code class="docutils literal"><span class="pre">EMSA-PKCS1-V1_5-ENCODE()</span></code> in <a class="reference internal" href="../../about.html#citation-rfc8017"><span class="cite">[RFC8017]</span></a> <a class="reference external" href="https://tools.ietf.org/html/rfc8017.html#section-9.2">§9.2</a>. <em>H</em> is usually the message digest, using the <code class="docutils literal"><span class="pre">hash_alg</span></code> hash algorithm.</p>
</div>
<div class="section" id="PSA_ALG_RSA_PKCS1V15_SIGN_RAW">
<span id="c.PSA_ALG_RSA_PKCS1V15_SIGN_RAW"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</span></code> (macro)</h3>
-<p>Raw PKCS#1 v1.5 signature.</p>
+<p>The raw RSA PKCS#1 v1.5 signature algorithm, without hashing.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_RSA_PKCS1V15_SIGN_RAW" title="PSA_ALG_RSA_PKCS1V15_SIGN_RAW">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>) 0x06000200))
+#define <a class="reference internal" href="#c.PSA_ALG_RSA_PKCS1V15_SIGN_RAW" title="PSA_ALG_RSA_PKCS1V15_SIGN_RAW">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>) 0x06000200)
</pre>
-<p>The input to this algorithm is the DigestInfo structure used by <a class="reference external" href="https://tools.ietf.org/html/rfc8017.html#section-9.2">RFC 8017 §9.2</a> (PKCS#1: RSA Cryptography Specifications), in steps 3–6.</p>
+<p>This algorithm can be only used with the <a class="reference internal" href="#c.psa_sign_hash" title="psa_sign_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_hash()</span></code></a> and <a class="reference internal" href="#c.psa_verify_hash" title="psa_verify_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_hash()</span></code></a> functions.</p>
+<p>This signature scheme is defined by <span><em>PKCS #1: RSA Cryptography Specifications Version 2.2</em> <a class="reference internal" href="../../about.html#citation-rfc8017"><span class="cite">[RFC8017]</span></a></span> <a class="reference external" href="https://tools.ietf.org/html/rfc8017.html#section-8.2">§8.2</a> under the name RSASSA-PKCS1-v1_5.</p>
+<p>The <code class="docutils literal"><span class="pre">hash</span></code> parameter to <a class="reference internal" href="#c.psa_sign_hash" title="psa_sign_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_hash()</span></code></a> or <a class="reference internal" href="#c.psa_verify_hash" title="psa_verify_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_hash()</span></code></a> is used as <em>T</em> from step 3 onwards in the message encoding algorithm <code class="docutils literal"><span class="pre">EMSA-PKCS1-V1_5-ENCODE()</span></code> in <a class="reference internal" href="../../about.html#citation-rfc8017"><span class="cite">[RFC8017]</span></a> <a class="reference external" href="https://tools.ietf.org/html/rfc8017.html#section-9.2">§9.2</a>. <em>T</em> is the DER encoding of the <em>DigestInfo</em> structure normally produced by step 2 in the message encoding algorithm.</p>
</div>
<div class="section" id="PSA_ALG_RSA_PSS">
<span id="c.PSA_ALG_RSA_PSS"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PSS</span></code> (macro)</h3>
-<p>RSA PSS signature with hashing.</p>
+<p>The RSA PSS message signature scheme, with hashing.</p>
<pre class="literal-block">
#define <a class="reference internal" href="#c.PSA_ALG_RSA_PSS" title="PSA_ALG_RSA_PSS">PSA_ALG_RSA_PSS</a>(hash_alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
</pre>
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">hash_alg</span></code></dt>
-<dd>A hash algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true). This includes <a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code></a> when specifying the algorithm in a usage policy.</dd>
+<dd>A hash algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true). This includes <a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code></a> when specifying the algorithm in a key policy.</dd>
</dl>
<p class="rubric">Returns</p>
<p>The corresponding RSA PSS signature algorithm.</p>
<p>Unspecified if <code class="docutils literal"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
<p class="rubric">Description</p>
-<p>This is the signature scheme defined by <a class="reference external" href="https://tools.ietf.org/html/rfc8017.html">RFC 8017</a> (PKCS#1: RSA Cryptography Specifications) under the name RSASSA-PSS, with the message generation function MGF1, and with a salt length equal to the length of the hash. The specified hash algorithm is used to hash the input message, to create the salted hash, and for the mask generation.</p>
+<p>This algorithm can be used with both the message and hash signature functions.</p>
+<p>This algorithm is randomized: each invocation returns a different, equally valid signature.</p>
+<p>This is the signature scheme defined by <a class="reference internal" href="../../about.html#citation-rfc8017"><span class="cite">[RFC8017]</span></a> <a class="reference external" href="https://tools.ietf.org/html/rfc8017.html#section-8.1">§8.1</a> under the name RSASSA-PSS, with the following options:</p>
+<ul class="simple">
+<li>The mask generation function is <em>MGF1</em> defined by <a class="reference internal" href="../../about.html#citation-rfc8017"><span class="cite">[RFC8017]</span></a> <a class="reference external" href="https://tools.ietf.org/html/rfc8017.html#appendix-B">Appendix B</a>.</li>
+<li>The salt length is equal to the length of the hash.</li>
+<li>The specified hash algorithm is used to hash the input message, to create the salted hash, and for the mask generation.</li>
+</ul>
</div>
<div class="section" id="PSA_ALG_ECDSA">
<span id="c.PSA_ALG_ECDSA"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_ECDSA</span></code> (macro)</h3>
-<p>ECDSA signature with hashing.</p>
+<p>The randomized ECDSA signature scheme, with hashing.</p>
<pre class="literal-block">
#define <a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA">PSA_ALG_ECDSA</a>(hash_alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
</pre>
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">hash_alg</span></code></dt>
-<dd>A hash algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true). This includes <a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code></a> when specifying the algorithm in a usage policy.</dd>
+<dd>A hash algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true). This includes <a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code></a> when specifying the algorithm in a key policy.</dd>
</dl>
<p class="rubric">Returns</p>
-<p>The corresponding ECDSA signature algorithm.</p>
+<p>The corresponding randomized ECDSA signature algorithm.</p>
<p>Unspecified if <code class="docutils literal"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
<p class="rubric">Description</p>
-<p>This is the <em>Elliptic Curve Digital Signature Algorithm (ECDSA)</em> defined by ANSI X9.62-2005, with a random per-message secret number (<em>k</em>).</p>
+<p>This algorithm can be used with both the message and hash signature functions.</p>
+<p>This algorithm is randomized: each invocation returns a different, equally valid signature.</p>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p>When based on the same hash algorithm, the verification operations for <a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA</span></code></a> and <a class="reference internal" href="#c.PSA_ALG_DETERMINISTIC_ECDSA" title="PSA_ALG_DETERMINISTIC_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code></a> are identical. A signature created using <a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA</span></code></a> can be verified with the same key using either <a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA</span></code></a> or <a class="reference internal" href="#c.PSA_ALG_DETERMINISTIC_ECDSA" title="PSA_ALG_DETERMINISTIC_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code></a>. Similarly, a signature created using <a class="reference internal" href="#c.PSA_ALG_DETERMINISTIC_ECDSA" title="PSA_ALG_DETERMINISTIC_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code></a> can be verified with the same key using either <a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA</span></code></a> or <a class="reference internal" href="#c.PSA_ALG_DETERMINISTIC_ECDSA" title="PSA_ALG_DETERMINISTIC_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code></a>.</p>
+<p class="last">In particular, it is impossible to determine whether a signature was produced with deterministic ECDSA or with randomized ECDSA: it is only possible to verify that a signature was made with ECDSA with the private key corresponding to the public key used for the verification.</p>
+</div>
+<p>This signature scheme is defined by <span><em>SEC 1: Elliptic Curve Cryptography</em> <a class="reference internal" href="../../about.html#citation-sec1"><span class="cite">[SEC1]</span></a></span>, and also by <span><em>Public Key Cryptography For The Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA)</em> <a class="reference internal" href="../../about.html#citation-x9-62"><span class="cite">[X9-62]</span></a></span>, with a random per-message secret number <em>k</em>.</p>
<p>The representation of the signature as a byte string consists of the concatenation of the signature values <em>r</em> and <em>s</em>. Each of <em>r</em> and <em>s</em> is encoded as an <em>N</em>-octet string, where <em>N</em> is the length of the base point of the curve in octets. Each value is represented in big-endian order, with the most significant octet first.</p>
</div>
<div class="section" id="PSA_ALG_ECDSA_ANY">
<span id="c.PSA_ALG_ECDSA_ANY"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_ECDSA_ANY</span></code> (macro)</h3>
-<p>ECDSA signature without hashing.</p>
+<p>The randomized ECDSA signature scheme, without hashing.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_ECDSA_ANY" title="PSA_ALG_ECDSA_ANY">PSA_ALG_ECDSA_ANY</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>) 0x06000600))
+#define <a class="reference internal" href="#c.PSA_ALG_ECDSA_ANY" title="PSA_ALG_ECDSA_ANY">PSA_ALG_ECDSA_ANY</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>) 0x06000600)
</pre>
-<p>This is the same signature scheme as <a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA()</span></code></a>, but without specifying a hash algorithm. This algorithm is only recommended to sign or verify a sequence of bytes that are an already-calculated hash. Note that the input is padded with zeros on the left or truncated on the left as required to fit the curve size.</p>
+<p>This algorithm can be only used with the <a class="reference internal" href="#c.psa_sign_hash" title="psa_sign_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_hash()</span></code></a> and <a class="reference internal" href="#c.psa_verify_hash" title="psa_verify_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_hash()</span></code></a> functions.</p>
+<p>This algorithm is randomized: each invocation returns a different, equally valid signature.</p>
+<p>This is the same signature scheme as <a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA()</span></code></a>, but without specifying a hash algorithm, and skipping the message hashing operation.</p>
+<p>This algorithm is only recommended to sign or verify a sequence of bytes that are an already-calculated hash. Note that the input is padded with zeros on the left or truncated on the right as required to fit the curve size.</p>
</div>
<div class="section" id="PSA_ALG_DETERMINISTIC_ECDSA">
<span id="c.PSA_ALG_DETERMINISTIC_ECDSA"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code> (macro)</h3>
-<p>Deterministic ECDSA signature with hashing.</p>
+<p>Deterministic ECDSA signature scheme, with hashing.</p>
<pre class="literal-block">
#define <a class="reference internal" href="#c.PSA_ALG_DETERMINISTIC_ECDSA" title="PSA_ALG_DETERMINISTIC_ECDSA">PSA_ALG_DETERMINISTIC_ECDSA</a>(hash_alg) <em><a class="reference internal" href="../../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
</pre>
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">hash_alg</span></code></dt>
-<dd>A hash algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true). This includes <a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code></a> when specifying the algorithm in a usage policy.</dd>
+<dd>A hash algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true). This includes <a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code></a> when specifying the algorithm in a key policy.</dd>
</dl>
<p class="rubric">Returns</p>
<p>The corresponding deterministic ECDSA signature algorithm.</p>
<p>Unspecified if <code class="docutils literal"><span class="pre">hash_alg</span></code> is not a supported hash algorithm.</p>
<p class="rubric">Description</p>
-<p>This is the deterministic ECDSA signature scheme defined by <a class="reference external" href="https://tools.ietf.org/html/rfc6979.html">RFC 6979</a>.</p>
+<p>This algorithm can be used with both the message and hash signature functions.</p>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p>When based on the same hash algorithm, the verification operations for <a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA</span></code></a> and <a class="reference internal" href="#c.PSA_ALG_DETERMINISTIC_ECDSA" title="PSA_ALG_DETERMINISTIC_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code></a> are identical. A signature created using <a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA</span></code></a> can be verified with the same key using either <a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA</span></code></a> or <a class="reference internal" href="#c.PSA_ALG_DETERMINISTIC_ECDSA" title="PSA_ALG_DETERMINISTIC_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code></a>. Similarly, a signature created using <a class="reference internal" href="#c.PSA_ALG_DETERMINISTIC_ECDSA" title="PSA_ALG_DETERMINISTIC_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code></a> can be verified with the same key using either <a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA</span></code></a> or <a class="reference internal" href="#c.PSA_ALG_DETERMINISTIC_ECDSA" title="PSA_ALG_DETERMINISTIC_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code></a>.</p>
+<p class="last">In particular, it is impossible to determine whether a signature was produced with deterministic ECDSA or with randomized ECDSA: it is only possible to verify that a signature was made with ECDSA with the private key corresponding to the public key used for the verification.</p>
+</div>
+<p>This is the deterministic ECDSA signature scheme defined by <span><em>Deterministic Usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA)</em> <a class="reference internal" href="../../about.html#citation-rfc6979"><span class="cite">[RFC6979]</span></a></span>.</p>
<p>The representation of a signature is the same as with <a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ECDSA()</span></code></a>.</p>
-<p>Note that when this algorithm is used for verification, signatures made with randomized ECDSA (<a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_ECDSA</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code>) with the same private key are accepted. In other words, <a class="reference internal" href="#c.PSA_ALG_DETERMINISTIC_ECDSA" title="PSA_ALG_DETERMINISTIC_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> differs from <a class="reference internal" href="#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_ECDSA</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code> only for signature, not for verification.</p>
</div>
</div>
<div class="section" id="asymmetric-signature-functions">
-<h2>Asymmetric signature functions</h2>
+<h2>10.7.2. Asymmetric signature functions</h2>
<div class="section" id="psa_sign_message">
<span id="c.psa_sign_message"></span><h3><code class="docutils literal"><span class="pre">psa_sign_message</span></code> (function)</h3>
<p>Sign a message with a private key. For hash-and-sign algorithms, this includes the hashing step.</p>
<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_sign_message" title="psa_sign_message">psa_sign_message</a>(<a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_sign_message" title="psa_sign_message">psa_sign_message</a>(<a class="reference internal" href="../keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+ <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
const uint8_t * input,
size_t input_length,
uint8_t * signature,
@@ -148,7 +175,7 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
-<dd>Identifier of the key to use for the operation. It must be an asymmetric key pair. The key must allow the usage <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code></a>.</dd>
+<dd>Identifier of the key to use for the operation. It must be an asymmetric key pair. The key must allow the usage <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code></a>.</dd>
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
<dd>An asymmetric signature algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_SIGN_MESSAGE" title="PSA_ALG_IS_SIGN_MESSAGE"><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN_MESSAGE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true), that is compatible with the type of <code class="docutils literal"><span class="pre">key</span></code>.</dd>
<dt> <code class="docutils literal"><span class="pre">input</span></code></dt>
@@ -175,7 +202,7 @@
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
<dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>The key does not have the <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code></a> flag, or it does not permit the requested algorithm.</dd>
+<dd>The key does not have the <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code></a> flag, or it does not permit the requested algorithm.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
<dd>The size of the <code class="docutils literal"><span class="pre">signature</span></code> buffer is too small.
<a class="reference internal" href="#c.PSA_SIGN_OUTPUT_SIZE" title="PSA_SIGN_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SIGN_OUTPUT_SIZE()</span></code></a> or <a class="reference internal" href="#c.PSA_SIGNATURE_MAX_SIZE" title="PSA_SIGNATURE_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SIGNATURE_MAX_SIZE</span></code></a> can be used to determine the required buffer size.</dd>
@@ -205,15 +232,15 @@
<p class="rubric">Description</p>
<div class="admonition note">
<p class="first admonition-title">Note</p>
-<p class="last">To perform a multi-part hash-and-sign signature algorithm, first use a <a class="reference internal" href="hashes.html#hash-mp"><span class="std std-ref">multi-part hash operation</span></a> and then pass the resulting hash to <a class="reference internal" href="#c.psa_sign_hash" title="psa_sign_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_hash()</span></code></a>. <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_GET_HASH" title="PSA_ALG_GET_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_GET_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> can be used to determine the hash algorithm to use.</p>
+<p class="last">To perform a multi-part hash-and-sign signature algorithm, first use a <a class="reference internal" href="hashes.html#hash-mp"><span class="std std-ref">multi-part hash operation</span></a> and then pass the resulting hash to <a class="reference internal" href="#c.psa_sign_hash" title="psa_sign_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_hash()</span></code></a>. <a class="reference internal" href="algorithms.html#c.PSA_ALG_GET_HASH" title="PSA_ALG_GET_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_GET_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> can be used to determine the hash algorithm to use.</p>
</div>
</div>
<div class="section" id="psa_verify_message">
<span id="c.psa_verify_message"></span><h3><code class="docutils literal"><span class="pre">psa_verify_message</span></code> (function)</h3>
<p>Verify the signature of a message with a public key, using a hash-and-sign verification algorithm.</p>
<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_verify_message" title="psa_verify_message">psa_verify_message</a>(<a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_verify_message" title="psa_verify_message">psa_verify_message</a>(<a class="reference internal" href="../keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+ <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
const uint8_t * input,
size_t input_length,
const uint8_t * signature,
@@ -222,7 +249,7 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
-<dd>Identifier of the key to use for the operation. It must be a public key or an asymmetric key pair. The key must allow the usage <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code></a>.</dd>
+<dd>Identifier of the key to use for the operation. It must be a public key or an asymmetric key pair. The key must allow the usage <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code></a>.</dd>
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
<dd>An asymmetric signature algorithm (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_SIGN_MESSAGE" title="PSA_ALG_IS_SIGN_MESSAGE"><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN_MESSAGE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true), that is compatible with the type of <code class="docutils literal"><span class="pre">key</span></code>.</dd>
<dt> <code class="docutils literal"><span class="pre">input</span></code></dt>
@@ -241,7 +268,7 @@
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
<dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>The key does not have the <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code></a> flag, or it does not permit the requested algorithm.</dd>
+<dd>The key does not have the <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code></a> flag, or it does not permit the requested algorithm.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a></dt>
<dd>The calculation was performed successfully, but the passed signature is not a valid signature.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
@@ -268,15 +295,15 @@
<p class="rubric">Description</p>
<div class="admonition note">
<p class="first admonition-title">Note</p>
-<p class="last">To perform a multi-part hash-and-sign signature verification algorithm, first use a <a class="reference internal" href="hashes.html#hash-mp"><span class="std std-ref">multi-part hash operation</span></a> to hash the message and then pass the resulting hash to <a class="reference internal" href="#c.psa_verify_hash" title="psa_verify_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_hash()</span></code></a>. <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_GET_HASH" title="PSA_ALG_GET_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_GET_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> can be used to determine the hash algorithm to use.</p>
+<p class="last">To perform a multi-part hash-and-sign signature verification algorithm, first use a <a class="reference internal" href="hashes.html#hash-mp"><span class="std std-ref">multi-part hash operation</span></a> to hash the message and then pass the resulting hash to <a class="reference internal" href="#c.psa_verify_hash" title="psa_verify_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_hash()</span></code></a>. <a class="reference internal" href="algorithms.html#c.PSA_ALG_GET_HASH" title="PSA_ALG_GET_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_GET_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> can be used to determine the hash algorithm to use.</p>
</div>
</div>
<div class="section" id="psa_sign_hash">
<span id="c.psa_sign_hash"></span><h3><code class="docutils literal"><span class="pre">psa_sign_hash</span></code> (function)</h3>
<p>Sign an already-calculated hash with a private key.</p>
<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_sign_hash" title="psa_sign_hash">psa_sign_hash</a>(<a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_sign_hash" title="psa_sign_hash">psa_sign_hash</a>(<a class="reference internal" href="../keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+ <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
const uint8_t * hash,
size_t hash_length,
uint8_t * signature,
@@ -286,7 +313,7 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
-<dd>Identifier of the key to use for the operation. It must be an asymmetric key pair. The key must allow the usage <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_SIGN_HASH" title="PSA_KEY_USAGE_SIGN_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_HASH</span></code></a>.</dd>
+<dd>Identifier of the key to use for the operation. It must be an asymmetric key pair. The key must allow the usage <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_SIGN_HASH" title="PSA_KEY_USAGE_SIGN_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_HASH</span></code></a>.</dd>
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
<dd>An asymmetric signature algorithm that separates the hash and sign operations (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_SIGN_HASH" title="PSA_ALG_IS_SIGN_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true), that is compatible with the type of <code class="docutils literal"><span class="pre">key</span></code>.</dd>
<dt> <code class="docutils literal"><span class="pre">hash</span></code></dt>
@@ -313,7 +340,7 @@
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
<dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>The key does not have the <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_SIGN_HASH" title="PSA_KEY_USAGE_SIGN_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_HASH</span></code></a> flag, or it does not permit the requested algorithm.</dd>
+<dd>The key does not have the <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_SIGN_HASH" title="PSA_KEY_USAGE_SIGN_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_HASH</span></code></a> flag, or it does not permit the requested algorithm.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_BUFFER_TOO_SMALL" title="PSA_ERROR_BUFFER_TOO_SMALL"><code class="docutils literal"><span class="pre">PSA_ERROR_BUFFER_TOO_SMALL</span></code></a></dt>
<dd>The size of the <code class="docutils literal"><span class="pre">signature</span></code> buffer is too small.
<a class="reference internal" href="#c.PSA_SIGN_OUTPUT_SIZE" title="PSA_SIGN_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SIGN_OUTPUT_SIZE()</span></code></a> or <a class="reference internal" href="#c.PSA_SIGNATURE_MAX_SIZE" title="PSA_SIGNATURE_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SIGNATURE_MAX_SIZE</span></code></a> can be used to determine the required buffer size.</dd>
@@ -352,8 +379,8 @@
<span id="c.psa_verify_hash"></span><h3><code class="docutils literal"><span class="pre">psa_verify_hash</span></code> (function)</h3>
<p>Verify the signature of a hash or short message using a public key.</p>
<pre class="literal-block">
-<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_verify_hash" title="psa_verify_hash">psa_verify_hash</a>(<a class="reference internal" href="../keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+<a class="reference internal" href="../library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="#c.psa_verify_hash" title="psa_verify_hash">psa_verify_hash</a>(<a class="reference internal" href="../keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+ <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
const uint8_t * hash,
size_t hash_length,
const uint8_t * signature,
@@ -362,7 +389,7 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">key</span></code></dt>
-<dd>Identifier of the key to use for the operation. It must be a public key or an asymmetric key pair. The key must allow the usage <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_VERIFY_HASH" title="PSA_KEY_USAGE_VERIFY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_HASH</span></code></a>.</dd>
+<dd>Identifier of the key to use for the operation. It must be a public key or an asymmetric key pair. The key must allow the usage <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_VERIFY_HASH" title="PSA_KEY_USAGE_VERIFY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_HASH</span></code></a>.</dd>
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
<dd>An asymmetric signature algorithm that separates the hash and sign operations (<code class="docutils literal"><span class="pre">PSA_ALG_XXX</span></code> value such that <a class="reference internal" href="#c.PSA_ALG_IS_SIGN_HASH" title="PSA_ALG_IS_SIGN_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true), that is compatible with the type of <code class="docutils literal"><span class="pre">key</span></code>.</dd>
<dt> <code class="docutils literal"><span class="pre">hash</span></code></dt>
@@ -381,7 +408,7 @@
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a></dt>
<dd></dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a></dt>
-<dd>The key does not have the <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_VERIFY_HASH" title="PSA_KEY_USAGE_VERIFY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_HASH</span></code></a> flag, or it does not permit the requested algorithm.</dd>
+<dd>The key does not have the <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_VERIFY_HASH" title="PSA_KEY_USAGE_VERIFY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_HASH</span></code></a> flag, or it does not permit the requested algorithm.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_INVALID_SIGNATURE" title="PSA_ERROR_INVALID_SIGNATURE"><code class="docutils literal"><span class="pre">PSA_ERROR_INVALID_SIGNATURE</span></code></a></dt>
<dd>The calculation was performed successfully, but the passed signature is not a valid signature.</dd>
<dt> <a class="reference internal" href="../library/status.html#c.PSA_ERROR_NOT_SUPPORTED" title="PSA_ERROR_NOT_SUPPORTED"><code class="docutils literal"><span class="pre">PSA_ERROR_NOT_SUPPORTED</span></code></a></dt>
@@ -415,7 +442,7 @@
</div>
</div>
<div class="section" id="support-macros">
-<h2>Support macros</h2>
+<h2>10.7.3. Support macros</h2>
<div class="section" id="PSA_ALG_IS_SIGN_MESSAGE">
<span id="c.PSA_ALG_IS_SIGN_MESSAGE"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN_MESSAGE</span></code> (macro)</h3>
<p>Whether the specified algorithm is a signature algorithm that can be used with <a class="reference internal" href="#c.psa_sign_message" title="psa_sign_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_message()</span></code></a> and <a class="reference internal" href="#c.psa_verify_message" title="psa_verify_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_message()</span></code></a>.</p>
@@ -425,7 +452,7 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
</dl>
<p class="rubric">Returns</p>
<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a signature algorithm that can be used to sign a message. <code class="docutils literal"><span class="pre">0</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a signature algorithm that can only be used to sign an already-calculated hash. <code class="docutils literal"><span class="pre">0</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a signature algorithm. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
@@ -439,7 +466,7 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
</dl>
<p class="rubric">Returns</p>
<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a signature algorithm that can be used to sign a hash. <code class="docutils literal"><span class="pre">0</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a signature algorithm that can only be used to sign a message. <code class="docutils literal"><span class="pre">0</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a signature algorithm. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
@@ -453,7 +480,7 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
</dl>
<p class="rubric">Returns</p>
<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is an RSA PKCS#1 v1.5 signature algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise.</p>
@@ -468,7 +495,7 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
</dl>
<p class="rubric">Returns</p>
<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is an RSA PSS signature algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise.</p>
@@ -483,7 +510,7 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
</dl>
<p class="rubric">Returns</p>
<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is an ECDSA algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise.</p>
@@ -498,7 +525,7 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
</dl>
<p class="rubric">Returns</p>
<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a deterministic ECDSA algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise.</p>
@@ -515,7 +542,7 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
</dl>
<p class="rubric">Returns</p>
<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a randomized ECDSA algorithm, <code class="docutils literal"><span class="pre">0</span></code> otherwise.</p>
@@ -532,7 +559,7 @@
<p class="rubric">Parameters</p>
<dl class="docutils">
<dt> <code class="docutils literal"><span class="pre">alg</span></code></dt>
-<dd>An algorithm identifier (value of type <a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
+<dd>An algorithm identifier (value of type <a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>).</dd>
</dl>
<p class="rubric">Returns</p>
<p><code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is a hash-and-sign algorithm that signs exactly the hash value, <code class="docutils literal"><span class="pre">0</span></code> otherwise. This macro can return either <code class="docutils literal"><span class="pre">0</span></code> or <code class="docutils literal"><span class="pre">1</span></code> if <code class="docutils literal"><span class="pre">alg</span></code> is not a supported algorithm identifier.</p>
@@ -541,14 +568,14 @@
</div>
<div class="section" id="PSA_ALG_ANY_HASH">
<span id="c.PSA_ALG_ANY_HASH"></span><h3><code class="docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code> (macro)</h3>
-<p>In a hash-and-sign algorithm policy, allow any hash algorithm.</p>
+<p>When setting a hash-and-sign algorithm in a key policy, permit any hash algorithm.</p>
<pre class="literal-block">
-#define <a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH">PSA_ALG_ANY_HASH</a> ((<a class="reference internal" href="../keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x020000ff)
+#define <a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH">PSA_ALG_ANY_HASH</a> ((<a class="reference internal" href="algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x020000ff)
</pre>
-<p>This value can be used to form the algorithm usage field of a policy for a signature algorithm that is parametrized by a hash. A key with this policy can then be used to perform operations using the same signature algorithm parametrized with any supported hash.
-A signature algorithm policy created using this macro is a wildcard policy, and <a class="reference internal" href="../keys/algorithms.html#c.PSA_ALG_IS_WILDCARD" title="PSA_ALG_IS_WILDCARD"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_WILDCARD()</span></code></a> will return true.</p>
+<p>This value can be used to form the permitted algorithm attribute of a key policy for a signature algorithm that is parametrized by a hash. A key with this policy can then be used to perform operations using the same signature algorithm parametrized with any supported hash.
+A signature algorithm created using this macro is a wildcard algorithm, and <a class="reference internal" href="algorithms.html#c.PSA_ALG_IS_WILDCARD" title="PSA_ALG_IS_WILDCARD"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_WILDCARD()</span></code></a> will return true.</p>
<p>This value must not be used to build other algorithms that are parametrized over a hash. For any valid use of this macro to build an algorithm <code class="docutils literal"><span class="pre">alg</span></code>, <a class="reference internal" href="#c.PSA_ALG_IS_HASH_AND_SIGN" title="PSA_ALG_IS_HASH_AND_SIGN"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH_AND_SIGN</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code> is true.</p>
-<p>This value must not be used to build an algorithm specification to perform an operation. It is only valid to build policies.</p>
+<p>This value must not be used to build an algorithm specification to perform an operation. It is only valid for setting the permitted algorithm in a key policy.</p>
<p class="rubric">Usage</p>
<p>For example, suppose that <code class="docutils literal"><span class="pre">PSA_xxx_SIGNATURE</span></code> is one of the following macros:</p>
<ul class="simple">
@@ -558,11 +585,11 @@
<li><a class="reference internal" href="#c.PSA_ALG_DETERMINISTIC_ECDSA" title="PSA_ALG_DETERMINISTIC_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code></a></li>
</ul>
<p>The following sequence of operations shows how <a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code></a> can be used in a key policy:</p>
-<ul>
-<li><p class="first">Set the key usage field using <a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code></a>, for example:</p>
+<ol class="arabic">
+<li><p class="first">Set the key usage flags using <a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code></a>, for example:</p>
<pre class="literal-block">
-<a class="reference internal" href="../keys/usage.html#c.psa_set_key_usage_flags" title="psa_set_key_usage_flags">psa_set_key_usage_flags</a>(&attributes, <a class="reference internal" href="../keys/usage.html#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE">PSA_KEY_USAGE_SIGN_MESSAGE</a>); // or VERIFY_MESSAGE
-<a class="reference internal" href="../keys/algorithms.html#c.psa_set_key_algorithm" title="psa_set_key_algorithm">psa_set_key_algorithm</a>(&attributes, PSA_xxx_SIGNATURE(<a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH">PSA_ALG_ANY_HASH</a>));
+<a class="reference internal" href="../keys/policy.html#c.psa_set_key_usage_flags" title="psa_set_key_usage_flags">psa_set_key_usage_flags</a>(&attributes, <a class="reference internal" href="../keys/policy.html#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE">PSA_KEY_USAGE_SIGN_MESSAGE</a>); // or VERIFY_MESSAGE
+<a class="reference internal" href="../keys/policy.html#c.psa_set_key_algorithm" title="psa_set_key_algorithm">psa_set_key_algorithm</a>(&attributes, PSA_xxx_SIGNATURE(<a class="reference internal" href="#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH">PSA_ALG_ANY_HASH</a>));
</pre>
</li>
<li><p class="first">Import or generate key material.</p>
@@ -574,7 +601,7 @@
<a class="reference internal" href="#c.psa_sign_message" title="psa_sign_message">psa_sign_message</a>(key, PSA_xxx_SIGNATURE(<a class="reference internal" href="hashes.html#c.PSA_ALG_SHA3_256" title="PSA_ALG_SHA3_256">PSA_ALG_SHA3_256</a>), ...);
</pre>
</li>
-</ul>
+</ol>
</div>
<div class="section" id="PSA_SIGN_OUTPUT_SIZE">
<span id="c.PSA_SIGN_OUTPUT_SIZE"></span><h3><code class="docutils literal"><span class="pre">PSA_SIGN_OUTPUT_SIZE</span></code> (macro)</h3>
@@ -620,61 +647,51 @@
</div>
</div>
<div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper">
- <h3><a href="../../index.html">Table Of Contents</a></h3>
- <ul>
-<li><a class="reference internal" href="#">Asymmetric signature</a><ul>
-<li><a class="reference internal" href="#asymmetric-signature-algorithms">Asymmetric signature algorithms</a><ul>
-<li><a class="reference internal" href="#PSA_ALG_RSA_PKCS1V15_SIGN"><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_RSA_PKCS1V15_SIGN_RAW"><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_RSA_PSS"><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PSS</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_ECDSA</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_ECDSA_ANY"><code class="docutils literal"><span class="pre">PSA_ALG_ECDSA_ANY</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_DETERMINISTIC_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code> (macro)</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#asymmetric-signature-functions">Asymmetric signature functions</a><ul>
-<li><a class="reference internal" href="#psa_sign_message"><code class="docutils literal"><span class="pre">psa_sign_message</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_verify_message"><code class="docutils literal"><span class="pre">psa_verify_message</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_sign_hash"><code class="docutils literal"><span class="pre">psa_sign_hash</span></code> (function)</a></li>
-<li><a class="reference internal" href="#psa_verify_hash"><code class="docutils literal"><span class="pre">psa_verify_hash</span></code> (function)</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#support-macros">Support macros</a><ul>
-<li><a class="reference internal" href="#PSA_ALG_IS_SIGN_MESSAGE"><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN_MESSAGE</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_IS_SIGN_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN_HASH</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_IS_RSA_PKCS1V15_SIGN"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RSA_PKCS1V15_SIGN</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_IS_RSA_PSS"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RSA_PSS</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_IS_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_IS_ECDSA</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_IS_DETERMINISTIC_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_IS_DETERMINISTIC_ECDSA</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_IS_RANDOMIZED_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RANDOMIZED_ECDSA</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_IS_HASH_AND_SIGN"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH_AND_SIGN</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_ALG_ANY_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_ANY_HASH</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_SIGN_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_SIGN_OUTPUT_SIZE</span></code> (macro)</a></li>
-<li><a class="reference internal" href="#PSA_SIGNATURE_MAX_SIZE"><code class="docutils literal"><span class="pre">PSA_SIGNATURE_MAX_SIZE</span></code> (macro)</a></li>
-</ul>
-</li>
-</ul>
-</li>
-</ul>
-<div class="relations">
-<h3>Related Topics</h3>
+ <div class="sphinxsidebarwrapper"><h3><a href="../../index.html"><b>PSA Crypto API</b></a></h3>
+IHI 0086<br/>
+Non-confidential<br/>
+Version 1.0.1
+<span style="color: red; font-weight: bold;"></span>
<ul>
- <li><a href="../../index.html">Documentation overview</a><ul>
- <li><a href="index.html">Cryptographic operation reference</a><ul>
- <li>Previous: <a href="kdf.html" title="previous chapter">Key derivation</a></li>
- <li>Next: <a href="pke.html" title="next chapter">Asymmetric encryption</a></li>
- </ul></li>
- </ul></li>
+<li class="toctree-l1"><a class="reference internal" href="../../about.html">About this document</a></li>
</ul>
-</div>
- <div role="note" aria-label="source link">
- <h3>This Page</h3>
- <ul class="this-page-menu">
- <li><a href="../../_sources/api/ops/sign.rst.txt"
- rel="nofollow">Show Source</a></li>
- </ul>
- </div>
+<ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../../overview/intro.html">1. Introduction</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/goals.html">2. Design goals</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/functionality.html">3. Functionality overview</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/sample-arch.html">4. Sample architectures</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/conventions.html">5. Library conventions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/implementation.html">6. Implementation considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../overview/usage.html">7. Usage considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../library/index.html">8. Library management reference</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../keys/index.html">9. Key management reference</a></li>
+<li class="toctree-l1 current"><a class="reference internal" href="index.html">10. Cryptographic operation reference</a><ul class="current">
+<li class="toctree-l2"><a class="reference internal" href="algorithms.html">10.1. Algorithms</a></li>
+<li class="toctree-l2"><a class="reference internal" href="hashes.html">10.2. Message digests</a></li>
+<li class="toctree-l2"><a class="reference internal" href="macs.html">10.3. Message authentication codes (MAC)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="ciphers.html">10.4. Unauthenticated ciphers</a></li>
+<li class="toctree-l2"><a class="reference internal" href="aead.html">10.5. Authenticated encryption with associated data (AEAD)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="kdf.html">10.6. Key derivation</a></li>
+<li class="toctree-l2 current"><a class="current reference internal" href="#">10.7. Asymmetric signature</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#asymmetric-signature-algorithms">10.7.1. Asymmetric signature algorithms</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#asymmetric-signature-functions">10.7.2. Asymmetric signature functions</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#support-macros">10.7.3. Support macros</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="pke.html">10.8. Asymmetric encryption</a></li>
+<li class="toctree-l2"><a class="reference internal" href="ka.html">10.9. Key agreement</a></li>
+<li class="toctree-l2"><a class="reference internal" href="rng.html">10.10. Other cryptographic services</a></li>
+</ul>
+</li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/example_header.html">Example header file</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/specdef_values.html">Example macro implementations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../appendix/history.html">Changes to the API</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../../psa_c-identifiers.html">Index of API elements</a></li>
+</ul>
<div id="searchbox" style="display: none" role="search">
<h3>Quick search</h3>
<form class="search" action="../../search.html" method="get">
@@ -690,15 +707,12 @@
<div class="clearer"></div>
</div>
<div class="footer">
- © 2019-2020, Arm Limited or its affiliates. All rights reserved.
+ © 2018-2020, Arm Limited or its affiliates. All rights reserved.
|
Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
& <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
- |
- <a href="../../_sources/api/ops/sign.rst.txt"
- rel="nofollow">Page source</a>
</div>
diff --git a/docs/html/appendix/example_header.html b/docs/html/appendix/example_header.html
index 30f707a..3689be7 100644
--- a/docs/html/appendix/example_header.html
+++ b/docs/html/appendix/example_header.html
@@ -5,26 +5,27 @@
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>Example header file — PSA Crypto API 1.0.0 documentation</title>
+ <title>Example header file — PSA Crypto API 1.0.1 documentation</title>
<link rel="stylesheet" href="../_static/alabaster.css" type="text/css" />
<link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../',
- VERSION: '1.0.0',
+ VERSION: '1.0.1',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
- HAS_SOURCE: true,
+ HAS_SOURCE: false,
SOURCELINK_SUFFIX: '.txt'
};
</script>
<script type="text/javascript" src="../_static/jquery.js"></script>
<script type="text/javascript" src="../_static/underscore.js"></script>
<script type="text/javascript" src="../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../about.html" />
<link rel="index" title="Index" href="../genindex.html" />
<link rel="search" title="Search" href="../search.html" />
<link rel="next" title="Example macro implementations" href="specdef_values.html" />
- <link rel="prev" title="Other cryptographic services" href="../api/ops/rng.html" />
+ <link rel="prev" title="10.10. Other cryptographic services" href="../api/ops/rng.html" />
<link rel="stylesheet" href="../_static/custom.css" type="text/css" />
@@ -41,13 +42,13 @@
<div class="section" id="example-header-file">
<span id="appendix-example-header"></span><h1>Example header file</h1>
-<p>Each implementation of the PSA Crypto API must provide a header file named <strong>psa/crypto.h</strong>, in which the API elements in this specification are defined.</p>
-<p>This appendix provides a example of the <strong>psa/crypto.h</strong> header file with all of the API elements. This can be used as a starting point or reference for an implementation.</p>
+<p>Each implementation of the PSA Crypto API must provide a header file named <code class="file docutils literal"><span class="pre">psa/crypto.h</span></code>, in which the API elements in this specification are defined.</p>
+<p>This appendix provides a example of the <code class="file docutils literal"><span class="pre">psa/crypto.h</span></code> header file with all of the API elements. This can be used as a starting point or reference for an implementation.</p>
<div class="section" id="psa-crypto-h">
<h2>psa/crypto.h</h2>
<pre class="literal-block">
typedef <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-type"><span class="std std-ref">/* implementation-defined type */</span></a></em> <a class="reference internal" href="../api/ops/aead.html#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a>;
-typedef uint32_t <a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>;
+typedef uint32_t <a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>;
typedef <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-type"><span class="std std-ref">/* implementation-defined type */</span></a></em> <a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_operation_t" title="psa_cipher_operation_t">psa_cipher_operation_t</a>;
typedef uint8_t <a class="reference internal" href="../api/keys/types.html#c.psa_dh_family_t" title="psa_dh_family_t">psa_dh_family_t</a>;
typedef uint8_t <a class="reference internal" href="../api/keys/types.html#c.psa_ecc_family_t" title="psa_ecc_family_t">psa_ecc_family_t</a>;
@@ -55,10 +56,12 @@
typedef <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-type"><span class="std std-ref">/* implementation-defined type */</span></a></em> <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a>;
typedef <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-type"><span class="std std-ref">/* implementation-defined type */</span></a></em> <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a>;
typedef uint16_t <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_step_t" title="psa_key_derivation_step_t">psa_key_derivation_step_t</a>;
-typedef uint32_t <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a>;
-typedef uint32_t <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_lifetime_t" title="psa_key_lifetime_t">psa_key_lifetime_t</a>;
-typedef uint16_t <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>;
-typedef uint32_t <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>;
+typedef uint32_t <a class="reference internal" href="../api/keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a>;
+typedef uint32_t <a class="reference internal" href="../api/keys/lifetimes.html#c.psa_key_lifetime_t" title="psa_key_lifetime_t">psa_key_lifetime_t</a>;
+typedef uint32_t <a class="reference internal" href="../api/keys/lifetimes.html#c.psa_key_location_t" title="psa_key_location_t">psa_key_location_t</a>;
+typedef uint8_t <a class="reference internal" href="../api/keys/lifetimes.html#c.psa_key_persistence_t" title="psa_key_persistence_t">psa_key_persistence_t</a>;
+typedef uint16_t <a class="reference internal" href="../api/keys/types.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>;
+typedef uint32_t <a class="reference internal" href="../api/keys/policy.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>;
typedef <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-type"><span class="std std-ref">/* implementation-defined type */</span></a></em> <a class="reference internal" href="../api/ops/macs.html#c.psa_mac_operation_t" title="psa_mac_operation_t">psa_mac_operation_t</a>;
typedef int32_t <a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a>;
#define <a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE" title="PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE">PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE</a>(ciphertext_length) \
@@ -89,86 +92,87 @@
<em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
#define <a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_AEAD_WITH_SHORTENED_TAG" title="PSA_ALG_AEAD_WITH_SHORTENED_TAG">PSA_ALG_AEAD_WITH_SHORTENED_TAG</a>(aead_alg, tag_length) \
<em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH">PSA_ALG_ANY_HASH</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x020000ff)
-#define <a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_CBC_MAC" title="PSA_ALG_CBC_MAC">PSA_ALG_CBC_MAC</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x03c00100)
-#define <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_CBC_NO_PADDING" title="PSA_ALG_CBC_NO_PADDING">PSA_ALG_CBC_NO_PADDING</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04404000)
-#define <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_CBC_PKCS7" title="PSA_ALG_CBC_PKCS7">PSA_ALG_CBC_PKCS7</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04404100)
-#define <a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_CCM" title="PSA_ALG_CCM">PSA_ALG_CCM</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x05500100)
-#define <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_CFB" title="PSA_ALG_CFB">PSA_ALG_CFB</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04c01100)
-#define <a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_CHACHA20_POLY1305" title="PSA_ALG_CHACHA20_POLY1305">PSA_ALG_CHACHA20_POLY1305</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x05100500)
-#define <a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_CMAC" title="PSA_ALG_CMAC">PSA_ALG_CMAC</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x03c00200)
-#define <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_CTR" title="PSA_ALG_CTR">PSA_ALG_CTR</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04c01000)
+#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_ANY_HASH" title="PSA_ALG_ANY_HASH">PSA_ALG_ANY_HASH</a> ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x020000ff)
+#define <a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_CBC_MAC" title="PSA_ALG_CBC_MAC">PSA_ALG_CBC_MAC</a> ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x03c00100)
+#define <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_CBC_NO_PADDING" title="PSA_ALG_CBC_NO_PADDING">PSA_ALG_CBC_NO_PADDING</a> ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04404000)
+#define <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_CBC_PKCS7" title="PSA_ALG_CBC_PKCS7">PSA_ALG_CBC_PKCS7</a> ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04404100)
+#define <a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_CCM" title="PSA_ALG_CCM">PSA_ALG_CCM</a> ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x05500100)
+#define <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_CFB" title="PSA_ALG_CFB">PSA_ALG_CFB</a> ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04c01100)
+#define <a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_CHACHA20_POLY1305" title="PSA_ALG_CHACHA20_POLY1305">PSA_ALG_CHACHA20_POLY1305</a> ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x05100500)
+#define <a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_CMAC" title="PSA_ALG_CMAC">PSA_ALG_CMAC</a> ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x03c00200)
+#define <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_CTR" title="PSA_ALG_CTR">PSA_ALG_CTR</a> ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04c01000)
#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_DETERMINISTIC_ECDSA" title="PSA_ALG_DETERMINISTIC_ECDSA">PSA_ALG_DETERMINISTIC_ECDSA</a>(hash_alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-#define <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_ECB_NO_PADDING" title="PSA_ALG_ECB_NO_PADDING">PSA_ALG_ECB_NO_PADDING</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04404400)
-#define <a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_ECDH" title="PSA_ALG_ECDH">PSA_ALG_ECDH</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x09020000)
+#define <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_ECB_NO_PADDING" title="PSA_ALG_ECB_NO_PADDING">PSA_ALG_ECB_NO_PADDING</a> ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04404400)
+#define <a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_ECDH" title="PSA_ALG_ECDH">PSA_ALG_ECDH</a> ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x09020000)
#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA">PSA_ALG_ECDSA</a>(hash_alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_ECDSA_ANY" title="PSA_ALG_ECDSA_ANY">PSA_ALG_ECDSA_ANY</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>) 0x06000600))
-#define <a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_FFDH" title="PSA_ALG_FFDH">PSA_ALG_FFDH</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x09010000)
+#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_ECDSA_ANY" title="PSA_ALG_ECDSA_ANY">PSA_ALG_ECDSA_ANY</a> ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>) 0x06000600)
+#define <a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_FFDH" title="PSA_ALG_FFDH">PSA_ALG_FFDH</a> ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x09010000)
#define <a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_FULL_LENGTH_MAC" title="PSA_ALG_FULL_LENGTH_MAC">PSA_ALG_FULL_LENGTH_MAC</a>(mac_alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-#define <a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_GCM" title="PSA_ALG_GCM">PSA_ALG_GCM</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x05500200)
-#define <a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_GET_HASH" title="PSA_ALG_GET_HASH">PSA_ALG_GET_HASH</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_GCM" title="PSA_ALG_GCM">PSA_ALG_GCM</a> ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x05500200)
+#define <a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_GET_HASH" title="PSA_ALG_GET_HASH">PSA_ALG_GET_HASH</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
#define <a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_HKDF" title="PSA_ALG_HKDF">PSA_ALG_HKDF</a>(hash_alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
#define <a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_HMAC" title="PSA_ALG_HMAC">PSA_ALG_HMAC</a>(hash_alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-#define <a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD">PSA_ALG_IS_AEAD</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD">PSA_ALG_IS_AEAD</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
#define <a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER" title="PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER">PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-#define <a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_ASYMMETRIC_ENCRYPTION" title="PSA_ALG_IS_ASYMMETRIC_ENCRYPTION">PSA_ALG_IS_ASYMMETRIC_ENCRYPTION</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_IS_ASYMMETRIC_ENCRYPTION" title="PSA_ALG_IS_ASYMMETRIC_ENCRYPTION">PSA_ALG_IS_ASYMMETRIC_ENCRYPTION</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
#define <a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_IS_BLOCK_CIPHER_MAC" title="PSA_ALG_IS_BLOCK_CIPHER_MAC">PSA_ALG_IS_BLOCK_CIPHER_MAC</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-#define <a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER">PSA_ALG_IS_CIPHER</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER">PSA_ALG_IS_CIPHER</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_DETERMINISTIC_ECDSA" title="PSA_ALG_IS_DETERMINISTIC_ECDSA">PSA_ALG_IS_DETERMINISTIC_ECDSA</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
#define <a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_IS_ECDH" title="PSA_ALG_IS_ECDH">PSA_ALG_IS_ECDH</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_ECDSA" title="PSA_ALG_IS_ECDSA">PSA_ALG_IS_ECDSA</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
#define <a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_IS_FFDH" title="PSA_ALG_IS_FFDH">PSA_ALG_IS_FFDH</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-#define <a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH">PSA_ALG_IS_HASH</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH">PSA_ALG_IS_HASH</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_HASH_AND_SIGN" title="PSA_ALG_IS_HASH_AND_SIGN">PSA_ALG_IS_HASH_AND_SIGN</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
#define <a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_IS_HKDF" title="PSA_ALG_IS_HKDF">PSA_ALG_IS_HKDF</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
#define <a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_IS_HMAC" title="PSA_ALG_IS_HMAC">PSA_ALG_IS_HMAC</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-#define <a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_KEY_AGREEMENT" title="PSA_ALG_IS_KEY_AGREEMENT">PSA_ALG_IS_KEY_AGREEMENT</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-#define <a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_KEY_DERIVATION" title="PSA_ALG_IS_KEY_DERIVATION">PSA_ALG_IS_KEY_DERIVATION</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-#define <a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC">PSA_ALG_IS_MAC</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_IS_KEY_AGREEMENT" title="PSA_ALG_IS_KEY_AGREEMENT">PSA_ALG_IS_KEY_AGREEMENT</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_IS_KEY_DERIVATION" title="PSA_ALG_IS_KEY_DERIVATION">PSA_ALG_IS_KEY_DERIVATION</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC">PSA_ALG_IS_MAC</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_RANDOMIZED_ECDSA" title="PSA_ALG_IS_RANDOMIZED_ECDSA">PSA_ALG_IS_RANDOMIZED_ECDSA</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
#define <a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_IS_RAW_KEY_AGREEMENT" title="PSA_ALG_IS_RAW_KEY_AGREEMENT">PSA_ALG_IS_RAW_KEY_AGREEMENT</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
#define <a class="reference internal" href="../api/ops/pke.html#c.PSA_ALG_IS_RSA_OAEP" title="PSA_ALG_IS_RSA_OAEP">PSA_ALG_IS_RSA_OAEP</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_RSA_PKCS1V15_SIGN" title="PSA_ALG_IS_RSA_PKCS1V15_SIGN">PSA_ALG_IS_RSA_PKCS1V15_SIGN</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_RSA_PSS" title="PSA_ALG_IS_RSA_PSS">PSA_ALG_IS_RSA_PSS</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-#define <a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_SIGN" title="PSA_ALG_IS_SIGN">PSA_ALG_IS_SIGN</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_IS_SIGN" title="PSA_ALG_IS_SIGN">PSA_ALG_IS_SIGN</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_SIGN_HASH" title="PSA_ALG_IS_SIGN_HASH">PSA_ALG_IS_SIGN_HASH</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_SIGN_MESSAGE" title="PSA_ALG_IS_SIGN_MESSAGE">PSA_ALG_IS_SIGN_MESSAGE</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
#define <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_IS_STREAM_CIPHER" title="PSA_ALG_IS_STREAM_CIPHER">PSA_ALG_IS_STREAM_CIPHER</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
#define <a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_IS_TLS12_PRF" title="PSA_ALG_IS_TLS12_PRF">PSA_ALG_IS_TLS12_PRF</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
#define <a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_IS_TLS12_PSK_TO_MS" title="PSA_ALG_IS_TLS12_PSK_TO_MS">PSA_ALG_IS_TLS12_PSK_TO_MS</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-#define <a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_WILDCARD" title="PSA_ALG_IS_WILDCARD">PSA_ALG_IS_WILDCARD</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
+#define <a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_IS_WILDCARD" title="PSA_ALG_IS_WILDCARD">PSA_ALG_IS_WILDCARD</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
#define <a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_KEY_AGREEMENT" title="PSA_ALG_KEY_AGREEMENT">PSA_ALG_KEY_AGREEMENT</a>(ka_alg, kdf_alg) \
<em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
#define <a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_KEY_AGREEMENT_GET_BASE" title="PSA_ALG_KEY_AGREEMENT_GET_BASE">PSA_ALG_KEY_AGREEMENT_GET_BASE</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
#define <a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_KEY_AGREEMENT_GET_KDF" title="PSA_ALG_KEY_AGREEMENT_GET_KDF">PSA_ALG_KEY_AGREEMENT_GET_KDF</a>(alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_MD2" title="PSA_ALG_MD2">PSA_ALG_MD2</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000001)
-#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_MD4" title="PSA_ALG_MD4">PSA_ALG_MD4</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000002)
-#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_MD5" title="PSA_ALG_MD5">PSA_ALG_MD5</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000003)
-#define <a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_NONE" title="PSA_ALG_NONE">PSA_ALG_NONE</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0)
-#define <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_OFB" title="PSA_ALG_OFB">PSA_ALG_OFB</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04c01200)
-#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_RIPEMD160" title="PSA_ALG_RIPEMD160">PSA_ALG_RIPEMD160</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000004)
+#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_MD2" title="PSA_ALG_MD2">PSA_ALG_MD2</a> ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000001)
+#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_MD4" title="PSA_ALG_MD4">PSA_ALG_MD4</a> ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000002)
+#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_MD5" title="PSA_ALG_MD5">PSA_ALG_MD5</a> ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000003)
+#define <a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_NONE" title="PSA_ALG_NONE">PSA_ALG_NONE</a> ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0)
+#define <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_OFB" title="PSA_ALG_OFB">PSA_ALG_OFB</a> ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04c01200)
+#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_RIPEMD160" title="PSA_ALG_RIPEMD160">PSA_ALG_RIPEMD160</a> ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000004)
#define <a class="reference internal" href="../api/ops/pke.html#c.PSA_ALG_RSA_OAEP" title="PSA_ALG_RSA_OAEP">PSA_ALG_RSA_OAEP</a>(hash_alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-#define <a class="reference internal" href="../api/ops/pke.html#c.PSA_ALG_RSA_PKCS1V15_CRYPT" title="PSA_ALG_RSA_PKCS1V15_CRYPT">PSA_ALG_RSA_PKCS1V15_CRYPT</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x07000200)
+#define <a class="reference internal" href="../api/ops/pke.html#c.PSA_ALG_RSA_PKCS1V15_CRYPT" title="PSA_ALG_RSA_PKCS1V15_CRYPT">PSA_ALG_RSA_PKCS1V15_CRYPT</a> ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x07000200)
#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_RSA_PKCS1V15_SIGN" title="PSA_ALG_RSA_PKCS1V15_SIGN">PSA_ALG_RSA_PKCS1V15_SIGN</a>(hash_alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_RSA_PKCS1V15_SIGN_RAW" title="PSA_ALG_RSA_PKCS1V15_SIGN_RAW">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>) 0x06000200))
+#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_RSA_PKCS1V15_SIGN_RAW" title="PSA_ALG_RSA_PKCS1V15_SIGN_RAW">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</a> ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>) 0x06000200)
#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_RSA_PSS" title="PSA_ALG_RSA_PSS">PSA_ALG_RSA_PSS</a>(hash_alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA3_224" title="PSA_ALG_SHA3_224">PSA_ALG_SHA3_224</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000010)
-#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA3_256" title="PSA_ALG_SHA3_256">PSA_ALG_SHA3_256</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000011)
-#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA3_384" title="PSA_ALG_SHA3_384">PSA_ALG_SHA3_384</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000012)
-#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA3_512" title="PSA_ALG_SHA3_512">PSA_ALG_SHA3_512</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000013)
-#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_1" title="PSA_ALG_SHA_1">PSA_ALG_SHA_1</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000005)
-#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_224" title="PSA_ALG_SHA_224">PSA_ALG_SHA_224</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000008)
-#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_256" title="PSA_ALG_SHA_256">PSA_ALG_SHA_256</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000009)
-#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_384" title="PSA_ALG_SHA_384">PSA_ALG_SHA_384</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x0200000a)
-#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_512" title="PSA_ALG_SHA_512">PSA_ALG_SHA_512</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x0200000b)
-#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_512_224" title="PSA_ALG_SHA_512_224">PSA_ALG_SHA_512_224</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x0200000c)
-#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_512_256" title="PSA_ALG_SHA_512_256">PSA_ALG_SHA_512_256</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x0200000d)
-#define <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_STREAM_CIPHER" title="PSA_ALG_STREAM_CIPHER">PSA_ALG_STREAM_CIPHER</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04800100)
+#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA3_224" title="PSA_ALG_SHA3_224">PSA_ALG_SHA3_224</a> ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000010)
+#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA3_256" title="PSA_ALG_SHA3_256">PSA_ALG_SHA3_256</a> ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000011)
+#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA3_384" title="PSA_ALG_SHA3_384">PSA_ALG_SHA3_384</a> ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000012)
+#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA3_512" title="PSA_ALG_SHA3_512">PSA_ALG_SHA3_512</a> ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000013)
+#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_1" title="PSA_ALG_SHA_1">PSA_ALG_SHA_1</a> ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000005)
+#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_224" title="PSA_ALG_SHA_224">PSA_ALG_SHA_224</a> ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000008)
+#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_256" title="PSA_ALG_SHA_256">PSA_ALG_SHA_256</a> ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000009)
+#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_384" title="PSA_ALG_SHA_384">PSA_ALG_SHA_384</a> ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x0200000a)
+#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_512" title="PSA_ALG_SHA_512">PSA_ALG_SHA_512</a> ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x0200000b)
+#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_512_224" title="PSA_ALG_SHA_512_224">PSA_ALG_SHA_512_224</a> ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x0200000c)
+#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_512_256" title="PSA_ALG_SHA_512_256">PSA_ALG_SHA_512_256</a> ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x0200000d)
+#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SM3" title="PSA_ALG_SM3">PSA_ALG_SM3</a> ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x02000014)
+#define <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_STREAM_CIPHER" title="PSA_ALG_STREAM_CIPHER">PSA_ALG_STREAM_CIPHER</a> ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x04800100)
#define <a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_TLS12_PRF" title="PSA_ALG_TLS12_PRF">PSA_ALG_TLS12_PRF</a>(hash_alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
#define <a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_TLS12_PSK_TO_MS" title="PSA_ALG_TLS12_PSK_TO_MS">PSA_ALG_TLS12_PSK_TO_MS</a>(hash_alg) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
#define <a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_TRUNCATED_MAC" title="PSA_ALG_TRUNCATED_MAC">PSA_ALG_TRUNCATED_MAC</a>(mac_alg, mac_length) \
<em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-#define <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_XTS" title="PSA_ALG_XTS">PSA_ALG_XTS</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x0440ff00)
+#define <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_XTS" title="PSA_ALG_XTS">PSA_ALG_XTS</a> ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)0x0440ff00)
#define <a class="reference internal" href="../api/ops/pke.html#c.PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE" title="PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE">PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE</a> \
<em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
#define <a class="reference internal" href="../api/ops/pke.html#c.PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE" title="PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE">PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE</a>(key_type, key_bits, alg) \
@@ -257,26 +261,39 @@
#define <a class="reference internal" href="../api/ops/kdf.html#c.PSA_KEY_DERIVATION_OPERATION_INIT" title="PSA_KEY_DERIVATION_OPERATION_INIT">PSA_KEY_DERIVATION_OPERATION_INIT</a> <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
#define <a class="reference internal" href="../api/ops/kdf.html#c.PSA_KEY_DERIVATION_UNLIMITED_CAPACITY" title="PSA_KEY_DERIVATION_UNLIMITED_CAPACITY">PSA_KEY_DERIVATION_UNLIMITED_CAPACITY</a> \
<em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
-#define <a class="reference internal" href="../api/keys/locations.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL">PSA_KEY_ID_NULL</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a>)0)
-#define <a class="reference internal" href="../api/keys/locations.html#c.PSA_KEY_ID_USER_MAX" title="PSA_KEY_ID_USER_MAX">PSA_KEY_ID_USER_MAX</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a>)0x3fffffff)
-#define <a class="reference internal" href="../api/keys/locations.html#c.PSA_KEY_ID_USER_MIN" title="PSA_KEY_ID_USER_MIN">PSA_KEY_ID_USER_MIN</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a>)0x00000001)
-#define <a class="reference internal" href="../api/keys/locations.html#c.PSA_KEY_ID_VENDOR_MAX" title="PSA_KEY_ID_VENDOR_MAX">PSA_KEY_ID_VENDOR_MAX</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a>)0x7fffffff)
-#define <a class="reference internal" href="../api/keys/locations.html#c.PSA_KEY_ID_VENDOR_MIN" title="PSA_KEY_ID_VENDOR_MIN">PSA_KEY_ID_VENDOR_MIN</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a>)0x40000000)
-#define <a class="reference internal" href="../api/keys/locations.html#c.PSA_KEY_LIFETIME_PERSISTENT" title="PSA_KEY_LIFETIME_PERSISTENT">PSA_KEY_LIFETIME_PERSISTENT</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_lifetime_t" title="psa_key_lifetime_t">psa_key_lifetime_t</a>)0x00000001)
-#define <a class="reference internal" href="../api/keys/locations.html#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE">PSA_KEY_LIFETIME_VOLATILE</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_lifetime_t" title="psa_key_lifetime_t">psa_key_lifetime_t</a>)0x00000000)
-#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_AES" title="PSA_KEY_TYPE_AES">PSA_KEY_TYPE_AES</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x2400)
-#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_ARC4" title="PSA_KEY_TYPE_ARC4">PSA_KEY_TYPE_ARC4</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x2002)
-#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_CAMELLIA" title="PSA_KEY_TYPE_CAMELLIA">PSA_KEY_TYPE_CAMELLIA</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x2403)
-#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_CHACHA20" title="PSA_KEY_TYPE_CHACHA20">PSA_KEY_TYPE_CHACHA20</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x2004)
-#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_DERIVE" title="PSA_KEY_TYPE_DERIVE">PSA_KEY_TYPE_DERIVE</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x1200)
-#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_DES" title="PSA_KEY_TYPE_DES">PSA_KEY_TYPE_DES</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x2301)
+#define <a class="reference internal" href="../api/keys/ids.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL">PSA_KEY_ID_NULL</a> ((<a class="reference internal" href="../api/keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a>)0)
+#define <a class="reference internal" href="../api/keys/ids.html#c.PSA_KEY_ID_USER_MAX" title="PSA_KEY_ID_USER_MAX">PSA_KEY_ID_USER_MAX</a> ((<a class="reference internal" href="../api/keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a>)0x3fffffff)
+#define <a class="reference internal" href="../api/keys/ids.html#c.PSA_KEY_ID_USER_MIN" title="PSA_KEY_ID_USER_MIN">PSA_KEY_ID_USER_MIN</a> ((<a class="reference internal" href="../api/keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a>)0x00000001)
+#define <a class="reference internal" href="../api/keys/ids.html#c.PSA_KEY_ID_VENDOR_MAX" title="PSA_KEY_ID_VENDOR_MAX">PSA_KEY_ID_VENDOR_MAX</a> ((<a class="reference internal" href="../api/keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a>)0x7fffffff)
+#define <a class="reference internal" href="../api/keys/ids.html#c.PSA_KEY_ID_VENDOR_MIN" title="PSA_KEY_ID_VENDOR_MIN">PSA_KEY_ID_VENDOR_MIN</a> ((<a class="reference internal" href="../api/keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a>)0x40000000)
+#define <a class="reference internal" href="../api/keys/lifetimes.html#c.PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION" title="PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION">PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION</a>(persistence, location) \
+ ((location) << 8 | (persistence))
+#define <a class="reference internal" href="../api/keys/lifetimes.html#c.PSA_KEY_LIFETIME_GET_LOCATION" title="PSA_KEY_LIFETIME_GET_LOCATION">PSA_KEY_LIFETIME_GET_LOCATION</a>(lifetime) \
+ ((<a class="reference internal" href="../api/keys/lifetimes.html#c.psa_key_location_t" title="psa_key_location_t">psa_key_location_t</a>) ((lifetime) >> 8))
+#define <a class="reference internal" href="../api/keys/lifetimes.html#c.PSA_KEY_LIFETIME_GET_PERSISTENCE" title="PSA_KEY_LIFETIME_GET_PERSISTENCE">PSA_KEY_LIFETIME_GET_PERSISTENCE</a>(lifetime) \
+ ((<a class="reference internal" href="../api/keys/lifetimes.html#c.psa_key_persistence_t" title="psa_key_persistence_t">psa_key_persistence_t</a>) ((lifetime) & 0x000000ff))
+#define <a class="reference internal" href="../api/keys/lifetimes.html#c.PSA_KEY_LIFETIME_IS_VOLATILE" title="PSA_KEY_LIFETIME_IS_VOLATILE">PSA_KEY_LIFETIME_IS_VOLATILE</a>(lifetime) \
+ (<a class="reference internal" href="../api/keys/lifetimes.html#c.PSA_KEY_LIFETIME_GET_PERSISTENCE" title="PSA_KEY_LIFETIME_GET_PERSISTENCE">PSA_KEY_LIFETIME_GET_PERSISTENCE</a>(lifetime) == <a class="reference internal" href="../api/keys/lifetimes.html#c.PSA_KEY_PERSISTENCE_VOLATILE" title="PSA_KEY_PERSISTENCE_VOLATILE">PSA_KEY_PERSISTENCE_VOLATILE</a>)
+#define <a class="reference internal" href="../api/keys/lifetimes.html#c.PSA_KEY_LIFETIME_PERSISTENT" title="PSA_KEY_LIFETIME_PERSISTENT">PSA_KEY_LIFETIME_PERSISTENT</a> ((<a class="reference internal" href="../api/keys/lifetimes.html#c.psa_key_lifetime_t" title="psa_key_lifetime_t">psa_key_lifetime_t</a>) 0x00000001)
+#define <a class="reference internal" href="../api/keys/lifetimes.html#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE">PSA_KEY_LIFETIME_VOLATILE</a> ((<a class="reference internal" href="../api/keys/lifetimes.html#c.psa_key_lifetime_t" title="psa_key_lifetime_t">psa_key_lifetime_t</a>) 0x00000000)
+#define <a class="reference internal" href="../api/keys/lifetimes.html#c.PSA_KEY_LOCATION_LOCAL_STORAGE" title="PSA_KEY_LOCATION_LOCAL_STORAGE">PSA_KEY_LOCATION_LOCAL_STORAGE</a> ((<a class="reference internal" href="../api/keys/lifetimes.html#c.psa_key_location_t" title="psa_key_location_t">psa_key_location_t</a>) 0x000000)
+#define <a class="reference internal" href="../api/keys/lifetimes.html#c.PSA_KEY_LOCATION_PRIMARY_SECURE_ELEMENT" title="PSA_KEY_LOCATION_PRIMARY_SECURE_ELEMENT">PSA_KEY_LOCATION_PRIMARY_SECURE_ELEMENT</a> ((<a class="reference internal" href="../api/keys/lifetimes.html#c.psa_key_location_t" title="psa_key_location_t">psa_key_location_t</a>) 0x000001)
+#define <a class="reference internal" href="../api/keys/lifetimes.html#c.PSA_KEY_PERSISTENCE_DEFAULT" title="PSA_KEY_PERSISTENCE_DEFAULT">PSA_KEY_PERSISTENCE_DEFAULT</a> ((<a class="reference internal" href="../api/keys/lifetimes.html#c.psa_key_persistence_t" title="psa_key_persistence_t">psa_key_persistence_t</a>) 0x01)
+#define <a class="reference internal" href="../api/keys/lifetimes.html#c.PSA_KEY_PERSISTENCE_READ_ONLY" title="PSA_KEY_PERSISTENCE_READ_ONLY">PSA_KEY_PERSISTENCE_READ_ONLY</a> ((<a class="reference internal" href="../api/keys/lifetimes.html#c.psa_key_persistence_t" title="psa_key_persistence_t">psa_key_persistence_t</a>) 0xff)
+#define <a class="reference internal" href="../api/keys/lifetimes.html#c.PSA_KEY_PERSISTENCE_VOLATILE" title="PSA_KEY_PERSISTENCE_VOLATILE">PSA_KEY_PERSISTENCE_VOLATILE</a> ((<a class="reference internal" href="../api/keys/lifetimes.html#c.psa_key_persistence_t" title="psa_key_persistence_t">psa_key_persistence_t</a>) 0x00)
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_AES" title="PSA_KEY_TYPE_AES">PSA_KEY_TYPE_AES</a> ((<a class="reference internal" href="../api/keys/types.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x2400)
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_ARC4" title="PSA_KEY_TYPE_ARC4">PSA_KEY_TYPE_ARC4</a> ((<a class="reference internal" href="../api/keys/types.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x2002)
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_CAMELLIA" title="PSA_KEY_TYPE_CAMELLIA">PSA_KEY_TYPE_CAMELLIA</a> ((<a class="reference internal" href="../api/keys/types.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x2403)
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_CHACHA20" title="PSA_KEY_TYPE_CHACHA20">PSA_KEY_TYPE_CHACHA20</a> ((<a class="reference internal" href="../api/keys/types.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x2004)
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_DERIVE" title="PSA_KEY_TYPE_DERIVE">PSA_KEY_TYPE_DERIVE</a> ((<a class="reference internal" href="../api/keys/types.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x1200)
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_DES" title="PSA_KEY_TYPE_DES">PSA_KEY_TYPE_DES</a> ((<a class="reference internal" href="../api/keys/types.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x2301)
#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_DH_GET_FAMILY" title="PSA_KEY_TYPE_DH_GET_FAMILY">PSA_KEY_TYPE_DH_GET_FAMILY</a>(type) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_DH_KEY_PAIR" title="PSA_KEY_TYPE_DH_KEY_PAIR">PSA_KEY_TYPE_DH_KEY_PAIR</a>(group) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_DH_PUBLIC_KEY" title="PSA_KEY_TYPE_DH_PUBLIC_KEY">PSA_KEY_TYPE_DH_PUBLIC_KEY</a>(group) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_ECC_GET_FAMILY" title="PSA_KEY_TYPE_ECC_GET_FAMILY">PSA_KEY_TYPE_ECC_GET_FAMILY</a>(type) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_ECC_KEY_PAIR" title="PSA_KEY_TYPE_ECC_KEY_PAIR">PSA_KEY_TYPE_ECC_KEY_PAIR</a>(curve) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_ECC_PUBLIC_KEY" title="PSA_KEY_TYPE_ECC_PUBLIC_KEY">PSA_KEY_TYPE_ECC_PUBLIC_KEY</a>(curve) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_HMAC" title="PSA_KEY_TYPE_HMAC">PSA_KEY_TYPE_HMAC</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x1100)
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_HMAC" title="PSA_KEY_TYPE_HMAC">PSA_KEY_TYPE_HMAC</a> ((<a class="reference internal" href="../api/keys/types.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x1100)
#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_ASYMMETRIC" title="PSA_KEY_TYPE_IS_ASYMMETRIC">PSA_KEY_TYPE_IS_ASYMMETRIC</a>(type) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_DH" title="PSA_KEY_TYPE_IS_DH">PSA_KEY_TYPE_IS_DH</a>(type) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_DH_KEY_PAIR" title="PSA_KEY_TYPE_IS_DH_KEY_PAIR">PSA_KEY_TYPE_IS_DH_KEY_PAIR</a>(type) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
@@ -290,22 +307,23 @@
#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_UNSTRUCTURED" title="PSA_KEY_TYPE_IS_UNSTRUCTURED">PSA_KEY_TYPE_IS_UNSTRUCTURED</a>(type) <em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY" title="PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY">PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY</a>(type) \
<em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_NONE" title="PSA_KEY_TYPE_NONE">PSA_KEY_TYPE_NONE</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x0000)
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_NONE" title="PSA_KEY_TYPE_NONE">PSA_KEY_TYPE_NONE</a> ((<a class="reference internal" href="../api/keys/types.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x0000)
#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR" title="PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR</a>(type) \
<em><a class="reference internal" href="../overview/implementation.html#specification-defined-value"><span class="std std-ref">/* specification-defined value */</span></a></em>
-#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_RAW_DATA" title="PSA_KEY_TYPE_RAW_DATA">PSA_KEY_TYPE_RAW_DATA</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x1001)
-#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_RSA_KEY_PAIR" title="PSA_KEY_TYPE_RSA_KEY_PAIR">PSA_KEY_TYPE_RSA_KEY_PAIR</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x7001)
-#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_RSA_PUBLIC_KEY" title="PSA_KEY_TYPE_RSA_PUBLIC_KEY">PSA_KEY_TYPE_RSA_PUBLIC_KEY</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x4001)
-#define <a class="reference internal" href="../api/keys/usage.html#c.PSA_KEY_USAGE_CACHE" title="PSA_KEY_USAGE_CACHE">PSA_KEY_USAGE_CACHE</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000004)
-#define <a class="reference internal" href="../api/keys/usage.html#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY">PSA_KEY_USAGE_COPY</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000002)
-#define <a class="reference internal" href="../api/keys/usage.html#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT">PSA_KEY_USAGE_DECRYPT</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000200)
-#define <a class="reference internal" href="../api/keys/usage.html#c.PSA_KEY_USAGE_DERIVE" title="PSA_KEY_USAGE_DERIVE">PSA_KEY_USAGE_DERIVE</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00004000)
-#define <a class="reference internal" href="../api/keys/usage.html#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT">PSA_KEY_USAGE_ENCRYPT</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000100)
-#define <a class="reference internal" href="../api/keys/usage.html#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT">PSA_KEY_USAGE_EXPORT</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000001)
-#define <a class="reference internal" href="../api/keys/usage.html#c.PSA_KEY_USAGE_SIGN_HASH" title="PSA_KEY_USAGE_SIGN_HASH">PSA_KEY_USAGE_SIGN_HASH</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00001000)
-#define <a class="reference internal" href="../api/keys/usage.html#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE">PSA_KEY_USAGE_SIGN_MESSAGE</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000400)
-#define <a class="reference internal" href="../api/keys/usage.html#c.PSA_KEY_USAGE_VERIFY_HASH" title="PSA_KEY_USAGE_VERIFY_HASH">PSA_KEY_USAGE_VERIFY_HASH</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00002000)
-#define <a class="reference internal" href="../api/keys/usage.html#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE">PSA_KEY_USAGE_VERIFY_MESSAGE</a> ((<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000800)
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_RAW_DATA" title="PSA_KEY_TYPE_RAW_DATA">PSA_KEY_TYPE_RAW_DATA</a> ((<a class="reference internal" href="../api/keys/types.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x1001)
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_RSA_KEY_PAIR" title="PSA_KEY_TYPE_RSA_KEY_PAIR">PSA_KEY_TYPE_RSA_KEY_PAIR</a> ((<a class="reference internal" href="../api/keys/types.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x7001)
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_RSA_PUBLIC_KEY" title="PSA_KEY_TYPE_RSA_PUBLIC_KEY">PSA_KEY_TYPE_RSA_PUBLIC_KEY</a> ((<a class="reference internal" href="../api/keys/types.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x4001)
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_SM4" title="PSA_KEY_TYPE_SM4">PSA_KEY_TYPE_SM4</a> ((<a class="reference internal" href="../api/keys/types.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>)0x2405)
+#define <a class="reference internal" href="../api/keys/policy.html#c.PSA_KEY_USAGE_CACHE" title="PSA_KEY_USAGE_CACHE">PSA_KEY_USAGE_CACHE</a> ((<a class="reference internal" href="../api/keys/policy.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000004)
+#define <a class="reference internal" href="../api/keys/policy.html#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY">PSA_KEY_USAGE_COPY</a> ((<a class="reference internal" href="../api/keys/policy.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000002)
+#define <a class="reference internal" href="../api/keys/policy.html#c.PSA_KEY_USAGE_DECRYPT" title="PSA_KEY_USAGE_DECRYPT">PSA_KEY_USAGE_DECRYPT</a> ((<a class="reference internal" href="../api/keys/policy.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000200)
+#define <a class="reference internal" href="../api/keys/policy.html#c.PSA_KEY_USAGE_DERIVE" title="PSA_KEY_USAGE_DERIVE">PSA_KEY_USAGE_DERIVE</a> ((<a class="reference internal" href="../api/keys/policy.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00004000)
+#define <a class="reference internal" href="../api/keys/policy.html#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT">PSA_KEY_USAGE_ENCRYPT</a> ((<a class="reference internal" href="../api/keys/policy.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000100)
+#define <a class="reference internal" href="../api/keys/policy.html#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT">PSA_KEY_USAGE_EXPORT</a> ((<a class="reference internal" href="../api/keys/policy.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000001)
+#define <a class="reference internal" href="../api/keys/policy.html#c.PSA_KEY_USAGE_SIGN_HASH" title="PSA_KEY_USAGE_SIGN_HASH">PSA_KEY_USAGE_SIGN_HASH</a> ((<a class="reference internal" href="../api/keys/policy.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00001000)
+#define <a class="reference internal" href="../api/keys/policy.html#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE">PSA_KEY_USAGE_SIGN_MESSAGE</a> ((<a class="reference internal" href="../api/keys/policy.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000400)
+#define <a class="reference internal" href="../api/keys/policy.html#c.PSA_KEY_USAGE_VERIFY_HASH" title="PSA_KEY_USAGE_VERIFY_HASH">PSA_KEY_USAGE_VERIFY_HASH</a> ((<a class="reference internal" href="../api/keys/policy.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00002000)
+#define <a class="reference internal" href="../api/keys/policy.html#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE">PSA_KEY_USAGE_VERIFY_MESSAGE</a> ((<a class="reference internal" href="../api/keys/policy.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a>)0x00000800)
#define <a class="reference internal" href="../api/ops/macs.html#c.PSA_MAC_LENGTH" title="PSA_MAC_LENGTH">PSA_MAC_LENGTH</a>(key_type, key_bits, alg) \
<em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
#define <a class="reference internal" href="../api/ops/macs.html#c.PSA_MAC_MAX_SIZE" title="PSA_MAC_MAX_SIZE">PSA_MAC_MAX_SIZE</a> <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
@@ -320,8 +338,8 @@
#define <a class="reference internal" href="../api/library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS">PSA_SUCCESS</a> ((<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a>)0)
#define <a class="reference internal" href="../api/ops/kdf.html#c.PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE" title="PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE">PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE</a> <em><a class="reference internal" href="../overview/implementation.html#implementation-defined-value"><span class="std std-ref">/* implementation-defined value */</span></a></em>
<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/aead.html#c.psa_aead_abort" title="psa_aead_abort">psa_aead_abort</a>(<a class="reference internal" href="../api/ops/aead.html#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> * operation);
-<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/aead.html#c.psa_aead_decrypt" title="psa_aead_decrypt">psa_aead_decrypt</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/aead.html#c.psa_aead_decrypt" title="psa_aead_decrypt">psa_aead_decrypt</a>(<a class="reference internal" href="../api/keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+ <a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
const uint8_t * nonce,
size_t nonce_length,
const uint8_t * additional_data,
@@ -332,10 +350,10 @@
size_t plaintext_size,
size_t * plaintext_length);
<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/aead.html#c.psa_aead_decrypt_setup" title="psa_aead_decrypt_setup">psa_aead_decrypt_setup</a>(<a class="reference internal" href="../api/ops/aead.html#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> * operation,
- <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
-<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/aead.html#c.psa_aead_encrypt" title="psa_aead_encrypt">psa_aead_encrypt</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+ <a class="reference internal" href="../api/keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+ <a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/aead.html#c.psa_aead_encrypt" title="psa_aead_encrypt">psa_aead_encrypt</a>(<a class="reference internal" href="../api/keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+ <a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
const uint8_t * nonce,
size_t nonce_length,
const uint8_t * additional_data,
@@ -346,8 +364,8 @@
size_t ciphertext_size,
size_t * ciphertext_length);
<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/aead.html#c.psa_aead_encrypt_setup" title="psa_aead_encrypt_setup">psa_aead_encrypt_setup</a>(<a class="reference internal" href="../api/ops/aead.html#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> * operation,
- <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
+ <a class="reference internal" href="../api/keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+ <a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/aead.html#c.psa_aead_finish" title="psa_aead_finish">psa_aead_finish</a>(<a class="reference internal" href="../api/ops/aead.html#c.psa_aead_operation_t" title="psa_aead_operation_t">psa_aead_operation_t</a> * operation,
uint8_t * ciphertext,
size_t ciphertext_size,
@@ -381,8 +399,8 @@
size_t * plaintext_length,
const uint8_t * tag,
size_t tag_length);
-<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/pke.html#c.psa_asymmetric_decrypt" title="psa_asymmetric_decrypt">psa_asymmetric_decrypt</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/pke.html#c.psa_asymmetric_decrypt" title="psa_asymmetric_decrypt">psa_asymmetric_decrypt</a>(<a class="reference internal" href="../api/keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+ <a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
const uint8_t * input,
size_t input_length,
const uint8_t * salt,
@@ -390,8 +408,8 @@
uint8_t * output,
size_t output_size,
size_t * output_length);
-<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/pke.html#c.psa_asymmetric_encrypt" title="psa_asymmetric_encrypt">psa_asymmetric_encrypt</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/pke.html#c.psa_asymmetric_encrypt" title="psa_asymmetric_encrypt">psa_asymmetric_encrypt</a>(<a class="reference internal" href="../api/keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+ <a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
const uint8_t * input,
size_t input_length,
const uint8_t * salt,
@@ -400,26 +418,26 @@
size_t output_size,
size_t * output_length);
<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_abort" title="psa_cipher_abort">psa_cipher_abort</a>(<a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_operation_t" title="psa_cipher_operation_t">psa_cipher_operation_t</a> * operation);
-<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_decrypt" title="psa_cipher_decrypt">psa_cipher_decrypt</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_decrypt" title="psa_cipher_decrypt">psa_cipher_decrypt</a>(<a class="reference internal" href="../api/keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+ <a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
const uint8_t * input,
size_t input_length,
uint8_t * output,
size_t output_size,
size_t * output_length);
<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_decrypt_setup" title="psa_cipher_decrypt_setup">psa_cipher_decrypt_setup</a>(<a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_operation_t" title="psa_cipher_operation_t">psa_cipher_operation_t</a> * operation,
- <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
-<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_encrypt" title="psa_cipher_encrypt">psa_cipher_encrypt</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+ <a class="reference internal" href="../api/keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+ <a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_encrypt" title="psa_cipher_encrypt">psa_cipher_encrypt</a>(<a class="reference internal" href="../api/keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+ <a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
const uint8_t * input,
size_t input_length,
uint8_t * output,
size_t output_size,
size_t * output_length);
<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_encrypt_setup" title="psa_cipher_encrypt_setup">psa_cipher_encrypt_setup</a>(<a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_operation_t" title="psa_cipher_operation_t">psa_cipher_operation_t</a> * operation,
- <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
+ <a class="reference internal" href="../api/keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+ <a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_finish" title="psa_cipher_finish">psa_cipher_finish</a>(<a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_operation_t" title="psa_cipher_operation_t">psa_cipher_operation_t</a> * operation,
uint8_t * output,
size_t output_size,
@@ -438,40 +456,40 @@
uint8_t * output,
size_t output_size,
size_t * output_length);
-<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/keys/management.html#c.psa_copy_key" title="psa_copy_key">psa_copy_key</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> source_key,
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/keys/management.html#c.psa_copy_key" title="psa_copy_key">psa_copy_key</a>(<a class="reference internal" href="../api/keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> source_key,
const <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
- <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> * target_key);
+ <a class="reference internal" href="../api/keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> * target_key);
<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/library/library.html#c.psa_crypto_init" title="psa_crypto_init">psa_crypto_init</a>(void);
-<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/keys/management.html#c.psa_destroy_key" title="psa_destroy_key">psa_destroy_key</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key);
-<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/keys/management.html#c.psa_export_key" title="psa_export_key">psa_export_key</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/keys/management.html#c.psa_destroy_key" title="psa_destroy_key">psa_destroy_key</a>(<a class="reference internal" href="../api/keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/keys/management.html#c.psa_export_key" title="psa_export_key">psa_export_key</a>(<a class="reference internal" href="../api/keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
uint8_t * data,
size_t data_size,
size_t * data_length);
-<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/keys/management.html#c.psa_export_public_key" title="psa_export_public_key">psa_export_public_key</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/keys/management.html#c.psa_export_public_key" title="psa_export_public_key">psa_export_public_key</a>(<a class="reference internal" href="../api/keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
uint8_t * data,
size_t data_size,
size_t * data_length);
<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/keys/management.html#c.psa_generate_key" title="psa_generate_key">psa_generate_key</a>(const <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
- <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> * key);
+ <a class="reference internal" href="../api/keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> * key);
<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/rng.html#c.psa_generate_random" title="psa_generate_random">psa_generate_random</a>(uint8_t * output,
size_t output_size);
-<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> <a class="reference internal" href="../api/keys/algorithms.html#c.psa_get_key_algorithm" title="psa_get_key_algorithm">psa_get_key_algorithm</a>(const <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
-<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/keys/attributes.html#c.psa_get_key_attributes" title="psa_get_key_attributes">psa_get_key_attributes</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> <a class="reference internal" href="../api/keys/policy.html#c.psa_get_key_algorithm" title="psa_get_key_algorithm">psa_get_key_algorithm</a>(const <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/keys/attributes.html#c.psa_get_key_attributes" title="psa_get_key_attributes">psa_get_key_attributes</a>(<a class="reference internal" href="../api/keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
size_t <a class="reference internal" href="../api/keys/types.html#c.psa_get_key_bits" title="psa_get_key_bits">psa_get_key_bits</a>(const <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
-<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> <a class="reference internal" href="../api/keys/locations.html#c.psa_get_key_id" title="psa_get_key_id">psa_get_key_id</a>(const <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
-<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_lifetime_t" title="psa_key_lifetime_t">psa_key_lifetime_t</a> <a class="reference internal" href="../api/keys/locations.html#c.psa_get_key_lifetime" title="psa_get_key_lifetime">psa_get_key_lifetime</a>(const <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
-<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a> <a class="reference internal" href="../api/keys/types.html#c.psa_get_key_type" title="psa_get_key_type">psa_get_key_type</a>(const <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
-<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a> <a class="reference internal" href="../api/keys/usage.html#c.psa_get_key_usage_flags" title="psa_get_key_usage_flags">psa_get_key_usage_flags</a>(const <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
+<a class="reference internal" href="../api/keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> <a class="reference internal" href="../api/keys/ids.html#c.psa_get_key_id" title="psa_get_key_id">psa_get_key_id</a>(const <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
+<a class="reference internal" href="../api/keys/lifetimes.html#c.psa_key_lifetime_t" title="psa_key_lifetime_t">psa_key_lifetime_t</a> <a class="reference internal" href="../api/keys/lifetimes.html#c.psa_get_key_lifetime" title="psa_get_key_lifetime">psa_get_key_lifetime</a>(const <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
+<a class="reference internal" href="../api/keys/types.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a> <a class="reference internal" href="../api/keys/types.html#c.psa_get_key_type" title="psa_get_key_type">psa_get_key_type</a>(const <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
+<a class="reference internal" href="../api/keys/policy.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a> <a class="reference internal" href="../api/keys/policy.html#c.psa_get_key_usage_flags" title="psa_get_key_usage_flags">psa_get_key_usage_flags</a>(const <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_abort" title="psa_hash_abort">psa_hash_abort</a>(<a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a> * operation);
<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_clone" title="psa_hash_clone">psa_hash_clone</a>(const <a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a> * source_operation,
<a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a> * target_operation);
-<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_compare" title="psa_hash_compare">psa_hash_compare</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_compare" title="psa_hash_compare">psa_hash_compare</a>(<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
const uint8_t * input,
size_t input_length,
const uint8_t * hash,
size_t hash_length);
-<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_compute" title="psa_hash_compute">psa_hash_compute</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_compute" title="psa_hash_compute">psa_hash_compute</a>(<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
const uint8_t * input,
size_t input_length,
uint8_t * hash,
@@ -486,7 +504,7 @@
const uint8_t * hash_state,
size_t hash_state_length);
<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_setup" title="psa_hash_setup">psa_hash_setup</a>(<a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a> * operation,
- <a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
+ <a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_suspend" title="psa_hash_suspend">psa_hash_suspend</a>(<a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_operation_t" title="psa_hash_operation_t">psa_hash_operation_t</a> * operation,
uint8_t * hash_state,
size_t hash_state_size,
@@ -500,7 +518,7 @@
<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/keys/management.html#c.psa_import_key" title="psa_import_key">psa_import_key</a>(const <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
const uint8_t * data,
size_t data_length,
- <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> * key);
+ <a class="reference internal" href="../api/keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> * key);
<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_init" title="psa_key_attributes_init">psa_key_attributes_init</a>(void);
<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_abort" title="psa_key_derivation_abort">psa_key_derivation_abort</a>(<a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> * operation);
<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_get_capacity" title="psa_key_derivation_get_capacity">psa_key_derivation_get_capacity</a>(const <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> * operation,
@@ -511,10 +529,10 @@
size_t data_length);
<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_input_key" title="psa_key_derivation_input_key">psa_key_derivation_input_key</a>(<a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> * operation,
<a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_step_t" title="psa_key_derivation_step_t">psa_key_derivation_step_t</a> step,
- <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key);
+ <a class="reference internal" href="../api/keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key);
<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/ka.html#c.psa_key_derivation_key_agreement" title="psa_key_derivation_key_agreement">psa_key_derivation_key_agreement</a>(<a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> * operation,
<a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_step_t" title="psa_key_derivation_step_t">psa_key_derivation_step_t</a> step,
- <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> private_key,
+ <a class="reference internal" href="../api/keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> private_key,
const uint8_t * peer_key,
size_t peer_key_length);
<a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_operation_init" title="psa_key_derivation_operation_init">psa_key_derivation_operation_init</a>(void);
@@ -523,14 +541,14 @@
size_t output_length);
<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key">psa_key_derivation_output_key</a>(const <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
<a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> * operation,
- <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> * key);
+ <a class="reference internal" href="../api/keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> * key);
<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_set_capacity" title="psa_key_derivation_set_capacity">psa_key_derivation_set_capacity</a>(<a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> * operation,
size_t capacity);
<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_setup" title="psa_key_derivation_setup">psa_key_derivation_setup</a>(<a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t">psa_key_derivation_operation_t</a> * operation,
- <a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
+ <a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/macs.html#c.psa_mac_abort" title="psa_mac_abort">psa_mac_abort</a>(<a class="reference internal" href="../api/ops/macs.html#c.psa_mac_operation_t" title="psa_mac_operation_t">psa_mac_operation_t</a> * operation);
-<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/macs.html#c.psa_mac_compute" title="psa_mac_compute">psa_mac_compute</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/macs.html#c.psa_mac_compute" title="psa_mac_compute">psa_mac_compute</a>(<a class="reference internal" href="../api/keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+ <a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
const uint8_t * input,
size_t input_length,
uint8_t * mac,
@@ -542,13 +560,13 @@
size_t mac_size,
size_t * mac_length);
<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/macs.html#c.psa_mac_sign_setup" title="psa_mac_sign_setup">psa_mac_sign_setup</a>(<a class="reference internal" href="../api/ops/macs.html#c.psa_mac_operation_t" title="psa_mac_operation_t">psa_mac_operation_t</a> * operation,
- <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
+ <a class="reference internal" href="../api/keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+ <a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/macs.html#c.psa_mac_update" title="psa_mac_update">psa_mac_update</a>(<a class="reference internal" href="../api/ops/macs.html#c.psa_mac_operation_t" title="psa_mac_operation_t">psa_mac_operation_t</a> * operation,
const uint8_t * input,
size_t input_length);
-<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/macs.html#c.psa_mac_verify" title="psa_mac_verify">psa_mac_verify</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/macs.html#c.psa_mac_verify" title="psa_mac_verify">psa_mac_verify</a>(<a class="reference internal" href="../api/keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+ <a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
const uint8_t * input,
size_t input_length,
const uint8_t * mac,
@@ -557,51 +575,51 @@
const uint8_t * mac,
size_t mac_length);
<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/macs.html#c.psa_mac_verify_setup" title="psa_mac_verify_setup">psa_mac_verify_setup</a>(<a class="reference internal" href="../api/ops/macs.html#c.psa_mac_operation_t" title="psa_mac_operation_t">psa_mac_operation_t</a> * operation,
- <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
-<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/keys/management.html#c.psa_purge_key" title="psa_purge_key">psa_purge_key</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key);
-<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/ka.html#c.psa_raw_key_agreement" title="psa_raw_key_agreement">psa_raw_key_agreement</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
- <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> private_key,
+ <a class="reference internal" href="../api/keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+ <a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/keys/management.html#c.psa_purge_key" title="psa_purge_key">psa_purge_key</a>(<a class="reference internal" href="../api/keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/ka.html#c.psa_raw_key_agreement" title="psa_raw_key_agreement">psa_raw_key_agreement</a>(<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+ <a class="reference internal" href="../api/keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> private_key,
const uint8_t * peer_key,
size_t peer_key_length,
uint8_t * output,
size_t output_size,
size_t * output_length);
void <a class="reference internal" href="../api/keys/attributes.html#c.psa_reset_key_attributes" title="psa_reset_key_attributes">psa_reset_key_attributes</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes);
-void <a class="reference internal" href="../api/keys/algorithms.html#c.psa_set_key_algorithm" title="psa_set_key_algorithm">psa_set_key_algorithm</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
- <a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
+void <a class="reference internal" href="../api/keys/policy.html#c.psa_set_key_algorithm" title="psa_set_key_algorithm">psa_set_key_algorithm</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
+ <a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg);
void <a class="reference internal" href="../api/keys/types.html#c.psa_set_key_bits" title="psa_set_key_bits">psa_set_key_bits</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
size_t bits);
-void <a class="reference internal" href="../api/keys/locations.html#c.psa_set_key_id" title="psa_set_key_id">psa_set_key_id</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
- <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> id);
-void <a class="reference internal" href="../api/keys/locations.html#c.psa_set_key_lifetime" title="psa_set_key_lifetime">psa_set_key_lifetime</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
- <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_lifetime_t" title="psa_key_lifetime_t">psa_key_lifetime_t</a> lifetime);
+void <a class="reference internal" href="../api/keys/ids.html#c.psa_set_key_id" title="psa_set_key_id">psa_set_key_id</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
+ <a class="reference internal" href="../api/keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> id);
+void <a class="reference internal" href="../api/keys/lifetimes.html#c.psa_set_key_lifetime" title="psa_set_key_lifetime">psa_set_key_lifetime</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
+ <a class="reference internal" href="../api/keys/lifetimes.html#c.psa_key_lifetime_t" title="psa_key_lifetime_t">psa_key_lifetime_t</a> lifetime);
void <a class="reference internal" href="../api/keys/types.html#c.psa_set_key_type" title="psa_set_key_type">psa_set_key_type</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
- <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a> type);
-void <a class="reference internal" href="../api/keys/usage.html#c.psa_set_key_usage_flags" title="psa_set_key_usage_flags">psa_set_key_usage_flags</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
- <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a> usage_flags);
-<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/sign.html#c.psa_sign_hash" title="psa_sign_hash">psa_sign_hash</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+ <a class="reference internal" href="../api/keys/types.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a> type);
+void <a class="reference internal" href="../api/keys/policy.html#c.psa_set_key_usage_flags" title="psa_set_key_usage_flags">psa_set_key_usage_flags</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t">psa_key_attributes_t</a> * attributes,
+ <a class="reference internal" href="../api/keys/policy.html#c.psa_key_usage_t" title="psa_key_usage_t">psa_key_usage_t</a> usage_flags);
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/sign.html#c.psa_sign_hash" title="psa_sign_hash">psa_sign_hash</a>(<a class="reference internal" href="../api/keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+ <a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
const uint8_t * hash,
size_t hash_length,
uint8_t * signature,
size_t signature_size,
size_t * signature_length);
-<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/sign.html#c.psa_sign_message" title="psa_sign_message">psa_sign_message</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/sign.html#c.psa_sign_message" title="psa_sign_message">psa_sign_message</a>(<a class="reference internal" href="../api/keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+ <a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
const uint8_t * input,
size_t input_length,
uint8_t * signature,
size_t signature_size,
size_t * signature_length);
-<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/sign.html#c.psa_verify_hash" title="psa_verify_hash">psa_verify_hash</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/sign.html#c.psa_verify_hash" title="psa_verify_hash">psa_verify_hash</a>(<a class="reference internal" href="../api/keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+ <a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
const uint8_t * hash,
size_t hash_length,
const uint8_t * signature,
size_t signature_length);
-<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/sign.html#c.psa_verify_message" title="psa_verify_message">psa_verify_message</a>(<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
- <a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
+<a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t">psa_status_t</a> <a class="reference internal" href="../api/ops/sign.html#c.psa_verify_message" title="psa_verify_message">psa_verify_message</a>(<a class="reference internal" href="../api/keys/ids.html#c.psa_key_id_t" title="psa_key_id_t">psa_key_id_t</a> key,
+ <a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a> alg,
const uint8_t * input,
size_t input_length,
const uint8_t * signature,
@@ -616,30 +634,37 @@
</div>
</div>
<div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper">
- <h3><a href="../index.html">Table Of Contents</a></h3>
- <ul>
-<li><a class="reference internal" href="#">Example header file</a><ul>
-<li><a class="reference internal" href="#psa-crypto-h">psa/crypto.h</a></li>
+ <div class="sphinxsidebarwrapper"><h3><a href="../index.html"><b>PSA Crypto API</b></a></h3>
+IHI 0086<br/>
+Non-confidential<br/>
+Version 1.0.1
+<span style="color: red; font-weight: bold;"></span>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../about.html">About this document</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../overview/intro.html">1. Introduction</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../overview/goals.html">2. Design goals</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../overview/functionality.html">3. Functionality overview</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../overview/sample-arch.html">4. Sample architectures</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../overview/conventions.html">5. Library conventions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../overview/implementation.html">6. Implementation considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../overview/usage.html">7. Usage considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../api/library/index.html">8. Library management reference</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../api/keys/index.html">9. Key management reference</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../api/ops/index.html">10. Cryptographic operation reference</a></li>
+</ul>
+<ul class="current">
+<li class="toctree-l1 current"><a class="current reference internal" href="#">Example header file</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="#psa-crypto-h">psa/crypto.h</a></li>
</ul>
</li>
+<li class="toctree-l1"><a class="reference internal" href="specdef_values.html">Example macro implementations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="history.html">Changes to the API</a></li>
</ul>
-<div class="relations">
-<h3>Related Topics</h3>
<ul>
- <li><a href="../index.html">Documentation overview</a><ul>
- <li>Previous: <a href="../api/ops/rng.html" title="previous chapter">Other cryptographic services</a></li>
- <li>Next: <a href="specdef_values.html" title="next chapter">Example macro implementations</a></li>
- </ul></li>
+<li class="toctree-l1"><a class="reference internal" href="../psa_c-identifiers.html">Index of API elements</a></li>
</ul>
-</div>
- <div role="note" aria-label="source link">
- <h3>This Page</h3>
- <ul class="this-page-menu">
- <li><a href="../_sources/appendix/example_header.rst.txt"
- rel="nofollow">Show Source</a></li>
- </ul>
- </div>
<div id="searchbox" style="display: none" role="search">
<h3>Quick search</h3>
<form class="search" action="../search.html" method="get">
@@ -655,15 +680,12 @@
<div class="clearer"></div>
</div>
<div class="footer">
- © 2019-2020, Arm Limited or its affiliates. All rights reserved.
+ © 2018-2020, Arm Limited or its affiliates. All rights reserved.
|
Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
& <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
- |
- <a href="../_sources/appendix/example_header.rst.txt"
- rel="nofollow">Page source</a>
</div>
diff --git a/docs/html/appendix/history.html b/docs/html/appendix/history.html
index 8969d38..a77b07d 100644
--- a/docs/html/appendix/history.html
+++ b/docs/html/appendix/history.html
@@ -5,22 +5,23 @@
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>Changes to the API — PSA Crypto API 1.0.0 documentation</title>
+ <title>Changes to the API — PSA Crypto API 1.0.1 documentation</title>
<link rel="stylesheet" href="../_static/alabaster.css" type="text/css" />
<link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../',
- VERSION: '1.0.0',
+ VERSION: '1.0.1',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
- HAS_SOURCE: true,
+ HAS_SOURCE: false,
SOURCELINK_SUFFIX: '.txt'
};
</script>
<script type="text/javascript" src="../_static/jquery.js"></script>
<script type="text/javascript" src="../_static/underscore.js"></script>
<script type="text/javascript" src="../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../about.html" />
<link rel="index" title="Index" href="../genindex.html" />
<link rel="search" title="Search" href="../search.html" />
<link rel="prev" title="Example macro implementations" href="specdef_values.html" />
@@ -40,151 +41,59 @@
<div class="section" id="changes-to-the-api">
<h1>Changes to the API</h1>
-<div class="section" id="release-information">
-<h2>Release information</h2>
-<p>All published versions of this document have been <strong>non-confidential</strong>.</p>
-<p>The change history table lists the changes that have been made to this document.</p>
-<table border="1" class="colwidths-given docutils">
-<colgroup>
-<col width="15%" />
-<col width="15%" />
-<col width="70%" />
-</colgroup>
-<thead valign="bottom">
-<tr class="row-odd"><th class="head"><strong>Date</strong></th>
-<th class="head"><strong>Version</strong></th>
-<th class="head"><strong>Comments</strong></th>
-</tr>
-</thead>
-<tbody valign="top">
-<tr class="row-even"><td><strong>Jan 2019</strong></td>
-<td>1.0 beta 1</td>
-<td>First public beta release.</td>
-</tr>
-<tr class="row-odd"><td><strong>Feb 2019</strong></td>
-<td>1.0 beta 2</td>
-<td>Update for release with other PSA Dev API specifications.</td>
-</tr>
-<tr class="row-even"><td><strong>May 2019</strong></td>
-<td>1.0 beta 3</td>
-<td><p class="first">Update for release with other PSA API specifications.</p>
-<ul class="last simple">
-<li>Alignment with PSA API specifications.</li>
-<li>Changes to the key creation API.</li>
-<li>Changes to the handling of key lifetimes.</li>
-<li>Replaced ‘generators’ with key derivation operations.</li>
-</ul>
-</td>
-</tr>
-<tr class="row-odd"><td><strong>Feb 2020</strong></td>
-<td>1.0.0</td>
-<td><p class="first">1.0 API finalized.</p>
-<ul class="last simple">
-<li>Removed implementation APIs and definitions.</li>
-<li>Merged key handles with key identifiers.</li>
-<li>Recoded algorithm identifiers.</li>
-<li>Restructured key types.</li>
-<li>Provide buffer size macros for all output buffers.</li>
-<li>Provide sign-message signature operations.</li>
-<li>Add functions to suspend and resume hash operations.</li>
-<li>Reallocated key types and algorithm identifiers.</li>
-<li>Many minor corrections and clarifications.</li>
-</ul>
-</td>
-</tr>
-</tbody>
-</table>
-<p>The detailed changes in each release are described in the following sections.</p>
-</div>
<div class="section" id="document-change-history">
-<h2>Document change history</h2>
-<div class="section" id="changes-between-1-0-beta-1-and-1-0-beta-2">
-<h3>Changes between <em>1.0 beta 1</em> and <em>1.0 beta 2</em></h3>
-<p class="rubric">Changes to the API</p>
+<span id="changes"></span><h2>Document change history</h2>
+<p>This section provides the detailed changes made between published version of the document.</p>
+<div class="section" id="changes-between-1-0-0-and-1-0-1">
+<h3>Changes between <em>1.0.0</em> and <em>1.0.1</em></h3>
+<div class="section" id="id1">
+<h4>Changes to the API</h4>
<ul class="simple">
-<li>Remove obsolete definition <code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_SELECTION</span></code>.</li>
-<li><a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_FINISH_OUTPUT_SIZE" title="PSA_AEAD_FINISH_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_FINISH_OUTPUT_SIZE</span></code></a>: remove spurious parameter <code class="docutils literal"><span class="pre">plaintext_length</span></code>.</li>
-</ul>
-<p class="rubric">Clarifications</p>
-<ul class="simple">
-<li><code class="docutils literal"><span class="pre">psa_key_agreement()</span></code>: document <code class="docutils literal"><span class="pre">alg</span></code> parameter.</li>
-</ul>
-<p class="rubric">Other changes</p>
-<ul class="simple">
-<li>Document formatting improvements.</li>
+<li>Added subtypes <a class="reference internal" href="../api/keys/lifetimes.html#c.psa_key_persistence_t" title="psa_key_persistence_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_persistence_t</span></code></a> and <a class="reference internal" href="../api/keys/lifetimes.html#c.psa_key_location_t" title="psa_key_location_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_location_t</span></code></a> for key lifetimes, and defined standard values for these attributes.</li>
+<li>Added identifiers for <a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SM3" title="PSA_ALG_SM3"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_SM3</span></code></a> and <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_SM4" title="PSA_KEY_TYPE_SM4"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_SM4</span></code></a>.</li>
</ul>
</div>
-<div class="section" id="changes-between-1-0-beta-2-and-1-0-beta-3">
-<h3>Changes between <em>1.0 beta 2</em> and <em>1.0 beta 3</em></h3>
-<p class="rubric">Changes to the API</p>
+<div class="section" id="clarifications-and-fixes">
+<h4>Clarifications and fixes</h4>
<ul class="simple">
-<li>Change the value of error codes, and some names, to align
-with other PSA specifications. The name changes are:<ul>
-<li><code class="docutils literal"><span class="pre">PSA_ERROR_UNKNOWN_ERROR</span></code> → <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_GENERIC_ERROR" title="PSA_ERROR_GENERIC_ERROR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_GENERIC_ERROR</span></code></a></li>
-<li><code class="docutils literal"><span class="pre">PSA_ERROR_OCCUPIED_SLOT</span></code> → <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_ALREADY_EXISTS" title="PSA_ERROR_ALREADY_EXISTS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_ALREADY_EXISTS</span></code></a></li>
-<li><code class="docutils literal"><span class="pre">PSA_ERROR_EMPTY_SLOT</span></code> → <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_DOES_NOT_EXIST" title="PSA_ERROR_DOES_NOT_EXIST"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_DOES_NOT_EXIST</span></code></a></li>
-<li><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_CAPACITY</span></code> → <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_INSUFFICIENT_DATA" title="PSA_ERROR_INSUFFICIENT_DATA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_DATA</span></code></a></li>
-<li><code class="docutils literal"><span class="pre">PSA_ERROR_TAMPERING_DETECTED</span></code> → <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></li>
+<li>Provided citation references for all cryptographic algorithms in the specification.</li>
+<li>Provided precise key size information for all key types.</li>
+<li>Permitted implementations to store and export long HMAC keys in hashed form.</li>
+<li>Provided details for initialization vectors in all unauthenticated cipher algorithms.</li>
+<li>Provided details for nonces in all AEAD algorithms.</li>
+<li>Clarified the input steps for HKDF.</li>
+<li>Provided details of signature algorithms, include requirements when using with <a class="reference internal" href="../api/ops/sign.html#c.psa_sign_hash" title="psa_sign_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_hash()</span></code></a> and <a class="reference internal" href="../api/ops/sign.html#c.psa_verify_hash" title="psa_verify_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_hash()</span></code></a>.</li>
+<li>Provided details of key agreement algorithms, and how to use them.</li>
+<li>Aligned terminology relating to key policies, to clarify the combination of the usage flags and permitted algorithm in the policy.</li>
+<li>Clarified the use of the individual key attributes for all of the key creation functions.</li>
+<li>Restructured the description for <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_key()</span></code></a>, to clarify the handling of the excess bits in ECC key generation when needing a string of bits whose length is not a multiple of <code class="docutils literal"><span class="pre">8</span></code>.</li>
+<li>Referenced the correct buffer size macros for <a class="reference internal" href="../api/keys/management.html#c.psa_export_key" title="psa_export_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_export_key()</span></code></a>.</li>
+<li>Removed the use of the <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_DOES_NOT_EXIST" title="PSA_ERROR_DOES_NOT_EXIST"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_DOES_NOT_EXIST</span></code></a> error.</li>
+<li>Clarified concurrency rules.</li>
+<li>Document that <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_key()</span></code></a> does not return <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_NOT_PERMITTED" title="PSA_ERROR_NOT_PERMITTED"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_NOT_PERMITTED</span></code></a> if the secret input is the result of a key agreement. This matches what was already documented for <a class="reference internal" href="../api/ops/kdf.html#c.PSA_KEY_DERIVATION_INPUT_SECRET" title="PSA_KEY_DERIVATION_INPUT_SECRET"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_SECRET</span></code></a>.</li>
+<li>Relax the requirement to use the defined key derivation methods in <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_key()</span></code></a>: implementation-specific KDF algorithms can use implementation-defined methods to derive the key material.</li>
</ul>
-</li>
-<li>Change the way keys are created to avoid “half-filled” handles
-that contained key metadata, but no key material.
-Now, to create a key, first fill in a data structure containing
-its attributes, then pass this structure to a function that
-both allocates resources for the key and fills in the key
-material. This affects the following functions:<ul>
-<li><a class="reference internal" href="../api/keys/management.html#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_import_key()</span></code></a>, <a class="reference internal" href="../api/keys/management.html#c.psa_generate_key" title="psa_generate_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_generate_key()</span></code></a>, <code class="docutils literal"><span class="pre">psa_generator_import_key()</span></code>
-and <a class="reference internal" href="../api/keys/management.html#c.psa_copy_key" title="psa_copy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_copy_key()</span></code></a> now take an attribute structure, as
-a pointer to <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_attributes_t</span></code></a>, to specify key metadata.
-This replaces the previous method of passing arguments to
-<code class="docutils literal"><span class="pre">psa_create_key()</span></code> or to the key material creation function
-or calling <code class="docutils literal"><span class="pre">psa_set_key_policy()</span></code>.</li>
-<li><code class="docutils literal"><span class="pre">psa_key_policy_t</span></code> and functions operating on that type
-no longer exist. A key’s policy is now accessible as part of
-its attributes.</li>
-<li><code class="docutils literal"><span class="pre">psa_get_key_information()</span></code> is also replaced by accessing the
-key’s attributes, retrieved with <a class="reference internal" href="../api/keys/attributes.html#c.psa_get_key_attributes" title="psa_get_key_attributes"><code class="xref any c c-func docutils literal"><span class="pre">psa_get_key_attributes()</span></code></a>.</li>
-<li><code class="docutils literal"><span class="pre">psa_create_key()</span></code> no longer exists. Instead, set the key id
-attribute and the lifetime attribute before creating the
-key material.</li>
-</ul>
-</li>
-<li>Allow <a class="reference internal" href="../api/ops/aead.html#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update()</span></code></a> to buffer data.</li>
-<li>New buffer size calculation macros.</li>
-<li>Key identifiers are no longer specific to a given lifetime value. <code class="docutils literal"><span class="pre">psa_open_key()</span></code> no longer takes a <code class="docutils literal"><span class="pre">lifetime</span></code> parameter.</li>
-<li>Define a range of key identifiers for use by applications and a separate range for use by implementations.</li>
-<li>Avoid the unusual terminology “generator”: call them
-“key derivation operations” instead. Rename a number of functions
-and other identifiers related to for clarity and consistency:<ul>
-<li><code class="docutils literal"><span class="pre">psa_crypto_generator_t</span></code> → <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_derivation_operation_t</span></code></a></li>
-<li><code class="docutils literal"><span class="pre">PSA_CRYPTO_GENERATOR_INIT</span></code> → <a class="reference internal" href="../api/ops/kdf.html#c.PSA_KEY_DERIVATION_OPERATION_INIT" title="PSA_KEY_DERIVATION_OPERATION_INIT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_OPERATION_INIT</span></code></a></li>
-<li><code class="docutils literal"><span class="pre">psa_crypto_generator_init()</span></code> → <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_operation_init" title="psa_key_derivation_operation_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_operation_init()</span></code></a></li>
-<li><code class="docutils literal"><span class="pre">PSA_GENERATOR_UNBRIDLED_CAPACITY</span></code> → <a class="reference internal" href="../api/ops/kdf.html#c.PSA_KEY_DERIVATION_UNLIMITED_CAPACITY" title="PSA_KEY_DERIVATION_UNLIMITED_CAPACITY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_UNLIMITED_CAPACITY</span></code></a></li>
-<li><code class="docutils literal"><span class="pre">psa_set_generator_capacity()</span></code> → <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_set_capacity" title="psa_key_derivation_set_capacity"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_set_capacity()</span></code></a></li>
-<li><code class="docutils literal"><span class="pre">psa_get_generator_capacity()</span></code> → <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_get_capacity" title="psa_key_derivation_get_capacity"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_get_capacity()</span></code></a></li>
-<li><code class="docutils literal"><span class="pre">psa_key_agreement()</span></code> → <a class="reference internal" href="../api/ops/ka.html#c.psa_key_derivation_key_agreement" title="psa_key_derivation_key_agreement"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_key_agreement()</span></code></a></li>
-<li><code class="docutils literal"><span class="pre">psa_generator_read()</span></code> → <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_output_bytes" title="psa_key_derivation_output_bytes"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_bytes()</span></code></a></li>
-<li><code class="docutils literal"><span class="pre">psa_generate_derived_key()</span></code> → <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_key()</span></code></a></li>
-<li><code class="docutils literal"><span class="pre">psa_generator_abort()</span></code> → <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_abort" title="psa_key_derivation_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_abort()</span></code></a></li>
-<li><code class="docutils literal"><span class="pre">psa_key_agreement_raw_shared_secret()</span></code> → <a class="reference internal" href="../api/ops/ka.html#c.psa_raw_key_agreement" title="psa_raw_key_agreement"><code class="xref any c c-func docutils literal"><span class="pre">psa_raw_key_agreement()</span></code></a></li>
-<li><code class="docutils literal"><span class="pre">PSA_KDF_STEP_xxx</span></code> → <code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_xxx</span></code></li>
-<li><code class="docutils literal"><span class="pre">PSA_xxx_KEYPAIR</span></code> → <code class="docutils literal"><span class="pre">PSA_xxx_KEY_PAIR</span></code></li>
-</ul>
-</li>
-<li>Convert TLS1.2 KDF descriptions to multistep key derivation.</li>
-</ul>
-<p class="rubric">Clarifications</p>
+</div>
+<div class="section" id="other-changes">
+<h4>Other changes</h4>
<ul class="simple">
-<li>Specify <code class="docutils literal"><span class="pre">psa_generator_import_key()</span></code> for most key types.</li>
-<li>Clarify the behavior in various corner cases.</li>
-<li>Document more error conditions.</li>
+<li>Provided a glossary of terms.</li>
+<li>Provided a table of references.</li>
+<li>Restructured the <a class="reference internal" href="../api/keys/index.html#key-management"><span class="secref">Key management reference</span></a> chapter.<ul>
+<li>Moved individual attribute types, values and accessor functions into their own sections.</li>
+<li>Placed permitted algorithms and usage flags into <a class="reference internal" href="../api/keys/policy.html#key-policy"><span class="secref">Key policies</span></a>.</li>
+<li>Moved most introductory material from the <a class="reference internal" href="../overview/functionality.html#functionality-overview"><span class="secref">Functionality overview</span></a> into the relevant API sections.</li>
</ul>
+</li>
+</ul>
+</div>
</div>
<div class="section" id="changes-between-1-0-beta-3-and-1-0-0">
<h3>Changes between <em>1.0 beta 3</em> and <em>1.0.0</em></h3>
-<p class="rubric">Changes to the API</p>
+<div class="section" id="id2">
+<h4>Changes to the API</h4>
<ul>
-<li><p class="first">Added <a class="reference internal" href="../api/library/library.html#c.PSA_CRYPTO_API_VERSION_MAJOR" title="PSA_CRYPTO_API_VERSION_MAJOR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CRYPTO_API_VERSION_MAJOR</span></code></a> and <a class="reference internal" href="../api/library/library.html#c.PSA_CRYPTO_API_VERSION_MINOR" title="PSA_CRYPTO_API_VERSION_MINOR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CRYPTO_API_VERSION_MINOR</span></code></a> to report the PSA Cyrpto API version.</p>
+<li><p class="first">Added <a class="reference internal" href="../api/library/library.html#c.PSA_CRYPTO_API_VERSION_MAJOR" title="PSA_CRYPTO_API_VERSION_MAJOR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CRYPTO_API_VERSION_MAJOR</span></code></a> and <a class="reference internal" href="../api/library/library.html#c.PSA_CRYPTO_API_VERSION_MINOR" title="PSA_CRYPTO_API_VERSION_MINOR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CRYPTO_API_VERSION_MINOR</span></code></a> to report the PSA Crypto API version.</p>
</li>
<li><p class="first">Removed <code class="docutils literal"><span class="pre">PSA_ALG_GMAC</span></code> algorithm identifier.</p>
</li>
@@ -257,13 +166,13 @@
<li><code class="docutils literal"><span class="pre">PSA_VENDOR_RSA_MAX_KEY_BITS</span></code></li>
</ul>
</li>
-<li><p class="first">Remove the definition of implementation-defined macros from the specification, and clarified the implementation requirements for these macros in <em><a class="reference internal" href="../overview/implementation.html#implementation-specific-macro"><span class="std std-ref">Implementation-specific macros</span></a></em>.</p>
+<li><p class="first">Remove the definition of implementation-defined macros from the specification, and clarified the implementation requirements for these macros in <a class="reference internal" href="../overview/implementation.html#implementation-specific-macro"><span class="secref">Implementation-specific macros</span></a>.</p>
<ul class="simple">
<li>Macros with implementation-defined values are indicated by <code class="docutils literal"><span class="pre">/*</span> <span class="pre">implementation-defined</span> <span class="pre">value</span> <span class="pre">*/</span></code> in the API prototype.
The implementation must provide the implementation.</li>
<li>Macros for algorithm and key type construction and inspection have specification-defined values.
This is indicated by <code class="docutils literal"><span class="pre">/*</span> <span class="pre">specification-defined</span> <span class="pre">value</span> <span class="pre">*/</span></code> in the API prototype.
-Example definitions of these macros is provided in <em><a class="reference internal" href="specdef_values.html#appendix-specdef-values"><span class="std std-ref">Example macro implementations</span></a></em>.</li>
+Example definitions of these macros is provided in <a class="reference internal" href="specdef_values.html#appendix-specdef-values"><span class="secref">Example macro implementations</span></a>.</li>
</ul>
</li>
<li><p class="first">Changed the semantics of multi-part operations.</p>
@@ -277,11 +186,11 @@
<li><p class="first">Merge the key identifier and key handle concepts in the API.</p>
<ul class="simple">
<li>Replaced all references to key handles with key identifiers, or something similar.</li>
-<li>Replaced all uses of <code class="docutils literal"><span class="pre">psa_key_handle_t</span></code> with <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_id_t</span></code></a> in the API, and removes the <code class="docutils literal"><span class="pre">psa_key_handle_t</span></code> type.</li>
+<li>Replaced all uses of <code class="docutils literal"><span class="pre">psa_key_handle_t</span></code> with <a class="reference internal" href="../api/keys/ids.html#c.psa_key_id_t" title="psa_key_id_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_id_t</span></code></a> in the API, and removes the <code class="docutils literal"><span class="pre">psa_key_handle_t</span></code> type.</li>
<li>Removed <code class="docutils literal"><span class="pre">psa_open_key</span></code> and <code class="docutils literal"><span class="pre">psa_close_key</span></code>.</li>
-<li>Added <a class="reference internal" href="../api/keys/locations.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a> for the never valid zero key identifier.</li>
+<li>Added <a class="reference internal" href="../api/keys/ids.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a> for the never valid zero key identifier.</li>
<li>Document rules related to destroying keys whilst in use.</li>
-<li>Added the <a class="reference internal" href="../api/keys/usage.html#c.PSA_KEY_USAGE_CACHE" title="PSA_KEY_USAGE_CACHE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_CACHE</span></code></a> usage policy and the related <a class="reference internal" href="../api/keys/management.html#c.psa_purge_key" title="psa_purge_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_purge_key()</span></code></a> API.</li>
+<li>Added the <a class="reference internal" href="../api/keys/policy.html#c.PSA_KEY_USAGE_CACHE" title="PSA_KEY_USAGE_CACHE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_CACHE</span></code></a> usage flag and the related <a class="reference internal" href="../api/keys/management.html#c.psa_purge_key" title="psa_purge_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_purge_key()</span></code></a> API.</li>
<li>Added clarification about caching keys to non-volatile memory.</li>
</ul>
</li>
@@ -362,15 +271,15 @@
<li><p class="first">Provide hash-and-sign operations as well as sign-the-hash operations. The API for asymmetric signature has been changed to clarify the use of the new functions.</p>
<ul class="simple">
<li>The existing asymmetric signature API has been renamed to clarify that this is for signing a hash that is already computed:<ul>
-<li><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN</span></code> → <a class="reference internal" href="../api/keys/usage.html#c.PSA_KEY_USAGE_SIGN_HASH" title="PSA_KEY_USAGE_SIGN_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_HASH</span></code></a></li>
-<li><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY</span></code> → <a class="reference internal" href="../api/keys/usage.html#c.PSA_KEY_USAGE_VERIFY_HASH" title="PSA_KEY_USAGE_VERIFY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_HASH</span></code></a></li>
+<li><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN</span></code> → <a class="reference internal" href="../api/keys/policy.html#c.PSA_KEY_USAGE_SIGN_HASH" title="PSA_KEY_USAGE_SIGN_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_HASH</span></code></a></li>
+<li><code class="docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY</span></code> → <a class="reference internal" href="../api/keys/policy.html#c.PSA_KEY_USAGE_VERIFY_HASH" title="PSA_KEY_USAGE_VERIFY_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_HASH</span></code></a></li>
<li><code class="docutils literal"><span class="pre">psa_asymmetric_sign()</span></code> → <a class="reference internal" href="../api/ops/sign.html#c.psa_sign_hash" title="psa_sign_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_hash()</span></code></a></li>
<li><code class="docutils literal"><span class="pre">psa_asymmetric_verify()</span></code> → <a class="reference internal" href="../api/ops/sign.html#c.psa_verify_hash" title="psa_verify_hash"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_hash()</span></code></a></li>
</ul>
</li>
<li>New APIs added to provide the complete message signing operation:<ul>
-<li><a class="reference internal" href="../api/keys/usage.html#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code></a></li>
-<li><a class="reference internal" href="../api/keys/usage.html#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/policy.html#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code></a></li>
+<li><a class="reference internal" href="../api/keys/policy.html#c.PSA_KEY_USAGE_VERIFY_MESSAGE" title="PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_VERIFY_MESSAGE</span></code></a></li>
<li><a class="reference internal" href="../api/ops/sign.html#c.psa_sign_message" title="psa_sign_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_message()</span></code></a></li>
<li><a class="reference internal" href="../api/ops/sign.html#c.psa_verify_message" title="psa_verify_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_message()</span></code></a></li>
</ul>
@@ -385,12 +294,12 @@
<li><code class="docutils literal"><span class="pre">PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE</span></code> → <a class="reference internal" href="../api/ops/sign.html#c.PSA_SIGNATURE_MAX_SIZE" title="PSA_SIGNATURE_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SIGNATURE_MAX_SIZE</span></code></a></li>
</ul>
</li>
-<li>The usage policy values have been changed, including for <a class="reference internal" href="../api/keys/usage.html#c.PSA_KEY_USAGE_DERIVE" title="PSA_KEY_USAGE_DERIVE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code></a>.</li>
+<li>The usage flag values have been changed, including for <a class="reference internal" href="../api/keys/policy.html#c.PSA_KEY_USAGE_DERIVE" title="PSA_KEY_USAGE_DERIVE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_DERIVE</span></code></a>.</li>
</ul>
</li>
-<li><p class="first">Restructure <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a> and reassign all key type values.</p>
+<li><p class="first">Restructure <a class="reference internal" href="../api/keys/types.html#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a> and reassign all key type values.</p>
<ul class="simple">
-<li><a class="reference internal" href="../api/keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a> changes from 32-bit to 16-bit integer.</li>
+<li><a class="reference internal" href="../api/keys/types.html#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a> changes from 32-bit to 16-bit integer.</li>
<li>Reassigned the key type categories.</li>
<li>Add a parity bit to the key type to ensure that valid key type values differ by at least 2 bits.</li>
<li>16-bit elliptic curve ids (<code class="docutils literal"><span class="pre">psa_ecc_curve_t</span></code>) replaced by 8-bit ECC curve family ids (<a class="reference internal" href="../api/keys/types.html#c.psa_ecc_family_t" title="psa_ecc_family_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_ecc_family_t</span></code></a>).
@@ -493,9 +402,9 @@
</li>
<li><p class="first">Add ECC family <a class="reference internal" href="../api/keys/types.html#c.PSA_ECC_FAMILY_FRP" title="PSA_ECC_FAMILY_FRP"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ECC_FAMILY_FRP</span></code></a> for the FRP256v1 curve.</p>
</li>
-<li><p class="first">Restructure <a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> encoding, to increase consistency across algorithm categories.</p>
+<li><p class="first">Restructure <a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a> encoding, to increase consistency across algorithm categories.</p>
<ul class="simple">
-<li>Algorithms that include a hash operation all use the same structure to encode the hash algorithm. The following <code class="docutils literal"><span class="pre">PSA_ALG_XXXX_GET_HASH()</span></code> macros have all been replaced by a single macro <a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_GET_HASH" title="PSA_ALG_GET_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_GET_HASH()</span></code></a>:<ul>
+<li>Algorithms that include a hash operation all use the same structure to encode the hash algorithm. The following <code class="docutils literal"><span class="pre">PSA_ALG_XXXX_GET_HASH()</span></code> macros have all been replaced by a single macro <a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_GET_HASH" title="PSA_ALG_GET_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_GET_HASH()</span></code></a>:<ul>
<li><code class="docutils literal"><span class="pre">PSA_ALG_HKDF_GET_HASH()</span></code></li>
<li><code class="docutils literal"><span class="pre">PSA_ALG_HMAC_GET_HASH()</span></code></li>
<li><code class="docutils literal"><span class="pre">PSA_ALG_RSA_OAEP_GET_HASH()</span></code></li>
@@ -551,33 +460,33 @@
<li><a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_FULL_LENGTH_MAC" title="PSA_ALG_FULL_LENGTH_MAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_FULL_LENGTH_MAC()</span></code></a></li>
<li><a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_HKDF" title="PSA_ALG_HKDF"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_HKDF()</span></code></a></li>
<li><a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_HMAC" title="PSA_ALG_HMAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_HMAC()</span></code></a></li>
-<li><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_AEAD()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_AEAD()</span></code></a></li>
<li><a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER" title="PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER()</span></code></a></li>
-<li><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_ASYMMETRIC_ENCRYPTION" title="PSA_ALG_IS_ASYMMETRIC_ENCRYPTION"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_ASYMMETRIC_ENCRYPTION()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_IS_ASYMMETRIC_ENCRYPTION" title="PSA_ALG_IS_ASYMMETRIC_ENCRYPTION"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_ASYMMETRIC_ENCRYPTION()</span></code></a></li>
<li><a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_IS_BLOCK_CIPHER_MAC" title="PSA_ALG_IS_BLOCK_CIPHER_MAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_BLOCK_CIPHER_MAC()</span></code></a></li>
-<li><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_CIPHER()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_CIPHER()</span></code></a></li>
<li><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_DETERMINISTIC_ECDSA" title="PSA_ALG_IS_DETERMINISTIC_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_DETERMINISTIC_ECDSA()</span></code></a></li>
<li><a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_IS_ECDH" title="PSA_ALG_IS_ECDH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_ECDH()</span></code></a></li>
<li><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_ECDSA" title="PSA_ALG_IS_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_ECDSA()</span></code></a></li>
<li><a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_IS_FFDH" title="PSA_ALG_IS_FFDH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_FFDH()</span></code></a></li>
-<li><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_HASH()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_HASH()</span></code></a></li>
<li><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_HASH_AND_SIGN" title="PSA_ALG_IS_HASH_AND_SIGN"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_HASH_AND_SIGN()</span></code></a></li>
<li><a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_IS_HKDF" title="PSA_ALG_IS_HKDF"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_HKDF()</span></code></a></li>
<li><a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_IS_HMAC" title="PSA_ALG_IS_HMAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_HMAC()</span></code></a></li>
-<li><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_KEY_AGREEMENT" title="PSA_ALG_IS_KEY_AGREEMENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_KEY_AGREEMENT()</span></code></a></li>
-<li><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_KEY_DERIVATION" title="PSA_ALG_IS_KEY_DERIVATION"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_KEY_DERIVATION()</span></code></a></li>
-<li><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_MAC()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_IS_KEY_AGREEMENT" title="PSA_ALG_IS_KEY_AGREEMENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_KEY_AGREEMENT()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_IS_KEY_DERIVATION" title="PSA_ALG_IS_KEY_DERIVATION"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_KEY_DERIVATION()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_MAC()</span></code></a></li>
<li><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_RANDOMIZED_ECDSA" title="PSA_ALG_IS_RANDOMIZED_ECDSA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_RANDOMIZED_ECDSA()</span></code></a></li>
<li><a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_IS_RAW_KEY_AGREEMENT" title="PSA_ALG_IS_RAW_KEY_AGREEMENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_RAW_KEY_AGREEMENT()</span></code></a></li>
<li><a class="reference internal" href="../api/ops/pke.html#c.PSA_ALG_IS_RSA_OAEP" title="PSA_ALG_IS_RSA_OAEP"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_RSA_OAEP()</span></code></a></li>
<li><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_RSA_PKCS1V15_SIGN" title="PSA_ALG_IS_RSA_PKCS1V15_SIGN"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_RSA_PKCS1V15_SIGN()</span></code></a></li>
<li><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_RSA_PSS" title="PSA_ALG_IS_RSA_PSS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_RSA_PSS()</span></code></a></li>
-<li><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_SIGN" title="PSA_ALG_IS_SIGN"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_SIGN()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_IS_SIGN" title="PSA_ALG_IS_SIGN"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_SIGN()</span></code></a></li>
<li><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_SIGN_MESSAGE" title="PSA_ALG_IS_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_SIGN_MESSAGE()</span></code></a></li>
<li><a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_IS_STREAM_CIPHER" title="PSA_ALG_IS_STREAM_CIPHER"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_STREAM_CIPHER()</span></code></a></li>
<li><a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_IS_TLS12_PRF" title="PSA_ALG_IS_TLS12_PRF"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_TLS12_PRF()</span></code></a></li>
<li><a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_IS_TLS12_PSK_TO_MS" title="PSA_ALG_IS_TLS12_PSK_TO_MS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_TLS12_PSK_TO_MS()</span></code></a></li>
-<li><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_WILDCARD" title="PSA_ALG_IS_WILDCARD"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_WILDCARD()</span></code></a></li>
+<li><a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_IS_WILDCARD" title="PSA_ALG_IS_WILDCARD"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_IS_WILDCARD()</span></code></a></li>
<li><a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_KEY_AGREEMENT" title="PSA_ALG_KEY_AGREEMENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT()</span></code></a></li>
<li><a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_KEY_AGREEMENT_GET_BASE" title="PSA_ALG_KEY_AGREEMENT_GET_BASE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_BASE()</span></code></a></li>
<li><a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_KEY_AGREEMENT_GET_KDF" title="PSA_ALG_KEY_AGREEMENT_GET_KDF"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_KDF()</span></code></a></li>
@@ -598,7 +507,7 @@
<li><a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_suspend" title="psa_hash_suspend"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_suspend()</span></code></a> halts the current operation and outputs a hash suspend state.</li>
<li><a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_resume" title="psa_hash_resume"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_resume()</span></code></a> continues a previously suspended hash operation.</li>
</ul>
-<p>The format of the hash suspend state is documented in <em><a class="reference internal" href="../api/ops/hashes.html#hash-suspend-state"><span class="std std-ref">Hash suspend state</span></a></em>, and supporting macros are provided for using this API:</p>
+<p>The format of the hash suspend state is documented in <a class="reference internal" href="../api/ops/hashes.html#hash-suspend-state"><span class="secref">Hash suspend state</span></a>, and supporting macros are provided for using this API:</p>
<ul class="simple">
<li><a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_SUSPEND_OUTPUT_SIZE" title="PSA_HASH_SUSPEND_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_HASH_SUSPEND_OUTPUT_SIZE()</span></code></a></li>
<li><a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE" title="PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE</span></code></a></li>
@@ -613,23 +522,120 @@
<li><p class="first">Added input step <a class="reference internal" href="../api/ops/kdf.html#c.PSA_KEY_DERIVATION_INPUT_CONTEXT" title="PSA_KEY_DERIVATION_INPUT_CONTEXT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_CONTEXT</span></code></a> for key derivation, supporting obvious mapping from the step identifiers to common KDF constructions.</p>
</li>
</ul>
-<p class="rubric">Clarifications</p>
+</div>
+<div class="section" id="clarifications">
+<h4>Clarifications</h4>
<ul class="simple">
<li>Clarified rules regarding modification of parameters in concurrent environments.</li>
-<li>Guarantee that <a class="reference internal" href="../api/keys/management.html#c.psa_destroy_key" title="psa_destroy_key"><code class="docutils literal"><span class="pre">psa_destroy_key</span></code></a><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="../api/keys/locations.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a><code class="docutils literal"><span class="pre">)</span></code> always returns <a class="reference internal" href="../api/library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SUCCESS</span></code></a>.</li>
+<li>Guarantee that <a class="reference internal" href="../api/keys/management.html#c.psa_destroy_key" title="psa_destroy_key"><code class="docutils literal"><span class="pre">psa_destroy_key</span></code></a><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="../api/keys/ids.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a><code class="docutils literal"><span class="pre">)</span></code> always returns <a class="reference internal" href="../api/library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SUCCESS</span></code></a>.</li>
<li>Clarified the TLS PSK to MS key agreement algorithm.</li>
<li>Document the key policy requirements for all APIs that accept a key parameter.</li>
<li>Document more of the error codes for each function.</li>
</ul>
-<p class="rubric">Other changes</p>
+</div>
+<div class="section" id="id3">
+<h4>Other changes</h4>
<ul class="simple">
<li>Require C99 for this specification instead of C89.</li>
-<li>Removed references to non-standard mbed-crypto header files. The only header file that applications need to include is <strong>psa/crypto.h</strong>.</li>
+<li>Removed references to non-standard mbed-crypto header files. The only header file that applications need to include is <code class="file docutils literal"><span class="pre">psa/crypto.h</span></code>.</li>
<li>Reorganized the API reference, grouping the elements in a more natural way.</li>
<li>Improved the cross referencing between all of the document sections, and from code snippets to API element descriptions.</li>
</ul>
</div>
</div>
+<div class="section" id="changes-between-1-0-beta-2-and-1-0-beta-3">
+<h3>Changes between <em>1.0 beta 2</em> and <em>1.0 beta 3</em></h3>
+<div class="section" id="id4">
+<h4>Changes to the API</h4>
+<ul class="simple">
+<li>Change the value of error codes, and some names, to align
+with other PSA specifications. The name changes are:<ul>
+<li><code class="docutils literal"><span class="pre">PSA_ERROR_UNKNOWN_ERROR</span></code> → <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_GENERIC_ERROR" title="PSA_ERROR_GENERIC_ERROR"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_GENERIC_ERROR</span></code></a></li>
+<li><code class="docutils literal"><span class="pre">PSA_ERROR_OCCUPIED_SLOT</span></code> → <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_ALREADY_EXISTS" title="PSA_ERROR_ALREADY_EXISTS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_ALREADY_EXISTS</span></code></a></li>
+<li><code class="docutils literal"><span class="pre">PSA_ERROR_EMPTY_SLOT</span></code> → <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_DOES_NOT_EXIST" title="PSA_ERROR_DOES_NOT_EXIST"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_DOES_NOT_EXIST</span></code></a></li>
+<li><code class="docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_CAPACITY</span></code> → <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_INSUFFICIENT_DATA" title="PSA_ERROR_INSUFFICIENT_DATA"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_DATA</span></code></a></li>
+<li><code class="docutils literal"><span class="pre">PSA_ERROR_TAMPERING_DETECTED</span></code> → <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_CORRUPTION_DETECTED" title="PSA_ERROR_CORRUPTION_DETECTED"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_CORRUPTION_DETECTED</span></code></a></li>
+</ul>
+</li>
+<li>Change the way keys are created to avoid “half-filled” handles
+that contained key metadata, but no key material.
+Now, to create a key, first fill in a data structure containing
+its attributes, then pass this structure to a function that
+both allocates resources for the key and fills in the key
+material. This affects the following functions:<ul>
+<li><a class="reference internal" href="../api/keys/management.html#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_import_key()</span></code></a>, <a class="reference internal" href="../api/keys/management.html#c.psa_generate_key" title="psa_generate_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_generate_key()</span></code></a>, <code class="docutils literal"><span class="pre">psa_generator_import_key()</span></code>
+and <a class="reference internal" href="../api/keys/management.html#c.psa_copy_key" title="psa_copy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_copy_key()</span></code></a> now take an attribute structure, as
+a pointer to <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_attributes_t</span></code></a>, to specify key metadata.
+This replaces the previous method of passing arguments to
+<code class="docutils literal"><span class="pre">psa_create_key()</span></code> or to the key material creation function
+or calling <code class="docutils literal"><span class="pre">psa_set_key_policy()</span></code>.</li>
+<li><code class="docutils literal"><span class="pre">psa_key_policy_t</span></code> and functions operating on that type
+no longer exist. A key’s policy is now accessible as part of
+its attributes.</li>
+<li><code class="docutils literal"><span class="pre">psa_get_key_information()</span></code> is also replaced by accessing the
+key’s attributes, retrieved with <a class="reference internal" href="../api/keys/attributes.html#c.psa_get_key_attributes" title="psa_get_key_attributes"><code class="xref any c c-func docutils literal"><span class="pre">psa_get_key_attributes()</span></code></a>.</li>
+<li><code class="docutils literal"><span class="pre">psa_create_key()</span></code> no longer exists. Instead, set the key id
+attribute and the lifetime attribute before creating the
+key material.</li>
+</ul>
+</li>
+<li>Allow <a class="reference internal" href="../api/ops/aead.html#c.psa_aead_update" title="psa_aead_update"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_update()</span></code></a> to buffer data.</li>
+<li>New buffer size calculation macros.</li>
+<li>Key identifiers are no longer specific to a given lifetime value. <code class="docutils literal"><span class="pre">psa_open_key()</span></code> no longer takes a <code class="docutils literal"><span class="pre">lifetime</span></code> parameter.</li>
+<li>Define a range of key identifiers for use by applications and a separate range for use by implementations.</li>
+<li>Avoid the unusual terminology “generator”: call them
+“key derivation operations” instead. Rename a number of functions
+and other identifiers related to for clarity and consistency:<ul>
+<li><code class="docutils literal"><span class="pre">psa_crypto_generator_t</span></code> → <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_derivation_operation_t</span></code></a></li>
+<li><code class="docutils literal"><span class="pre">PSA_CRYPTO_GENERATOR_INIT</span></code> → <a class="reference internal" href="../api/ops/kdf.html#c.PSA_KEY_DERIVATION_OPERATION_INIT" title="PSA_KEY_DERIVATION_OPERATION_INIT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_OPERATION_INIT</span></code></a></li>
+<li><code class="docutils literal"><span class="pre">psa_crypto_generator_init()</span></code> → <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_operation_init" title="psa_key_derivation_operation_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_operation_init()</span></code></a></li>
+<li><code class="docutils literal"><span class="pre">PSA_GENERATOR_UNBRIDLED_CAPACITY</span></code> → <a class="reference internal" href="../api/ops/kdf.html#c.PSA_KEY_DERIVATION_UNLIMITED_CAPACITY" title="PSA_KEY_DERIVATION_UNLIMITED_CAPACITY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_UNLIMITED_CAPACITY</span></code></a></li>
+<li><code class="docutils literal"><span class="pre">psa_set_generator_capacity()</span></code> → <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_set_capacity" title="psa_key_derivation_set_capacity"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_set_capacity()</span></code></a></li>
+<li><code class="docutils literal"><span class="pre">psa_get_generator_capacity()</span></code> → <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_get_capacity" title="psa_key_derivation_get_capacity"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_get_capacity()</span></code></a></li>
+<li><code class="docutils literal"><span class="pre">psa_key_agreement()</span></code> → <a class="reference internal" href="../api/ops/ka.html#c.psa_key_derivation_key_agreement" title="psa_key_derivation_key_agreement"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_key_agreement()</span></code></a></li>
+<li><code class="docutils literal"><span class="pre">psa_generator_read()</span></code> → <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_output_bytes" title="psa_key_derivation_output_bytes"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_bytes()</span></code></a></li>
+<li><code class="docutils literal"><span class="pre">psa_generate_derived_key()</span></code> → <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_key()</span></code></a></li>
+<li><code class="docutils literal"><span class="pre">psa_generator_abort()</span></code> → <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_abort" title="psa_key_derivation_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_abort()</span></code></a></li>
+<li><code class="docutils literal"><span class="pre">psa_key_agreement_raw_shared_secret()</span></code> → <a class="reference internal" href="../api/ops/ka.html#c.psa_raw_key_agreement" title="psa_raw_key_agreement"><code class="xref any c c-func docutils literal"><span class="pre">psa_raw_key_agreement()</span></code></a></li>
+<li><code class="docutils literal"><span class="pre">PSA_KDF_STEP_xxx</span></code> → <code class="docutils literal"><span class="pre">PSA_KEY_DERIVATION_INPUT_xxx</span></code></li>
+<li><code class="docutils literal"><span class="pre">PSA_xxx_KEYPAIR</span></code> → <code class="docutils literal"><span class="pre">PSA_xxx_KEY_PAIR</span></code></li>
+</ul>
+</li>
+<li>Convert TLS1.2 KDF descriptions to multi-part key derivation.</li>
+</ul>
+</div>
+<div class="section" id="id5">
+<h4>Clarifications</h4>
+<ul class="simple">
+<li>Specify <code class="docutils literal"><span class="pre">psa_generator_import_key()</span></code> for most key types.</li>
+<li>Clarify the behavior in various corner cases.</li>
+<li>Document more error conditions.</li>
+</ul>
+</div>
+</div>
+<div class="section" id="changes-between-1-0-beta-1-and-1-0-beta-2">
+<h3>Changes between <em>1.0 beta 1</em> and <em>1.0 beta 2</em></h3>
+<div class="section" id="id6">
+<h4>Changes to the API</h4>
+<ul class="simple">
+<li>Remove obsolete definition <code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_SELECTION</span></code>.</li>
+<li><a class="reference internal" href="../api/ops/aead.html#c.PSA_AEAD_FINISH_OUTPUT_SIZE" title="PSA_AEAD_FINISH_OUTPUT_SIZE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_AEAD_FINISH_OUTPUT_SIZE</span></code></a>: remove spurious parameter <code class="docutils literal"><span class="pre">plaintext_length</span></code>.</li>
+</ul>
+</div>
+<div class="section" id="id7">
+<h4>Clarifications</h4>
+<ul class="simple">
+<li><code class="docutils literal"><span class="pre">psa_key_agreement()</span></code>: document <code class="docutils literal"><span class="pre">alg</span></code> parameter.</li>
+</ul>
+</div>
+<div class="section" id="id8">
+<h4>Other changes</h4>
+<ul class="simple">
+<li>Document formatting improvements.</li>
+</ul>
+</div>
+</div>
+</div>
<div class="section" id="planned-changes-for-version-1-0-x">
<h2>Planned changes for version 1.0.x</h2>
<p>Future versions of this specification that use a 1.0.x version will describe the same API as this specification. Any changes will not affect application compatibility and will not introduce major features. These updates are intended to add minor requirements on implementations, introduce optional definitions, make corrections, clarify potential or actual ambiguities, or improve the documentation.</p>
@@ -668,37 +674,45 @@
</div>
</div>
<div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper">
- <h3><a href="../index.html">Table Of Contents</a></h3>
- <ul>
-<li><a class="reference internal" href="#">Changes to the API</a><ul>
-<li><a class="reference internal" href="#release-information">Release information</a></li>
-<li><a class="reference internal" href="#document-change-history">Document change history</a><ul>
-<li><a class="reference internal" href="#changes-between-1-0-beta-1-and-1-0-beta-2">Changes between <em>1.0 beta 1</em> and <em>1.0 beta 2</em></a></li>
-<li><a class="reference internal" href="#changes-between-1-0-beta-2-and-1-0-beta-3">Changes between <em>1.0 beta 2</em> and <em>1.0 beta 3</em></a></li>
-<li><a class="reference internal" href="#changes-between-1-0-beta-3-and-1-0-0">Changes between <em>1.0 beta 3</em> and <em>1.0.0</em></a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#planned-changes-for-version-1-0-x">Planned changes for version 1.0.x</a></li>
-<li><a class="reference internal" href="#future-additions">Future additions</a></li>
-</ul>
-</li>
-</ul>
-<div class="relations">
-<h3>Related Topics</h3>
+ <div class="sphinxsidebarwrapper"><h3><a href="../index.html"><b>PSA Crypto API</b></a></h3>
+IHI 0086<br/>
+Non-confidential<br/>
+Version 1.0.1
+<span style="color: red; font-weight: bold;"></span>
<ul>
- <li><a href="../index.html">Documentation overview</a><ul>
- <li>Previous: <a href="specdef_values.html" title="previous chapter">Example macro implementations</a></li>
- </ul></li>
+<li class="toctree-l1"><a class="reference internal" href="../about.html">About this document</a></li>
</ul>
-</div>
- <div role="note" aria-label="source link">
- <h3>This Page</h3>
- <ul class="this-page-menu">
- <li><a href="../_sources/appendix/history.rst.txt"
- rel="nofollow">Show Source</a></li>
- </ul>
- </div>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../overview/intro.html">1. Introduction</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../overview/goals.html">2. Design goals</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../overview/functionality.html">3. Functionality overview</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../overview/sample-arch.html">4. Sample architectures</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../overview/conventions.html">5. Library conventions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../overview/implementation.html">6. Implementation considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../overview/usage.html">7. Usage considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../api/library/index.html">8. Library management reference</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../api/keys/index.html">9. Key management reference</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../api/ops/index.html">10. Cryptographic operation reference</a></li>
+</ul>
+<ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="example_header.html">Example header file</a></li>
+<li class="toctree-l1"><a class="reference internal" href="specdef_values.html">Example macro implementations</a></li>
+<li class="toctree-l1 current"><a class="current reference internal" href="#">Changes to the API</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="#document-change-history">Document change history</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#changes-between-1-0-0-and-1-0-1">Changes between <em>1.0.0</em> and <em>1.0.1</em></a></li>
+<li class="toctree-l3"><a class="reference internal" href="#changes-between-1-0-beta-3-and-1-0-0">Changes between <em>1.0 beta 3</em> and <em>1.0.0</em></a></li>
+<li class="toctree-l3"><a class="reference internal" href="#changes-between-1-0-beta-2-and-1-0-beta-3">Changes between <em>1.0 beta 2</em> and <em>1.0 beta 3</em></a></li>
+<li class="toctree-l3"><a class="reference internal" href="#changes-between-1-0-beta-1-and-1-0-beta-2">Changes between <em>1.0 beta 1</em> and <em>1.0 beta 2</em></a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="#planned-changes-for-version-1-0-x">Planned changes for version 1.0.x</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#future-additions">Future additions</a></li>
+</ul>
+</li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../psa_c-identifiers.html">Index of API elements</a></li>
+</ul>
<div id="searchbox" style="display: none" role="search">
<h3>Quick search</h3>
<form class="search" action="../search.html" method="get">
@@ -714,15 +728,12 @@
<div class="clearer"></div>
</div>
<div class="footer">
- © 2019-2020, Arm Limited or its affiliates. All rights reserved.
+ © 2018-2020, Arm Limited or its affiliates. All rights reserved.
|
Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
& <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
- |
- <a href="../_sources/appendix/history.rst.txt"
- rel="nofollow">Page source</a>
</div>
diff --git a/docs/html/appendix/specdef_values.html b/docs/html/appendix/specdef_values.html
index ed094c5..1b206bb 100644
--- a/docs/html/appendix/specdef_values.html
+++ b/docs/html/appendix/specdef_values.html
@@ -5,22 +5,23 @@
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>Example macro implementations — PSA Crypto API 1.0.0 documentation</title>
+ <title>Example macro implementations — PSA Crypto API 1.0.1 documentation</title>
<link rel="stylesheet" href="../_static/alabaster.css" type="text/css" />
<link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../',
- VERSION: '1.0.0',
+ VERSION: '1.0.1',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
- HAS_SOURCE: true,
+ HAS_SOURCE: false,
SOURCELINK_SUFFIX: '.txt'
};
</script>
<script type="text/javascript" src="../_static/jquery.js"></script>
<script type="text/javascript" src="../_static/underscore.js"></script>
<script type="text/javascript" src="../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../about.html" />
<link rel="index" title="Index" href="../genindex.html" />
<link rel="search" title="Search" href="../search.html" />
<link rel="next" title="Changes to the API" href="history.html" />
@@ -53,154 +54,235 @@
</ul>
<div class="section" id="algorithm-macros">
<h2>Algorithm macros</h2>
-<dl class="docutils">
-<dt><a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG" title="PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG"><code class="docutils literal"><span class="pre">PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">aead_alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">((((</span></code><code class="docutils literal"><span class="pre">aead_alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">~0</span></code><code class="docutils literal"><span class="pre">x003f0000</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x05400100</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">?</span> </code><a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_CCM" title="PSA_ALG_CCM"><code class="docutils literal"><span class="pre">PSA_ALG_CCM</span></code></a><code class="docutils literal"> <span class="pre">:</span> <span class="pre">(((</span></code><code class="docutils literal"><span class="pre">aead_alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">~0</span></code><code class="docutils literal"><span class="pre">x003f0000</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x05400200</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">?</span> </code><a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_GCM" title="PSA_ALG_GCM"><code class="docutils literal"><span class="pre">PSA_ALG_GCM</span></code></a><code class="docutils literal"> <span class="pre">:</span> <span class="pre">(((</span></code><code class="docutils literal"><span class="pre">aead_alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">~0</span></code><code class="docutils literal"><span class="pre">x003f0000</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x05000500</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">?</span> </code><a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_CHACHA20_POLY1305" title="PSA_ALG_CHACHA20_POLY1305"><code class="docutils literal"><span class="pre">PSA_ALG_CHACHA20_POLY1305</span></code></a><code class="docutils literal"> <span class="pre">:</span> </code><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_NONE" title="PSA_ALG_NONE"><code class="docutils literal"><span class="pre">PSA_ALG_NONE</span></code></a><code class="docutils literal"><span class="pre">)</span></code></dd>
-<dt><a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_AEAD_WITH_SHORTENED_TAG" title="PSA_ALG_AEAD_WITH_SHORTENED_TAG"><code class="docutils literal"><span class="pre">PSA_ALG_AEAD_WITH_SHORTENED_TAG</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">aead_alg</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">tag_length</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="docutils literal"><span class="pre">psa_algorithm_t</span></code></a><code class="docutils literal"><span class="pre">)</span> <span class="pre">(((</span></code><code class="docutils literal"><span class="pre">aead_alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">~0</span></code><code class="docutils literal"><span class="pre">x003f0000</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">|</span> <span class="pre">(((</span></code><code class="docutils literal"><span class="pre">tag_length</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x3f</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre"><<</span> <span class="pre">16)))</span></code></dd>
-<dt><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_DETERMINISTIC_ECDSA" title="PSA_ALG_DETERMINISTIC_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_DETERMINISTIC_ECDSA</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="docutils literal"><span class="pre">psa_algorithm_t</span></code></a><code class="docutils literal"><span class="pre">)</span> <span class="pre">(0</span></code><code class="docutils literal"><span class="pre">x06000700</span></code><code class="docutils literal"> <span class="pre">|</span> <span class="pre">((</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x000000ff</span></code><code class="docutils literal"><span class="pre">)))</span></code></dd>
-<dt><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_ECDSA</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="docutils literal"><span class="pre">psa_algorithm_t</span></code></a><code class="docutils literal"><span class="pre">)</span> <span class="pre">(0</span></code><code class="docutils literal"><span class="pre">x06000600</span></code><code class="docutils literal"> <span class="pre">|</span> <span class="pre">((</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x000000ff</span></code><code class="docutils literal"><span class="pre">)))</span></code></dd>
-<dt><a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_FULL_LENGTH_MAC" title="PSA_ALG_FULL_LENGTH_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_FULL_LENGTH_MAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">mac_alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="docutils literal"><span class="pre">psa_algorithm_t</span></code></a><code class="docutils literal"><span class="pre">)</span> <span class="pre">((</span></code><code class="docutils literal"><span class="pre">mac_alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">~0</span></code><code class="docutils literal"><span class="pre">x003f0000</span></code><code class="docutils literal"><span class="pre">))</span></code></dd>
-<dt><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_GET_HASH" title="PSA_ALG_GET_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_GET_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x000000ff</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span> <span class="pre">?</span> </code><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_NONE" title="PSA_ALG_NONE"><code class="docutils literal"><span class="pre">PSA_ALG_NONE</span></code></a><code class="docutils literal"> <span class="pre">:</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x02000000</span></code><code class="docutils literal"> <span class="pre">|</span> <span class="pre">((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x000000ff</span></code><code class="docutils literal"><span class="pre">))</span></code></dd>
-<dt><a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_HKDF" title="PSA_ALG_HKDF"><code class="docutils literal"><span class="pre">PSA_ALG_HKDF</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="docutils literal"><span class="pre">psa_algorithm_t</span></code></a><code class="docutils literal"><span class="pre">)</span> <span class="pre">(0</span></code><code class="docutils literal"><span class="pre">x08000100</span></code><code class="docutils literal"> <span class="pre">|</span> <span class="pre">((</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x000000ff</span></code><code class="docutils literal"><span class="pre">)))</span></code></dd>
-<dt><a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_HMAC" title="PSA_ALG_HMAC"><code class="docutils literal"><span class="pre">PSA_ALG_HMAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="docutils literal"><span class="pre">psa_algorithm_t</span></code></a><code class="docutils literal"><span class="pre">)</span> <span class="pre">(0</span></code><code class="docutils literal"><span class="pre">x03800000</span></code><code class="docutils literal"> <span class="pre">|</span> <span class="pre">((</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x000000ff</span></code><code class="docutils literal"><span class="pre">)))</span></code></dd>
-<dt><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7f000000</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x05000000</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
-<dt><a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER" title="PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7f400000</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x05400000</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
-<dt><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_ASYMMETRIC_ENCRYPTION" title="PSA_ALG_IS_ASYMMETRIC_ENCRYPTION"><code class="docutils literal"><span class="pre">PSA_ALG_IS_ASYMMETRIC_ENCRYPTION</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7f000000</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x07000000</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
-<dt><a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_IS_BLOCK_CIPHER_MAC" title="PSA_ALG_IS_BLOCK_CIPHER_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_BLOCK_CIPHER_MAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7fc00000</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x03c00000</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
-<dt><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_CIPHER</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7f000000</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x03000000</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
-<dt><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_DETERMINISTIC_ECDSA" title="PSA_ALG_IS_DETERMINISTIC_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_IS_DETERMINISTIC_ECDSA</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">~0</span></code><code class="docutils literal"><span class="pre">x000000ff</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x06000700</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
-<dt><a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_IS_ECDH" title="PSA_ALG_IS_ECDH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_ECDH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7fff0000</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x09020000</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
-<dt><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_ECDSA" title="PSA_ALG_IS_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_IS_ECDSA</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">~0</span></code><code class="docutils literal"><span class="pre">x000001ff</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x06000600</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
-<dt><a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_IS_FFDH" title="PSA_ALG_IS_FFDH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_FFDH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7fff0000</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x09010000</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
-<dt><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7f000000</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x02000000</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
-<dt><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_HASH_AND_SIGN" title="PSA_ALG_IS_HASH_AND_SIGN"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HASH_AND_SIGN</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_RSA_PSS" title="PSA_ALG_IS_RSA_PSS"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RSA_PSS</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">||</span> </code><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_RSA_PKCS1V15_SIGN" title="PSA_ALG_IS_RSA_PKCS1V15_SIGN"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RSA_PKCS1V15_SIGN</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">||</span> </code><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_ECDSA" title="PSA_ALG_IS_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_IS_ECDSA</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">))</span></code></dd>
-<dt><a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_IS_HKDF" title="PSA_ALG_IS_HKDF"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HKDF</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">~0</span></code><code class="docutils literal"><span class="pre">x000000ff</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x08000100</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
-<dt><a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_IS_HMAC" title="PSA_ALG_IS_HMAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_HMAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7fc0ff00</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x03800000</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
-<dt><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_KEY_AGREEMENT" title="PSA_ALG_IS_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_AGREEMENT</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7f000000</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x09000000</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
-<dt><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_KEY_DERIVATION" title="PSA_ALG_IS_KEY_DERIVATION"><code class="docutils literal"><span class="pre">PSA_ALG_IS_KEY_DERIVATION</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7f000000</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x08000000</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
-<dt><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_IS_MAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7f000000</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x03000000</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
-<dt><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_RANDOMIZED_ECDSA" title="PSA_ALG_IS_RANDOMIZED_ECDSA"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RANDOMIZED_ECDSA</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">~0</span></code><code class="docutils literal"><span class="pre">x000000ff</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x06000600</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
-<dt><a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_IS_RAW_KEY_AGREEMENT" title="PSA_ALG_IS_RAW_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RAW_KEY_AGREEMENT</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7f00ffff</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x09000000</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
-<dt><a class="reference internal" href="../api/ops/pke.html#c.PSA_ALG_IS_RSA_OAEP" title="PSA_ALG_IS_RSA_OAEP"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RSA_OAEP</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">~0</span></code><code class="docutils literal"><span class="pre">x000000ff</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x07000300</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
-<dt><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_RSA_PKCS1V15_SIGN" title="PSA_ALG_IS_RSA_PKCS1V15_SIGN"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RSA_PKCS1V15_SIGN</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">~0</span></code><code class="docutils literal"><span class="pre">x000000ff</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x06000200</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
-<dt><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_RSA_PSS" title="PSA_ALG_IS_RSA_PSS"><code class="docutils literal"><span class="pre">PSA_ALG_IS_RSA_PSS</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">~0</span></code><code class="docutils literal"><span class="pre">x000000ff</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x06000300</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
-<dt><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_SIGN" title="PSA_ALG_IS_SIGN"><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7f000000</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x06000000</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
-<dt><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_SIGN_HASH" title="PSA_ALG_IS_SIGN_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_SIGN" title="PSA_ALG_IS_SIGN"><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
-<dt><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_SIGN_MESSAGE" title="PSA_ALG_IS_SIGN_MESSAGE"><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN_MESSAGE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_SIGN" title="PSA_ALG_IS_SIGN"><code class="docutils literal"><span class="pre">PSA_ALG_IS_SIGN</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&&</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">!=</span> </code><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_ECDSA_ANY" title="PSA_ALG_ECDSA_ANY"><code class="docutils literal"><span class="pre">PSA_ALG_ECDSA_ANY</span></code></a><code class="docutils literal"> <span class="pre">&&</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">!=</span> </code><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_RSA_PKCS1V15_SIGN_RAW" title="PSA_ALG_RSA_PKCS1V15_SIGN_RAW"><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</span></code></a><code class="docutils literal"><span class="pre">)</span></code></dd>
-<dt><a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_IS_STREAM_CIPHER" title="PSA_ALG_IS_STREAM_CIPHER"><code class="docutils literal"><span class="pre">PSA_ALG_IS_STREAM_CIPHER</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7f800000</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x04800000</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
-<dt><a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_IS_TLS12_PRF" title="PSA_ALG_IS_TLS12_PRF"><code class="docutils literal"><span class="pre">PSA_ALG_IS_TLS12_PRF</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">~0</span></code><code class="docutils literal"><span class="pre">x000000ff</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x08000200</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
-<dt><a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_IS_TLS12_PSK_TO_MS" title="PSA_ALG_IS_TLS12_PSK_TO_MS"><code class="docutils literal"><span class="pre">PSA_ALG_IS_TLS12_PSK_TO_MS</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">~0</span></code><code class="docutils literal"><span class="pre">x000000ff</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x08000300</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
-<dt><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_IS_WILDCARD" title="PSA_ALG_IS_WILDCARD"><code class="docutils literal"><span class="pre">PSA_ALG_IS_WILDCARD</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_GET_HASH" title="PSA_ALG_GET_HASH"><code class="docutils literal"><span class="pre">PSA_ALG_GET_HASH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> </code><code class="docutils literal"><span class="pre">PSA_ALG_HASH_ANY</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
-<dt><a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_KEY_AGREEMENT" title="PSA_ALG_KEY_AGREEMENT"><code class="docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">ka_alg</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">kdf_alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">((</span></code><code class="docutils literal"><span class="pre">ka_alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">|</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">kdf_alg</span></code><code class="docutils literal"><span class="pre">))</span></code></dd>
-<dt><a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_KEY_AGREEMENT_GET_BASE" title="PSA_ALG_KEY_AGREEMENT_GET_BASE"><code class="docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_BASE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="docutils literal"><span class="pre">psa_algorithm_t</span></code></a><code class="docutils literal"><span class="pre">)((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">xffff0000</span></code><code class="docutils literal"><span class="pre">))</span></code></dd>
-<dt><a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_KEY_AGREEMENT_GET_KDF" title="PSA_ALG_KEY_AGREEMENT_GET_KDF"><code class="docutils literal"><span class="pre">PSA_ALG_KEY_AGREEMENT_GET_KDF</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="docutils literal"><span class="pre">psa_algorithm_t</span></code></a><code class="docutils literal"><span class="pre">)((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">xfe00ffff</span></code><code class="docutils literal"><span class="pre">))</span></code></dd>
-<dt><a class="reference internal" href="../api/ops/pke.html#c.PSA_ALG_RSA_OAEP" title="PSA_ALG_RSA_OAEP"><code class="docutils literal"><span class="pre">PSA_ALG_RSA_OAEP</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="docutils literal"><span class="pre">psa_algorithm_t</span></code></a><code class="docutils literal"><span class="pre">)(0</span></code><code class="docutils literal"><span class="pre">x07000300</span></code><code class="docutils literal"> <span class="pre">|</span> <span class="pre">((</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x000000ff</span></code><code class="docutils literal"><span class="pre">)))</span></code></dd>
-<dt><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_RSA_PKCS1V15_SIGN" title="PSA_ALG_RSA_PKCS1V15_SIGN"><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PKCS1V15_SIGN</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="docutils literal"><span class="pre">psa_algorithm_t</span></code></a><code class="docutils literal"><span class="pre">)(0</span></code><code class="docutils literal"><span class="pre">x06000200</span></code><code class="docutils literal"> <span class="pre">|</span> <span class="pre">((</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x000000ff</span></code><code class="docutils literal"><span class="pre">)))</span></code></dd>
-<dt><a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_RSA_PSS" title="PSA_ALG_RSA_PSS"><code class="docutils literal"><span class="pre">PSA_ALG_RSA_PSS</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="docutils literal"><span class="pre">psa_algorithm_t</span></code></a><code class="docutils literal"><span class="pre">)(0</span></code><code class="docutils literal"><span class="pre">x06000300</span></code><code class="docutils literal"> <span class="pre">|</span> <span class="pre">((</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x000000ff</span></code><code class="docutils literal"><span class="pre">)))</span></code></dd>
-<dt><a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_TLS12_PRF" title="PSA_ALG_TLS12_PRF"><code class="docutils literal"><span class="pre">PSA_ALG_TLS12_PRF</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="docutils literal"><span class="pre">psa_algorithm_t</span></code></a><code class="docutils literal"><span class="pre">)</span> <span class="pre">(0</span></code><code class="docutils literal"><span class="pre">x08000200</span></code><code class="docutils literal"> <span class="pre">|</span> <span class="pre">((</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x000000ff</span></code><code class="docutils literal"><span class="pre">)))</span></code></dd>
-<dt><a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_TLS12_PSK_TO_MS" title="PSA_ALG_TLS12_PSK_TO_MS"><code class="docutils literal"><span class="pre">PSA_ALG_TLS12_PSK_TO_MS</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="docutils literal"><span class="pre">psa_algorithm_t</span></code></a><code class="docutils literal"><span class="pre">)</span> <span class="pre">(0</span></code><code class="docutils literal"><span class="pre">x08000300</span></code><code class="docutils literal"> <span class="pre">|</span> <span class="pre">((</span></code><code class="docutils literal"><span class="pre">hash_alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x000000ff</span></code><code class="docutils literal"><span class="pre">)))</span></code></dd>
-<dt><a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_TRUNCATED_MAC" title="PSA_ALG_TRUNCATED_MAC"><code class="docutils literal"><span class="pre">PSA_ALG_TRUNCATED_MAC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">mac_alg</span></code><code class="docutils literal"><span class="pre">,</span> </code><code class="docutils literal"><span class="pre">mac_length</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="docutils literal"><span class="pre">psa_algorithm_t</span></code></a><code class="docutils literal"><span class="pre">)</span> <span class="pre">(((</span></code><code class="docutils literal"><span class="pre">mac_alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">~0</span></code><code class="docutils literal"><span class="pre">x003f0000</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">|</span> <span class="pre">(((</span></code><code class="docutils literal"><span class="pre">mac_length</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x3f</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre"><<</span> <span class="pre">16)))</span></code></dd>
-</dl>
+<pre class="literal-block">
+#define <a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG" title="PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG">PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG</a>(aead_alg) \
+ ((((aead_alg) & ~0x003f0000) == 0x05400100) ? <a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_CCM" title="PSA_ALG_CCM">PSA_ALG_CCM</a> : \
+ (((aead_alg) & ~0x003f0000) == 0x05400200) ? <a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_GCM" title="PSA_ALG_GCM">PSA_ALG_GCM</a> : \
+ (((aead_alg) & ~0x003f0000) == 0x05000500) ? <a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_CHACHA20_POLY1305" title="PSA_ALG_CHACHA20_POLY1305">PSA_ALG_CHACHA20_POLY1305</a> : \
+ <a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_NONE" title="PSA_ALG_NONE">PSA_ALG_NONE</a>)
+
+#define <a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_AEAD_WITH_SHORTENED_TAG" title="PSA_ALG_AEAD_WITH_SHORTENED_TAG">PSA_ALG_AEAD_WITH_SHORTENED_TAG</a>(aead_alg, tag_length) \
+ ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>) (((aead_alg) & ~0x003f0000) | (((tag_length) & 0x3f) << 16)))
+
+#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_DETERMINISTIC_ECDSA" title="PSA_ALG_DETERMINISTIC_ECDSA">PSA_ALG_DETERMINISTIC_ECDSA</a>(hash_alg) \
+ ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>) (0x06000700 | ((hash_alg) & 0x000000ff)))
+
+#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_ECDSA" title="PSA_ALG_ECDSA">PSA_ALG_ECDSA</a>(hash_alg) \
+ ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>) (0x06000600 | ((hash_alg) & 0x000000ff)))
+
+#define <a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_FULL_LENGTH_MAC" title="PSA_ALG_FULL_LENGTH_MAC">PSA_ALG_FULL_LENGTH_MAC</a>(mac_alg) \
+ ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>) ((mac_alg) & ~0x003f0000))
+
+#define <a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_GET_HASH" title="PSA_ALG_GET_HASH">PSA_ALG_GET_HASH</a>(alg) \
+ (((alg) & 0x000000ff) == 0 ? <a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_NONE" title="PSA_ALG_NONE">PSA_ALG_NONE</a> : 0x02000000 | ((alg) & 0x000000ff))
+
+#define <a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_HKDF" title="PSA_ALG_HKDF">PSA_ALG_HKDF</a>(hash_alg) \
+ ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>) (0x08000100 | ((hash_alg) & 0x000000ff)))
+
+#define <a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_HMAC" title="PSA_ALG_HMAC">PSA_ALG_HMAC</a>(hash_alg) \
+ ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>) (0x03800000 | ((hash_alg) & 0x000000ff)))
+
+#define <a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_IS_AEAD" title="PSA_ALG_IS_AEAD">PSA_ALG_IS_AEAD</a>(alg) \
+ (((alg) & 0x7f000000) == 0x05000000)
+
+#define <a class="reference internal" href="../api/ops/aead.html#c.PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER" title="PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER">PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER</a>(alg) \
+ (((alg) & 0x7f400000) == 0x05400000)
+
+#define <a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_IS_ASYMMETRIC_ENCRYPTION" title="PSA_ALG_IS_ASYMMETRIC_ENCRYPTION">PSA_ALG_IS_ASYMMETRIC_ENCRYPTION</a>(alg) \
+ (((alg) & 0x7f000000) == 0x07000000)
+
+#define <a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_IS_BLOCK_CIPHER_MAC" title="PSA_ALG_IS_BLOCK_CIPHER_MAC">PSA_ALG_IS_BLOCK_CIPHER_MAC</a>(alg) \
+ (((alg) & 0x7fc00000) == 0x03c00000)
+
+#define <a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_IS_CIPHER" title="PSA_ALG_IS_CIPHER">PSA_ALG_IS_CIPHER</a>(alg) \
+ (((alg) & 0x7f000000) == 0x03000000)
+
+#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_DETERMINISTIC_ECDSA" title="PSA_ALG_IS_DETERMINISTIC_ECDSA">PSA_ALG_IS_DETERMINISTIC_ECDSA</a>(alg) \
+ (((alg) & ~0x000000ff) == 0x06000700)
+
+#define <a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_IS_ECDH" title="PSA_ALG_IS_ECDH">PSA_ALG_IS_ECDH</a>(alg) \
+ (((alg) & 0x7fff0000) == 0x09020000)
+
+#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_ECDSA" title="PSA_ALG_IS_ECDSA">PSA_ALG_IS_ECDSA</a>(alg) \
+ (((alg) & ~0x000001ff) == 0x06000600)
+
+#define <a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_IS_FFDH" title="PSA_ALG_IS_FFDH">PSA_ALG_IS_FFDH</a>(alg) \
+ (((alg) & 0x7fff0000) == 0x09010000)
+
+#define <a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_IS_HASH" title="PSA_ALG_IS_HASH">PSA_ALG_IS_HASH</a>(alg) \
+ (((alg) & 0x7f000000) == 0x02000000)
+
+#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_HASH_AND_SIGN" title="PSA_ALG_IS_HASH_AND_SIGN">PSA_ALG_IS_HASH_AND_SIGN</a>(alg) \
+ (<a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_RSA_PSS" title="PSA_ALG_IS_RSA_PSS">PSA_ALG_IS_RSA_PSS</a>(alg) || <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_RSA_PKCS1V15_SIGN" title="PSA_ALG_IS_RSA_PKCS1V15_SIGN">PSA_ALG_IS_RSA_PKCS1V15_SIGN</a>(alg) || <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_ECDSA" title="PSA_ALG_IS_ECDSA">PSA_ALG_IS_ECDSA</a>(alg))
+
+#define <a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_IS_HKDF" title="PSA_ALG_IS_HKDF">PSA_ALG_IS_HKDF</a>(alg) \
+ (((alg) & ~0x000000ff) == 0x08000100)
+
+#define <a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_IS_HMAC" title="PSA_ALG_IS_HMAC">PSA_ALG_IS_HMAC</a>(alg) \
+ (((alg) & 0x7fc0ff00) == 0x03800000)
+
+#define <a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_IS_KEY_AGREEMENT" title="PSA_ALG_IS_KEY_AGREEMENT">PSA_ALG_IS_KEY_AGREEMENT</a>(alg) \
+ (((alg) & 0x7f000000) == 0x09000000)
+
+#define <a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_IS_KEY_DERIVATION" title="PSA_ALG_IS_KEY_DERIVATION">PSA_ALG_IS_KEY_DERIVATION</a>(alg) \
+ (((alg) & 0x7f000000) == 0x08000000)
+
+#define <a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_IS_MAC" title="PSA_ALG_IS_MAC">PSA_ALG_IS_MAC</a>(alg) \
+ (((alg) & 0x7f000000) == 0x03000000)
+
+#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_RANDOMIZED_ECDSA" title="PSA_ALG_IS_RANDOMIZED_ECDSA">PSA_ALG_IS_RANDOMIZED_ECDSA</a>(alg) \
+ (((alg) & ~0x000000ff) == 0x06000600)
+
+#define <a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_IS_RAW_KEY_AGREEMENT" title="PSA_ALG_IS_RAW_KEY_AGREEMENT">PSA_ALG_IS_RAW_KEY_AGREEMENT</a>(alg) \
+ (((alg) & 0x7f00ffff) == 0x09000000)
+
+#define <a class="reference internal" href="../api/ops/pke.html#c.PSA_ALG_IS_RSA_OAEP" title="PSA_ALG_IS_RSA_OAEP">PSA_ALG_IS_RSA_OAEP</a>(alg) \
+ (((alg) & ~0x000000ff) == 0x07000300)
+
+#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_RSA_PKCS1V15_SIGN" title="PSA_ALG_IS_RSA_PKCS1V15_SIGN">PSA_ALG_IS_RSA_PKCS1V15_SIGN</a>(alg) \
+ (((alg) & ~0x000000ff) == 0x06000200)
+
+#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_RSA_PSS" title="PSA_ALG_IS_RSA_PSS">PSA_ALG_IS_RSA_PSS</a>(alg) \
+ (((alg) & ~0x000000ff) == 0x06000300)
+
+#define <a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_IS_SIGN" title="PSA_ALG_IS_SIGN">PSA_ALG_IS_SIGN</a>(alg) \
+ (((alg) & 0x7f000000) == 0x06000000)
+
+#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_SIGN_HASH" title="PSA_ALG_IS_SIGN_HASH">PSA_ALG_IS_SIGN_HASH</a>(alg) \
+ <a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_IS_SIGN" title="PSA_ALG_IS_SIGN">PSA_ALG_IS_SIGN</a>(alg)
+
+#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_IS_SIGN_MESSAGE" title="PSA_ALG_IS_SIGN_MESSAGE">PSA_ALG_IS_SIGN_MESSAGE</a>(alg) \
+ (<a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_IS_SIGN" title="PSA_ALG_IS_SIGN">PSA_ALG_IS_SIGN</a>(alg) && \
+ (alg) != <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_ECDSA_ANY" title="PSA_ALG_ECDSA_ANY">PSA_ALG_ECDSA_ANY</a> && (alg) != <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_RSA_PKCS1V15_SIGN_RAW" title="PSA_ALG_RSA_PKCS1V15_SIGN_RAW">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</a>)
+
+#define <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_ALG_IS_STREAM_CIPHER" title="PSA_ALG_IS_STREAM_CIPHER">PSA_ALG_IS_STREAM_CIPHER</a>(alg) \
+ (((alg) & 0x7f800000) == 0x04800000)
+
+#define <a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_IS_TLS12_PRF" title="PSA_ALG_IS_TLS12_PRF">PSA_ALG_IS_TLS12_PRF</a>(alg) \
+ (((alg) & ~0x000000ff) == 0x08000200)
+
+#define <a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_IS_TLS12_PSK_TO_MS" title="PSA_ALG_IS_TLS12_PSK_TO_MS">PSA_ALG_IS_TLS12_PSK_TO_MS</a>(alg) \
+ (((alg) & ~0x000000ff) == 0x08000300)
+
+#define <a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_IS_WILDCARD" title="PSA_ALG_IS_WILDCARD">PSA_ALG_IS_WILDCARD</a>(alg) \
+ (<a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_GET_HASH" title="PSA_ALG_GET_HASH">PSA_ALG_GET_HASH</a>(alg) == PSA_ALG_HASH_ANY)
+
+#define <a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_KEY_AGREEMENT" title="PSA_ALG_KEY_AGREEMENT">PSA_ALG_KEY_AGREEMENT</a>(ka_alg, kdf_alg) \
+ ((ka_alg) | (kdf_alg))
+
+#define <a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_KEY_AGREEMENT_GET_BASE" title="PSA_ALG_KEY_AGREEMENT_GET_BASE">PSA_ALG_KEY_AGREEMENT_GET_BASE</a>(alg) \
+ ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)((alg) & 0xffff0000))
+
+#define <a class="reference internal" href="../api/ops/ka.html#c.PSA_ALG_KEY_AGREEMENT_GET_KDF" title="PSA_ALG_KEY_AGREEMENT_GET_KDF">PSA_ALG_KEY_AGREEMENT_GET_KDF</a>(alg) \
+ ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)((alg) & 0xfe00ffff))
+
+#define <a class="reference internal" href="../api/ops/pke.html#c.PSA_ALG_RSA_OAEP" title="PSA_ALG_RSA_OAEP">PSA_ALG_RSA_OAEP</a>(hash_alg) \
+ ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)(0x07000300 | ((hash_alg) & 0x000000ff)))
+
+#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_RSA_PKCS1V15_SIGN" title="PSA_ALG_RSA_PKCS1V15_SIGN">PSA_ALG_RSA_PKCS1V15_SIGN</a>(hash_alg) \
+ ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)(0x06000200 | ((hash_alg) & 0x000000ff)))
+
+#define <a class="reference internal" href="../api/ops/sign.html#c.PSA_ALG_RSA_PSS" title="PSA_ALG_RSA_PSS">PSA_ALG_RSA_PSS</a>(hash_alg) \
+ ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>)(0x06000300 | ((hash_alg) & 0x000000ff)))
+
+#define <a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_TLS12_PRF" title="PSA_ALG_TLS12_PRF">PSA_ALG_TLS12_PRF</a>(hash_alg) \
+ ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>) (0x08000200 | ((hash_alg) & 0x000000ff)))
+
+#define <a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_TLS12_PSK_TO_MS" title="PSA_ALG_TLS12_PSK_TO_MS">PSA_ALG_TLS12_PSK_TO_MS</a>(hash_alg) \
+ ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>) (0x08000300 | ((hash_alg) & 0x000000ff)))
+
+#define <a class="reference internal" href="../api/ops/macs.html#c.PSA_ALG_TRUNCATED_MAC" title="PSA_ALG_TRUNCATED_MAC">PSA_ALG_TRUNCATED_MAC</a>(mac_alg, mac_length) \
+ ((<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t">psa_algorithm_t</a>) (((mac_alg) & ~0x003f0000) | (((mac_length) & 0x3f) << 16)))
+</pre>
</div>
<div class="section" id="key-type-macros">
<h2>Key type macros</h2>
-<dl class="docutils">
-<dt><a class="reference internal" href="../api/ops/ciphers.html#c.PSA_BLOCK_CIPHER_BLOCK_LENGTH" title="PSA_BLOCK_CIPHER_BLOCK_LENGTH"><code class="docutils literal"><span class="pre">PSA_BLOCK_CIPHER_BLOCK_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">(1</span></code><code class="docutils literal"><span class="pre">u</span></code><code class="docutils literal"> <span class="pre"><<</span> <span class="pre">(((</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">>></span> <span class="pre">8)</span> <span class="pre">&</span> <span class="pre">7))</span></code></dd>
-<dt><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_DH_GET_FAMILY" title="PSA_KEY_TYPE_DH_GET_FAMILY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DH_GET_FAMILY</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/types.html#c.psa_dh_family_t" title="psa_dh_family_t"><code class="docutils literal"><span class="pre">psa_dh_family_t</span></code></a><code class="docutils literal"><span class="pre">)</span> <span class="pre">((</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x00ff</span></code><code class="docutils literal"><span class="pre">))</span></code></dd>
-<dt><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_DH_KEY_PAIR" title="PSA_KEY_TYPE_DH_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DH_KEY_PAIR</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">group</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="docutils literal"><span class="pre">psa_key_type_t</span></code></a><code class="docutils literal"><span class="pre">)</span> <span class="pre">(0</span></code><code class="docutils literal"><span class="pre">x7200</span></code><code class="docutils literal"> <span class="pre">|</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">group</span></code><code class="docutils literal"><span class="pre">)))</span></code></dd>
-<dt><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_DH_PUBLIC_KEY" title="PSA_KEY_TYPE_DH_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_DH_PUBLIC_KEY</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">group</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="docutils literal"><span class="pre">psa_key_type_t</span></code></a><code class="docutils literal"><span class="pre">)</span> <span class="pre">(0</span></code><code class="docutils literal"><span class="pre">x4200</span></code><code class="docutils literal"> <span class="pre">|</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">group</span></code><code class="docutils literal"><span class="pre">)))</span></code></dd>
-<dt><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_ECC_GET_FAMILY" title="PSA_KEY_TYPE_ECC_GET_FAMILY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_GET_FAMILY</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/types.html#c.psa_ecc_family_t" title="psa_ecc_family_t"><code class="docutils literal"><span class="pre">psa_ecc_family_t</span></code></a><code class="docutils literal"><span class="pre">)</span> <span class="pre">((</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x00ff</span></code><code class="docutils literal"><span class="pre">))</span></code></dd>
-<dt><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_ECC_KEY_PAIR" title="PSA_KEY_TYPE_ECC_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_KEY_PAIR</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">curve</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="docutils literal"><span class="pre">psa_key_type_t</span></code></a><code class="docutils literal"><span class="pre">)</span> <span class="pre">(0</span></code><code class="docutils literal"><span class="pre">x7100</span></code><code class="docutils literal"> <span class="pre">|</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">curve</span></code><code class="docutils literal"><span class="pre">)))</span></code></dd>
-<dt><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_ECC_PUBLIC_KEY" title="PSA_KEY_TYPE_ECC_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_ECC_PUBLIC_KEY</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">curve</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="docutils literal"><span class="pre">psa_key_type_t</span></code></a><code class="docutils literal"><span class="pre">)</span> <span class="pre">(0</span></code><code class="docutils literal"><span class="pre">x4100</span></code><code class="docutils literal"> <span class="pre">|</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">curve</span></code><code class="docutils literal"><span class="pre">)))</span></code></dd>
-<dt><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_ASYMMETRIC" title="PSA_KEY_TYPE_IS_ASYMMETRIC"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ASYMMETRIC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x4000</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x4000</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
-<dt><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_DH" title="PSA_KEY_TYPE_IS_DH"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_DH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR" title="PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">xff00</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x4200</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
-<dt><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_DH_KEY_PAIR" title="PSA_KEY_TYPE_IS_DH_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_DH_KEY_PAIR</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">xff00</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7200</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
-<dt><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_DH_PUBLIC_KEY" title="PSA_KEY_TYPE_IS_DH_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_DH_PUBLIC_KEY</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">xff00</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x4200</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
-<dt><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_ECC" title="PSA_KEY_TYPE_IS_ECC"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ECC</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR" title="PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">xff00</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x4100</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
-<dt><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_ECC_KEY_PAIR" title="PSA_KEY_TYPE_IS_ECC_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ECC_KEY_PAIR</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">xff00</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7100</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
-<dt><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY" title="PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">xff00</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x4100</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
-<dt><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_KEY_PAIR" title="PSA_KEY_TYPE_IS_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_KEY_PAIR</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7000</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7000</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
-<dt><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_PUBLIC_KEY" title="PSA_KEY_TYPE_IS_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_PUBLIC_KEY</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7000</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x4000</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
-<dt><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_RSA" title="PSA_KEY_TYPE_IS_RSA"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_RSA</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR" title="PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x4001</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
-<dt><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_UNSTRUCTURED" title="PSA_KEY_TYPE_IS_UNSTRUCTURED"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_IS_UNSTRUCTURED</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">(((</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7000</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x1000</span></code><code class="docutils literal"> <span class="pre">||</span> <span class="pre">((</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x7000</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">==</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x2000</span></code><code class="docutils literal"><span class="pre">)</span></code></dd>
-<dt><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY" title="PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="docutils literal"><span class="pre">psa_key_type_t</span></code></a><code class="docutils literal"><span class="pre">)</span> <span class="pre">((</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">|</span> <span class="pre">0</span></code><code class="docutils literal"><span class="pre">x3000</span></code><code class="docutils literal"><span class="pre">))</span></code></dd>
-<dt><a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR" title="PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR"><code class="docutils literal"><span class="pre">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">((</span></code><a class="reference internal" href="../api/keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="docutils literal"><span class="pre">psa_key_type_t</span></code></a><code class="docutils literal"><span class="pre">)</span> <span class="pre">((</span></code><code class="docutils literal"><span class="pre">type</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">&</span> <span class="pre">~0</span></code><code class="docutils literal"><span class="pre">x3000</span></code><code class="docutils literal"><span class="pre">))</span></code></dd>
-</dl>
+<pre class="literal-block">
+#define <a class="reference internal" href="../api/ops/ciphers.html#c.PSA_BLOCK_CIPHER_BLOCK_LENGTH" title="PSA_BLOCK_CIPHER_BLOCK_LENGTH">PSA_BLOCK_CIPHER_BLOCK_LENGTH</a>(type) \
+ (1u << (((type) >> 8) & 7))
+
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_DH_GET_FAMILY" title="PSA_KEY_TYPE_DH_GET_FAMILY">PSA_KEY_TYPE_DH_GET_FAMILY</a>(type) \
+ ((<a class="reference internal" href="../api/keys/types.html#c.psa_dh_family_t" title="psa_dh_family_t">psa_dh_family_t</a>) ((type) & 0x00ff))
+
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_DH_KEY_PAIR" title="PSA_KEY_TYPE_DH_KEY_PAIR">PSA_KEY_TYPE_DH_KEY_PAIR</a>(group) \
+ ((<a class="reference internal" href="../api/keys/types.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>) (0x7200 | (group)))
+
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_DH_PUBLIC_KEY" title="PSA_KEY_TYPE_DH_PUBLIC_KEY">PSA_KEY_TYPE_DH_PUBLIC_KEY</a>(group) \
+ ((<a class="reference internal" href="../api/keys/types.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>) (0x4200 | (group)))
+
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_ECC_GET_FAMILY" title="PSA_KEY_TYPE_ECC_GET_FAMILY">PSA_KEY_TYPE_ECC_GET_FAMILY</a>(type) \
+ ((<a class="reference internal" href="../api/keys/types.html#c.psa_ecc_family_t" title="psa_ecc_family_t">psa_ecc_family_t</a>) ((type) & 0x00ff))
+
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_ECC_KEY_PAIR" title="PSA_KEY_TYPE_ECC_KEY_PAIR">PSA_KEY_TYPE_ECC_KEY_PAIR</a>(curve) \
+ ((<a class="reference internal" href="../api/keys/types.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>) (0x7100 | (curve)))
+
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_ECC_PUBLIC_KEY" title="PSA_KEY_TYPE_ECC_PUBLIC_KEY">PSA_KEY_TYPE_ECC_PUBLIC_KEY</a>(curve) \
+ ((<a class="reference internal" href="../api/keys/types.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>) (0x4100 | (curve)))
+
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_ASYMMETRIC" title="PSA_KEY_TYPE_IS_ASYMMETRIC">PSA_KEY_TYPE_IS_ASYMMETRIC</a>(type) \
+ (((type) & 0x4000) == 0x4000)
+
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_DH" title="PSA_KEY_TYPE_IS_DH">PSA_KEY_TYPE_IS_DH</a>(type) \
+ ((<a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR" title="PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR</a>(type) & 0xff00) == 0x4200)
+
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_DH_KEY_PAIR" title="PSA_KEY_TYPE_IS_DH_KEY_PAIR">PSA_KEY_TYPE_IS_DH_KEY_PAIR</a>(type) \
+ (((type) & 0xff00) == 0x7200)
+
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_DH_PUBLIC_KEY" title="PSA_KEY_TYPE_IS_DH_PUBLIC_KEY">PSA_KEY_TYPE_IS_DH_PUBLIC_KEY</a>(type) \
+ (((type) & 0xff00) == 0x4200)
+
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_ECC" title="PSA_KEY_TYPE_IS_ECC">PSA_KEY_TYPE_IS_ECC</a>(type) \
+ ((<a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR" title="PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR</a>(type) & 0xff00) == 0x4100)
+
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_ECC_KEY_PAIR" title="PSA_KEY_TYPE_IS_ECC_KEY_PAIR">PSA_KEY_TYPE_IS_ECC_KEY_PAIR</a>(type) \
+ (((type) & 0xff00) == 0x7100)
+
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY" title="PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY">PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY</a>(type) \
+ (((type) & 0xff00) == 0x4100)
+
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_KEY_PAIR" title="PSA_KEY_TYPE_IS_KEY_PAIR">PSA_KEY_TYPE_IS_KEY_PAIR</a>(type) \
+ (((type) & 0x7000) == 0x7000)
+
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_PUBLIC_KEY" title="PSA_KEY_TYPE_IS_PUBLIC_KEY">PSA_KEY_TYPE_IS_PUBLIC_KEY</a>(type) \
+ (((type) & 0x7000) == 0x4000)
+
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_RSA" title="PSA_KEY_TYPE_IS_RSA">PSA_KEY_TYPE_IS_RSA</a>(type) \
+ (<a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR" title="PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR</a>(type) == 0x4001)
+
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_IS_UNSTRUCTURED" title="PSA_KEY_TYPE_IS_UNSTRUCTURED">PSA_KEY_TYPE_IS_UNSTRUCTURED</a>(type) \
+ (((type) & 0x7000) == 0x1000 || ((type) & 0x7000) == 0x2000)
+
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY" title="PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY">PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY</a>(type) \
+ ((<a class="reference internal" href="../api/keys/types.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>) ((type) | 0x3000))
+
+#define <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR" title="PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR</a>(type) \
+ ((<a class="reference internal" href="../api/keys/types.html#c.psa_key_type_t" title="psa_key_type_t">psa_key_type_t</a>) ((type) & ~0x3000))
+</pre>
</div>
<div class="section" id="hash-suspend-state-macros">
<h2>Hash suspend state macros</h2>
-<dl class="docutils">
-<dt><a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH" title="PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)==</span></code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_MD2" title="PSA_ALG_MD2"><code class="docutils literal"><span class="pre">PSA_ALG_MD2</span></code></a><code class="docutils literal"> <span class="pre">?</span> <span class="pre">64</span> <span class="pre">:</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)==</span></code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_MD4" title="PSA_ALG_MD4"><code class="docutils literal"><span class="pre">PSA_ALG_MD4</span></code></a><code class="docutils literal"> <span class="pre">||</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)==</span></code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_MD5" title="PSA_ALG_MD5"><code class="docutils literal"><span class="pre">PSA_ALG_MD5</span></code></a><code class="docutils literal"> <span class="pre">?</span> <span class="pre">16</span> <span class="pre">:</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)==</span></code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_RIPEMD160" title="PSA_ALG_RIPEMD160"><code class="docutils literal"><span class="pre">PSA_ALG_RIPEMD160</span></code></a><code class="docutils literal"> <span class="pre">||</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)==</span></code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_1" title="PSA_ALG_SHA_1"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_1</span></code></a><code class="docutils literal"> <span class="pre">?</span> <span class="pre">20</span> <span class="pre">:</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)==</span></code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_224" title="PSA_ALG_SHA_224"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_224</span></code></a><code class="docutils literal"> <span class="pre">||</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)==</span></code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_256" title="PSA_ALG_SHA_256"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_256</span></code></a><code class="docutils literal"> <span class="pre">?</span> <span class="pre">32</span> <span class="pre">:</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)==</span></code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_512" title="PSA_ALG_SHA_512"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_512</span></code></a><code class="docutils literal"> <span class="pre">||</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)==</span></code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_384" title="PSA_ALG_SHA_384"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_384</span></code></a><code class="docutils literal"> <span class="pre">||</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)==</span></code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_512_256" title="PSA_ALG_SHA_512_256"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_512_256</span></code></a><code class="docutils literal"> <span class="pre">?</span> <span class="pre">64</span> <span class="pre">:</span> <span class="pre">0)</span></code></dd>
-<dt><a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH" title="PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">((</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)==</span></code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_MD2" title="PSA_ALG_MD2"><code class="docutils literal"><span class="pre">PSA_ALG_MD2</span></code></a><code class="docutils literal"> <span class="pre">?</span> <span class="pre">1</span> <span class="pre">:</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)==</span></code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_MD4" title="PSA_ALG_MD4"><code class="docutils literal"><span class="pre">PSA_ALG_MD4</span></code></a><code class="docutils literal"> <span class="pre">||</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)==</span></code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_MD5" title="PSA_ALG_MD5"><code class="docutils literal"><span class="pre">PSA_ALG_MD5</span></code></a><code class="docutils literal"> <span class="pre">||</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)==</span></code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_RIPEMD160" title="PSA_ALG_RIPEMD160"><code class="docutils literal"><span class="pre">PSA_ALG_RIPEMD160</span></code></a><code class="docutils literal"> <span class="pre">||</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)==</span></code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_1" title="PSA_ALG_SHA_1"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_1</span></code></a><code class="docutils literal"> <span class="pre">||</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)==</span></code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_224" title="PSA_ALG_SHA_224"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_224</span></code></a><code class="docutils literal"> <span class="pre">||</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)==</span></code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_256" title="PSA_ALG_SHA_256"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_256</span></code></a><code class="docutils literal"> <span class="pre">?</span> <span class="pre">8</span> <span class="pre">:</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)==</span></code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_512" title="PSA_ALG_SHA_512"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_512</span></code></a><code class="docutils literal"> <span class="pre">||</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)==</span></code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_384" title="PSA_ALG_SHA_384"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_384</span></code></a><code class="docutils literal"> <span class="pre">||</span> <span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)==</span></code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_512_256" title="PSA_ALG_SHA_512_256"><code class="docutils literal"><span class="pre">PSA_ALG_SHA_512_256</span></code></a><code class="docutils literal"> <span class="pre">?</span> <span class="pre">16</span> <span class="pre">:</span> <span class="pre">0)</span></code></dd>
-<dt><a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_SUSPEND_OUTPUT_SIZE" title="PSA_HASH_SUSPEND_OUTPUT_SIZE"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_OUTPUT_SIZE</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span></code></dt>
-<dd><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH" title="PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH</span></code></a><code class="docutils literal"> <span class="pre">+</span> </code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH" title="PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">+</span> </code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH" title="PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">+</span> </code><a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_BLOCK_LENGTH" title="PSA_HASH_BLOCK_LENGTH"><code class="docutils literal"><span class="pre">PSA_HASH_BLOCK_LENGTH</span></code></a><code class="docutils literal"><span class="pre">(</span></code><code class="docutils literal"><span class="pre">alg</span></code><code class="docutils literal"><span class="pre">)</span> <span class="pre">-</span> <span class="pre">1)</span></code></dd>
-</dl>
+<pre class="literal-block">
+#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH" title="PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH">PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH</a>(alg) \
+ ((alg)==<a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_MD2" title="PSA_ALG_MD2">PSA_ALG_MD2</a> ? 64 : \
+ (alg)==<a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_MD4" title="PSA_ALG_MD4">PSA_ALG_MD4</a> || (alg)==<a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_MD5" title="PSA_ALG_MD5">PSA_ALG_MD5</a> ? 16 : \
+ (alg)==<a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_RIPEMD160" title="PSA_ALG_RIPEMD160">PSA_ALG_RIPEMD160</a> || (alg)==<a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_1" title="PSA_ALG_SHA_1">PSA_ALG_SHA_1</a> ? 20 : \
+ (alg)==<a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_224" title="PSA_ALG_SHA_224">PSA_ALG_SHA_224</a> || (alg)==<a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_256" title="PSA_ALG_SHA_256">PSA_ALG_SHA_256</a> ? 32 : \
+ (alg)==<a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_512" title="PSA_ALG_SHA_512">PSA_ALG_SHA_512</a> || (alg)==<a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_384" title="PSA_ALG_SHA_384">PSA_ALG_SHA_384</a> || (alg)==<a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_512_256" title="PSA_ALG_SHA_512_256">PSA_ALG_SHA_512_256</a> ? 64 : \
+ 0)
+
+#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH" title="PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH">PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH</a>(alg) \
+ ((alg)==<a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_MD2" title="PSA_ALG_MD2">PSA_ALG_MD2</a> ? 1 : \
+ (alg)==<a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_MD4" title="PSA_ALG_MD4">PSA_ALG_MD4</a> || (alg)==<a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_MD5" title="PSA_ALG_MD5">PSA_ALG_MD5</a> || (alg)==<a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_RIPEMD160" title="PSA_ALG_RIPEMD160">PSA_ALG_RIPEMD160</a> || \
+ (alg)==<a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_1" title="PSA_ALG_SHA_1">PSA_ALG_SHA_1</a> || (alg)==<a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_224" title="PSA_ALG_SHA_224">PSA_ALG_SHA_224</a> || (alg)==<a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_256" title="PSA_ALG_SHA_256">PSA_ALG_SHA_256</a> ? 8 : \
+ (alg)==<a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_512" title="PSA_ALG_SHA_512">PSA_ALG_SHA_512</a> || (alg)==<a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_384" title="PSA_ALG_SHA_384">PSA_ALG_SHA_384</a> || (alg)==<a class="reference internal" href="../api/ops/hashes.html#c.PSA_ALG_SHA_512_256" title="PSA_ALG_SHA_512_256">PSA_ALG_SHA_512_256</a> ? 16 : \
+ 0)
+
+#define <a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_SUSPEND_OUTPUT_SIZE" title="PSA_HASH_SUSPEND_OUTPUT_SIZE">PSA_HASH_SUSPEND_OUTPUT_SIZE</a>(alg) \
+ (<a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH" title="PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH">PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH</a> + \
+ <a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH" title="PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH">PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH</a>(alg) + \
+ <a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH" title="PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH">PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH</a>(alg) + \
+ <a class="reference internal" href="../api/ops/hashes.html#c.PSA_HASH_BLOCK_LENGTH" title="PSA_HASH_BLOCK_LENGTH">PSA_HASH_BLOCK_LENGTH</a>(alg) - 1)
+</pre>
</div>
</div>
@@ -209,32 +291,39 @@
</div>
</div>
<div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper">
- <h3><a href="../index.html">Table Of Contents</a></h3>
- <ul>
-<li><a class="reference internal" href="#">Example macro implementations</a><ul>
-<li><a class="reference internal" href="#algorithm-macros">Algorithm macros</a></li>
-<li><a class="reference internal" href="#key-type-macros">Key type macros</a></li>
-<li><a class="reference internal" href="#hash-suspend-state-macros">Hash suspend state macros</a></li>
+ <div class="sphinxsidebarwrapper"><h3><a href="../index.html"><b>PSA Crypto API</b></a></h3>
+IHI 0086<br/>
+Non-confidential<br/>
+Version 1.0.1
+<span style="color: red; font-weight: bold;"></span>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../about.html">About this document</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../overview/intro.html">1. Introduction</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../overview/goals.html">2. Design goals</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../overview/functionality.html">3. Functionality overview</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../overview/sample-arch.html">4. Sample architectures</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../overview/conventions.html">5. Library conventions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../overview/implementation.html">6. Implementation considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../overview/usage.html">7. Usage considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../api/library/index.html">8. Library management reference</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../api/keys/index.html">9. Key management reference</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../api/ops/index.html">10. Cryptographic operation reference</a></li>
+</ul>
+<ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="example_header.html">Example header file</a></li>
+<li class="toctree-l1 current"><a class="current reference internal" href="#">Example macro implementations</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="#algorithm-macros">Algorithm macros</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#key-type-macros">Key type macros</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#hash-suspend-state-macros">Hash suspend state macros</a></li>
</ul>
</li>
+<li class="toctree-l1"><a class="reference internal" href="history.html">Changes to the API</a></li>
</ul>
-<div class="relations">
-<h3>Related Topics</h3>
<ul>
- <li><a href="../index.html">Documentation overview</a><ul>
- <li>Previous: <a href="example_header.html" title="previous chapter">Example header file</a></li>
- <li>Next: <a href="history.html" title="next chapter">Changes to the API</a></li>
- </ul></li>
+<li class="toctree-l1"><a class="reference internal" href="../psa_c-identifiers.html">Index of API elements</a></li>
</ul>
-</div>
- <div role="note" aria-label="source link">
- <h3>This Page</h3>
- <ul class="this-page-menu">
- <li><a href="../_sources/appendix/specdef_values.rst.txt"
- rel="nofollow">Show Source</a></li>
- </ul>
- </div>
<div id="searchbox" style="display: none" role="search">
<h3>Quick search</h3>
<form class="search" action="../search.html" method="get">
@@ -250,15 +339,12 @@
<div class="clearer"></div>
</div>
<div class="footer">
- © 2019-2020, Arm Limited or its affiliates. All rights reserved.
+ © 2018-2020, Arm Limited or its affiliates. All rights reserved.
|
Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
& <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
- |
- <a href="../_sources/appendix/specdef_values.rst.txt"
- rel="nofollow">Page source</a>
</div>
diff --git a/docs/html/genindex.html b/docs/html/genindex.html
index 192532f..e948e77 100644
--- a/docs/html/genindex.html
+++ b/docs/html/genindex.html
@@ -6,22 +6,23 @@
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>Index — PSA Crypto API 1.0.0 documentation</title>
+ <title>Index — PSA Crypto API 1.0.1 documentation</title>
<link rel="stylesheet" href="_static/alabaster.css" type="text/css" />
<link rel="stylesheet" href="_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: './',
- VERSION: '1.0.0',
+ VERSION: '1.0.1',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
- HAS_SOURCE: true,
+ HAS_SOURCE: false,
SOURCELINK_SUFFIX: '.txt'
};
</script>
<script type="text/javascript" src="_static/jquery.js"></script>
<script type="text/javascript" src="_static/underscore.js"></script>
<script type="text/javascript" src="_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="about.html" />
<link rel="index" title="Index" href="#" />
<link rel="search" title="Search" href="search.html" />
@@ -50,16 +51,34 @@
</div>
</div>
<div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper">
-
- <div class="relations">
-<h3>Related Topics</h3>
+ <div class="sphinxsidebarwrapper"><h3><a href="index.html"><b>PSA Crypto API</b></a></h3>
+IHI 0086<br/>
+Non-confidential<br/>
+Version 1.0.1
+<span style="color: red; font-weight: bold;"></span>
<ul>
- <li><a href="index.html">Documentation overview</a><ul>
- </ul></li>
+<li class="toctree-l1"><a class="reference internal" href="about.html">About this document</a></li>
</ul>
-</div>
-
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="overview/intro.html">1. Introduction</a></li>
+<li class="toctree-l1"><a class="reference internal" href="overview/goals.html">2. Design goals</a></li>
+<li class="toctree-l1"><a class="reference internal" href="overview/functionality.html">3. Functionality overview</a></li>
+<li class="toctree-l1"><a class="reference internal" href="overview/sample-arch.html">4. Sample architectures</a></li>
+<li class="toctree-l1"><a class="reference internal" href="overview/conventions.html">5. Library conventions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="overview/implementation.html">6. Implementation considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="overview/usage.html">7. Usage considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="api/library/index.html">8. Library management reference</a></li>
+<li class="toctree-l1"><a class="reference internal" href="api/keys/index.html">9. Key management reference</a></li>
+<li class="toctree-l1"><a class="reference internal" href="api/ops/index.html">10. Cryptographic operation reference</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="appendix/example_header.html">Example header file</a></li>
+<li class="toctree-l1"><a class="reference internal" href="appendix/specdef_values.html">Example macro implementations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="appendix/history.html">Changes to the API</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="psa_c-identifiers.html">Index of API elements</a></li>
+</ul>
<div id="searchbox" style="display: none" role="search">
<h3>Quick search</h3>
<form class="search" action="search.html" method="get">
@@ -75,7 +94,7 @@
<div class="clearer"></div>
</div>
<div class="footer">
- © 2019-2020, Arm Limited or its affiliates. All rights reserved.
+ © 2018-2020, Arm Limited or its affiliates. All rights reserved.
|
Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
diff --git a/docs/html/index.html b/docs/html/index.html
index 6f91897..39dc94b 100644
--- a/docs/html/index.html
+++ b/docs/html/index.html
@@ -5,25 +5,26 @@
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>PSA Cryptography API 1.0 — PSA Crypto API 1.0.0 documentation</title>
+ <title>PSA Cryptography API 1.0 — PSA Crypto API 1.0.1 documentation</title>
<link rel="stylesheet" href="_static/alabaster.css" type="text/css" />
<link rel="stylesheet" href="_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: './',
- VERSION: '1.0.0',
+ VERSION: '1.0.1',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
- HAS_SOURCE: true,
+ HAS_SOURCE: false,
SOURCELINK_SUFFIX: '.txt'
};
</script>
<script type="text/javascript" src="_static/jquery.js"></script>
<script type="text/javascript" src="_static/underscore.js"></script>
<script type="text/javascript" src="_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="about.html" />
<link rel="index" title="Index" href="genindex.html" />
<link rel="search" title="Search" href="search.html" />
- <link rel="next" title="Introduction" href="overview/intro.html" />
+ <link rel="next" title="About this document" href="about.html" />
<link rel="stylesheet" href="_static/custom.css" type="text/css" />
@@ -38,236 +39,285 @@
<div class="bodywrapper">
<div class="body" role="main">
- <div class="section" id="psa-cryptography-api-version">
+ <a class="reference internal image-reference" href="_images/Arm_logo_blue_150LG.png"><img alt="_images/Arm_logo_blue_150LG.png" class="align-right" src="_images/Arm_logo_blue_150LG.png" style="width: 5cm;" /></a>
+<div class="section" id="doctitle-docversion">
<h1>PSA Cryptography API 1.0</h1>
+<table border="1" class="titletable docutils align-left">
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<tbody valign="top">
+<tr class="row-odd"><td>Document number:</td>
+<td>IHI 0086</td>
+</tr>
+<tr class="row-even"><td>Release Quality:</td>
+<td>Final</td>
+</tr>
+<tr class="row-odd"><td>Issue Number:</td>
+<td>1</td>
+</tr>
+<tr class="row-even"><td>Confidentiality:</td>
+<td>Non-confidential</td>
+</tr>
+<tr class="row-odd"><td>Date of Issue:</td>
+<td>27/08/2020</td>
+</tr>
+</tbody>
+</table>
+<p class="titlecopyright">Copyright © 2018-2020, Arm Limited. All rights reserved.</p>
+<p><span class="sectiontitle">Contents</span></p>
<div class="toctree-wrapper compound">
<ul>
-<li class="toctree-l1"><a class="reference internal" href="overview/intro.html">Introduction</a></li>
-<li class="toctree-l1"><a class="reference internal" href="overview/goals.html">Design goals</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="overview/goals.html#suitable-for-constrained-devices">Suitable for constrained devices</a></li>
-<li class="toctree-l2"><a class="reference internal" href="overview/goals.html#a-keystore-interface">A keystore interface</a></li>
-<li class="toctree-l2"><a class="reference internal" href="overview/goals.html#optional-isolation">Optional isolation</a></li>
-<li class="toctree-l2"><a class="reference internal" href="overview/goals.html#choice-of-algorithms">Choice of algorithms</a></li>
-<li class="toctree-l2"><a class="reference internal" href="overview/goals.html#ease-of-use">Ease of use</a></li>
-<li class="toctree-l2"><a class="reference internal" href="overview/goals.html#example-use-cases">Example use cases</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="overview/goals.html#network-security-tls">Network Security (TLS)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="overview/goals.html#secure-storage">Secure Storage</a></li>
-<li class="toctree-l3"><a class="reference internal" href="overview/goals.html#network-credentials">Network Credentials</a></li>
-<li class="toctree-l3"><a class="reference internal" href="overview/goals.html#device-pairing">Device Pairing</a></li>
-<li class="toctree-l3"><a class="reference internal" href="overview/goals.html#secure-boot">Secure Boot</a></li>
-<li class="toctree-l3"><a class="reference internal" href="overview/goals.html#attestation">Attestation</a></li>
-<li class="toctree-l3"><a class="reference internal" href="overview/goals.html#factory-provisioning">Factory Provisioning</a></li>
+<li class="toctree-l1"><a class="reference internal" href="about.html">About this document</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="about.html#release-information">Release information</a></li>
+<li class="toctree-l2"><a class="reference internal" href="about.html#arm-non-confidential-document-licence-licence">Arm Non-Confidential Document Licence (“Licence”)</a></li>
+<li class="toctree-l2"><a class="reference internal" href="about.html#references">References</a></li>
+<li class="toctree-l2"><a class="reference internal" href="about.html#terms-and-abbreviations">Terms and abbreviations</a></li>
+<li class="toctree-l2"><a class="reference internal" href="about.html#potential-for-change">Potential for change</a></li>
+<li class="toctree-l2"><a class="reference internal" href="about.html#conventions">Conventions</a></li>
+<li class="toctree-l2"><a class="reference internal" href="about.html#pseudocode-descriptions">Pseudocode descriptions</a></li>
+<li class="toctree-l2"><a class="reference internal" href="about.html#assembler-syntax-descriptions">Assembler syntax descriptions</a></li>
+<li class="toctree-l2"><a class="reference internal" href="about.html#feedback">Feedback</a></li>
+</ul>
+</li>
+</ul>
+</div>
+<div class="toctree-wrapper compound">
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="overview/intro.html">1. Introduction</a></li>
+<li class="toctree-l1"><a class="reference internal" href="overview/goals.html">2. Design goals</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="overview/goals.html#suitable-for-constrained-devices">2.1. Suitable for constrained devices</a></li>
+<li class="toctree-l2"><a class="reference internal" href="overview/goals.html#a-keystore-interface">2.2. A keystore interface</a></li>
+<li class="toctree-l2"><a class="reference internal" href="overview/goals.html#optional-isolation">2.3. Optional isolation</a></li>
+<li class="toctree-l2"><a class="reference internal" href="overview/goals.html#choice-of-algorithms">2.4. Choice of algorithms</a></li>
+<li class="toctree-l2"><a class="reference internal" href="overview/goals.html#ease-of-use">2.5. Ease of use</a></li>
+<li class="toctree-l2"><a class="reference internal" href="overview/goals.html#example-use-cases">2.6. Example use cases</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="overview/goals.html#network-security-tls">2.6.1. Network Security (TLS)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/goals.html#secure-storage">2.6.2. Secure Storage</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/goals.html#network-credentials">2.6.3. Network Credentials</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/goals.html#device-pairing">2.6.4. Device Pairing</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/goals.html#secure-boot">2.6.5. Secure Boot</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/goals.html#attestation">2.6.6. Attestation</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/goals.html#factory-provisioning">2.6.7. Factory Provisioning</a></li>
</ul>
</li>
</ul>
</li>
-<li class="toctree-l1"><a class="reference internal" href="overview/functionality.html">Functionality overview</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="overview/functionality.html#library-management">Library management</a></li>
-<li class="toctree-l2"><a class="reference internal" href="overview/functionality.html#key-management">Key management</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="overview/functionality.html#volatile-keys">Volatile keys</a></li>
-<li class="toctree-l3"><a class="reference internal" href="overview/functionality.html#persistent-keys">Persistent keys</a></li>
-<li class="toctree-l3"><a class="reference internal" href="overview/functionality.html#key-identifiers">Key identifiers</a></li>
-<li class="toctree-l3"><a class="reference internal" href="overview/functionality.html#recommendations-of-minimum-standards-for-key-management">Recommendations of minimum standards for key management</a></li>
+<li class="toctree-l1"><a class="reference internal" href="overview/functionality.html">3. Functionality overview</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="overview/functionality.html#library-management">3.1. Library management</a></li>
+<li class="toctree-l2"><a class="reference internal" href="overview/functionality.html#key-management">3.2. Key management</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="overview/functionality.html#key-identifiers">3.2.1. Key identifiers</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/functionality.html#key-lifetimes">3.2.2. Key lifetimes</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/functionality.html#key-policies">3.2.3. Key policies</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/functionality.html#recommendations-of-minimum-standards-for-key-management">3.2.4. Recommendations of minimum standards for key management</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="overview/functionality.html#usage-policies">Usage policies</a></li>
-<li class="toctree-l2"><a class="reference internal" href="overview/functionality.html#symmetric-cryptography">Symmetric cryptography</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="overview/functionality.html#single-part-functions">Single-part Functions</a></li>
-<li class="toctree-l3"><a class="reference internal" href="overview/functionality.html#multi-part-operations">Multi-part operations</a></li>
-<li class="toctree-l3"><a class="reference internal" href="overview/functionality.html#message-digests-hashes">Message digests (Hashes)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="overview/functionality.html#message-authentication-codes-macs">Message authentication codes (MACs)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="overview/functionality.html#encryption-and-decryption">Encryption and decryption</a></li>
-<li class="toctree-l3"><a class="reference internal" href="overview/functionality.html#authenticated-encryption-aead">Authenticated encryption (AEAD)</a></li>
-<li class="toctree-l3"><a class="reference internal" href="overview/functionality.html#key-derivation">Key derivation</a></li>
-<li class="toctree-l3"><a class="reference internal" href="overview/functionality.html#example-of-the-symmetric-cryptography-api">Example of the symmetric cryptography API</a></li>
+<li class="toctree-l2"><a class="reference internal" href="overview/functionality.html#symmetric-cryptography">3.3. Symmetric cryptography</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="overview/functionality.html#single-part-functions">3.3.1. Single-part Functions</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/functionality.html#multi-part-operations">3.3.2. Multi-part operations</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/functionality.html#message-digests-hashes">3.3.3. Message digests (Hashes)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/functionality.html#message-authentication-codes-macs">3.3.4. Message authentication codes (MACs)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/functionality.html#encryption-and-decryption">3.3.5. Encryption and decryption</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/functionality.html#authenticated-encryption-aead">3.3.6. Authenticated encryption (AEAD)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/functionality.html#key-derivation">3.3.7. Key derivation</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/functionality.html#example-of-the-symmetric-cryptography-api">3.3.8. Example of the symmetric cryptography API</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="overview/functionality.html#asymmetric-cryptography">Asymmetric cryptography</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="overview/functionality.html#asymmetric-encryption">Asymmetric encryption</a></li>
-<li class="toctree-l3"><a class="reference internal" href="overview/functionality.html#hash-and-sign">Hash-and-sign</a></li>
-<li class="toctree-l3"><a class="reference internal" href="overview/functionality.html#key-agreement">Key agreement</a></li>
+<li class="toctree-l2"><a class="reference internal" href="overview/functionality.html#asymmetric-cryptography">3.4. Asymmetric cryptography</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="overview/functionality.html#asymmetric-encryption">3.4.1. Asymmetric encryption</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/functionality.html#hash-and-sign">3.4.2. Hash-and-sign</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/functionality.html#key-agreement">3.4.3. Key agreement</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="overview/functionality.html#randomness-and-key-generation">Randomness and key generation</a></li>
+<li class="toctree-l2"><a class="reference internal" href="overview/functionality.html#randomness-and-key-generation">3.5. Randomness and key generation</a></li>
</ul>
</li>
-<li class="toctree-l1"><a class="reference internal" href="overview/sample-arch.html">Sample architectures</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="overview/sample-arch.html#single-partition-architecture">Single-partition architecture</a></li>
-<li class="toctree-l2"><a class="reference internal" href="overview/sample-arch.html#cryptographic-token-and-single-application-processor">Cryptographic token and single-application processor</a></li>
-<li class="toctree-l2"><a class="reference internal" href="overview/sample-arch.html#cryptoprocessor-with-no-key-storage">Cryptoprocessor with no key storage</a></li>
-<li class="toctree-l2"><a class="reference internal" href="overview/sample-arch.html#multi-client-cryptoprocessor">Multi-client cryptoprocessor</a></li>
-<li class="toctree-l2"><a class="reference internal" href="overview/sample-arch.html#multi-cryptoprocessor-architecture">Multi-cryptoprocessor architecture</a></li>
+<li class="toctree-l1"><a class="reference internal" href="overview/sample-arch.html">4. Sample architectures</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="overview/sample-arch.html#single-partition-architecture">4.1. Single-partition architecture</a></li>
+<li class="toctree-l2"><a class="reference internal" href="overview/sample-arch.html#cryptographic-token-and-single-application-processor">4.2. Cryptographic token and single-application processor</a></li>
+<li class="toctree-l2"><a class="reference internal" href="overview/sample-arch.html#cryptoprocessor-with-no-key-storage">4.3. Cryptoprocessor with no key storage</a></li>
+<li class="toctree-l2"><a class="reference internal" href="overview/sample-arch.html#multi-client-cryptoprocessor">4.4. Multi-client cryptoprocessor</a></li>
+<li class="toctree-l2"><a class="reference internal" href="overview/sample-arch.html#multi-cryptoprocessor-architecture">4.5. Multi-cryptoprocessor architecture</a></li>
</ul>
</li>
-<li class="toctree-l1"><a class="reference internal" href="overview/conventions.html">Library conventions</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="overview/conventions.html#error-handling">Error handling</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="overview/conventions.html#return-status">Return status</a></li>
-<li class="toctree-l3"><a class="reference internal" href="overview/conventions.html#behavior-on-error">Behavior on error</a></li>
+<li class="toctree-l1"><a class="reference internal" href="overview/conventions.html">5. Library conventions</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="overview/conventions.html#error-handling">5.1. Error handling</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="overview/conventions.html#return-status">5.1.1. Return status</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/conventions.html#behavior-on-error">5.1.2. Behavior on error</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="overview/conventions.html#parameter-conventions">Parameter conventions</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="overview/conventions.html#pointer-conventions">Pointer conventions</a></li>
-<li class="toctree-l3"><a class="reference internal" href="overview/conventions.html#input-buffer-sizes">Input buffer sizes</a></li>
-<li class="toctree-l3"><a class="reference internal" href="overview/conventions.html#output-buffer-sizes">Output buffer sizes</a></li>
-<li class="toctree-l3"><a class="reference internal" href="overview/conventions.html#overlap-between-parameters">Overlap between parameters</a></li>
-<li class="toctree-l3"><a class="reference internal" href="overview/conventions.html#stability-of-parameters">Stability of parameters</a></li>
+<li class="toctree-l2"><a class="reference internal" href="overview/conventions.html#parameter-conventions">5.2. Parameter conventions</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="overview/conventions.html#pointer-conventions">5.2.1. Pointer conventions</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/conventions.html#input-buffer-sizes">5.2.2. Input buffer sizes</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/conventions.html#output-buffer-sizes">5.2.3. Output buffer sizes</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/conventions.html#overlap-between-parameters">5.2.4. Overlap between parameters</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/conventions.html#stability-of-parameters">5.2.5. Stability of parameters</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="overview/conventions.html#key-types-and-algorithms">Key types and algorithms</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="overview/conventions.html#structure-of-key-and-algorithm-types">Structure of key and algorithm types</a></li>
+<li class="toctree-l2"><a class="reference internal" href="overview/conventions.html#key-types-and-algorithms">5.3. Key types and algorithms</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="overview/conventions.html#structure-of-key-and-algorithm-types">5.3.1. Structure of key and algorithm types</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="overview/conventions.html#concurrent-calls">Concurrent calls</a></li>
+<li class="toctree-l2"><a class="reference internal" href="overview/conventions.html#concurrent-calls">5.4. Concurrent calls</a></li>
</ul>
</li>
-<li class="toctree-l1"><a class="reference internal" href="overview/implementation.html">Implementation considerations</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="overview/implementation.html#implementation-specific-aspects-of-the-interface">Implementation-specific aspects of the interface</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="overview/implementation.html#implementation-profile">Implementation profile</a></li>
-<li class="toctree-l3"><a class="reference internal" href="overview/implementation.html#implementation-specific-types">Implementation-specific types</a></li>
-<li class="toctree-l3"><a class="reference internal" href="overview/implementation.html#implementation-specific-macros">Implementation-specific macros</a></li>
+<li class="toctree-l1"><a class="reference internal" href="overview/implementation.html">6. Implementation considerations</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="overview/implementation.html#implementation-specific-aspects-of-the-interface">6.1. Implementation-specific aspects of the interface</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="overview/implementation.html#implementation-profile">6.1.1. Implementation profile</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/implementation.html#implementation-specific-types">6.1.2. Implementation-specific types</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/implementation.html#implementation-specific-macros">6.1.3. Implementation-specific macros</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="overview/implementation.html#porting-to-a-platform">Porting to a platform</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="overview/implementation.html#platform-assumptions">Platform assumptions</a></li>
-<li class="toctree-l3"><a class="reference internal" href="overview/implementation.html#platform-specific-types">Platform-specific types</a></li>
-<li class="toctree-l3"><a class="reference internal" href="overview/implementation.html#cryptographic-hardware-support">Cryptographic hardware support</a></li>
+<li class="toctree-l2"><a class="reference internal" href="overview/implementation.html#porting-to-a-platform">6.2. Porting to a platform</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="overview/implementation.html#platform-assumptions">6.2.1. Platform assumptions</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/implementation.html#platform-specific-types">6.2.2. Platform-specific types</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/implementation.html#cryptographic-hardware-support">6.2.3. Cryptographic hardware support</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="overview/implementation.html#security-requirements-and-recommendations">Security requirements and recommendations</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="overview/implementation.html#error-detection">Error detection</a></li>
-<li class="toctree-l3"><a class="reference internal" href="overview/implementation.html#indirect-object-references">Indirect object references</a></li>
-<li class="toctree-l3"><a class="reference internal" href="overview/implementation.html#memory-cleanup">Memory cleanup</a></li>
-<li class="toctree-l3"><a class="reference internal" href="overview/implementation.html#managing-key-material">Managing key material</a></li>
-<li class="toctree-l3"><a class="reference internal" href="overview/implementation.html#safe-outputs-on-error">Safe outputs on error</a></li>
-<li class="toctree-l3"><a class="reference internal" href="overview/implementation.html#attack-resistance">Attack resistance</a></li>
+<li class="toctree-l2"><a class="reference internal" href="overview/implementation.html#security-requirements-and-recommendations">6.3. Security requirements and recommendations</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="overview/implementation.html#error-detection">6.3.1. Error detection</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/implementation.html#indirect-object-references">6.3.2. Indirect object references</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/implementation.html#memory-cleanup">6.3.3. Memory cleanup</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/implementation.html#managing-key-material">6.3.4. Managing key material</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/implementation.html#safe-outputs-on-error">6.3.5. Safe outputs on error</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/implementation.html#attack-resistance">6.3.6. Attack resistance</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="overview/implementation.html#other-implementation-considerations">Other implementation considerations</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="overview/implementation.html#philosophy-of-resource-management">Philosophy of resource management</a></li>
+<li class="toctree-l2"><a class="reference internal" href="overview/implementation.html#other-implementation-considerations">6.4. Other implementation considerations</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="overview/implementation.html#philosophy-of-resource-management">6.4.1. Philosophy of resource management</a></li>
</ul>
</li>
</ul>
</li>
-<li class="toctree-l1"><a class="reference internal" href="overview/usage.html">Usage considerations</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="overview/usage.html#security-recommendations">Security recommendations</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="overview/usage.html#always-check-for-errors">Always check for errors</a></li>
-<li class="toctree-l3"><a class="reference internal" href="overview/usage.html#shared-memory-and-concurrency">Shared memory and concurrency</a></li>
-<li class="toctree-l3"><a class="reference internal" href="overview/usage.html#cleaning-up-after-use">Cleaning up after use</a></li>
+<li class="toctree-l1"><a class="reference internal" href="overview/usage.html">7. Usage considerations</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="overview/usage.html#security-recommendations">7.1. Security recommendations</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="overview/usage.html#always-check-for-errors">7.1.1. Always check for errors</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/usage.html#shared-memory-and-concurrency">7.1.2. Shared memory and concurrency</a></li>
+<li class="toctree-l3"><a class="reference internal" href="overview/usage.html#cleaning-up-after-use">7.1.3. Cleaning up after use</a></li>
</ul>
</li>
</ul>
</li>
-<li class="toctree-l1"><a class="reference internal" href="api/library/index.html">Library management reference</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="api/library/status.html">PSA status codes</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="api/library/status.html#status-type">Status type</a></li>
-<li class="toctree-l3"><a class="reference internal" href="api/library/status.html#success-codes">Success codes</a></li>
-<li class="toctree-l3"><a class="reference internal" href="api/library/status.html#error-codes">Error codes</a></li>
+<li class="toctree-l1"><a class="reference internal" href="api/library/index.html">8. Library management reference</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="api/library/status.html">8.1. PSA status codes</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="api/library/status.html#status-type">8.1.1. Status type</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/library/status.html#success-codes">8.1.2. Success codes</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/library/status.html#error-codes">8.1.3. Error codes</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="api/library/library.html">PSA Crypto library</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="api/library/library.html#api-version">API version</a></li>
-<li class="toctree-l3"><a class="reference internal" href="api/library/library.html#library-initialization">Library initialization</a></li>
+<li class="toctree-l2"><a class="reference internal" href="api/library/library.html">8.2. PSA Crypto library</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="api/library/library.html#api-version">8.2.1. API version</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/library/library.html#library-initialization">8.2.2. Library initialization</a></li>
</ul>
</li>
</ul>
</li>
-<li class="toctree-l1"><a class="reference internal" href="api/keys/index.html">Key management reference</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="api/keys/attributes.html">Key attributes</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="api/keys/attributes.html#attribute-types">Attribute types</a></li>
-<li class="toctree-l3"><a class="reference internal" href="api/keys/attributes.html#managing-attributes">Managing attributes</a></li>
+<li class="toctree-l1"><a class="reference internal" href="api/keys/index.html">9. Key management reference</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="api/keys/attributes.html">9.1. Key attributes</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="api/keys/attributes.html#managing-key-attributes">9.1.1. Managing key attributes</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="api/keys/locations.html">Key locations</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="api/keys/locations.html#key-lifetimes">Key lifetimes</a></li>
-<li class="toctree-l3"><a class="reference internal" href="api/keys/locations.html#key-identifiers">Key identifiers</a></li>
-<li class="toctree-l3"><a class="reference internal" href="api/keys/locations.html#attribute-accessors">Attribute accessors</a></li>
+<li class="toctree-l2"><a class="reference internal" href="api/keys/types.html">9.2. Key types</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="api/keys/types.html#key-type-encoding">9.2.1. Key type encoding</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/keys/types.html#key-categories">9.2.2. Key categories</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/keys/types.html#symmetric-keys">9.2.3. Symmetric keys</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/keys/types.html#rsa-keys">9.2.4. RSA keys</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/keys/types.html#elliptic-curve-keys">9.2.5. Elliptic Curve keys</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/keys/types.html#diffie-hellman-keys">9.2.6. Diffie Hellman keys</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/keys/types.html#attribute-accessors">9.2.7. Attribute accessors</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="api/keys/types.html">Key types</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="api/keys/types.html#key-categories">Key categories</a></li>
-<li class="toctree-l3"><a class="reference internal" href="api/keys/types.html#symmetric-keys">Symmetric keys</a></li>
-<li class="toctree-l3"><a class="reference internal" href="api/keys/types.html#rsa-keys">RSA keys</a></li>
-<li class="toctree-l3"><a class="reference internal" href="api/keys/types.html#elliptic-curve-keys">Elliptic Curve keys</a></li>
-<li class="toctree-l3"><a class="reference internal" href="api/keys/types.html#diffie-hellman-keys">Diffie Hellman keys</a></li>
-<li class="toctree-l3"><a class="reference internal" href="api/keys/types.html#attribute-accessors">Attribute accessors</a></li>
+<li class="toctree-l2"><a class="reference internal" href="api/keys/lifetimes.html">9.3. Key lifetimes</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="api/keys/lifetimes.html#volatile-keys">9.3.1. Volatile keys</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/keys/lifetimes.html#persistent-keys">9.3.2. Persistent keys</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/keys/lifetimes.html#lifetime-encodings">9.3.3. Lifetime encodings</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/keys/lifetimes.html#lifetime-values">9.3.4. Lifetime values</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/keys/lifetimes.html#attribute-accessors">9.3.5. Attribute accessors</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/keys/lifetimes.html#support-macros">9.3.6. Support macros</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="api/keys/usage.html">Key policies</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="api/keys/usage.html#key-usage-flags">Key usage flags</a></li>
-<li class="toctree-l3"><a class="reference internal" href="api/keys/usage.html#attribute-accessors">Attribute accessors</a></li>
+<li class="toctree-l2"><a class="reference internal" href="api/keys/ids.html">9.4. Key identifiers</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="api/keys/ids.html#key-identifier-type">9.4.1. Key identifier type</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/keys/ids.html#attribute-accessors">9.4.2. Attribute accessors</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="api/keys/algorithms.html">Algorithms</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="api/keys/algorithms.html#algorithm-categories">Algorithm categories</a></li>
-<li class="toctree-l3"><a class="reference internal" href="api/keys/algorithms.html#attribute-accessors">Attribute accessors</a></li>
+<li class="toctree-l2"><a class="reference internal" href="api/keys/policy.html">9.5. Key policies</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="api/keys/policy.html#permitted-algorithms">9.5.1. Permitted algorithms</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/keys/policy.html#key-usage-flags">9.5.2. Key usage flags</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="api/keys/management.html">Key management functions</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="api/keys/management.html#key-creation">Key creation</a></li>
-<li class="toctree-l3"><a class="reference internal" href="api/keys/management.html#key-destruction">Key destruction</a></li>
-<li class="toctree-l3"><a class="reference internal" href="api/keys/management.html#key-export">Key export</a></li>
+<li class="toctree-l2"><a class="reference internal" href="api/keys/management.html">9.6. Key management functions</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="api/keys/management.html#key-creation">9.6.1. Key creation</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/keys/management.html#key-destruction">9.6.2. Key destruction</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/keys/management.html#key-export">9.6.3. Key export</a></li>
</ul>
</li>
</ul>
</li>
-<li class="toctree-l1"><a class="reference internal" href="api/ops/index.html">Cryptographic operation reference</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="api/ops/hashes.html">Message digests</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="api/ops/hashes.html#hash-algorithms">Hash algorithms</a></li>
-<li class="toctree-l3"><a class="reference internal" href="api/ops/hashes.html#single-part-hashing-functions">Single-part hashing functions</a></li>
-<li class="toctree-l3"><a class="reference internal" href="api/ops/hashes.html#multi-part-hashing-operations">Multi-part hashing operations</a></li>
-<li class="toctree-l3"><a class="reference internal" href="api/ops/hashes.html#support-macros">Support macros</a></li>
-<li class="toctree-l3"><a class="reference internal" href="api/ops/hashes.html#hash-suspend-state">Hash suspend state</a></li>
+<li class="toctree-l1"><a class="reference internal" href="api/ops/index.html">10. Cryptographic operation reference</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="api/ops/algorithms.html">10.1. Algorithms</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/algorithms.html#algorithm-encoding">10.1.1. Algorithm encoding</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/algorithms.html#algorithm-categories">10.1.2. Algorithm categories</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="api/ops/macs.html">Message authentication codes (MAC)</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="api/ops/macs.html#mac-algorithms">MAC algorithms</a></li>
-<li class="toctree-l3"><a class="reference internal" href="api/ops/macs.html#single-part-mac-functions">Single-part MAC functions</a></li>
-<li class="toctree-l3"><a class="reference internal" href="api/ops/macs.html#multi-part-mac-operations">Multi-part MAC operations</a></li>
-<li class="toctree-l3"><a class="reference internal" href="api/ops/macs.html#support-macros">Support macros</a></li>
+<li class="toctree-l2"><a class="reference internal" href="api/ops/hashes.html">10.2. Message digests</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/hashes.html#hash-algorithms">10.2.1. Hash algorithms</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/hashes.html#single-part-hashing-functions">10.2.2. Single-part hashing functions</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/hashes.html#multi-part-hashing-operations">10.2.3. Multi-part hashing operations</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/hashes.html#support-macros">10.2.4. Support macros</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/hashes.html#hash-suspend-state">10.2.5. Hash suspend state</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="api/ops/ciphers.html">Unauthenticated ciphers</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="api/ops/ciphers.html#cipher-algorithms">Cipher algorithms</a></li>
-<li class="toctree-l3"><a class="reference internal" href="api/ops/ciphers.html#single-part-cipher-functions">Single-part cipher functions</a></li>
-<li class="toctree-l3"><a class="reference internal" href="api/ops/ciphers.html#multi-part-cipher-operations">Multi-part cipher operations</a></li>
-<li class="toctree-l3"><a class="reference internal" href="api/ops/ciphers.html#support-macros">Support macros</a></li>
+<li class="toctree-l2"><a class="reference internal" href="api/ops/macs.html">10.3. Message authentication codes (MAC)</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/macs.html#mac-algorithms">10.3.1. MAC algorithms</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/macs.html#single-part-mac-functions">10.3.2. Single-part MAC functions</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/macs.html#multi-part-mac-operations">10.3.3. Multi-part MAC operations</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/macs.html#support-macros">10.3.4. Support macros</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="api/ops/aead.html">Authenticated encryption with associated data (AEAD)</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="api/ops/aead.html#aead-algorithms">AEAD algorithms</a></li>
-<li class="toctree-l3"><a class="reference internal" href="api/ops/aead.html#single-part-aead-functions">Single-part AEAD functions</a></li>
-<li class="toctree-l3"><a class="reference internal" href="api/ops/aead.html#multi-part-aead-operations">Multi-part AEAD operations</a></li>
-<li class="toctree-l3"><a class="reference internal" href="api/ops/aead.html#support-macros">Support macros</a></li>
+<li class="toctree-l2"><a class="reference internal" href="api/ops/ciphers.html">10.4. Unauthenticated ciphers</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/ciphers.html#cipher-algorithms">10.4.1. Cipher algorithms</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/ciphers.html#single-part-cipher-functions">10.4.2. Single-part cipher functions</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/ciphers.html#multi-part-cipher-operations">10.4.3. Multi-part cipher operations</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/ciphers.html#support-macros">10.4.4. Support macros</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="api/ops/kdf.html">Key derivation</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="api/ops/kdf.html#key-derivation-algorithms">Key derivation algorithms</a></li>
-<li class="toctree-l3"><a class="reference internal" href="api/ops/kdf.html#input-step-types">Input step types</a></li>
-<li class="toctree-l3"><a class="reference internal" href="api/ops/kdf.html#key-derivation-functions">Key derivation functions</a></li>
-<li class="toctree-l3"><a class="reference internal" href="api/ops/kdf.html#support-macros">Support macros</a></li>
+<li class="toctree-l2"><a class="reference internal" href="api/ops/aead.html">10.5. Authenticated encryption with associated data (AEAD)</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/aead.html#aead-algorithms">10.5.1. AEAD algorithms</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/aead.html#single-part-aead-functions">10.5.2. Single-part AEAD functions</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/aead.html#multi-part-aead-operations">10.5.3. Multi-part AEAD operations</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/aead.html#support-macros">10.5.4. Support macros</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="api/ops/sign.html">Asymmetric signature</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="api/ops/sign.html#asymmetric-signature-algorithms">Asymmetric signature algorithms</a></li>
-<li class="toctree-l3"><a class="reference internal" href="api/ops/sign.html#asymmetric-signature-functions">Asymmetric signature functions</a></li>
-<li class="toctree-l3"><a class="reference internal" href="api/ops/sign.html#support-macros">Support macros</a></li>
+<li class="toctree-l2"><a class="reference internal" href="api/ops/kdf.html">10.6. Key derivation</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/kdf.html#key-derivation-algorithms">10.6.1. Key derivation algorithms</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/kdf.html#input-step-types">10.6.2. Input step types</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/kdf.html#key-derivation-functions">10.6.3. Key derivation functions</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/kdf.html#support-macros">10.6.4. Support macros</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="api/ops/pke.html">Asymmetric encryption</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="api/ops/pke.html#asymmetric-encryption-algorithms">Asymmetric encryption algorithms</a></li>
-<li class="toctree-l3"><a class="reference internal" href="api/ops/pke.html#asymmetric-encryption-functions">Asymmetric encryption functions</a></li>
-<li class="toctree-l3"><a class="reference internal" href="api/ops/pke.html#support-macros">Support macros</a></li>
+<li class="toctree-l2"><a class="reference internal" href="api/ops/sign.html">10.7. Asymmetric signature</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/sign.html#asymmetric-signature-algorithms">10.7.1. Asymmetric signature algorithms</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/sign.html#asymmetric-signature-functions">10.7.2. Asymmetric signature functions</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/sign.html#support-macros">10.7.3. Support macros</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="api/ops/ka.html">Key agreement</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="api/ops/ka.html#key-agreement-algorithms">Key agreement algorithms</a></li>
-<li class="toctree-l3"><a class="reference internal" href="api/ops/ka.html#standalone-key-agreement">Standalone key agreement</a></li>
-<li class="toctree-l3"><a class="reference internal" href="api/ops/ka.html#combining-key-agreement-and-key-derivation">Combining key agreement and key derivation</a></li>
-<li class="toctree-l3"><a class="reference internal" href="api/ops/ka.html#support-macros">Support macros</a></li>
+<li class="toctree-l2"><a class="reference internal" href="api/ops/pke.html">10.8. Asymmetric encryption</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/pke.html#asymmetric-encryption-algorithms">10.8.1. Asymmetric encryption algorithms</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/pke.html#asymmetric-encryption-functions">10.8.2. Asymmetric encryption functions</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/pke.html#support-macros">10.8.3. Support macros</a></li>
</ul>
</li>
-<li class="toctree-l2"><a class="reference internal" href="api/ops/rng.html">Other cryptographic services</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="api/ops/rng.html#random-number-generation">Random number generation</a></li>
+<li class="toctree-l2"><a class="reference internal" href="api/ops/ka.html">10.9. Key agreement</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/ka.html#key-agreement-algorithms">10.9.1. Key agreement algorithms</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/ka.html#standalone-key-agreement">10.9.2. Standalone key agreement</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/ka.html#combining-key-agreement-and-key-derivation">10.9.3. Combining key agreement and key derivation</a></li>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/ka.html#support-macros">10.9.4. Support macros</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="api/ops/rng.html">10.10. Other cryptographic services</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="api/ops/rng.html#random-number-generation">10.10.1. Random number generation</a></li>
</ul>
</li>
</ul>
@@ -287,11 +337,11 @@
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="appendix/history.html">Changes to the API</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="appendix/history.html#release-information">Release information</a></li>
<li class="toctree-l2"><a class="reference internal" href="appendix/history.html#document-change-history">Document change history</a><ul>
-<li class="toctree-l3"><a class="reference internal" href="appendix/history.html#changes-between-1-0-beta-1-and-1-0-beta-2">Changes between <em>1.0 beta 1</em> and <em>1.0 beta 2</em></a></li>
-<li class="toctree-l3"><a class="reference internal" href="appendix/history.html#changes-between-1-0-beta-2-and-1-0-beta-3">Changes between <em>1.0 beta 2</em> and <em>1.0 beta 3</em></a></li>
+<li class="toctree-l3"><a class="reference internal" href="appendix/history.html#changes-between-1-0-0-and-1-0-1">Changes between <em>1.0.0</em> and <em>1.0.1</em></a></li>
<li class="toctree-l3"><a class="reference internal" href="appendix/history.html#changes-between-1-0-beta-3-and-1-0-0">Changes between <em>1.0 beta 3</em> and <em>1.0.0</em></a></li>
+<li class="toctree-l3"><a class="reference internal" href="appendix/history.html#changes-between-1-0-beta-2-and-1-0-beta-3">Changes between <em>1.0 beta 2</em> and <em>1.0 beta 3</em></a></li>
+<li class="toctree-l3"><a class="reference internal" href="appendix/history.html#changes-between-1-0-beta-1-and-1-0-beta-2">Changes between <em>1.0 beta 1</em> and <em>1.0 beta 2</em></a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="appendix/history.html#planned-changes-for-version-1-0-x">Planned changes for version 1.0.x</a></li>
@@ -300,34 +350,41 @@
</li>
</ul>
</div>
-<h2 id="indices">Indices</h2>
-
-<ul>
- <li><a class="reference internal" href="genindex.html">General index</a></li>
- <li><a class="reference internal" href="psa_c-identifiers.html">Index of identifiers</a></li>
- <li><a class="reference internal" href="search.html">Search</a></li>
-</ul></div>
+</div>
</div>
</div>
</div>
<div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper"><div class="relations">
-<h3>Related Topics</h3>
+ <div class="sphinxsidebarwrapper"><h3><a href="#"><b>PSA Crypto API</b></a></h3>
+IHI 0086<br/>
+Non-confidential<br/>
+Version 1.0.1
+<span style="color: red; font-weight: bold;"></span>
<ul>
- <li><a href="#">Documentation overview</a><ul>
- <li>Next: <a href="overview/intro.html" title="next chapter">Introduction</a></li>
- </ul></li>
+<li class="toctree-l1"><a class="reference internal" href="about.html">About this document</a></li>
</ul>
-</div>
- <div role="note" aria-label="source link">
- <h3>This Page</h3>
- <ul class="this-page-menu">
- <li><a href="_sources/index.rst.txt"
- rel="nofollow">Show Source</a></li>
- </ul>
- </div>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="overview/intro.html">1. Introduction</a></li>
+<li class="toctree-l1"><a class="reference internal" href="overview/goals.html">2. Design goals</a></li>
+<li class="toctree-l1"><a class="reference internal" href="overview/functionality.html">3. Functionality overview</a></li>
+<li class="toctree-l1"><a class="reference internal" href="overview/sample-arch.html">4. Sample architectures</a></li>
+<li class="toctree-l1"><a class="reference internal" href="overview/conventions.html">5. Library conventions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="overview/implementation.html">6. Implementation considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="overview/usage.html">7. Usage considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="api/library/index.html">8. Library management reference</a></li>
+<li class="toctree-l1"><a class="reference internal" href="api/keys/index.html">9. Key management reference</a></li>
+<li class="toctree-l1"><a class="reference internal" href="api/ops/index.html">10. Cryptographic operation reference</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="appendix/example_header.html">Example header file</a></li>
+<li class="toctree-l1"><a class="reference internal" href="appendix/specdef_values.html">Example macro implementations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="appendix/history.html">Changes to the API</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="psa_c-identifiers.html">Index of API elements</a></li>
+</ul>
<div id="searchbox" style="display: none" role="search">
<h3>Quick search</h3>
<form class="search" action="search.html" method="get">
@@ -343,15 +400,12 @@
<div class="clearer"></div>
</div>
<div class="footer">
- © 2019-2020, Arm Limited or its affiliates. All rights reserved.
+ © 2018-2020, Arm Limited or its affiliates. All rights reserved.
|
Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
& <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
- |
- <a href="_sources/index.rst.txt"
- rel="nofollow">Page source</a>
</div>
diff --git a/docs/html/objects.inv b/docs/html/objects.inv
index 410760f..99c7e4e 100644
--- a/docs/html/objects.inv
+++ b/docs/html/objects.inv
Binary files differ
diff --git a/docs/html/overview/conventions.html b/docs/html/overview/conventions.html
index b294ef6..0d7a82f 100644
--- a/docs/html/overview/conventions.html
+++ b/docs/html/overview/conventions.html
@@ -5,26 +5,27 @@
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>Library conventions — PSA Crypto API 1.0.0 documentation</title>
+ <title>5. Library conventions — PSA Crypto API 1.0.1 documentation</title>
<link rel="stylesheet" href="../_static/alabaster.css" type="text/css" />
<link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../',
- VERSION: '1.0.0',
+ VERSION: '1.0.1',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
- HAS_SOURCE: true,
+ HAS_SOURCE: false,
SOURCELINK_SUFFIX: '.txt'
};
</script>
<script type="text/javascript" src="../_static/jquery.js"></script>
<script type="text/javascript" src="../_static/underscore.js"></script>
<script type="text/javascript" src="../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../about.html" />
<link rel="index" title="Index" href="../genindex.html" />
<link rel="search" title="Search" href="../search.html" />
- <link rel="next" title="Implementation considerations" href="implementation.html" />
- <link rel="prev" title="Sample architectures" href="sample-arch.html" />
+ <link rel="next" title="6. Implementation considerations" href="implementation.html" />
+ <link rel="prev" title="4. Sample architectures" href="sample-arch.html" />
<link rel="stylesheet" href="../_static/custom.css" type="text/css" />
@@ -40,11 +41,11 @@
<div class="body" role="main">
<div class="section" id="library-conventions">
-<h1>Library conventions</h1>
+<h1>5. Library conventions</h1>
<div class="section" id="error-handling">
-<h2>Error handling</h2>
+<h2>5.1. Error handling</h2>
<div class="section" id="return-status">
-<h3>Return status</h3>
+<h3>5.1.1. Return status</h3>
<p>Almost all functions return a status indication of type <a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_status_t</span></code></a>. This
is an enumeration of integer values, with <code class="docutils literal"><span class="pre">0</span></code> (<a class="reference internal" href="../api/library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SUCCESS</span></code></a>) indicating
successful operation and other values indicating errors. The exceptions are
@@ -63,7 +64,7 @@
undefined behavior condition can be detected. However, application developers need to be aware that undefined behavior conditions cannot be detected in general.</p>
</div>
<div class="section" id="behavior-on-error">
-<h3>Behavior on error</h3>
+<h3>5.1.2. Behavior on error</h3>
<p>All function calls must be implemented atomically:</p>
<ul class="simple">
<li>When a function returns a type other than <a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_status_t</span></code></a>, the requested
@@ -112,9 +113,9 @@
</div>
</div>
<div class="section" id="parameter-conventions">
-<h2>Parameter conventions</h2>
+<h2>5.2. Parameter conventions</h2>
<div class="section" id="pointer-conventions">
-<h3>Pointer conventions</h3>
+<h3>5.2.1. Pointer conventions</h3>
<p>Unless explicitly stated in the documentation of a function, all pointers must
be valid pointers to an object of the specified type.</p>
<p>A parameter is considered a <strong>buffer</strong> if it points to an array of bytes. A
@@ -131,10 +132,10 @@
be in writable memory. Output parameters that are not buffers must also be
readable, and the implementation must be able to write to a non-buffer output
parameter and read back the same value, as explained in the
-<em><a class="reference internal" href="#stability-of-parameters"><span class="std std-ref">Stability of parameters</span></a></em> section.</p>
+<a class="reference internal" href="#stability-of-parameters"><span class="secref">Stability of parameters</span></a> section.</p>
</div>
<div class="section" id="input-buffer-sizes">
-<h3>Input buffer sizes</h3>
+<h3>5.2.2. Input buffer sizes</h3>
<p>For input buffers, the parameter convention is:</p>
<dl class="docutils">
<dt><code class="docutils literal"><span class="pre">const</span> <span class="pre">uint8_t</span> <span class="pre">*foo</span></code></dt>
@@ -146,7 +147,7 @@
<p>The interface never uses input-output buffers.</p>
</div>
<div class="section" id="output-buffer-sizes">
-<h3>Output buffer sizes</h3>
+<h3>5.2.3. Output buffer sizes</h3>
<p>For output buffers, the parameter convention is:</p>
<dl class="docutils">
<dt><code class="docutils literal"><span class="pre">uint8_t</span> <span class="pre">*foo</span></code></dt>
@@ -181,7 +182,7 @@
</dl>
</div>
<div class="section" id="overlap-between-parameters">
-<h3>Overlap between parameters</h3>
+<h3>5.2.4. Overlap between parameters</h3>
<p>Output parameters that are not buffers must not overlap with any input buffer or
with any other output parameter. Otherwise, the behavior is undefined.</p>
<p>Output buffers can overlap with input buffers. In this event, the implementation
@@ -191,10 +192,10 @@
between parameters will affect the performance of a function call. Overlap might
also affect memory management security if the buffer is located in memory that
the caller shares with another security context, as described in the
-<em><a class="reference internal" href="#stability-of-parameters"><span class="std std-ref">Stability of parameters</span></a></em> section.</p>
+<a class="reference internal" href="#stability-of-parameters"><span class="secref">Stability of parameters</span></a> section.</p>
</div>
<div class="section" id="stability-of-parameters">
-<span id="id1"></span><h3>Stability of parameters</h3>
+<span id="id1"></span><h3>5.2.5. Stability of parameters</h3>
<p>In some environments, it is possible for the content of a parameter to change
while a function is executing. It might also be possible for the content of an
output parameter to be read before the function terminates. This can happen if
@@ -230,10 +231,10 @@
</div>
</div>
<div class="section" id="key-types-and-algorithms">
-<h2>Key types and algorithms</h2>
+<h2>5.3. Key types and algorithms</h2>
<p>Types of cryptographic keys and cryptographic algorithms are encoded separately.
-Each is encoded by using an integral type: <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a> and
-<a class="reference internal" href="../api/keys/attributes.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>, respectively.</p>
+Each is encoded by using an integral type: <a class="reference internal" href="../api/keys/types.html#c.psa_key_type_t" title="psa_key_type_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_type_t</span></code></a> and
+<a class="reference internal" href="../api/ops/algorithms.html#c.psa_algorithm_t" title="psa_algorithm_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_algorithm_t</span></code></a>, respectively.</p>
<p>There is some overlap in the information conveyed by key types and algorithms.
Both types contain enough information, so that the meaning of an algorithm type
value does not depend on what type of key it is used with, and vice versa.
@@ -244,7 +245,7 @@
<p>Key types do not encode the key size. For example, AES-128, AES-192 and AES-256
share a key type <a class="reference internal" href="../api/keys/types.html#c.PSA_KEY_TYPE_AES" title="PSA_KEY_TYPE_AES"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_TYPE_AES</span></code></a>.</p>
<div class="section" id="structure-of-key-and-algorithm-types">
-<h3>Structure of key and algorithm types</h3>
+<h3>5.3.1. Structure of key and algorithm types</h3>
<p>Both types use a partial bitmask structure, which allows the analysis and
building of values from parts. However, the interface defines constants, so that
applications do not need to depend on the encoding, and an implementation might
@@ -267,19 +268,23 @@
</div>
</div>
<div class="section" id="concurrent-calls">
-<span id="concurrency"></span><h2>Concurrent calls</h2>
+<span id="concurrency"></span><h2>5.4. Concurrent calls</h2>
<p>In some environments, an application can make calls to the PSA crypto API in
-separate threads. In such an environment, concurrent calls are performed
-correctly, as if the calls were executed in sequence, provided that they obey
-the following constraints:</p>
+separate threads. In such an environment, <em>concurrent calls</em> are two or more
+calls to the API whose execution can overlap in time.</p>
+<p>Concurrent calls are performed correctly, as if the calls were executed in
+sequence, provided that they obey the following constraints:</p>
<ul class="simple">
<li>There is no overlap between an output parameter of one call and an input or
output parameter of another call. Overlap between input parameters is
permitted.</li>
-<li>If a call destroys a key, then no other call must destroy or use that key.
-<em>Using</em>, in this context, includes all functions of multi-part operations
-which have used the key as an input in a previous function.</li>
-<li>Concurrent calls that use the same key are permitted.</li>
+<li>A call to destroy a key must not overlap with a concurrent call to any of
+the following functions:<ul>
+<li>Any call where the same key identifier is a parameter to the call.</li>
+<li>Any call in a multi-part operation, where the same key identifier was
+used as a parameter to a previous step in the multi-part operation.</li>
+</ul>
+</li>
<li>Concurrent calls must not use the same operation object.</li>
</ul>
<p>If any of these constraints are violated, the behavior is undefined.</p>
@@ -294,47 +299,54 @@
</div>
</div>
<div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper">
- <h3><a href="../index.html">Table Of Contents</a></h3>
- <ul>
-<li><a class="reference internal" href="#">Library conventions</a><ul>
-<li><a class="reference internal" href="#error-handling">Error handling</a><ul>
-<li><a class="reference internal" href="#return-status">Return status</a></li>
-<li><a class="reference internal" href="#behavior-on-error">Behavior on error</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#parameter-conventions">Parameter conventions</a><ul>
-<li><a class="reference internal" href="#pointer-conventions">Pointer conventions</a></li>
-<li><a class="reference internal" href="#input-buffer-sizes">Input buffer sizes</a></li>
-<li><a class="reference internal" href="#output-buffer-sizes">Output buffer sizes</a></li>
-<li><a class="reference internal" href="#overlap-between-parameters">Overlap between parameters</a></li>
-<li><a class="reference internal" href="#stability-of-parameters">Stability of parameters</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#key-types-and-algorithms">Key types and algorithms</a><ul>
-<li><a class="reference internal" href="#structure-of-key-and-algorithm-types">Structure of key and algorithm types</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#concurrent-calls">Concurrent calls</a></li>
-</ul>
-</li>
-</ul>
-<div class="relations">
-<h3>Related Topics</h3>
+ <div class="sphinxsidebarwrapper"><h3><a href="../index.html"><b>PSA Crypto API</b></a></h3>
+IHI 0086<br/>
+Non-confidential<br/>
+Version 1.0.1
+<span style="color: red; font-weight: bold;"></span>
<ul>
- <li><a href="../index.html">Documentation overview</a><ul>
- <li>Previous: <a href="sample-arch.html" title="previous chapter">Sample architectures</a></li>
- <li>Next: <a href="implementation.html" title="next chapter">Implementation considerations</a></li>
- </ul></li>
+<li class="toctree-l1"><a class="reference internal" href="../about.html">About this document</a></li>
</ul>
-</div>
- <div role="note" aria-label="source link">
- <h3>This Page</h3>
- <ul class="this-page-menu">
- <li><a href="../_sources/overview/conventions.rst.txt"
- rel="nofollow">Show Source</a></li>
- </ul>
- </div>
+<ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="intro.html">1. Introduction</a></li>
+<li class="toctree-l1"><a class="reference internal" href="goals.html">2. Design goals</a></li>
+<li class="toctree-l1"><a class="reference internal" href="functionality.html">3. Functionality overview</a></li>
+<li class="toctree-l1"><a class="reference internal" href="sample-arch.html">4. Sample architectures</a></li>
+<li class="toctree-l1 current"><a class="current reference internal" href="#">5. Library conventions</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="#error-handling">5.1. Error handling</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#return-status">5.1.1. Return status</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#behavior-on-error">5.1.2. Behavior on error</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="#parameter-conventions">5.2. Parameter conventions</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#pointer-conventions">5.2.1. Pointer conventions</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#input-buffer-sizes">5.2.2. Input buffer sizes</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#output-buffer-sizes">5.2.3. Output buffer sizes</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#overlap-between-parameters">5.2.4. Overlap between parameters</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#stability-of-parameters">5.2.5. Stability of parameters</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="#key-types-and-algorithms">5.3. Key types and algorithms</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#structure-of-key-and-algorithm-types">5.3.1. Structure of key and algorithm types</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="#concurrent-calls">5.4. Concurrent calls</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="implementation.html">6. Implementation considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="usage.html">7. Usage considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../api/library/index.html">8. Library management reference</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../api/keys/index.html">9. Key management reference</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../api/ops/index.html">10. Cryptographic operation reference</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../appendix/example_header.html">Example header file</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../appendix/specdef_values.html">Example macro implementations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../appendix/history.html">Changes to the API</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../psa_c-identifiers.html">Index of API elements</a></li>
+</ul>
<div id="searchbox" style="display: none" role="search">
<h3>Quick search</h3>
<form class="search" action="../search.html" method="get">
@@ -350,15 +362,12 @@
<div class="clearer"></div>
</div>
<div class="footer">
- © 2019-2020, Arm Limited or its affiliates. All rights reserved.
+ © 2018-2020, Arm Limited or its affiliates. All rights reserved.
|
Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
& <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
- |
- <a href="../_sources/overview/conventions.rst.txt"
- rel="nofollow">Page source</a>
</div>
diff --git a/docs/html/overview/functionality.html b/docs/html/overview/functionality.html
index 5f9d447..daaba7a 100644
--- a/docs/html/overview/functionality.html
+++ b/docs/html/overview/functionality.html
@@ -5,26 +5,27 @@
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>Functionality overview — PSA Crypto API 1.0.0 documentation</title>
+ <title>3. Functionality overview — PSA Crypto API 1.0.1 documentation</title>
<link rel="stylesheet" href="../_static/alabaster.css" type="text/css" />
<link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../',
- VERSION: '1.0.0',
+ VERSION: '1.0.1',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
- HAS_SOURCE: true,
+ HAS_SOURCE: false,
SOURCELINK_SUFFIX: '.txt'
};
</script>
<script type="text/javascript" src="../_static/jquery.js"></script>
<script type="text/javascript" src="../_static/underscore.js"></script>
<script type="text/javascript" src="../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../about.html" />
<link rel="index" title="Index" href="../genindex.html" />
<link rel="search" title="Search" href="../search.html" />
- <link rel="next" title="Sample architectures" href="sample-arch.html" />
- <link rel="prev" title="Design goals" href="goals.html" />
+ <link rel="next" title="4. Sample architectures" href="sample-arch.html" />
+ <link rel="prev" title="2. Design goals" href="goals.html" />
<link rel="stylesheet" href="../_static/custom.css" type="text/css" />
@@ -40,20 +41,21 @@
<div class="body" role="main">
<div class="section" id="functionality-overview">
-<span id="id1"></span><h1>Functionality overview</h1>
+<span id="id1"></span><h1>3. Functionality overview</h1>
<p>This section provides a high-level overview of the functionality provided by the
-interface defined in this specification. Refer to the <a class="reference internal" href="../api/library/index.html#api-reference"><span class="std std-ref">API definition</span></a> for a detailed description.</p>
+interface defined in this specification. Refer to the
+<a class="reference internal" href="../api/library/index.html#api-reference"><span class="std std-ref">API definition</span></a> for a detailed description.</p>
<p><a class="reference internal" href="../appendix/history.html#future"><span class="std std-ref">Future additions</span></a> describes features that might be included in future versions of this
specification.</p>
<p>Due to the modularity of the interface, almost every part of the library is
optional. The only mandatory function is <a class="reference internal" href="../api/library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a>.</p>
<div class="section" id="library-management">
-<h2>Library management</h2>
+<h2>3.1. Library management</h2>
<p>Applications must call <a class="reference internal" href="../api/library/library.html#c.psa_crypto_init" title="psa_crypto_init"><code class="xref any c c-func docutils literal"><span class="pre">psa_crypto_init()</span></code></a> to initialize the library before
using any other function.</p>
</div>
<div class="section" id="key-management">
-<h2>Key management</h2>
+<h2>3.2. Key management</h2>
<p>Applications always access keys indirectly via an identifier, and can perform
operations using a key without accessing the key material. This allows keys to
be <em>non-extractable</em>, where an application can use a key but is not permitted to
@@ -62,107 +64,53 @@
<p>Each key has a set of attributes that describe the key and the policy for using
the key. A <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_attributes_t</span></code></a> object contains all of the attributes, which
is used when creating a key and when querying key attributes.</p>
-<p>Each key has a <em>lifetime</em> that determines when the key material is destroyed.
-There are two types of lifetimes: <a class="reference internal" href="#volatile-keys"><span class="std std-ref">volatile</span></a> and
-<a class="reference internal" href="#persistent-keys"><span class="std std-ref">persistent</span></a>.</p>
-<div class="section" id="volatile-keys">
-<span id="id2"></span><h3>Volatile keys</h3>
-<p>A <em>volatile</em> key exists until it explicitly destroyed with <a class="reference internal" href="../api/keys/management.html#c.psa_destroy_key" title="psa_destroy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_destroy_key()</span></code></a>
-or until the application terminates, which conceptually destroys all of its
-volatile keys.</p>
-<p>Conceptually, a volatile key is stored in RAM. Volatile keys have the
-lifetime <a class="reference internal" href="../api/keys/locations.html#c.PSA_KEY_LIFETIME_VOLATILE" title="PSA_KEY_LIFETIME_VOLATILE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_VOLATILE</span></code></a>.</p>
-<p>To create a volatile key:</p>
-<ol class="arabic simple">
-<li>Populate a <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_attributes_t</span></code></a> object with the required type, size, policy
-and other key attributes.</li>
-<li>Create the key with <a class="reference internal" href="../api/keys/management.html#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_import_key()</span></code></a>, <a class="reference internal" href="../api/keys/management.html#c.psa_generate_key" title="psa_generate_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_generate_key()</span></code></a>,
-<a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_key()</span></code></a> or <a class="reference internal" href="../api/keys/management.html#c.psa_copy_key" title="psa_copy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_copy_key()</span></code></a>. If successful, these
-functions output a transient <a class="reference internal" href="#key-ids"><span class="std std-ref">key identifier</span></a>.</li>
-</ol>
-<p>To destroy a volatile key, call <a class="reference internal" href="../api/keys/management.html#c.psa_destroy_key" title="psa_destroy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_destroy_key()</span></code></a> with the key identifier.</p>
-</div>
-<div class="section" id="persistent-keys">
-<span id="id3"></span><h3>Persistent keys</h3>
-<p>A <em>persistent</em> key exists until it explicitly destroyed with <a class="reference internal" href="../api/keys/management.html#c.psa_destroy_key" title="psa_destroy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_destroy_key()</span></code></a>
-or until it is wiped by the reset or destruction of the device.</p>
-<p>Each persistent key has a permanent key identifier, which acts as a name for the key.
-Within an application, the key identifier corresponds to a single key. The
-application specifies the key identifier when the key is created and when
-using the key.</p>
-<p>Persistent keys can be stored in different storage areas; this is indicated
-through different lifetime values. This specification defines a single lifetime
-value <a class="reference internal" href="../api/keys/locations.html#c.PSA_KEY_LIFETIME_PERSISTENT" title="PSA_KEY_LIFETIME_PERSISTENT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_LIFETIME_PERSISTENT</span></code></a> which corresponds to a default storage
-area. Implementations can define alternative lifetime values corresponding to
-different storage areas with different retention policies, or to secure elements
-with different security characteristics.</p>
-<p>To create a persistent key:</p>
-<ol class="arabic">
-<li><p class="first">Populate a <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_attributes_t</span></code></a> object with the key’s type, size, policy
-and other attributes.</p>
-</li>
-<li><p class="first">In the attributes object, set the desired lifetime and persistent identifier
-for the key.</p>
-</li>
-<li><p class="first">Create the key with one of the <em>key creation functions</em>:</p>
+<p>The key attributes include:</p>
+<ul class="simple">
+<li>A <a class="reference internal" href="../api/keys/types.html#key-types"><span class="std std-ref">type</span></a> and size that describe the key material.</li>
+<li>The key <a class="reference internal" href="#key-ids"><span class="std std-ref">identifier</span></a> that the application uses to refer to the key.</li>
+<li>A <a class="reference internal" href="#key-life"><span class="std std-ref">lifetime</span></a> that determines when the key material is destroyed, and where it is stored.</li>
+<li>A <a class="reference internal" href="#key-usage-policies"><span class="std std-ref">policy</span></a> that determines how the key can be used.</li>
+</ul>
+<p>Keys are created using one of the <em>key creation functions</em>:</p>
<ul class="simple">
<li><a class="reference internal" href="../api/keys/management.html#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_import_key()</span></code></a></li>
<li><a class="reference internal" href="../api/keys/management.html#c.psa_generate_key" title="psa_generate_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_generate_key()</span></code></a></li>
<li><a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_output_key" title="psa_key_derivation_output_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_output_key()</span></code></a></li>
<li><a class="reference internal" href="../api/keys/management.html#c.psa_copy_key" title="psa_copy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_copy_key()</span></code></a></li>
</ul>
-<p>If successful, these functions output the <a class="reference internal" href="#key-ids"><span class="std std-ref">key identifier</span></a>
-that was specified by the application in step 2.</p>
-</li>
-</ol>
-<p>To access an existing persistent key: use the key identifier in any API that
-requires a key.</p>
-<p>To remove cached copies of key material for persistent keys created with the
-<a class="reference internal" href="../api/keys/usage.html#c.PSA_KEY_USAGE_CACHE" title="PSA_KEY_USAGE_CACHE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_CACHE</span></code></a> policy: call <a class="reference internal" href="../api/keys/management.html#c.psa_purge_key" title="psa_purge_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_purge_key()</span></code></a> with the key identifier.</p>
-<p>To destroy a persistent key: call <a class="reference internal" href="../api/keys/management.html#c.psa_destroy_key" title="psa_destroy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_destroy_key()</span></code></a> with the key identifier.
-Destroying a persistent key permanently removes it from memory and storage.</p>
-<p>The key lifetime and identifier are set when the key is created and cannot be
-changed without destroying the key first. If the original key permits copying,
-then the application can specify a different lifetime for the copy of the key.</p>
-</div>
-<div class="section" id="key-identifiers">
-<span id="key-ids"></span><h3>Key identifiers</h3>
-<p>Key identifiers are integral values that act as permanent names for persistent
-keys, or as transient references to volatile keys. Key identifiers use the
-<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_id_t" title="psa_key_id_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_id_t</span></code></a> type, and the range of identifier values is divided as follows:</p>
-<dl class="docutils">
-<dt><a class="reference internal" href="../api/keys/locations.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a><code class="docutils literal"> <span class="pre">=</span> <span class="pre">0</span></code></dt>
-<dd>Reserved as an invalid key identifier.</dd>
-<dt><a class="reference internal" href="../api/keys/locations.html#c.PSA_KEY_ID_USER_MIN" title="PSA_KEY_ID_USER_MIN"><code class="docutils literal"><span class="pre">PSA_KEY_ID_USER_MIN</span></code></a><code class="docutils literal"> <span class="pre">-</span> </code><a class="reference internal" href="../api/keys/locations.html#c.PSA_KEY_ID_USER_MAX" title="PSA_KEY_ID_USER_MAX"><code class="docutils literal"><span class="pre">PSA_KEY_ID_USER_MAX</span></code></a></dt>
-<dd>Applications can freely choose persistent key identifiers in this range.</dd>
-<dt><a class="reference internal" href="../api/keys/locations.html#c.PSA_KEY_ID_VENDOR_MIN" title="PSA_KEY_ID_VENDOR_MIN"><code class="docutils literal"><span class="pre">PSA_KEY_ID_VENDOR_MIN</span></code></a><code class="docutils literal"> <span class="pre">-</span> </code><a class="reference internal" href="../api/keys/locations.html#c.PSA_KEY_ID_VENDOR_MAX" title="PSA_KEY_ID_VENDOR_MAX"><code class="docutils literal"><span class="pre">PSA_KEY_ID_VENDOR_MAX</span></code></a></dt>
-<dd>Implementations can define additional persistent key identifiers in this
-range, and must allocate any volatile key identifiers from this range.</dd>
-</dl>
-<p>Key identifiers outside these ranges are reserved for future use.</p>
-<p>Key identifiers are output from a successful call to one of
-the key creation functions. For persistent keys, this is the same identifier
-as the one specified in the key attributes used to create the key.
-The key identifier remains valid until it is invalidated by passing it to
-<a class="reference internal" href="../api/keys/management.html#c.psa_destroy_key" title="psa_destroy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_destroy_key()</span></code></a>. A volatile key identifier must not be used after it has been
-invalidated.</p>
-<p>Valid key identifiers must have distinct values within the same application. If
-the implementation provides <a class="reference internal" href="goals.html#isolation"><span class="std std-ref">caller isolation</span></a>, then key
-identifiers are local to each application. That is, the same key identifier in two
-applications corresponds to two different keys.</p>
-<p>If an invalid key identifier is provided as a parameter in any function, the
-function will return <a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_INVALID_HANDLE" title="PSA_ERROR_INVALID_HANDLE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INVALID_HANDLE</span></code></a>; except for the special case of
-calling <a class="reference internal" href="../api/keys/management.html#c.psa_destroy_key" title="psa_destroy_key"><code class="docutils literal"><span class="pre">psa_destroy_key</span></code></a><code class="docutils literal"><span class="pre">(</span></code><a class="reference internal" href="../api/keys/locations.html#c.PSA_KEY_ID_NULL" title="PSA_KEY_ID_NULL"><code class="docutils literal"><span class="pre">PSA_KEY_ID_NULL</span></code></a><code class="docutils literal"><span class="pre">)</span></code>, which has no effect and always
-returns <a class="reference internal" href="../api/library/status.html#c.PSA_SUCCESS" title="PSA_SUCCESS"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_SUCCESS</span></code></a>.</p>
-<p>There must be a matching call to <a class="reference internal" href="../api/keys/management.html#c.psa_destroy_key" title="psa_destroy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_destroy_key()</span></code></a> for each successful call
-to a create a volatile key.</p>
+<p>These output the key identifier, that is used to access the key in all other parts of the API.</p>
+<p>All of the key attributes are set when the key is created and cannot be changed
+without destroying the key first. If the original key permits copying, then the
+application can specify a different lifetime or restricted policy for the
+copy of the key.</p>
<p>A call to <a class="reference internal" href="../api/keys/management.html#c.psa_destroy_key" title="psa_destroy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_destroy_key()</span></code></a> destroys the key material, and will cause any active
operations that are using the key to fail. Therefore an application must not
destroy a key while an operation using that key is in progress, unless the
application is prepared to handle a failure of the operation.</p>
+<div class="section" id="key-identifiers">
+<span id="key-ids"></span><h3>3.2.1. Key identifiers</h3>
+<p>Key identifiers are integral values that act as permanent names for persistent keys, or as transient references to volatile keys. Key identifiers are defined by the application for persistent keys, and by the implementation for volatile keys and for built-in keys.</p>
+<p>Key identifiers are output from a successful call to one of the key creation functions.</p>
+<p>Valid key identifiers must have distinct values within the same application. If
+the implementation provides <a class="reference internal" href="goals.html#isolation"><span class="std std-ref">caller isolation</span></a>, then key
+identifiers are local to each application. That is, the same key identifier in two
+applications corresponds to two different keys.</p>
+<p>See <a class="reference internal" href="../api/keys/ids.html#key-identifiers"><span class="secref">Key identifiers</span></a>.</p>
+</div>
+<div class="section" id="key-lifetimes">
+<span id="key-life"></span><h3>3.2.2. Key lifetimes</h3>
+<p>The lifetime of a key indicates where it is stored and which application and system actions will create and destroy it.</p>
+<p>There are two main types of lifetimes: <em>volatile</em> and <em>persistent</em>.</p>
+<p>Volatile keys are automatically destroyed when the application instance terminates or on a power reset of the device. Volatile key identifiers are allocated by the implementation when the key is created. Volatile keys can be explicitly destroyed with a call to <a class="reference internal" href="../api/keys/management.html#c.psa_destroy_key" title="psa_destroy_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_destroy_key()</span></code></a>.</p>
+<p>Persistent keys are preserved until the application explicitly destroys them or until an implementation-specific device management event occurs, for example, a factory reset. The key identifier for a persistent key is set by the application when creating the key, and remains valid throughout the lifetime of the key, even if the application instance that created the key terminates.</p>
+<p>See <a class="reference internal" href="../api/keys/lifetimes.html#key-lifetimes"><span class="secref">Key lifetimes</span></a>.</p>
+</div>
+<div class="section" id="key-policies">
+<span id="key-usage-policies"></span><h3>3.2.3. Key policies</h3>
+<p>All keys have an associated policy that regulates which operations are permitted on the key. Each key policy is a set of usage flags and a specific algorithm that is permitted with the key. See <a class="reference internal" href="../api/keys/policy.html#key-policy"><span class="secref">Key policies</span></a>.</p>
</div>
<div class="section" id="recommendations-of-minimum-standards-for-key-management">
-<h3>Recommendations of minimum standards for key management</h3>
+<h3>3.2.4. Recommendations of minimum standards for key management</h3>
<p>Most implementations provide the following functions:</p>
<ul class="simple">
<li><a class="reference internal" href="../api/keys/management.html#c.psa_import_key" title="psa_import_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_import_key()</span></code></a>. The exceptions are implementations that only give access
@@ -181,38 +129,8 @@
</ul>
</div>
</div>
-<div class="section" id="usage-policies">
-<h2>Usage policies</h2>
-<p>All keys have an associated policy that regulates which operations are permitted
-on the key. Each key policy is a set of usage flags and a specific algorithm
-that is permitted with the key. The policy is part of the key attributes that
-are managed by a <a class="reference internal" href="../api/keys/attributes.html#c.psa_key_attributes_t" title="psa_key_attributes_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_attributes_t</span></code></a> object.</p>
-<p>The usage flags are encoded in a bitmask, which has the type
-<a class="reference internal" href="../api/keys/attributes.html#c.psa_key_usage_t" title="psa_key_usage_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_usage_t</span></code></a>. Four kinds of usage flag can be specified:</p>
-<ul class="simple">
-<li>The extractable flag <a class="reference internal" href="../api/keys/usage.html#c.PSA_KEY_USAGE_EXPORT" title="PSA_KEY_USAGE_EXPORT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_EXPORT</span></code></a> determines whether the key
-material can be extracted.</li>
-<li>The copyable flag <a class="reference internal" href="../api/keys/usage.html#c.PSA_KEY_USAGE_COPY" title="PSA_KEY_USAGE_COPY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_COPY</span></code></a> determines whether the key material
-can be copied into a new key, which can have a different lifetime or a more
-restrictive policy.</li>
-<li>The cacheable flag <a class="reference internal" href="../api/keys/usage.html#c.PSA_KEY_USAGE_CACHE" title="PSA_KEY_USAGE_CACHE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_CACHE</span></code></a> determines whether the
-implementation is permitted to retain non-essential copies of the
-key material in RAM. This policy only applies to persistent keys. See also
-<em><a class="reference internal" href="implementation.html#key-material"><span class="std std-ref">Managing key material</span></a></em>.</li>
-<li>The other usage flags, for example, <a class="reference internal" href="../api/keys/usage.html#c.PSA_KEY_USAGE_ENCRYPT" title="PSA_KEY_USAGE_ENCRYPT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_ENCRYPT</span></code></a> and <a class="reference internal" href="../api/keys/usage.html#c.PSA_KEY_USAGE_SIGN_MESSAGE" title="PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_SIGN_MESSAGE</span></code></a>,
-determine whether the corresponding operation is permitted on the key.</li>
-</ul>
-<p>In addition to the usage bitmask, a policy specifies which algorithm is
-permitted with the key. This specification only defines policies that restrict
-keys to a single algorithm, which is consistent with both common practice and
-security good practice.</p>
-<p>A highly constrained implementation might not be able to support all the policies
-that can be expressed through this interface. If an implementation cannot create
-a key with the required policy, it must return an appropriate error code when
-the key is created.</p>
-</div>
<div class="section" id="symmetric-cryptography">
-<h2>Symmetric cryptography</h2>
+<h2>3.3. Symmetric cryptography</h2>
<p>This specification defines interfaces for the following types of symmetric
cryptographic operation:</p>
<ul class="simple">
@@ -228,16 +146,16 @@
<li>A series of functions that permit <em>multi-part operations</em>.</li>
</ul>
<div class="section" id="single-part-functions">
-<h3>Single-part Functions</h3>
+<h3>3.3.1. Single-part Functions</h3>
<p>Single-part functions are APIs that implement the cryptographic operation in a
single function call. This is the easiest API to use when all of the inputs and
outputs fit into the application memory.</p>
<p>Some use cases involve messages that are too large to be assembled in memory, or
require non-default configuration of the algorithm. These use cases require the
-use of a <em><a class="reference internal" href="#multi-part-operations"><span class="std std-ref">multi-part operation</span></a></em>.</p>
+use of a <a class="reference internal" href="#multi-part-operations"><span class="secref">multi-part operation</span></a>.</p>
</div>
<div class="section" id="multi-part-operations">
-<span id="id4"></span><h3>Multi-part operations</h3>
+<span id="id2"></span><h3>3.3.2. Multi-part operations</h3>
<p>Multi-part operations are APIs which split a single cryptographic operation into
a sequence of separate steps. This enables fine control over the configuration
of the cryptographic operation, and allows the message data to be processed in
@@ -328,7 +246,7 @@
functions, and any requirements about their usage and ordering.</p>
</div>
<div class="section" id="message-digests-hashes">
-<h3>Message digests (Hashes)</h3>
+<h3>3.3.3. Message digests (Hashes)</h3>
<p>The single-part hash functions are:</p>
<ul class="simple">
<li><a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_compute" title="psa_hash_compute"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_compute()</span></code></a> to calculate the hash of a message.</li>
@@ -357,7 +275,7 @@
<p>To abort the operation or recover from an error, call <a class="reference internal" href="../api/ops/hashes.html#c.psa_hash_abort" title="psa_hash_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_hash_abort()</span></code></a>.</p>
</div>
<div class="section" id="message-authentication-codes-macs">
-<h3>Message authentication codes (MACs)</h3>
+<h3>3.3.4. Message authentication codes (MACs)</h3>
<p>The single-part MAC functions are:</p>
<ul class="simple">
<li><a class="reference internal" href="../api/ops/macs.html#c.psa_mac_compute" title="psa_mac_compute"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_compute()</span></code></a> to calculate the MAC of a message.</li>
@@ -381,13 +299,13 @@
<p>To abort the operation or recover from an error, call <a class="reference internal" href="../api/ops/macs.html#c.psa_mac_abort" title="psa_mac_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_mac_abort()</span></code></a>.</p>
</div>
<div class="section" id="encryption-and-decryption">
-<h3>Encryption and decryption</h3>
+<h3>3.3.5. Encryption and decryption</h3>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">The unauthenticated cipher API is provided to implement legacy protocols and
for use cases where the data integrity and authenticity is guaranteed by
non-cryptographic means. It is recommended that newer protocols use
-<em><a class="reference internal" href="#func-aead"><span class="std std-ref">Authenticated encryption (AEAD)</span></a></em>.</p>
+<a class="reference internal" href="#func-aead"><span class="secref">Authenticated encryption (AEAD)</span></a>.</p>
</div>
<p>The single-part functions for encrypting or decrypting a message using an
unauthenticated symmetric cipher are:</p>
@@ -423,7 +341,7 @@
<p>To abort the operation or recover from an error, call <a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_abort" title="psa_cipher_abort"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_abort()</span></code></a>.</p>
</div>
<div class="section" id="authenticated-encryption-aead">
-<span id="func-aead"></span><h3>Authenticated encryption (AEAD)</h3>
+<span id="func-aead"></span><h3>3.3.6. Authenticated encryption (AEAD)</h3>
<p>The single-part AEAD functions are:</p>
<ul class="simple">
<li><a class="reference internal" href="../api/ops/aead.html#c.psa_aead_encrypt" title="psa_aead_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_encrypt()</span></code></a> to encrypt a message using an authenticated symmetric
@@ -431,7 +349,7 @@
<li><a class="reference internal" href="../api/ops/aead.html#c.psa_aead_decrypt" title="psa_aead_decrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_aead_decrypt()</span></code></a> to decrypt a message using an authenticated symmetric
cipher.</li>
</ul>
-<p>These functions follow the interface recommended by <a class="reference external" href="https://tools.ietf.org/html/rfc5116.html">RFC 5116</a>.</p>
+<p>These functions follow the interface recommended by <span><em>An Interface and Algorithms for Authenticated Encryption</em> <a class="reference internal" href="../about.html#citation-rfc5116"><span class="cite">[RFC5116]</span></a></span>.</p>
<p>The encryption function requires a nonce to be provided. To generate a random
nonce, either call <a class="reference internal" href="../api/ops/rng.html#c.psa_generate_random" title="psa_generate_random"><code class="xref any c c-func docutils literal"><span class="pre">psa_generate_random()</span></code></a> or use the AEAD multi-part API.</p>
<p>The <a class="reference internal" href="../api/ops/aead.html#c.psa_aead_operation_t" title="psa_aead_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_aead_operation_t</span></code></a> <a class="reference internal" href="#multi-part-operations"><span class="std std-ref">multi-part operation</span></a>
@@ -478,7 +396,7 @@
these lengths before providing input.</p>
</div>
<div class="section" id="key-derivation">
-<span id="id5"></span><h3>Key derivation</h3>
+<span id="id3"></span><h3>3.3.7. Key derivation</h3>
<p>A key derivation encodes a deterministic method to generate a finite stream of
bytes. This data stream is computed by the cryptoprocessor and extracted in
chunks. If two key derivation operations are constructed with the same
@@ -528,12 +446,12 @@
will not be used for different purposes.</p>
</div>
<div class="section" id="example-of-the-symmetric-cryptography-api">
-<h3>Example of the symmetric cryptography API</h3>
+<h3>3.3.8. Example of the symmetric cryptography API</h3>
<p>Here is an example of a use case where a master key is used to generate both a
message encryption key and an IV for the encryption, and the derived key and IV
are then used to encrypt a message.</p>
<ol class="arabic simple">
-<li>Derive the message encryption material from the master key.<ol class="arabic">
+<li>Derive the message encryption material from the master key.<ol class="loweralpha">
<li>Initialize a <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_operation_t" title="psa_key_derivation_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_key_derivation_operation_t</span></code></a> object to zero or to
<a class="reference internal" href="../api/ops/kdf.html#c.PSA_KEY_DERIVATION_OPERATION_INIT" title="PSA_KEY_DERIVATION_OPERATION_INIT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_DERIVATION_OPERATION_INIT</span></code></a>.</li>
<li>Call <a class="reference internal" href="../api/ops/kdf.html#c.psa_key_derivation_setup" title="psa_key_derivation_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_setup()</span></code></a> with <a class="reference internal" href="../api/ops/kdf.html#c.PSA_ALG_HKDF" title="PSA_ALG_HKDF"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_HKDF</span></code></a> as the algorithm.</li>
@@ -550,7 +468,7 @@
memory.</li>
</ol>
</li>
-<li>Encrypt the message with the derived material.<ol class="arabic">
+<li>Encrypt the message with the derived material.<ol class="loweralpha">
<li>Initialize a <a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_operation_t" title="psa_cipher_operation_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_cipher_operation_t</span></code></a> object to zero or to
<a class="reference internal" href="../api/ops/ciphers.html#c.PSA_CIPHER_OPERATION_INIT" title="PSA_CIPHER_OPERATION_INIT"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_CIPHER_OPERATION_INIT</span></code></a>.</li>
<li>Call <a class="reference internal" href="../api/ops/ciphers.html#c.psa_cipher_encrypt_setup" title="psa_cipher_encrypt_setup"><code class="xref any c c-func docutils literal"><span class="pre">psa_cipher_encrypt_setup()</span></code></a> with the derived message encryption key.</li>
@@ -564,16 +482,16 @@
</div>
</div>
<div class="section" id="asymmetric-cryptography">
-<h2>Asymmetric cryptography</h2>
+<h2>3.4. Asymmetric cryptography</h2>
<p>This specification defines functions for asymmetric cryptography, including
asymmetric encryption, asymmetric signature, and two-way key agreement.</p>
<div class="section" id="asymmetric-encryption">
-<h3>Asymmetric encryption</h3>
+<h3>3.4.1. Asymmetric encryption</h3>
<p>Asymmetric encryption is provided through the functions
<a class="reference internal" href="../api/ops/pke.html#c.psa_asymmetric_encrypt" title="psa_asymmetric_encrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_asymmetric_encrypt()</span></code></a> and <a class="reference internal" href="../api/ops/pke.html#c.psa_asymmetric_decrypt" title="psa_asymmetric_decrypt"><code class="xref any c c-func docutils literal"><span class="pre">psa_asymmetric_decrypt()</span></code></a>.</p>
</div>
<div class="section" id="hash-and-sign">
-<h3>Hash-and-sign</h3>
+<h3>3.4.2. Hash-and-sign</h3>
<p>The signature and verification functions <a class="reference internal" href="../api/ops/sign.html#c.psa_sign_message" title="psa_sign_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_sign_message()</span></code></a> and
<a class="reference internal" href="../api/ops/sign.html#c.psa_verify_message" title="psa_verify_message"><code class="xref any c c-func docutils literal"><span class="pre">psa_verify_message()</span></code></a> take a message as one of their inputs and perform a
hash-and-sign algorithm.</p>
@@ -581,28 +499,28 @@
one of their inputs. This is useful for signing pre-computed hashes, or for
implementing hash-and-sign using a <a class="reference internal" href="../api/ops/hashes.html#hash-mp"><span class="std std-ref">multi-part hash operation</span></a>
before signing the resulting hash. To determine which
-hash algorithm to use, call the macro <a class="reference internal" href="../api/keys/algorithms.html#c.PSA_ALG_GET_HASH" title="PSA_ALG_GET_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_GET_HASH()</span></code></a> on the
+hash algorithm to use, call the macro <a class="reference internal" href="../api/ops/algorithms.html#c.PSA_ALG_GET_HASH" title="PSA_ALG_GET_HASH"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ALG_GET_HASH()</span></code></a> on the
corresponding signature algorithm.</p>
<p>Some hash-and-sign algorithms add padding to the message hash before completing
the signing operation. The format of the padding that is used depends on the
algorithm used to construct the signature.</p>
</div>
<div class="section" id="key-agreement">
-<h3>Key agreement</h3>
+<h3>3.4.3. Key agreement</h3>
<p>This specification defines two functions for a Diffie-Hellman-style key
agreement where each party combines its own private key with the peer’s public
key.</p>
-<p>The recommended approach is to use a <a class="reference internal" href="#key-derivation"><span class="std std-ref">key derivation
-operation</span></a> with the <a class="reference internal" href="../api/ops/ka.html#c.psa_key_derivation_key_agreement" title="psa_key_derivation_key_agreement"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_key_agreement()</span></code></a>
-input function, which calculates a shared secret for the key derivation
-function.</p>
+<p>The recommended approach is to use a
+<a class="reference internal" href="#key-derivation"><span class="std std-ref">key derivation operation</span></a> with the
+<a class="reference internal" href="../api/ops/ka.html#c.psa_key_derivation_key_agreement" title="psa_key_derivation_key_agreement"><code class="xref any c c-func docutils literal"><span class="pre">psa_key_derivation_key_agreement()</span></code></a> input function, which calculates a shared
+secret for the key derivation function.</p>
<p>Where an application needs direct access to the shared secret, it can call
<a class="reference internal" href="../api/ops/ka.html#c.psa_raw_key_agreement" title="psa_raw_key_agreement"><code class="xref any c c-func docutils literal"><span class="pre">psa_raw_key_agreement()</span></code></a> instead. Note that in general the shared secret is not
directly suitable for use as a key because it is biased.</p>
</div>
</div>
<div class="section" id="randomness-and-key-generation">
-<h2>Randomness and key generation</h2>
+<h2>3.5. Randomness and key generation</h2>
<p>We strongly recommended that implementations include a random generator,
consisting of a cryptographically secure pseudo-random generator (CSPRNG), which
is adequately seeded with a cryptographic-quality hardware entropy source,
@@ -623,56 +541,62 @@
</div>
</div>
<div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper">
- <h3><a href="../index.html">Table Of Contents</a></h3>
- <ul>
-<li><a class="reference internal" href="#">Functionality overview</a><ul>
-<li><a class="reference internal" href="#library-management">Library management</a></li>
-<li><a class="reference internal" href="#key-management">Key management</a><ul>
-<li><a class="reference internal" href="#volatile-keys">Volatile keys</a></li>
-<li><a class="reference internal" href="#persistent-keys">Persistent keys</a></li>
-<li><a class="reference internal" href="#key-identifiers">Key identifiers</a></li>
-<li><a class="reference internal" href="#recommendations-of-minimum-standards-for-key-management">Recommendations of minimum standards for key management</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#usage-policies">Usage policies</a></li>
-<li><a class="reference internal" href="#symmetric-cryptography">Symmetric cryptography</a><ul>
-<li><a class="reference internal" href="#single-part-functions">Single-part Functions</a></li>
-<li><a class="reference internal" href="#multi-part-operations">Multi-part operations</a></li>
-<li><a class="reference internal" href="#message-digests-hashes">Message digests (Hashes)</a></li>
-<li><a class="reference internal" href="#message-authentication-codes-macs">Message authentication codes (MACs)</a></li>
-<li><a class="reference internal" href="#encryption-and-decryption">Encryption and decryption</a></li>
-<li><a class="reference internal" href="#authenticated-encryption-aead">Authenticated encryption (AEAD)</a></li>
-<li><a class="reference internal" href="#key-derivation">Key derivation</a></li>
-<li><a class="reference internal" href="#example-of-the-symmetric-cryptography-api">Example of the symmetric cryptography API</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#asymmetric-cryptography">Asymmetric cryptography</a><ul>
-<li><a class="reference internal" href="#asymmetric-encryption">Asymmetric encryption</a></li>
-<li><a class="reference internal" href="#hash-and-sign">Hash-and-sign</a></li>
-<li><a class="reference internal" href="#key-agreement">Key agreement</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#randomness-and-key-generation">Randomness and key generation</a></li>
-</ul>
-</li>
-</ul>
-<div class="relations">
-<h3>Related Topics</h3>
+ <div class="sphinxsidebarwrapper"><h3><a href="../index.html"><b>PSA Crypto API</b></a></h3>
+IHI 0086<br/>
+Non-confidential<br/>
+Version 1.0.1
+<span style="color: red; font-weight: bold;"></span>
<ul>
- <li><a href="../index.html">Documentation overview</a><ul>
- <li>Previous: <a href="goals.html" title="previous chapter">Design goals</a></li>
- <li>Next: <a href="sample-arch.html" title="next chapter">Sample architectures</a></li>
- </ul></li>
+<li class="toctree-l1"><a class="reference internal" href="../about.html">About this document</a></li>
</ul>
-</div>
- <div role="note" aria-label="source link">
- <h3>This Page</h3>
- <ul class="this-page-menu">
- <li><a href="../_sources/overview/functionality.rst.txt"
- rel="nofollow">Show Source</a></li>
- </ul>
- </div>
+<ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="intro.html">1. Introduction</a></li>
+<li class="toctree-l1"><a class="reference internal" href="goals.html">2. Design goals</a></li>
+<li class="toctree-l1 current"><a class="current reference internal" href="#">3. Functionality overview</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="#library-management">3.1. Library management</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#key-management">3.2. Key management</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#key-identifiers">3.2.1. Key identifiers</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#key-lifetimes">3.2.2. Key lifetimes</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#key-policies">3.2.3. Key policies</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#recommendations-of-minimum-standards-for-key-management">3.2.4. Recommendations of minimum standards for key management</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="#symmetric-cryptography">3.3. Symmetric cryptography</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#single-part-functions">3.3.1. Single-part Functions</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#multi-part-operations">3.3.2. Multi-part operations</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#message-digests-hashes">3.3.3. Message digests (Hashes)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#message-authentication-codes-macs">3.3.4. Message authentication codes (MACs)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#encryption-and-decryption">3.3.5. Encryption and decryption</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#authenticated-encryption-aead">3.3.6. Authenticated encryption (AEAD)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#key-derivation">3.3.7. Key derivation</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#example-of-the-symmetric-cryptography-api">3.3.8. Example of the symmetric cryptography API</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="#asymmetric-cryptography">3.4. Asymmetric cryptography</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#asymmetric-encryption">3.4.1. Asymmetric encryption</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#hash-and-sign">3.4.2. Hash-and-sign</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#key-agreement">3.4.3. Key agreement</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="#randomness-and-key-generation">3.5. Randomness and key generation</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="sample-arch.html">4. Sample architectures</a></li>
+<li class="toctree-l1"><a class="reference internal" href="conventions.html">5. Library conventions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="implementation.html">6. Implementation considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="usage.html">7. Usage considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../api/library/index.html">8. Library management reference</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../api/keys/index.html">9. Key management reference</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../api/ops/index.html">10. Cryptographic operation reference</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../appendix/example_header.html">Example header file</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../appendix/specdef_values.html">Example macro implementations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../appendix/history.html">Changes to the API</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../psa_c-identifiers.html">Index of API elements</a></li>
+</ul>
<div id="searchbox" style="display: none" role="search">
<h3>Quick search</h3>
<form class="search" action="../search.html" method="get">
@@ -688,15 +612,12 @@
<div class="clearer"></div>
</div>
<div class="footer">
- © 2019-2020, Arm Limited or its affiliates. All rights reserved.
+ © 2018-2020, Arm Limited or its affiliates. All rights reserved.
|
Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
& <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
- |
- <a href="../_sources/overview/functionality.rst.txt"
- rel="nofollow">Page source</a>
</div>
diff --git a/docs/html/overview/goals.html b/docs/html/overview/goals.html
index 028cf5e..0185da7 100644
--- a/docs/html/overview/goals.html
+++ b/docs/html/overview/goals.html
@@ -5,26 +5,27 @@
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>Design goals — PSA Crypto API 1.0.0 documentation</title>
+ <title>2. Design goals — PSA Crypto API 1.0.1 documentation</title>
<link rel="stylesheet" href="../_static/alabaster.css" type="text/css" />
<link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../',
- VERSION: '1.0.0',
+ VERSION: '1.0.1',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
- HAS_SOURCE: true,
+ HAS_SOURCE: false,
SOURCELINK_SUFFIX: '.txt'
};
</script>
<script type="text/javascript" src="../_static/jquery.js"></script>
<script type="text/javascript" src="../_static/underscore.js"></script>
<script type="text/javascript" src="../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../about.html" />
<link rel="index" title="Index" href="../genindex.html" />
<link rel="search" title="Search" href="../search.html" />
- <link rel="next" title="Functionality overview" href="functionality.html" />
- <link rel="prev" title="Introduction" href="intro.html" />
+ <link rel="next" title="3. Functionality overview" href="functionality.html" />
+ <link rel="prev" title="1. Introduction" href="intro.html" />
<link rel="stylesheet" href="../_static/custom.css" type="text/css" />
@@ -40,9 +41,9 @@
<div class="body" role="main">
<div class="section" id="design-goals">
-<span id="id1"></span><h1>Design goals</h1>
+<span id="id1"></span><h1>2. Design goals</h1>
<div class="section" id="suitable-for-constrained-devices">
-<h2>Suitable for constrained devices</h2>
+<h2>2.1. Suitable for constrained devices</h2>
<p>The interface is suitable for a vast range of devices: from special-purpose
cryptographic processors that process data with a built-in key, to constrained
devices running custom application code, such as microcontrollers, and
@@ -70,7 +71,7 @@
free to choose which memory area to use for internal data.</p>
</div>
<div class="section" id="a-keystore-interface">
-<h2>A keystore interface</h2>
+<h2>2.2. A keystore interface</h2>
<p>The specification allows cryptographic operations to be performed on a key to
which the application does not have direct access. Except where required for
interchange, applications access all keys indirectly, by an identifier. The key
@@ -79,7 +80,7 @@
defined when the key is created.</p>
</div>
<div class="section" id="optional-isolation">
-<span id="isolation"></span><h2>Optional isolation</h2>
+<span id="isolation"></span><h2>2.3. Optional isolation</h2>
<p>Implementations can isolate the cryptoprocessor from the calling application,
and can further isolate multiple calling applications. The interface allows the
implementation to be separated between a frontend and a backend. In an isolated
@@ -122,7 +123,7 @@
</ul>
</div>
<div class="section" id="choice-of-algorithms">
-<h2>Choice of algorithms</h2>
+<h2>2.4. Choice of algorithms</h2>
<p>The specification defines a low-level cryptographic interface, where the caller
explicitly chooses which algorithm and which security parameters they use. This
is necessary to implement protocols that are inescapable in various use cases.
@@ -149,7 +150,7 @@
hash algorithm.</p>
</div>
<div class="section" id="ease-of-use">
-<h2>Ease of use</h2>
+<h2>2.5. Ease of use</h2>
<p>The interface is designed to be as user-friendly as possible, given the
aforementioned constraints on suitability for various types of devices and on
the freedom to choose algorithms.</p>
@@ -162,39 +163,39 @@
constraints.</p>
</div>
<div class="section" id="example-use-cases">
-<h2>Example use cases</h2>
+<h2>2.6. Example use cases</h2>
<p>This section lists some of the use cases that were considered during the design
of this API. This list is not exhaustive, nor are all implementations required to
support all use cases.</p>
<div class="section" id="network-security-tls">
-<h3>Network Security (TLS)</h3>
+<h3>2.6.1. Network Security (TLS)</h3>
<p>The API provides all of the cryptographic primitives needed to establish TLS
connections.</p>
</div>
<div class="section" id="secure-storage">
-<h3>Secure Storage</h3>
+<h3>2.6.2. Secure Storage</h3>
<p>The API provides all primitives related to storage encryption, block or
file-based, with master encryption keys stored inside a key store.</p>
</div>
<div class="section" id="network-credentials">
-<h3>Network Credentials</h3>
+<h3>2.6.3. Network Credentials</h3>
<p>The API provides network credential management inside a key store, for example,
for X.509-based authentication or pre-shared keys on enterprise networks.</p>
</div>
<div class="section" id="device-pairing">
-<h3>Device Pairing</h3>
+<h3>2.6.4. Device Pairing</h3>
<p>The API provides support for key agreement protocols that are often used for
secure pairing of devices over wireless channels. For example, the pairing of an
NFC token or a Bluetooth device might use key agreement protocols upon
first use.</p>
</div>
<div class="section" id="secure-boot">
-<h3>Secure Boot</h3>
+<h3>2.6.5. Secure Boot</h3>
<p>The API provides primitives for use during firmware integrity and authenticity
validation, during a secure or trusted boot process.</p>
</div>
<div class="section" id="attestation">
-<h3>Attestation</h3>
+<h3>2.6.6. Attestation</h3>
<p>The API provides primitives used in attestation activities. Attestation is the
ability for a device to sign an array of bytes with a device private key and
return the result to the caller. There are several use cases; ranging from attestation
@@ -203,7 +204,7 @@
algorithms commonly used for attestation.</p>
</div>
<div class="section" id="factory-provisioning">
-<h3>Factory Provisioning</h3>
+<h3>2.6.7. Factory Provisioning</h3>
<p>Most IoT devices receive a unique identity during the factory provisioning
process, or once they have been deployed to the field. This API provides the APIs necessary for
populating a device with keys that represent that identity.</p>
@@ -216,44 +217,51 @@
</div>
</div>
<div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper">
- <h3><a href="../index.html">Table Of Contents</a></h3>
- <ul>
-<li><a class="reference internal" href="#">Design goals</a><ul>
-<li><a class="reference internal" href="#suitable-for-constrained-devices">Suitable for constrained devices</a></li>
-<li><a class="reference internal" href="#a-keystore-interface">A keystore interface</a></li>
-<li><a class="reference internal" href="#optional-isolation">Optional isolation</a></li>
-<li><a class="reference internal" href="#choice-of-algorithms">Choice of algorithms</a></li>
-<li><a class="reference internal" href="#ease-of-use">Ease of use</a></li>
-<li><a class="reference internal" href="#example-use-cases">Example use cases</a><ul>
-<li><a class="reference internal" href="#network-security-tls">Network Security (TLS)</a></li>
-<li><a class="reference internal" href="#secure-storage">Secure Storage</a></li>
-<li><a class="reference internal" href="#network-credentials">Network Credentials</a></li>
-<li><a class="reference internal" href="#device-pairing">Device Pairing</a></li>
-<li><a class="reference internal" href="#secure-boot">Secure Boot</a></li>
-<li><a class="reference internal" href="#attestation">Attestation</a></li>
-<li><a class="reference internal" href="#factory-provisioning">Factory Provisioning</a></li>
-</ul>
-</li>
-</ul>
-</li>
-</ul>
-<div class="relations">
-<h3>Related Topics</h3>
+ <div class="sphinxsidebarwrapper"><h3><a href="../index.html"><b>PSA Crypto API</b></a></h3>
+IHI 0086<br/>
+Non-confidential<br/>
+Version 1.0.1
+<span style="color: red; font-weight: bold;"></span>
<ul>
- <li><a href="../index.html">Documentation overview</a><ul>
- <li>Previous: <a href="intro.html" title="previous chapter">Introduction</a></li>
- <li>Next: <a href="functionality.html" title="next chapter">Functionality overview</a></li>
- </ul></li>
+<li class="toctree-l1"><a class="reference internal" href="../about.html">About this document</a></li>
</ul>
-</div>
- <div role="note" aria-label="source link">
- <h3>This Page</h3>
- <ul class="this-page-menu">
- <li><a href="../_sources/overview/goals.rst.txt"
- rel="nofollow">Show Source</a></li>
- </ul>
- </div>
+<ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="intro.html">1. Introduction</a></li>
+<li class="toctree-l1 current"><a class="current reference internal" href="#">2. Design goals</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="#suitable-for-constrained-devices">2.1. Suitable for constrained devices</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#a-keystore-interface">2.2. A keystore interface</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#optional-isolation">2.3. Optional isolation</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#choice-of-algorithms">2.4. Choice of algorithms</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#ease-of-use">2.5. Ease of use</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#example-use-cases">2.6. Example use cases</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#network-security-tls">2.6.1. Network Security (TLS)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#secure-storage">2.6.2. Secure Storage</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#network-credentials">2.6.3. Network Credentials</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#device-pairing">2.6.4. Device Pairing</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#secure-boot">2.6.5. Secure Boot</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#attestation">2.6.6. Attestation</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#factory-provisioning">2.6.7. Factory Provisioning</a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="functionality.html">3. Functionality overview</a></li>
+<li class="toctree-l1"><a class="reference internal" href="sample-arch.html">4. Sample architectures</a></li>
+<li class="toctree-l1"><a class="reference internal" href="conventions.html">5. Library conventions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="implementation.html">6. Implementation considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="usage.html">7. Usage considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../api/library/index.html">8. Library management reference</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../api/keys/index.html">9. Key management reference</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../api/ops/index.html">10. Cryptographic operation reference</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../appendix/example_header.html">Example header file</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../appendix/specdef_values.html">Example macro implementations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../appendix/history.html">Changes to the API</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../psa_c-identifiers.html">Index of API elements</a></li>
+</ul>
<div id="searchbox" style="display: none" role="search">
<h3>Quick search</h3>
<form class="search" action="../search.html" method="get">
@@ -269,15 +277,12 @@
<div class="clearer"></div>
</div>
<div class="footer">
- © 2019-2020, Arm Limited or its affiliates. All rights reserved.
+ © 2018-2020, Arm Limited or its affiliates. All rights reserved.
|
Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
& <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
- |
- <a href="../_sources/overview/goals.rst.txt"
- rel="nofollow">Page source</a>
</div>
diff --git a/docs/html/overview/implementation.html b/docs/html/overview/implementation.html
index 53eb1a9..dd8e2f3 100644
--- a/docs/html/overview/implementation.html
+++ b/docs/html/overview/implementation.html
@@ -5,26 +5,27 @@
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>Implementation considerations — PSA Crypto API 1.0.0 documentation</title>
+ <title>6. Implementation considerations — PSA Crypto API 1.0.1 documentation</title>
<link rel="stylesheet" href="../_static/alabaster.css" type="text/css" />
<link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../',
- VERSION: '1.0.0',
+ VERSION: '1.0.1',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
- HAS_SOURCE: true,
+ HAS_SOURCE: false,
SOURCELINK_SUFFIX: '.txt'
};
</script>
<script type="text/javascript" src="../_static/jquery.js"></script>
<script type="text/javascript" src="../_static/underscore.js"></script>
<script type="text/javascript" src="../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../about.html" />
<link rel="index" title="Index" href="../genindex.html" />
<link rel="search" title="Search" href="../search.html" />
- <link rel="next" title="Usage considerations" href="usage.html" />
- <link rel="prev" title="Library conventions" href="conventions.html" />
+ <link rel="next" title="7. Usage considerations" href="usage.html" />
+ <link rel="prev" title="5. Library conventions" href="conventions.html" />
<link rel="stylesheet" href="../_static/custom.css" type="text/css" />
@@ -40,11 +41,11 @@
<div class="body" role="main">
<div class="section" id="implementation-considerations">
-<span id="id1"></span><h1>Implementation considerations</h1>
+<span id="id1"></span><h1>6. Implementation considerations</h1>
<div class="section" id="implementation-specific-aspects-of-the-interface">
-<h2>Implementation-specific aspects of the interface</h2>
+<h2>6.1. Implementation-specific aspects of the interface</h2>
<div class="section" id="implementation-profile">
-<h3>Implementation profile</h3>
+<h3>6.1.1. Implementation profile</h3>
<p>Implementations can implement a subset of the API and a subset of the available
algorithms. The implemented subset is known as the implementation’s profile. The
documentation for each implementation must describe the profile that it
@@ -52,21 +53,21 @@
standard profiles.</p>
</div>
<div class="section" id="implementation-specific-types">
-<span id="implementation-defined-type"></span><h3>Implementation-specific types</h3>
+<span id="implementation-defined-type"></span><h3>6.1.2. Implementation-specific types</h3>
<p>This specification defines a number of implementation-specific types, which
represent objects whose content depends on the implementation. These are defined
as C <code class="docutils literal"><span class="pre">typedef</span></code> types in this specification, with a comment
<em><a class="reference internal" href="#implementation-defined-type"><span class="std std-ref">/* implementation-defined type */</span></a></em> in place of the underlying type
definition. For some types the specification constrains the type, for example,
by requiring that the type is a <code class="docutils literal"><span class="pre">struct</span></code>, or that it is convertible to and
-from an unsigned integer. In the implementation’s version of <strong>psa/crypto.h</strong>,
+from an unsigned integer. In the implementation’s version of <code class="file docutils literal"><span class="pre">psa/crypto.h</span></code>,
these types need to be defined as complete C types so that objects of these
types can be instantiated by application code.</p>
<p>Applications that rely on the implementation specific definition of any of these
types might not be portable to other implementations of this specification.</p>
</div>
<div class="section" id="implementation-specific-macros">
-<span id="implementation-specific-macro"></span><h3>Implementation-specific macros</h3>
+<span id="implementation-specific-macro"></span><h3>6.1.3. Implementation-specific macros</h3>
<p>Some macro constants and function-like macros are precisely defined by this
specification. The use of an exact definition is essential if the definition can
appear in more than one header file within a compilation.</p>
@@ -90,7 +91,7 @@
<p>For function-like macros with specification-defined values:</p>
<ul class="simple">
<li>Example implementations are provided in an appendix to this specification.
-See <em><a class="reference internal" href="../appendix/specdef_values.html#appendix-specdef-values"><span class="std std-ref">Example macro implementations</span></a></em>.</li>
+See <a class="reference internal" href="../appendix/specdef_values.html#appendix-specdef-values"><span class="secref">Example macro implementations</span></a>.</li>
<li>The expected computation for valid and supported input arguments will be
defined as pseudo-code in a future version of this specification.</li>
</ul>
@@ -119,27 +120,27 @@
</div>
</div>
<div class="section" id="porting-to-a-platform">
-<h2>Porting to a platform</h2>
+<h2>6.2. Porting to a platform</h2>
<div class="section" id="platform-assumptions">
-<h3>Platform assumptions</h3>
+<h3>6.2.1. Platform assumptions</h3>
<p>This specification is designed for a C99 platform. The interface is defined in
terms of C macros, functions and objects.</p>
<p>The specification assumes 8-bit bytes, and “byte” and “octet” are used
synonymously.</p>
</div>
<div class="section" id="platform-specific-types">
-<h3>Platform-specific types</h3>
+<h3>6.2.2. Platform-specific types</h3>
<p>The specification makes use of some types defined in C99. These types must be
-defined in the implementation version of <strong>psa/crypto.h</strong> or by a header
+defined in the implementation version of <code class="file docutils literal"><span class="pre">psa/crypto.h</span></code> or by a header
included in this file. The following C99 types are used:</p>
<dl class="docutils">
<dt><code class="docutils literal"><span class="pre">uint8_t</span></code>, <code class="docutils literal"><span class="pre">uint16_t</span></code>, <code class="docutils literal"><span class="pre">uint32_t</span></code></dt>
<dd>Unsigned integer types with 8, 16 and 32 value bits respectively.
-These types are defined by the C99 header <strong>stdint.h</strong>.</dd>
+These types are defined by the C99 header <code class="file docutils literal"><span class="pre">stdint.h</span></code>.</dd>
</dl>
</div>
<div class="section" id="cryptographic-hardware-support">
-<h3>Cryptographic hardware support</h3>
+<h3>6.2.3. Cryptographic hardware support</h3>
<p>Implementations are encouraged to make use of hardware accelerators where
available. A future version of this specification will define a function
interface that calls drivers for hardware accelerators and external
@@ -147,9 +148,9 @@
</div>
</div>
<div class="section" id="security-requirements-and-recommendations">
-<h2>Security requirements and recommendations</h2>
+<h2>6.3. Security requirements and recommendations</h2>
<div class="section" id="error-detection">
-<h3>Error detection</h3>
+<h3>6.3.1. Error detection</h3>
<p>Implementations that provide isolation between the caller and the cryptography
processing environment must validate parameters to ensure that the cryptography
processing environment is protected from attacks caused by passing invalid
@@ -158,7 +159,7 @@
parameters and fail-safe where possible.</p>
</div>
<div class="section" id="indirect-object-references">
-<h3>Indirect object references</h3>
+<h3>6.3.2. Indirect object references</h3>
<p>Implementations can use different strategies for allocating key identifiers,
and other types of indirect object reference.</p>
<p>Implementations that provide isolation between the caller and the cryptography
@@ -185,7 +186,7 @@
identifier reuse vulnerability within an application.</p>
</div>
<div class="section" id="memory-cleanup">
-<span id="id2"></span><h3>Memory cleanup</h3>
+<span id="id2"></span><h3>6.3.3. Memory cleanup</h3>
<p>Implementations must wipe all sensitive data from memory when it is no longer
used. It is recommended that they wipe this sensitive data as soon as possible. All
temporary data used during the execution of a function, such as stack buffers,
@@ -197,9 +198,9 @@
data that is currently in use can be leaked. It does not compromise past data.</p>
</div>
<div class="section" id="managing-key-material">
-<span id="key-material"></span><h3>Managing key material</h3>
+<span id="key-material"></span><h3>6.3.4. Managing key material</h3>
<p>In implementations that have limited volatile memory for keys, the
-implementation is permitted to store a <a class="reference internal" href="functionality.html#volatile-keys"><span class="std std-ref">volatile key</span></a> to a
+implementation is permitted to store a <a class="reference internal" href="../api/keys/lifetimes.html#key-lifetimes"><span class="std std-ref">volatile key</span></a> to a
temporary location in non-volatile memory. The implementation must delete any
such copies when the key is destroyed, and it is recommended that these copies
are deleted as soon as the key is reloaded into volatile memory. An
@@ -208,8 +209,8 @@
<p>Implementing the <a class="reference internal" href="#memory-cleanup"><span class="std std-ref">memory cleanup rule</span></a> for persistent keys
can result in inefficiencies when the same persistent key is used sequentially
in multiple cryptographic operations. The inefficiency stems from loading the
-key from non-volatile storage on each use of the key. The <a class="reference internal" href="../api/keys/usage.html#c.PSA_KEY_USAGE_CACHE" title="PSA_KEY_USAGE_CACHE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_CACHE</span></code></a>
-policy allows an application to request that the implementation does not cleanup
+key from non-volatile storage on each use of the key. The <a class="reference internal" href="../api/keys/policy.html#c.PSA_KEY_USAGE_CACHE" title="PSA_KEY_USAGE_CACHE"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_KEY_USAGE_CACHE</span></code></a>
+usage flag in a key policy allows an application to request that the implementation does not cleanup
non-essential copies of persistent key material, effectively suspending the
cleanup rules for that key. The effects of this policy depend on the
implementation and the key, for example:</p>
@@ -226,7 +227,7 @@
<a class="reference internal" href="../api/keys/management.html#c.psa_purge_key" title="psa_purge_key"><code class="xref any c c-func docutils literal"><span class="pre">psa_purge_key()</span></code></a>, to request that the key material is cleaned from memory.</p>
</div>
<div class="section" id="safe-outputs-on-error">
-<h3>Safe outputs on error</h3>
+<h3>6.3.5. Safe outputs on error</h3>
<p>Implementations must ensure that confidential data is not written to output
parameters before validating that the disclosure of this confidential data is
authorized. This requirement is particularly important for implementations where
@@ -244,7 +245,7 @@
zeroing them out.</p>
</div>
<div class="section" id="attack-resistance">
-<h3>Attack resistance</h3>
+<h3>6.3.6. Attack resistance</h3>
<p>Cryptographic code tends to manipulate high-value secrets, from which other
secrets can be unlocked. As such, it is a high-value target for attacks. There
is a vast body of literature on attack types, such as side channel attacks and
@@ -258,9 +259,9 @@
</div>
</div>
<div class="section" id="other-implementation-considerations">
-<h2>Other implementation considerations</h2>
+<h2>6.4. Other implementation considerations</h2>
<div class="section" id="philosophy-of-resource-management">
-<h3>Philosophy of resource management</h3>
+<h3>6.4.1. Philosophy of resource management</h3>
<p>The specification allows most functions to return
<a class="reference internal" href="../api/library/status.html#c.PSA_ERROR_INSUFFICIENT_MEMORY" title="PSA_ERROR_INSUFFICIENT_MEMORY"><code class="xref any c c-macro docutils literal"><span class="pre">PSA_ERROR_INSUFFICIENT_MEMORY</span></code></a>. This gives implementations the freedom to
manage memory as they please.</p>
@@ -286,54 +287,61 @@
</div>
</div>
<div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper">
- <h3><a href="../index.html">Table Of Contents</a></h3>
- <ul>
-<li><a class="reference internal" href="#">Implementation considerations</a><ul>
-<li><a class="reference internal" href="#implementation-specific-aspects-of-the-interface">Implementation-specific aspects of the interface</a><ul>
-<li><a class="reference internal" href="#implementation-profile">Implementation profile</a></li>
-<li><a class="reference internal" href="#implementation-specific-types">Implementation-specific types</a></li>
-<li><a class="reference internal" href="#implementation-specific-macros">Implementation-specific macros</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#porting-to-a-platform">Porting to a platform</a><ul>
-<li><a class="reference internal" href="#platform-assumptions">Platform assumptions</a></li>
-<li><a class="reference internal" href="#platform-specific-types">Platform-specific types</a></li>
-<li><a class="reference internal" href="#cryptographic-hardware-support">Cryptographic hardware support</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#security-requirements-and-recommendations">Security requirements and recommendations</a><ul>
-<li><a class="reference internal" href="#error-detection">Error detection</a></li>
-<li><a class="reference internal" href="#indirect-object-references">Indirect object references</a></li>
-<li><a class="reference internal" href="#memory-cleanup">Memory cleanup</a></li>
-<li><a class="reference internal" href="#managing-key-material">Managing key material</a></li>
-<li><a class="reference internal" href="#safe-outputs-on-error">Safe outputs on error</a></li>
-<li><a class="reference internal" href="#attack-resistance">Attack resistance</a></li>
-</ul>
-</li>
-<li><a class="reference internal" href="#other-implementation-considerations">Other implementation considerations</a><ul>
-<li><a class="reference internal" href="#philosophy-of-resource-management">Philosophy of resource management</a></li>
-</ul>
-</li>
-</ul>
-</li>
-</ul>
-<div class="relations">
-<h3>Related Topics</h3>
+ <div class="sphinxsidebarwrapper"><h3><a href="../index.html"><b>PSA Crypto API</b></a></h3>
+IHI 0086<br/>
+Non-confidential<br/>
+Version 1.0.1
+<span style="color: red; font-weight: bold;"></span>
<ul>
- <li><a href="../index.html">Documentation overview</a><ul>
- <li>Previous: <a href="conventions.html" title="previous chapter">Library conventions</a></li>
- <li>Next: <a href="usage.html" title="next chapter">Usage considerations</a></li>
- </ul></li>
+<li class="toctree-l1"><a class="reference internal" href="../about.html">About this document</a></li>
</ul>
-</div>
- <div role="note" aria-label="source link">
- <h3>This Page</h3>
- <ul class="this-page-menu">
- <li><a href="../_sources/overview/implementation.rst.txt"
- rel="nofollow">Show Source</a></li>
- </ul>
- </div>
+<ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="intro.html">1. Introduction</a></li>
+<li class="toctree-l1"><a class="reference internal" href="goals.html">2. Design goals</a></li>
+<li class="toctree-l1"><a class="reference internal" href="functionality.html">3. Functionality overview</a></li>
+<li class="toctree-l1"><a class="reference internal" href="sample-arch.html">4. Sample architectures</a></li>
+<li class="toctree-l1"><a class="reference internal" href="conventions.html">5. Library conventions</a></li>
+<li class="toctree-l1 current"><a class="current reference internal" href="#">6. Implementation considerations</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="#implementation-specific-aspects-of-the-interface">6.1. Implementation-specific aspects of the interface</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#implementation-profile">6.1.1. Implementation profile</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#implementation-specific-types">6.1.2. Implementation-specific types</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#implementation-specific-macros">6.1.3. Implementation-specific macros</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="#porting-to-a-platform">6.2. Porting to a platform</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#platform-assumptions">6.2.1. Platform assumptions</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#platform-specific-types">6.2.2. Platform-specific types</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#cryptographic-hardware-support">6.2.3. Cryptographic hardware support</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="#security-requirements-and-recommendations">6.3. Security requirements and recommendations</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#error-detection">6.3.1. Error detection</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#indirect-object-references">6.3.2. Indirect object references</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#memory-cleanup">6.3.3. Memory cleanup</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#managing-key-material">6.3.4. Managing key material</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#safe-outputs-on-error">6.3.5. Safe outputs on error</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#attack-resistance">6.3.6. Attack resistance</a></li>
+</ul>
+</li>
+<li class="toctree-l2"><a class="reference internal" href="#other-implementation-considerations">6.4. Other implementation considerations</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#philosophy-of-resource-management">6.4.1. Philosophy of resource management</a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="usage.html">7. Usage considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../api/library/index.html">8. Library management reference</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../api/keys/index.html">9. Key management reference</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../api/ops/index.html">10. Cryptographic operation reference</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../appendix/example_header.html">Example header file</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../appendix/specdef_values.html">Example macro implementations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../appendix/history.html">Changes to the API</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../psa_c-identifiers.html">Index of API elements</a></li>
+</ul>
<div id="searchbox" style="display: none" role="search">
<h3>Quick search</h3>
<form class="search" action="../search.html" method="get">
@@ -349,15 +357,12 @@
<div class="clearer"></div>
</div>
<div class="footer">
- © 2019-2020, Arm Limited or its affiliates. All rights reserved.
+ © 2018-2020, Arm Limited or its affiliates. All rights reserved.
|
Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
& <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
- |
- <a href="../_sources/overview/implementation.rst.txt"
- rel="nofollow">Page source</a>
</div>
diff --git a/docs/html/overview/intro.html b/docs/html/overview/intro.html
index dd5a664..e7e6c14 100644
--- a/docs/html/overview/intro.html
+++ b/docs/html/overview/intro.html
@@ -5,26 +5,27 @@
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>Introduction — PSA Crypto API 1.0.0 documentation</title>
+ <title>1. Introduction — PSA Crypto API 1.0.1 documentation</title>
<link rel="stylesheet" href="../_static/alabaster.css" type="text/css" />
<link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../',
- VERSION: '1.0.0',
+ VERSION: '1.0.1',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
- HAS_SOURCE: true,
+ HAS_SOURCE: false,
SOURCELINK_SUFFIX: '.txt'
};
</script>
<script type="text/javascript" src="../_static/jquery.js"></script>
<script type="text/javascript" src="../_static/underscore.js"></script>
<script type="text/javascript" src="../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../about.html" />
<link rel="index" title="Index" href="../genindex.html" />
<link rel="search" title="Search" href="../search.html" />
- <link rel="next" title="Design goals" href="goals.html" />
- <link rel="prev" title="PSA Cryptography API 1.0" href="../index.html" />
+ <link rel="next" title="2. Design goals" href="goals.html" />
+ <link rel="prev" title="About this document" href="../about.html" />
<link rel="stylesheet" href="../_static/custom.css" type="text/css" />
@@ -40,7 +41,7 @@
<div class="body" role="main">
<div class="section" id="introduction">
-<h1>Introduction</h1>
+<h1>1. Introduction</h1>
<p>Arm’s Platform Security Architecture (PSA) is a holistic set of threat models,
security analyses, hardware and firmware architecture specifications, an
open source firmware reference implementation, and an independent evaluation
@@ -48,8 +49,8 @@
industry best practice, that allows security to be consistently designed in, at
both a hardware and firmware level.</p>
<p>The PSA Cryptographic API (Crypto API) described in this document is an
-important PSA component that provides an interface to cryptographic operations
-on resource-constrained devices. The interface is user-friendly, while still
+important PSA component that provides a portable interface to cryptographic operations
+on a wide range of hardware. The interface is user-friendly, while still
providing access to the low-level primitives used in modern cryptography. It
does not require that the user has access to the key material. Instead, it uses
opaque key identifiers.</p>
@@ -78,22 +79,34 @@
</div>
</div>
<div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper"><div class="relations">
-<h3>Related Topics</h3>
+ <div class="sphinxsidebarwrapper"><h3><a href="../index.html"><b>PSA Crypto API</b></a></h3>
+IHI 0086<br/>
+Non-confidential<br/>
+Version 1.0.1
+<span style="color: red; font-weight: bold;"></span>
<ul>
- <li><a href="../index.html">Documentation overview</a><ul>
- <li>Previous: <a href="../index.html" title="previous chapter">PSA Cryptography API 1.0</a></li>
- <li>Next: <a href="goals.html" title="next chapter">Design goals</a></li>
- </ul></li>
+<li class="toctree-l1"><a class="reference internal" href="../about.html">About this document</a></li>
</ul>
-</div>
- <div role="note" aria-label="source link">
- <h3>This Page</h3>
- <ul class="this-page-menu">
- <li><a href="../_sources/overview/intro.rst.txt"
- rel="nofollow">Show Source</a></li>
- </ul>
- </div>
+<ul class="current">
+<li class="toctree-l1 current"><a class="current reference internal" href="#">1. Introduction</a></li>
+<li class="toctree-l1"><a class="reference internal" href="goals.html">2. Design goals</a></li>
+<li class="toctree-l1"><a class="reference internal" href="functionality.html">3. Functionality overview</a></li>
+<li class="toctree-l1"><a class="reference internal" href="sample-arch.html">4. Sample architectures</a></li>
+<li class="toctree-l1"><a class="reference internal" href="conventions.html">5. Library conventions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="implementation.html">6. Implementation considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="usage.html">7. Usage considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../api/library/index.html">8. Library management reference</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../api/keys/index.html">9. Key management reference</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../api/ops/index.html">10. Cryptographic operation reference</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../appendix/example_header.html">Example header file</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../appendix/specdef_values.html">Example macro implementations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../appendix/history.html">Changes to the API</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../psa_c-identifiers.html">Index of API elements</a></li>
+</ul>
<div id="searchbox" style="display: none" role="search">
<h3>Quick search</h3>
<form class="search" action="../search.html" method="get">
@@ -109,15 +122,12 @@
<div class="clearer"></div>
</div>
<div class="footer">
- © 2019-2020, Arm Limited or its affiliates. All rights reserved.
+ © 2018-2020, Arm Limited or its affiliates. All rights reserved.
|
Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
& <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
- |
- <a href="../_sources/overview/intro.rst.txt"
- rel="nofollow">Page source</a>
</div>
diff --git a/docs/html/overview/sample-arch.html b/docs/html/overview/sample-arch.html
index 855382d..679aec7 100644
--- a/docs/html/overview/sample-arch.html
+++ b/docs/html/overview/sample-arch.html
@@ -5,26 +5,27 @@
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>Sample architectures — PSA Crypto API 1.0.0 documentation</title>
+ <title>4. Sample architectures — PSA Crypto API 1.0.1 documentation</title>
<link rel="stylesheet" href="../_static/alabaster.css" type="text/css" />
<link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../',
- VERSION: '1.0.0',
+ VERSION: '1.0.1',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
- HAS_SOURCE: true,
+ HAS_SOURCE: false,
SOURCELINK_SUFFIX: '.txt'
};
</script>
<script type="text/javascript" src="../_static/jquery.js"></script>
<script type="text/javascript" src="../_static/underscore.js"></script>
<script type="text/javascript" src="../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../about.html" />
<link rel="index" title="Index" href="../genindex.html" />
<link rel="search" title="Search" href="../search.html" />
- <link rel="next" title="Library conventions" href="conventions.html" />
- <link rel="prev" title="Functionality overview" href="functionality.html" />
+ <link rel="next" title="5. Library conventions" href="conventions.html" />
+ <link rel="prev" title="3. Functionality overview" href="functionality.html" />
<link rel="stylesheet" href="../_static/custom.css" type="text/css" />
@@ -40,12 +41,12 @@
<div class="body" role="main">
<div class="section" id="sample-architectures">
-<span id="architectures"></span><h1>Sample architectures</h1>
+<span id="architectures"></span><h1>4. Sample architectures</h1>
<p>This section describes some example architectures that can be used for
implementations of the interface described in this specification. This list is
not exhaustive and the section is entirely non-normative.</p>
<div class="section" id="single-partition-architecture">
-<h2>Single-partition architecture</h2>
+<h2>4.1. Single-partition architecture</h2>
<p>In the single-partition architecture, there is no security boundary inside the system. The
application code can access all the system memory, including the memory used by
the cryptographic services described in this specification. Thus, the
@@ -65,7 +66,7 @@
high-security partition with other platform security services.</p>
</div>
<div class="section" id="cryptographic-token-and-single-application-processor">
-<span id="isolated-cryptoprocessor"></span><h2>Cryptographic token and single-application processor</h2>
+<span id="isolated-cryptoprocessor"></span><h2>4.2. Cryptographic token and single-application processor</h2>
<p>This system is composed of two partitions: one is a cryptoprocessor and the
other partition runs an application. There is a security boundary between the
two partitions, so that the application cannot access the cryptoprocessor,
@@ -84,8 +85,8 @@
cryptoprocessor. Non-volatile keys are stored inside the cryptoprocessor.</p>
</div>
<div class="section" id="cryptoprocessor-with-no-key-storage">
-<h2>Cryptoprocessor with no key storage</h2>
-<p>As in the <em><a class="reference internal" href="#isolated-cryptoprocessor"><span class="std std-ref">Cryptographic token and single-application processor</span></a></em> architecture, this system
+<h2>4.3. Cryptoprocessor with no key storage</h2>
+<p>As in the <a class="reference internal" href="#isolated-cryptoprocessor"><span class="secref">Cryptographic token and single-application processor</span></a> architecture, this system
is also composed of two partitions separated by a security boundary and also
provides <a class="reference internal" href="goals.html#isolation"><span class="std std-ref">cryptoprocessor isolation</span></a>.
However, unlike the previous architecture, in this system, the cryptoprocessor
@@ -106,7 +107,7 @@
</ul>
</div>
<div class="section" id="multi-client-cryptoprocessor">
-<h2>Multi-client cryptoprocessor</h2>
+<h2>4.4. Multi-client cryptoprocessor</h2>
<p>This is an expanded variant of the <a class="reference internal" href="#isolated-cryptoprocessor"><span class="std std-ref">cryptographic token plus application
architecture</span></a>. In this
variant, the cryptoprocessor serves multiple applications that are mutually
@@ -118,7 +119,7 @@
another client.</p>
</div>
<div class="section" id="multi-cryptoprocessor-architecture">
-<h2>Multi-cryptoprocessor architecture</h2>
+<h2>4.5. Multi-cryptoprocessor architecture</h2>
<p>This system includes multiple cryptoprocessors. There are several reasons to
have multiple cryptoprocessors:</p>
<ul class="simple">
@@ -151,34 +152,41 @@
</div>
</div>
<div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper">
- <h3><a href="../index.html">Table Of Contents</a></h3>
- <ul>
-<li><a class="reference internal" href="#">Sample architectures</a><ul>
-<li><a class="reference internal" href="#single-partition-architecture">Single-partition architecture</a></li>
-<li><a class="reference internal" href="#cryptographic-token-and-single-application-processor">Cryptographic token and single-application processor</a></li>
-<li><a class="reference internal" href="#cryptoprocessor-with-no-key-storage">Cryptoprocessor with no key storage</a></li>
-<li><a class="reference internal" href="#multi-client-cryptoprocessor">Multi-client cryptoprocessor</a></li>
-<li><a class="reference internal" href="#multi-cryptoprocessor-architecture">Multi-cryptoprocessor architecture</a></li>
+ <div class="sphinxsidebarwrapper"><h3><a href="../index.html"><b>PSA Crypto API</b></a></h3>
+IHI 0086<br/>
+Non-confidential<br/>
+Version 1.0.1
+<span style="color: red; font-weight: bold;"></span>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../about.html">About this document</a></li>
+</ul>
+<ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="intro.html">1. Introduction</a></li>
+<li class="toctree-l1"><a class="reference internal" href="goals.html">2. Design goals</a></li>
+<li class="toctree-l1"><a class="reference internal" href="functionality.html">3. Functionality overview</a></li>
+<li class="toctree-l1 current"><a class="current reference internal" href="#">4. Sample architectures</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="#single-partition-architecture">4.1. Single-partition architecture</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#cryptographic-token-and-single-application-processor">4.2. Cryptographic token and single-application processor</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#cryptoprocessor-with-no-key-storage">4.3. Cryptoprocessor with no key storage</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#multi-client-cryptoprocessor">4.4. Multi-client cryptoprocessor</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#multi-cryptoprocessor-architecture">4.5. Multi-cryptoprocessor architecture</a></li>
</ul>
</li>
+<li class="toctree-l1"><a class="reference internal" href="conventions.html">5. Library conventions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="implementation.html">6. Implementation considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="usage.html">7. Usage considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../api/library/index.html">8. Library management reference</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../api/keys/index.html">9. Key management reference</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../api/ops/index.html">10. Cryptographic operation reference</a></li>
</ul>
-<div class="relations">
-<h3>Related Topics</h3>
<ul>
- <li><a href="../index.html">Documentation overview</a><ul>
- <li>Previous: <a href="functionality.html" title="previous chapter">Functionality overview</a></li>
- <li>Next: <a href="conventions.html" title="next chapter">Library conventions</a></li>
- </ul></li>
+<li class="toctree-l1"><a class="reference internal" href="../appendix/example_header.html">Example header file</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../appendix/specdef_values.html">Example macro implementations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../appendix/history.html">Changes to the API</a></li>
</ul>
-</div>
- <div role="note" aria-label="source link">
- <h3>This Page</h3>
- <ul class="this-page-menu">
- <li><a href="../_sources/overview/sample-arch.rst.txt"
- rel="nofollow">Show Source</a></li>
- </ul>
- </div>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../psa_c-identifiers.html">Index of API elements</a></li>
+</ul>
<div id="searchbox" style="display: none" role="search">
<h3>Quick search</h3>
<form class="search" action="../search.html" method="get">
@@ -194,15 +202,12 @@
<div class="clearer"></div>
</div>
<div class="footer">
- © 2019-2020, Arm Limited or its affiliates. All rights reserved.
+ © 2018-2020, Arm Limited or its affiliates. All rights reserved.
|
Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
& <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
- |
- <a href="../_sources/overview/sample-arch.rst.txt"
- rel="nofollow">Page source</a>
</div>
diff --git a/docs/html/overview/usage.html b/docs/html/overview/usage.html
index 306bcee..ab13482 100644
--- a/docs/html/overview/usage.html
+++ b/docs/html/overview/usage.html
@@ -5,26 +5,27 @@
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>Usage considerations — PSA Crypto API 1.0.0 documentation</title>
+ <title>7. Usage considerations — PSA Crypto API 1.0.1 documentation</title>
<link rel="stylesheet" href="../_static/alabaster.css" type="text/css" />
<link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../',
- VERSION: '1.0.0',
+ VERSION: '1.0.1',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
- HAS_SOURCE: true,
+ HAS_SOURCE: false,
SOURCELINK_SUFFIX: '.txt'
};
</script>
<script type="text/javascript" src="../_static/jquery.js"></script>
<script type="text/javascript" src="../_static/underscore.js"></script>
<script type="text/javascript" src="../_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="../about.html" />
<link rel="index" title="Index" href="../genindex.html" />
<link rel="search" title="Search" href="../search.html" />
- <link rel="next" title="Library management reference" href="../api/library/index.html" />
- <link rel="prev" title="Implementation considerations" href="implementation.html" />
+ <link rel="next" title="8. Library management reference" href="../api/library/index.html" />
+ <link rel="prev" title="6. Implementation considerations" href="implementation.html" />
<link rel="stylesheet" href="../_static/custom.css" type="text/css" />
@@ -40,11 +41,11 @@
<div class="body" role="main">
<div class="section" id="usage-considerations">
-<span id="id1"></span><h1>Usage considerations</h1>
+<span id="id1"></span><h1>7. Usage considerations</h1>
<div class="section" id="security-recommendations">
-<h2>Security recommendations</h2>
+<h2>7.1. Security recommendations</h2>
<div class="section" id="always-check-for-errors">
-<h3>Always check for errors</h3>
+<h3>7.1.1. Always check for errors</h3>
<p>Most functions in this API can return errors. All functions that can fail have
the return type <a class="reference internal" href="../api/library/status.html#c.psa_status_t" title="psa_status_t"><code class="xref any c c-type docutils literal"><span class="pre">psa_status_t</span></code></a>. A few functions cannot fail, and thus, return
<code class="docutils literal"><span class="pre">void</span></code> or some other type.</p>
@@ -71,7 +72,7 @@
</ul>
</div>
<div class="section" id="shared-memory-and-concurrency">
-<h3>Shared memory and concurrency</h3>
+<h3>7.1.2. Shared memory and concurrency</h3>
<p>Some environments allow applications to be multithreaded, while others do not.
In some environments, applications can share memory with a different security
context. In environments with multithreaded applications or shared memory,
@@ -86,10 +87,10 @@
section.</p>
<p>If an application shares memory with another security context, it can pass
shared memory blocks as input buffers or output buffers, but not as non-buffer
-parameters. For more details, refer to the <em><a class="reference internal" href="conventions.html#stability-of-parameters"><span class="std std-ref">Stability of parameters</span></a></em> section.</p>
+parameters. For more details, refer to the <a class="reference internal" href="conventions.html#stability-of-parameters"><span class="secref">Stability of parameters</span></a> section.</p>
</div>
<div class="section" id="cleaning-up-after-use">
-<h3>Cleaning up after use</h3>
+<h3>7.1.3. Cleaning up after use</h3>
<p>To minimize impact if the system is compromised, it is recommended that
applications wipe all sensitive data from memory when it is no longer used. That
way, only data that is currently in use can be leaked, and past data is not
@@ -109,35 +110,42 @@
</div>
</div>
<div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper">
- <h3><a href="../index.html">Table Of Contents</a></h3>
- <ul>
-<li><a class="reference internal" href="#">Usage considerations</a><ul>
-<li><a class="reference internal" href="#security-recommendations">Security recommendations</a><ul>
-<li><a class="reference internal" href="#always-check-for-errors">Always check for errors</a></li>
-<li><a class="reference internal" href="#shared-memory-and-concurrency">Shared memory and concurrency</a></li>
-<li><a class="reference internal" href="#cleaning-up-after-use">Cleaning up after use</a></li>
-</ul>
-</li>
-</ul>
-</li>
-</ul>
-<div class="relations">
-<h3>Related Topics</h3>
+ <div class="sphinxsidebarwrapper"><h3><a href="../index.html"><b>PSA Crypto API</b></a></h3>
+IHI 0086<br/>
+Non-confidential<br/>
+Version 1.0.1
+<span style="color: red; font-weight: bold;"></span>
<ul>
- <li><a href="../index.html">Documentation overview</a><ul>
- <li>Previous: <a href="implementation.html" title="previous chapter">Implementation considerations</a></li>
- <li>Next: <a href="../api/library/index.html" title="next chapter">Library management reference</a></li>
- </ul></li>
+<li class="toctree-l1"><a class="reference internal" href="../about.html">About this document</a></li>
</ul>
-</div>
- <div role="note" aria-label="source link">
- <h3>This Page</h3>
- <ul class="this-page-menu">
- <li><a href="../_sources/overview/usage.rst.txt"
- rel="nofollow">Show Source</a></li>
- </ul>
- </div>
+<ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="intro.html">1. Introduction</a></li>
+<li class="toctree-l1"><a class="reference internal" href="goals.html">2. Design goals</a></li>
+<li class="toctree-l1"><a class="reference internal" href="functionality.html">3. Functionality overview</a></li>
+<li class="toctree-l1"><a class="reference internal" href="sample-arch.html">4. Sample architectures</a></li>
+<li class="toctree-l1"><a class="reference internal" href="conventions.html">5. Library conventions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="implementation.html">6. Implementation considerations</a></li>
+<li class="toctree-l1 current"><a class="current reference internal" href="#">7. Usage considerations</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="#security-recommendations">7.1. Security recommendations</a><ul>
+<li class="toctree-l3"><a class="reference internal" href="#always-check-for-errors">7.1.1. Always check for errors</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#shared-memory-and-concurrency">7.1.2. Shared memory and concurrency</a></li>
+<li class="toctree-l3"><a class="reference internal" href="#cleaning-up-after-use">7.1.3. Cleaning up after use</a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="../api/library/index.html">8. Library management reference</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../api/keys/index.html">9. Key management reference</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../api/ops/index.html">10. Cryptographic operation reference</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../appendix/example_header.html">Example header file</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../appendix/specdef_values.html">Example macro implementations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../appendix/history.html">Changes to the API</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../psa_c-identifiers.html">Index of API elements</a></li>
+</ul>
<div id="searchbox" style="display: none" role="search">
<h3>Quick search</h3>
<form class="search" action="../search.html" method="get">
@@ -153,15 +161,12 @@
<div class="clearer"></div>
</div>
<div class="footer">
- © 2019-2020, Arm Limited or its affiliates. All rights reserved.
+ © 2018-2020, Arm Limited or its affiliates. All rights reserved.
|
Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
& <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.8</a>
- |
- <a href="../_sources/overview/usage.rst.txt"
- rel="nofollow">Page source</a>
</div>
diff --git a/docs/html/psa_c-identifiers.html b/docs/html/psa_c-identifiers.html
index 5442410..09233f7 100644
--- a/docs/html/psa_c-identifiers.html
+++ b/docs/html/psa_c-identifiers.html
@@ -5,22 +5,23 @@
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>Index of C identifiers — PSA Crypto API 1.0.0 documentation</title>
+ <title>Index of API elements — PSA Crypto API 1.0.1 documentation</title>
<link rel="stylesheet" href="_static/alabaster.css" type="text/css" />
<link rel="stylesheet" href="_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: './',
- VERSION: '1.0.0',
+ VERSION: '1.0.1',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
- HAS_SOURCE: true,
+ HAS_SOURCE: false,
SOURCELINK_SUFFIX: '.txt'
};
</script>
<script type="text/javascript" src="_static/jquery.js"></script>
<script type="text/javascript" src="_static/underscore.js"></script>
<script type="text/javascript" src="_static/doctools.js"></script>
+ <link rel="author" title="About these documents" href="about.html" />
<link rel="index" title="Index" href="genindex.html" />
<link rel="search" title="Search" href="search.html" />
@@ -41,7 +42,7 @@
<div class="body" role="main">
- <h1>Index of C identifiers</h1>
+ <h1>Index of API elements</h1>
<div class="modindex-jumpbox">
<a href="#cap-PSA_A"><strong>PSA_A</strong></a> |
@@ -68,582 +69,587 @@
<tr>
<td></td>
<td>
- <a href="api/ops/aead.html#PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE"><code class="xref">PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/aead.html#PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE"><code class="xref">PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/aead.html#PSA_AEAD_DECRYPT_OUTPUT_SIZE"><code class="xref">PSA_AEAD_DECRYPT_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/aead.html#PSA_AEAD_DECRYPT_OUTPUT_SIZE"><code class="xref">PSA_AEAD_DECRYPT_OUTPUT_SIZE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/aead.html#PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE"><code class="xref">PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/aead.html#PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE"><code class="xref">PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/aead.html#PSA_AEAD_ENCRYPT_OUTPUT_SIZE"><code class="xref">PSA_AEAD_ENCRYPT_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/aead.html#PSA_AEAD_ENCRYPT_OUTPUT_SIZE"><code class="xref">PSA_AEAD_ENCRYPT_OUTPUT_SIZE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/aead.html#PSA_AEAD_FINISH_OUTPUT_MAX_SIZE"><code class="xref">PSA_AEAD_FINISH_OUTPUT_MAX_SIZE</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/aead.html#PSA_AEAD_FINISH_OUTPUT_MAX_SIZE"><code class="xref">PSA_AEAD_FINISH_OUTPUT_MAX_SIZE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/aead.html#PSA_AEAD_FINISH_OUTPUT_SIZE"><code class="xref">PSA_AEAD_FINISH_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/aead.html#PSA_AEAD_FINISH_OUTPUT_SIZE"><code class="xref">PSA_AEAD_FINISH_OUTPUT_SIZE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/aead.html#PSA_AEAD_NONCE_LENGTH"><code class="xref">PSA_AEAD_NONCE_LENGTH</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/aead.html#PSA_AEAD_NONCE_LENGTH"><code class="xref">PSA_AEAD_NONCE_LENGTH</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/aead.html#PSA_AEAD_NONCE_MAX_SIZE"><code class="xref">PSA_AEAD_NONCE_MAX_SIZE</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/aead.html#PSA_AEAD_NONCE_MAX_SIZE"><code class="xref">PSA_AEAD_NONCE_MAX_SIZE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/aead.html#PSA_AEAD_OPERATION_INIT"><code class="xref">PSA_AEAD_OPERATION_INIT</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/aead.html#PSA_AEAD_OPERATION_INIT"><code class="xref">PSA_AEAD_OPERATION_INIT</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/aead.html#PSA_AEAD_TAG_LENGTH"><code class="xref">PSA_AEAD_TAG_LENGTH</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/aead.html#PSA_AEAD_TAG_LENGTH"><code class="xref">PSA_AEAD_TAG_LENGTH</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/aead.html#PSA_AEAD_TAG_MAX_SIZE"><code class="xref">PSA_AEAD_TAG_MAX_SIZE</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/aead.html#PSA_AEAD_TAG_MAX_SIZE"><code class="xref">PSA_AEAD_TAG_MAX_SIZE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/aead.html#PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE"><code class="xref">PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/aead.html#PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE"><code class="xref">PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/aead.html#PSA_AEAD_UPDATE_OUTPUT_SIZE"><code class="xref">PSA_AEAD_UPDATE_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/aead.html#PSA_AEAD_UPDATE_OUTPUT_SIZE"><code class="xref">PSA_AEAD_UPDATE_OUTPUT_SIZE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/aead.html#PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE"><code class="xref">PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/aead.html#PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE"><code class="xref">PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/aead.html#PSA_AEAD_VERIFY_OUTPUT_SIZE"><code class="xref">PSA_AEAD_VERIFY_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/aead.html#PSA_AEAD_VERIFY_OUTPUT_SIZE"><code class="xref">PSA_AEAD_VERIFY_OUTPUT_SIZE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/aead.html#PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG"><code class="xref">PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/aead.html#PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG"><code class="xref">PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/aead.html#PSA_ALG_AEAD_WITH_SHORTENED_TAG"><code class="xref">PSA_ALG_AEAD_WITH_SHORTENED_TAG</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/aead.html#PSA_ALG_AEAD_WITH_SHORTENED_TAG"><code class="xref">PSA_ALG_AEAD_WITH_SHORTENED_TAG</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/sign.html#PSA_ALG_ANY_HASH"><code class="xref">PSA_ALG_ANY_HASH</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/sign.html#PSA_ALG_ANY_HASH"><code class="xref">PSA_ALG_ANY_HASH</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/macs.html#PSA_ALG_CBC_MAC"><code class="xref">PSA_ALG_CBC_MAC</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/macs.html#PSA_ALG_CBC_MAC"><code class="xref">PSA_ALG_CBC_MAC</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/ciphers.html#PSA_ALG_CBC_NO_PADDING"><code class="xref">PSA_ALG_CBC_NO_PADDING</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/ciphers.html#PSA_ALG_CBC_NO_PADDING"><code class="xref">PSA_ALG_CBC_NO_PADDING</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/ciphers.html#PSA_ALG_CBC_PKCS7"><code class="xref">PSA_ALG_CBC_PKCS7</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/ciphers.html#PSA_ALG_CBC_PKCS7"><code class="xref">PSA_ALG_CBC_PKCS7</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/aead.html#PSA_ALG_CCM"><code class="xref">PSA_ALG_CCM</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/aead.html#PSA_ALG_CCM"><code class="xref">PSA_ALG_CCM</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/ciphers.html#PSA_ALG_CFB"><code class="xref">PSA_ALG_CFB</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/ciphers.html#PSA_ALG_CFB"><code class="xref">PSA_ALG_CFB</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/aead.html#PSA_ALG_CHACHA20_POLY1305"><code class="xref">PSA_ALG_CHACHA20_POLY1305</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/aead.html#PSA_ALG_CHACHA20_POLY1305"><code class="xref">PSA_ALG_CHACHA20_POLY1305</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/macs.html#PSA_ALG_CMAC"><code class="xref">PSA_ALG_CMAC</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/macs.html#PSA_ALG_CMAC"><code class="xref">PSA_ALG_CMAC</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/ciphers.html#PSA_ALG_CTR"><code class="xref">PSA_ALG_CTR</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/ciphers.html#PSA_ALG_CTR"><code class="xref">PSA_ALG_CTR</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/sign.html#PSA_ALG_DETERMINISTIC_ECDSA"><code class="xref">PSA_ALG_DETERMINISTIC_ECDSA</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/sign.html#PSA_ALG_DETERMINISTIC_ECDSA"><code class="xref">PSA_ALG_DETERMINISTIC_ECDSA</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/ciphers.html#PSA_ALG_ECB_NO_PADDING"><code class="xref">PSA_ALG_ECB_NO_PADDING</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/ciphers.html#PSA_ALG_ECB_NO_PADDING"><code class="xref">PSA_ALG_ECB_NO_PADDING</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/ka.html#PSA_ALG_ECDH"><code class="xref">PSA_ALG_ECDH</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/ka.html#PSA_ALG_ECDH"><code class="xref">PSA_ALG_ECDH</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/sign.html#PSA_ALG_ECDSA"><code class="xref">PSA_ALG_ECDSA</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/sign.html#PSA_ALG_ECDSA"><code class="xref">PSA_ALG_ECDSA</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/sign.html#PSA_ALG_ECDSA_ANY"><code class="xref">PSA_ALG_ECDSA_ANY</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/sign.html#PSA_ALG_ECDSA_ANY"><code class="xref">PSA_ALG_ECDSA_ANY</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/ka.html#PSA_ALG_FFDH"><code class="xref">PSA_ALG_FFDH</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/ka.html#PSA_ALG_FFDH"><code class="xref">PSA_ALG_FFDH</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/macs.html#PSA_ALG_FULL_LENGTH_MAC"><code class="xref">PSA_ALG_FULL_LENGTH_MAC</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/macs.html#PSA_ALG_FULL_LENGTH_MAC"><code class="xref">PSA_ALG_FULL_LENGTH_MAC</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/aead.html#PSA_ALG_GCM"><code class="xref">PSA_ALG_GCM</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/aead.html#PSA_ALG_GCM"><code class="xref">PSA_ALG_GCM</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/algorithms.html#PSA_ALG_GET_HASH"><code class="xref">PSA_ALG_GET_HASH</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/algorithms.html#PSA_ALG_GET_HASH"><code class="xref">PSA_ALG_GET_HASH</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/kdf.html#PSA_ALG_HKDF"><code class="xref">PSA_ALG_HKDF</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/kdf.html#PSA_ALG_HKDF"><code class="xref">PSA_ALG_HKDF</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/macs.html#PSA_ALG_HMAC"><code class="xref">PSA_ALG_HMAC</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/macs.html#PSA_ALG_HMAC"><code class="xref">PSA_ALG_HMAC</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/algorithms.html#PSA_ALG_IS_AEAD"><code class="xref">PSA_ALG_IS_AEAD</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/algorithms.html#PSA_ALG_IS_AEAD"><code class="xref">PSA_ALG_IS_AEAD</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/aead.html#PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER"><code class="xref">PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/aead.html#PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER"><code class="xref">PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/algorithms.html#PSA_ALG_IS_ASYMMETRIC_ENCRYPTION"><code class="xref">PSA_ALG_IS_ASYMMETRIC_ENCRYPTION</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/algorithms.html#PSA_ALG_IS_ASYMMETRIC_ENCRYPTION"><code class="xref">PSA_ALG_IS_ASYMMETRIC_ENCRYPTION</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/macs.html#PSA_ALG_IS_BLOCK_CIPHER_MAC"><code class="xref">PSA_ALG_IS_BLOCK_CIPHER_MAC</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/macs.html#PSA_ALG_IS_BLOCK_CIPHER_MAC"><code class="xref">PSA_ALG_IS_BLOCK_CIPHER_MAC</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/algorithms.html#PSA_ALG_IS_CIPHER"><code class="xref">PSA_ALG_IS_CIPHER</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/algorithms.html#PSA_ALG_IS_CIPHER"><code class="xref">PSA_ALG_IS_CIPHER</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/sign.html#PSA_ALG_IS_DETERMINISTIC_ECDSA"><code class="xref">PSA_ALG_IS_DETERMINISTIC_ECDSA</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/sign.html#PSA_ALG_IS_DETERMINISTIC_ECDSA"><code class="xref">PSA_ALG_IS_DETERMINISTIC_ECDSA</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/ka.html#PSA_ALG_IS_ECDH"><code class="xref">PSA_ALG_IS_ECDH</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/ka.html#PSA_ALG_IS_ECDH"><code class="xref">PSA_ALG_IS_ECDH</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/sign.html#PSA_ALG_IS_ECDSA"><code class="xref">PSA_ALG_IS_ECDSA</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/sign.html#PSA_ALG_IS_ECDSA"><code class="xref">PSA_ALG_IS_ECDSA</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/ka.html#PSA_ALG_IS_FFDH"><code class="xref">PSA_ALG_IS_FFDH</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/ka.html#PSA_ALG_IS_FFDH"><code class="xref">PSA_ALG_IS_FFDH</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/algorithms.html#PSA_ALG_IS_HASH"><code class="xref">PSA_ALG_IS_HASH</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/algorithms.html#PSA_ALG_IS_HASH"><code class="xref">PSA_ALG_IS_HASH</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/sign.html#PSA_ALG_IS_HASH_AND_SIGN"><code class="xref">PSA_ALG_IS_HASH_AND_SIGN</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/sign.html#PSA_ALG_IS_HASH_AND_SIGN"><code class="xref">PSA_ALG_IS_HASH_AND_SIGN</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/kdf.html#PSA_ALG_IS_HKDF"><code class="xref">PSA_ALG_IS_HKDF</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/kdf.html#PSA_ALG_IS_HKDF"><code class="xref">PSA_ALG_IS_HKDF</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/macs.html#PSA_ALG_IS_HMAC"><code class="xref">PSA_ALG_IS_HMAC</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/macs.html#PSA_ALG_IS_HMAC"><code class="xref">PSA_ALG_IS_HMAC</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/algorithms.html#PSA_ALG_IS_KEY_AGREEMENT"><code class="xref">PSA_ALG_IS_KEY_AGREEMENT</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/algorithms.html#PSA_ALG_IS_KEY_AGREEMENT"><code class="xref">PSA_ALG_IS_KEY_AGREEMENT</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/algorithms.html#PSA_ALG_IS_KEY_DERIVATION"><code class="xref">PSA_ALG_IS_KEY_DERIVATION</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/algorithms.html#PSA_ALG_IS_KEY_DERIVATION"><code class="xref">PSA_ALG_IS_KEY_DERIVATION</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/algorithms.html#PSA_ALG_IS_MAC"><code class="xref">PSA_ALG_IS_MAC</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/algorithms.html#PSA_ALG_IS_MAC"><code class="xref">PSA_ALG_IS_MAC</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/sign.html#PSA_ALG_IS_RANDOMIZED_ECDSA"><code class="xref">PSA_ALG_IS_RANDOMIZED_ECDSA</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/sign.html#PSA_ALG_IS_RANDOMIZED_ECDSA"><code class="xref">PSA_ALG_IS_RANDOMIZED_ECDSA</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/ka.html#PSA_ALG_IS_RAW_KEY_AGREEMENT"><code class="xref">PSA_ALG_IS_RAW_KEY_AGREEMENT</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/ka.html#PSA_ALG_IS_RAW_KEY_AGREEMENT"><code class="xref">PSA_ALG_IS_RAW_KEY_AGREEMENT</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/pke.html#PSA_ALG_IS_RSA_OAEP"><code class="xref">PSA_ALG_IS_RSA_OAEP</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/pke.html#PSA_ALG_IS_RSA_OAEP"><code class="xref">PSA_ALG_IS_RSA_OAEP</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/sign.html#PSA_ALG_IS_RSA_PKCS1V15_SIGN"><code class="xref">PSA_ALG_IS_RSA_PKCS1V15_SIGN</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/sign.html#PSA_ALG_IS_RSA_PKCS1V15_SIGN"><code class="xref">PSA_ALG_IS_RSA_PKCS1V15_SIGN</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/sign.html#PSA_ALG_IS_RSA_PSS"><code class="xref">PSA_ALG_IS_RSA_PSS</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/sign.html#PSA_ALG_IS_RSA_PSS"><code class="xref">PSA_ALG_IS_RSA_PSS</code></a></td><td>
+ <em></em></td></tr>
+ <tr>
+ <td></td>
+ <td>
+ <a href="api/ops/algorithms.html#PSA_ALG_IS_SIGN"><code class="xref">PSA_ALG_IS_SIGN</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/algorithms.html#PSA_ALG_IS_SIGN"><code class="xref">PSA_ALG_IS_SIGN</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/sign.html#PSA_ALG_IS_SIGN_HASH"><code class="xref">PSA_ALG_IS_SIGN_HASH</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/sign.html#PSA_ALG_IS_SIGN_HASH"><code class="xref">PSA_ALG_IS_SIGN_HASH</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/sign.html#PSA_ALG_IS_SIGN_MESSAGE"><code class="xref">PSA_ALG_IS_SIGN_MESSAGE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/sign.html#PSA_ALG_IS_SIGN_MESSAGE"><code class="xref">PSA_ALG_IS_SIGN_MESSAGE</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/ciphers.html#PSA_ALG_IS_STREAM_CIPHER"><code class="xref">PSA_ALG_IS_STREAM_CIPHER</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/ciphers.html#PSA_ALG_IS_STREAM_CIPHER"><code class="xref">PSA_ALG_IS_STREAM_CIPHER</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/kdf.html#PSA_ALG_IS_TLS12_PRF"><code class="xref">PSA_ALG_IS_TLS12_PRF</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/kdf.html#PSA_ALG_IS_TLS12_PRF"><code class="xref">PSA_ALG_IS_TLS12_PRF</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/kdf.html#PSA_ALG_IS_TLS12_PSK_TO_MS"><code class="xref">PSA_ALG_IS_TLS12_PSK_TO_MS</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/kdf.html#PSA_ALG_IS_TLS12_PSK_TO_MS"><code class="xref">PSA_ALG_IS_TLS12_PSK_TO_MS</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/algorithms.html#PSA_ALG_IS_WILDCARD"><code class="xref">PSA_ALG_IS_WILDCARD</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/algorithms.html#PSA_ALG_IS_WILDCARD"><code class="xref">PSA_ALG_IS_WILDCARD</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/ka.html#PSA_ALG_KEY_AGREEMENT"><code class="xref">PSA_ALG_KEY_AGREEMENT</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/ka.html#PSA_ALG_KEY_AGREEMENT"><code class="xref">PSA_ALG_KEY_AGREEMENT</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/ka.html#PSA_ALG_KEY_AGREEMENT_GET_BASE"><code class="xref">PSA_ALG_KEY_AGREEMENT_GET_BASE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/ka.html#PSA_ALG_KEY_AGREEMENT_GET_BASE"><code class="xref">PSA_ALG_KEY_AGREEMENT_GET_BASE</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/ka.html#PSA_ALG_KEY_AGREEMENT_GET_KDF"><code class="xref">PSA_ALG_KEY_AGREEMENT_GET_KDF</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/ka.html#PSA_ALG_KEY_AGREEMENT_GET_KDF"><code class="xref">PSA_ALG_KEY_AGREEMENT_GET_KDF</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/hashes.html#PSA_ALG_MD2"><code class="xref">PSA_ALG_MD2</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/hashes.html#PSA_ALG_MD2"><code class="xref">PSA_ALG_MD2</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/hashes.html#PSA_ALG_MD4"><code class="xref">PSA_ALG_MD4</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/hashes.html#PSA_ALG_MD4"><code class="xref">PSA_ALG_MD4</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/hashes.html#PSA_ALG_MD5"><code class="xref">PSA_ALG_MD5</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/hashes.html#PSA_ALG_MD5"><code class="xref">PSA_ALG_MD5</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/algorithms.html#PSA_ALG_NONE"><code class="xref">PSA_ALG_NONE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/algorithms.html#PSA_ALG_NONE"><code class="xref">PSA_ALG_NONE</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/ciphers.html#PSA_ALG_OFB"><code class="xref">PSA_ALG_OFB</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/ciphers.html#PSA_ALG_OFB"><code class="xref">PSA_ALG_OFB</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/hashes.html#PSA_ALG_RIPEMD160"><code class="xref">PSA_ALG_RIPEMD160</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/hashes.html#PSA_ALG_RIPEMD160"><code class="xref">PSA_ALG_RIPEMD160</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/pke.html#PSA_ALG_RSA_OAEP"><code class="xref">PSA_ALG_RSA_OAEP</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/pke.html#PSA_ALG_RSA_OAEP"><code class="xref">PSA_ALG_RSA_OAEP</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/pke.html#PSA_ALG_RSA_PKCS1V15_CRYPT"><code class="xref">PSA_ALG_RSA_PKCS1V15_CRYPT</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/pke.html#PSA_ALG_RSA_PKCS1V15_CRYPT"><code class="xref">PSA_ALG_RSA_PKCS1V15_CRYPT</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/sign.html#PSA_ALG_RSA_PKCS1V15_SIGN"><code class="xref">PSA_ALG_RSA_PKCS1V15_SIGN</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/sign.html#PSA_ALG_RSA_PKCS1V15_SIGN"><code class="xref">PSA_ALG_RSA_PKCS1V15_SIGN</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/sign.html#PSA_ALG_RSA_PKCS1V15_SIGN_RAW"><code class="xref">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/sign.html#PSA_ALG_RSA_PKCS1V15_SIGN_RAW"><code class="xref">PSA_ALG_RSA_PKCS1V15_SIGN_RAW</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/sign.html#PSA_ALG_RSA_PSS"><code class="xref">PSA_ALG_RSA_PSS</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/sign.html#PSA_ALG_RSA_PSS"><code class="xref">PSA_ALG_RSA_PSS</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/hashes.html#PSA_ALG_SHA3_224"><code class="xref">PSA_ALG_SHA3_224</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/hashes.html#PSA_ALG_SHA3_224"><code class="xref">PSA_ALG_SHA3_224</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/hashes.html#PSA_ALG_SHA3_256"><code class="xref">PSA_ALG_SHA3_256</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/hashes.html#PSA_ALG_SHA3_256"><code class="xref">PSA_ALG_SHA3_256</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/hashes.html#PSA_ALG_SHA3_384"><code class="xref">PSA_ALG_SHA3_384</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/hashes.html#PSA_ALG_SHA3_384"><code class="xref">PSA_ALG_SHA3_384</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/hashes.html#PSA_ALG_SHA3_512"><code class="xref">PSA_ALG_SHA3_512</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/hashes.html#PSA_ALG_SHA3_512"><code class="xref">PSA_ALG_SHA3_512</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/hashes.html#PSA_ALG_SHA_1"><code class="xref">PSA_ALG_SHA_1</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/hashes.html#PSA_ALG_SHA_1"><code class="xref">PSA_ALG_SHA_1</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/hashes.html#PSA_ALG_SHA_224"><code class="xref">PSA_ALG_SHA_224</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/hashes.html#PSA_ALG_SHA_224"><code class="xref">PSA_ALG_SHA_224</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/hashes.html#PSA_ALG_SHA_256"><code class="xref">PSA_ALG_SHA_256</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/hashes.html#PSA_ALG_SHA_256"><code class="xref">PSA_ALG_SHA_256</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/hashes.html#PSA_ALG_SHA_384"><code class="xref">PSA_ALG_SHA_384</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/hashes.html#PSA_ALG_SHA_384"><code class="xref">PSA_ALG_SHA_384</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/hashes.html#PSA_ALG_SHA_512"><code class="xref">PSA_ALG_SHA_512</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/hashes.html#PSA_ALG_SHA_512"><code class="xref">PSA_ALG_SHA_512</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/hashes.html#PSA_ALG_SHA_512_224"><code class="xref">PSA_ALG_SHA_512_224</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/hashes.html#PSA_ALG_SHA_512_224"><code class="xref">PSA_ALG_SHA_512_224</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/hashes.html#PSA_ALG_SHA_512_256"><code class="xref">PSA_ALG_SHA_512_256</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/hashes.html#PSA_ALG_SHA_512_256"><code class="xref">PSA_ALG_SHA_512_256</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/hashes.html#PSA_ALG_SM3"><code class="xref">PSA_ALG_SM3</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/ciphers.html#PSA_ALG_STREAM_CIPHER"><code class="xref">PSA_ALG_STREAM_CIPHER</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/ciphers.html#PSA_ALG_STREAM_CIPHER"><code class="xref">PSA_ALG_STREAM_CIPHER</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/kdf.html#PSA_ALG_TLS12_PRF"><code class="xref">PSA_ALG_TLS12_PRF</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/kdf.html#PSA_ALG_TLS12_PRF"><code class="xref">PSA_ALG_TLS12_PRF</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/kdf.html#PSA_ALG_TLS12_PSK_TO_MS"><code class="xref">PSA_ALG_TLS12_PSK_TO_MS</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/kdf.html#PSA_ALG_TLS12_PSK_TO_MS"><code class="xref">PSA_ALG_TLS12_PSK_TO_MS</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/macs.html#PSA_ALG_TRUNCATED_MAC"><code class="xref">PSA_ALG_TRUNCATED_MAC</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/macs.html#PSA_ALG_TRUNCATED_MAC"><code class="xref">PSA_ALG_TRUNCATED_MAC</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/ciphers.html#PSA_ALG_XTS"><code class="xref">PSA_ALG_XTS</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/ciphers.html#PSA_ALG_XTS"><code class="xref">PSA_ALG_XTS</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/pke.html#PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE"><code class="xref">PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/pke.html#PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE"><code class="xref">PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/pke.html#PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE"><code class="xref">PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/pke.html#PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE"><code class="xref">PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/pke.html#PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE"><code class="xref">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/pke.html#PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE"><code class="xref">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/pke.html#PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE"><code class="xref">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/pke.html#PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE"><code class="xref">PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/aead.html#psa_aead_abort"><code class="xref">psa_aead_abort</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/aead.html#psa_aead_abort"><code class="xref">psa_aead_abort</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/aead.html#psa_aead_decrypt"><code class="xref">psa_aead_decrypt</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/aead.html#psa_aead_decrypt"><code class="xref">psa_aead_decrypt</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/aead.html#psa_aead_decrypt_setup"><code class="xref">psa_aead_decrypt_setup</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/aead.html#psa_aead_decrypt_setup"><code class="xref">psa_aead_decrypt_setup</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/aead.html#psa_aead_encrypt"><code class="xref">psa_aead_encrypt</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/aead.html#psa_aead_encrypt"><code class="xref">psa_aead_encrypt</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/aead.html#psa_aead_encrypt_setup"><code class="xref">psa_aead_encrypt_setup</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/aead.html#psa_aead_encrypt_setup"><code class="xref">psa_aead_encrypt_setup</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/aead.html#psa_aead_finish"><code class="xref">psa_aead_finish</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/aead.html#psa_aead_finish"><code class="xref">psa_aead_finish</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/aead.html#psa_aead_generate_nonce"><code class="xref">psa_aead_generate_nonce</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/aead.html#psa_aead_generate_nonce"><code class="xref">psa_aead_generate_nonce</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/aead.html#psa_aead_operation_init"><code class="xref">psa_aead_operation_init</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/aead.html#psa_aead_operation_init"><code class="xref">psa_aead_operation_init</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/aead.html#psa_aead_operation_t"><code class="xref">psa_aead_operation_t</code></a> <em>(type)</em></td><td>
+ <a href="api/ops/aead.html#psa_aead_operation_t"><code class="xref">psa_aead_operation_t</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/aead.html#psa_aead_set_lengths"><code class="xref">psa_aead_set_lengths</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/aead.html#psa_aead_set_lengths"><code class="xref">psa_aead_set_lengths</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/aead.html#psa_aead_set_nonce"><code class="xref">psa_aead_set_nonce</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/aead.html#psa_aead_set_nonce"><code class="xref">psa_aead_set_nonce</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/aead.html#psa_aead_update"><code class="xref">psa_aead_update</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/aead.html#psa_aead_update"><code class="xref">psa_aead_update</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/aead.html#psa_aead_update_ad"><code class="xref">psa_aead_update_ad</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/aead.html#psa_aead_update_ad"><code class="xref">psa_aead_update_ad</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/aead.html#psa_aead_verify"><code class="xref">psa_aead_verify</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/aead.html#psa_aead_verify"><code class="xref">psa_aead_verify</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/attributes.html#psa_algorithm_t"><code class="xref">psa_algorithm_t</code></a> <em>(type)</em></td><td>
+ <a href="api/ops/algorithms.html#psa_algorithm_t"><code class="xref">psa_algorithm_t</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/pke.html#psa_asymmetric_decrypt"><code class="xref">psa_asymmetric_decrypt</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/pke.html#psa_asymmetric_decrypt"><code class="xref">psa_asymmetric_decrypt</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/pke.html#psa_asymmetric_encrypt"><code class="xref">psa_asymmetric_encrypt</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/pke.html#psa_asymmetric_encrypt"><code class="xref">psa_asymmetric_encrypt</code></a></td><td>
<em></em></td></tr>
<tr class="pcap"><td></td><td> </td><td></td></tr>
<tr class="cap" id="cap-PSA_B"><td></td><td>
@@ -651,12 +657,12 @@
<tr>
<td></td>
<td>
- <a href="api/ops/ciphers.html#PSA_BLOCK_CIPHER_BLOCK_LENGTH"><code class="xref">PSA_BLOCK_CIPHER_BLOCK_LENGTH</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/ciphers.html#PSA_BLOCK_CIPHER_BLOCK_LENGTH"><code class="xref">PSA_BLOCK_CIPHER_BLOCK_LENGTH</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/ciphers.html#PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE"><code class="xref">PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/ciphers.html#PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE"><code class="xref">PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE</code></a></td><td>
<em></em></td></tr>
<tr class="pcap"><td></td><td> </td><td></td></tr>
<tr class="cap" id="cap-PSA_C"><td></td><td>
@@ -664,132 +670,132 @@
<tr>
<td></td>
<td>
- <a href="api/ops/ciphers.html#PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE"><code class="xref">PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/ciphers.html#PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE"><code class="xref">PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/ciphers.html#PSA_CIPHER_DECRYPT_OUTPUT_SIZE"><code class="xref">PSA_CIPHER_DECRYPT_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/ciphers.html#PSA_CIPHER_DECRYPT_OUTPUT_SIZE"><code class="xref">PSA_CIPHER_DECRYPT_OUTPUT_SIZE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/ciphers.html#PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE"><code class="xref">PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/ciphers.html#PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE"><code class="xref">PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/ciphers.html#PSA_CIPHER_ENCRYPT_OUTPUT_SIZE"><code class="xref">PSA_CIPHER_ENCRYPT_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/ciphers.html#PSA_CIPHER_ENCRYPT_OUTPUT_SIZE"><code class="xref">PSA_CIPHER_ENCRYPT_OUTPUT_SIZE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/ciphers.html#PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE"><code class="xref">PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/ciphers.html#PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE"><code class="xref">PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/ciphers.html#PSA_CIPHER_FINISH_OUTPUT_SIZE"><code class="xref">PSA_CIPHER_FINISH_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/ciphers.html#PSA_CIPHER_FINISH_OUTPUT_SIZE"><code class="xref">PSA_CIPHER_FINISH_OUTPUT_SIZE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/ciphers.html#PSA_CIPHER_IV_LENGTH"><code class="xref">PSA_CIPHER_IV_LENGTH</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/ciphers.html#PSA_CIPHER_IV_LENGTH"><code class="xref">PSA_CIPHER_IV_LENGTH</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/ciphers.html#PSA_CIPHER_IV_MAX_SIZE"><code class="xref">PSA_CIPHER_IV_MAX_SIZE</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/ciphers.html#PSA_CIPHER_IV_MAX_SIZE"><code class="xref">PSA_CIPHER_IV_MAX_SIZE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/ciphers.html#PSA_CIPHER_OPERATION_INIT"><code class="xref">PSA_CIPHER_OPERATION_INIT</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/ciphers.html#PSA_CIPHER_OPERATION_INIT"><code class="xref">PSA_CIPHER_OPERATION_INIT</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/ciphers.html#PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE"><code class="xref">PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/ciphers.html#PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE"><code class="xref">PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/ciphers.html#PSA_CIPHER_UPDATE_OUTPUT_SIZE"><code class="xref">PSA_CIPHER_UPDATE_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/ciphers.html#PSA_CIPHER_UPDATE_OUTPUT_SIZE"><code class="xref">PSA_CIPHER_UPDATE_OUTPUT_SIZE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/library/library.html#PSA_CRYPTO_API_VERSION_MAJOR"><code class="xref">PSA_CRYPTO_API_VERSION_MAJOR</code></a> <em>(macro)</em></td><td>
+ <a href="api/library/library.html#PSA_CRYPTO_API_VERSION_MAJOR"><code class="xref">PSA_CRYPTO_API_VERSION_MAJOR</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/library/library.html#PSA_CRYPTO_API_VERSION_MINOR"><code class="xref">PSA_CRYPTO_API_VERSION_MINOR</code></a> <em>(macro)</em></td><td>
+ <a href="api/library/library.html#PSA_CRYPTO_API_VERSION_MINOR"><code class="xref">PSA_CRYPTO_API_VERSION_MINOR</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/ciphers.html#psa_cipher_abort"><code class="xref">psa_cipher_abort</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/ciphers.html#psa_cipher_abort"><code class="xref">psa_cipher_abort</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/ciphers.html#psa_cipher_decrypt"><code class="xref">psa_cipher_decrypt</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/ciphers.html#psa_cipher_decrypt"><code class="xref">psa_cipher_decrypt</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/ciphers.html#psa_cipher_decrypt_setup"><code class="xref">psa_cipher_decrypt_setup</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/ciphers.html#psa_cipher_decrypt_setup"><code class="xref">psa_cipher_decrypt_setup</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/ciphers.html#psa_cipher_encrypt"><code class="xref">psa_cipher_encrypt</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/ciphers.html#psa_cipher_encrypt"><code class="xref">psa_cipher_encrypt</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/ciphers.html#psa_cipher_encrypt_setup"><code class="xref">psa_cipher_encrypt_setup</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/ciphers.html#psa_cipher_encrypt_setup"><code class="xref">psa_cipher_encrypt_setup</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/ciphers.html#psa_cipher_finish"><code class="xref">psa_cipher_finish</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/ciphers.html#psa_cipher_finish"><code class="xref">psa_cipher_finish</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/ciphers.html#psa_cipher_generate_iv"><code class="xref">psa_cipher_generate_iv</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/ciphers.html#psa_cipher_generate_iv"><code class="xref">psa_cipher_generate_iv</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/ciphers.html#psa_cipher_operation_init"><code class="xref">psa_cipher_operation_init</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/ciphers.html#psa_cipher_operation_init"><code class="xref">psa_cipher_operation_init</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/ciphers.html#psa_cipher_operation_t"><code class="xref">psa_cipher_operation_t</code></a> <em>(type)</em></td><td>
+ <a href="api/ops/ciphers.html#psa_cipher_operation_t"><code class="xref">psa_cipher_operation_t</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/ciphers.html#psa_cipher_set_iv"><code class="xref">psa_cipher_set_iv</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/ciphers.html#psa_cipher_set_iv"><code class="xref">psa_cipher_set_iv</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/ciphers.html#psa_cipher_update"><code class="xref">psa_cipher_update</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/ciphers.html#psa_cipher_update"><code class="xref">psa_cipher_update</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/management.html#psa_copy_key"><code class="xref">psa_copy_key</code></a> <em>(function)</em></td><td>
+ <a href="api/keys/management.html#psa_copy_key"><code class="xref">psa_copy_key</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/library/library.html#psa_crypto_init"><code class="xref">psa_crypto_init</code></a> <em>(function)</em></td><td>
+ <a href="api/library/library.html#psa_crypto_init"><code class="xref">psa_crypto_init</code></a></td><td>
<em></em></td></tr>
<tr class="pcap"><td></td><td> </td><td></td></tr>
<tr class="cap" id="cap-PSA_D"><td></td><td>
@@ -797,17 +803,17 @@
<tr>
<td></td>
<td>
- <a href="api/keys/types.html#PSA_DH_FAMILY_RFC7919"><code class="xref">PSA_DH_FAMILY_RFC7919</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/types.html#PSA_DH_FAMILY_RFC7919"><code class="xref">PSA_DH_FAMILY_RFC7919</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/management.html#psa_destroy_key"><code class="xref">psa_destroy_key</code></a> <em>(function)</em></td><td>
+ <a href="api/keys/management.html#psa_destroy_key"><code class="xref">psa_destroy_key</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/types.html#psa_dh_family_t"><code class="xref">psa_dh_family_t</code></a> <em>(type)</em></td><td>
+ <a href="api/keys/types.html#psa_dh_family_t"><code class="xref">psa_dh_family_t</code></a></td><td>
<em></em></td></tr>
<tr class="pcap"><td></td><td> </td><td></td></tr>
<tr class="cap" id="cap-PSA_E"><td></td><td>
@@ -815,187 +821,187 @@
<tr>
<td></td>
<td>
- <a href="api/keys/types.html#PSA_ECC_FAMILY_BRAINPOOL_P_R1"><code class="xref">PSA_ECC_FAMILY_BRAINPOOL_P_R1</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/types.html#PSA_ECC_FAMILY_BRAINPOOL_P_R1"><code class="xref">PSA_ECC_FAMILY_BRAINPOOL_P_R1</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/types.html#PSA_ECC_FAMILY_FRP"><code class="xref">PSA_ECC_FAMILY_FRP</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/types.html#PSA_ECC_FAMILY_FRP"><code class="xref">PSA_ECC_FAMILY_FRP</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/types.html#PSA_ECC_FAMILY_MONTGOMERY"><code class="xref">PSA_ECC_FAMILY_MONTGOMERY</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/types.html#PSA_ECC_FAMILY_MONTGOMERY"><code class="xref">PSA_ECC_FAMILY_MONTGOMERY</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/types.html#PSA_ECC_FAMILY_SECP_K1"><code class="xref">PSA_ECC_FAMILY_SECP_K1</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/types.html#PSA_ECC_FAMILY_SECP_K1"><code class="xref">PSA_ECC_FAMILY_SECP_K1</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/types.html#PSA_ECC_FAMILY_SECP_R1"><code class="xref">PSA_ECC_FAMILY_SECP_R1</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/types.html#PSA_ECC_FAMILY_SECP_R1"><code class="xref">PSA_ECC_FAMILY_SECP_R1</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/types.html#PSA_ECC_FAMILY_SECP_R2"><code class="xref">PSA_ECC_FAMILY_SECP_R2</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/types.html#PSA_ECC_FAMILY_SECP_R2"><code class="xref">PSA_ECC_FAMILY_SECP_R2</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/types.html#PSA_ECC_FAMILY_SECT_K1"><code class="xref">PSA_ECC_FAMILY_SECT_K1</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/types.html#PSA_ECC_FAMILY_SECT_K1"><code class="xref">PSA_ECC_FAMILY_SECT_K1</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/types.html#PSA_ECC_FAMILY_SECT_R1"><code class="xref">PSA_ECC_FAMILY_SECT_R1</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/types.html#PSA_ECC_FAMILY_SECT_R1"><code class="xref">PSA_ECC_FAMILY_SECT_R1</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/types.html#PSA_ECC_FAMILY_SECT_R2"><code class="xref">PSA_ECC_FAMILY_SECT_R2</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/types.html#PSA_ECC_FAMILY_SECT_R2"><code class="xref">PSA_ECC_FAMILY_SECT_R2</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/library/status.html#PSA_ERROR_ALREADY_EXISTS"><code class="xref">PSA_ERROR_ALREADY_EXISTS</code></a> <em>(macro)</em></td><td>
+ <a href="api/library/status.html#PSA_ERROR_ALREADY_EXISTS"><code class="xref">PSA_ERROR_ALREADY_EXISTS</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/library/status.html#PSA_ERROR_BAD_STATE"><code class="xref">PSA_ERROR_BAD_STATE</code></a> <em>(macro)</em></td><td>
+ <a href="api/library/status.html#PSA_ERROR_BAD_STATE"><code class="xref">PSA_ERROR_BAD_STATE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/library/status.html#PSA_ERROR_BUFFER_TOO_SMALL"><code class="xref">PSA_ERROR_BUFFER_TOO_SMALL</code></a> <em>(macro)</em></td><td>
+ <a href="api/library/status.html#PSA_ERROR_BUFFER_TOO_SMALL"><code class="xref">PSA_ERROR_BUFFER_TOO_SMALL</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/library/status.html#PSA_ERROR_COMMUNICATION_FAILURE"><code class="xref">PSA_ERROR_COMMUNICATION_FAILURE</code></a> <em>(macro)</em></td><td>
+ <a href="api/library/status.html#PSA_ERROR_COMMUNICATION_FAILURE"><code class="xref">PSA_ERROR_COMMUNICATION_FAILURE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/library/status.html#PSA_ERROR_CORRUPTION_DETECTED"><code class="xref">PSA_ERROR_CORRUPTION_DETECTED</code></a> <em>(macro)</em></td><td>
+ <a href="api/library/status.html#PSA_ERROR_CORRUPTION_DETECTED"><code class="xref">PSA_ERROR_CORRUPTION_DETECTED</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/library/status.html#PSA_ERROR_DATA_CORRUPT"><code class="xref">PSA_ERROR_DATA_CORRUPT</code></a> <em>(macro)</em></td><td>
+ <a href="api/library/status.html#PSA_ERROR_DATA_CORRUPT"><code class="xref">PSA_ERROR_DATA_CORRUPT</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/library/status.html#PSA_ERROR_DATA_INVALID"><code class="xref">PSA_ERROR_DATA_INVALID</code></a> <em>(macro)</em></td><td>
+ <a href="api/library/status.html#PSA_ERROR_DATA_INVALID"><code class="xref">PSA_ERROR_DATA_INVALID</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/library/status.html#PSA_ERROR_DOES_NOT_EXIST"><code class="xref">PSA_ERROR_DOES_NOT_EXIST</code></a> <em>(macro)</em></td><td>
+ <a href="api/library/status.html#PSA_ERROR_DOES_NOT_EXIST"><code class="xref">PSA_ERROR_DOES_NOT_EXIST</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/library/status.html#PSA_ERROR_GENERIC_ERROR"><code class="xref">PSA_ERROR_GENERIC_ERROR</code></a> <em>(macro)</em></td><td>
+ <a href="api/library/status.html#PSA_ERROR_GENERIC_ERROR"><code class="xref">PSA_ERROR_GENERIC_ERROR</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/library/status.html#PSA_ERROR_HARDWARE_FAILURE"><code class="xref">PSA_ERROR_HARDWARE_FAILURE</code></a> <em>(macro)</em></td><td>
+ <a href="api/library/status.html#PSA_ERROR_HARDWARE_FAILURE"><code class="xref">PSA_ERROR_HARDWARE_FAILURE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/library/status.html#PSA_ERROR_INSUFFICIENT_DATA"><code class="xref">PSA_ERROR_INSUFFICIENT_DATA</code></a> <em>(macro)</em></td><td>
+ <a href="api/library/status.html#PSA_ERROR_INSUFFICIENT_DATA"><code class="xref">PSA_ERROR_INSUFFICIENT_DATA</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/library/status.html#PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="xref">PSA_ERROR_INSUFFICIENT_ENTROPY</code></a> <em>(macro)</em></td><td>
+ <a href="api/library/status.html#PSA_ERROR_INSUFFICIENT_ENTROPY"><code class="xref">PSA_ERROR_INSUFFICIENT_ENTROPY</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/library/status.html#PSA_ERROR_INSUFFICIENT_MEMORY"><code class="xref">PSA_ERROR_INSUFFICIENT_MEMORY</code></a> <em>(macro)</em></td><td>
+ <a href="api/library/status.html#PSA_ERROR_INSUFFICIENT_MEMORY"><code class="xref">PSA_ERROR_INSUFFICIENT_MEMORY</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/library/status.html#PSA_ERROR_INSUFFICIENT_STORAGE"><code class="xref">PSA_ERROR_INSUFFICIENT_STORAGE</code></a> <em>(macro)</em></td><td>
+ <a href="api/library/status.html#PSA_ERROR_INSUFFICIENT_STORAGE"><code class="xref">PSA_ERROR_INSUFFICIENT_STORAGE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/library/status.html#PSA_ERROR_INVALID_ARGUMENT"><code class="xref">PSA_ERROR_INVALID_ARGUMENT</code></a> <em>(macro)</em></td><td>
+ <a href="api/library/status.html#PSA_ERROR_INVALID_ARGUMENT"><code class="xref">PSA_ERROR_INVALID_ARGUMENT</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/library/status.html#PSA_ERROR_INVALID_HANDLE"><code class="xref">PSA_ERROR_INVALID_HANDLE</code></a> <em>(macro)</em></td><td>
+ <a href="api/library/status.html#PSA_ERROR_INVALID_HANDLE"><code class="xref">PSA_ERROR_INVALID_HANDLE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/library/status.html#PSA_ERROR_INVALID_PADDING"><code class="xref">PSA_ERROR_INVALID_PADDING</code></a> <em>(macro)</em></td><td>
+ <a href="api/library/status.html#PSA_ERROR_INVALID_PADDING"><code class="xref">PSA_ERROR_INVALID_PADDING</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/library/status.html#PSA_ERROR_INVALID_SIGNATURE"><code class="xref">PSA_ERROR_INVALID_SIGNATURE</code></a> <em>(macro)</em></td><td>
+ <a href="api/library/status.html#PSA_ERROR_INVALID_SIGNATURE"><code class="xref">PSA_ERROR_INVALID_SIGNATURE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/library/status.html#PSA_ERROR_NOT_PERMITTED"><code class="xref">PSA_ERROR_NOT_PERMITTED</code></a> <em>(macro)</em></td><td>
+ <a href="api/library/status.html#PSA_ERROR_NOT_PERMITTED"><code class="xref">PSA_ERROR_NOT_PERMITTED</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/library/status.html#PSA_ERROR_NOT_SUPPORTED"><code class="xref">PSA_ERROR_NOT_SUPPORTED</code></a> <em>(macro)</em></td><td>
+ <a href="api/library/status.html#PSA_ERROR_NOT_SUPPORTED"><code class="xref">PSA_ERROR_NOT_SUPPORTED</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/library/status.html#PSA_ERROR_STORAGE_FAILURE"><code class="xref">PSA_ERROR_STORAGE_FAILURE</code></a> <em>(macro)</em></td><td>
+ <a href="api/library/status.html#PSA_ERROR_STORAGE_FAILURE"><code class="xref">PSA_ERROR_STORAGE_FAILURE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/management.html#PSA_EXPORT_KEY_OUTPUT_SIZE"><code class="xref">PSA_EXPORT_KEY_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/management.html#PSA_EXPORT_KEY_OUTPUT_SIZE"><code class="xref">PSA_EXPORT_KEY_OUTPUT_SIZE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/management.html#PSA_EXPORT_KEY_PAIR_MAX_SIZE"><code class="xref">PSA_EXPORT_KEY_PAIR_MAX_SIZE</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/management.html#PSA_EXPORT_KEY_PAIR_MAX_SIZE"><code class="xref">PSA_EXPORT_KEY_PAIR_MAX_SIZE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/management.html#PSA_EXPORT_PUBLIC_KEY_MAX_SIZE"><code class="xref">PSA_EXPORT_PUBLIC_KEY_MAX_SIZE</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/management.html#PSA_EXPORT_PUBLIC_KEY_MAX_SIZE"><code class="xref">PSA_EXPORT_PUBLIC_KEY_MAX_SIZE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/management.html#PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE"><code class="xref">PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/management.html#PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE"><code class="xref">PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/types.html#psa_ecc_family_t"><code class="xref">psa_ecc_family_t</code></a> <em>(type)</em></td><td>
+ <a href="api/keys/types.html#psa_ecc_family_t"><code class="xref">psa_ecc_family_t</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/management.html#psa_export_key"><code class="xref">psa_export_key</code></a> <em>(function)</em></td><td>
+ <a href="api/keys/management.html#psa_export_key"><code class="xref">psa_export_key</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/management.html#psa_export_public_key"><code class="xref">psa_export_public_key</code></a> <em>(function)</em></td><td>
+ <a href="api/keys/management.html#psa_export_public_key"><code class="xref">psa_export_public_key</code></a></td><td>
<em></em></td></tr>
<tr class="pcap"><td></td><td> </td><td></td></tr>
<tr class="cap" id="cap-PSA_G"><td></td><td>
@@ -1003,47 +1009,47 @@
<tr>
<td></td>
<td>
- <a href="api/keys/management.html#psa_generate_key"><code class="xref">psa_generate_key</code></a> <em>(function)</em></td><td>
+ <a href="api/keys/management.html#psa_generate_key"><code class="xref">psa_generate_key</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/rng.html#psa_generate_random"><code class="xref">psa_generate_random</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/rng.html#psa_generate_random"><code class="xref">psa_generate_random</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/algorithms.html#psa_get_key_algorithm"><code class="xref">psa_get_key_algorithm</code></a> <em>(function)</em></td><td>
+ <a href="api/keys/policy.html#psa_get_key_algorithm"><code class="xref">psa_get_key_algorithm</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/attributes.html#psa_get_key_attributes"><code class="xref">psa_get_key_attributes</code></a> <em>(function)</em></td><td>
+ <a href="api/keys/attributes.html#psa_get_key_attributes"><code class="xref">psa_get_key_attributes</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/types.html#psa_get_key_bits"><code class="xref">psa_get_key_bits</code></a> <em>(function)</em></td><td>
+ <a href="api/keys/types.html#psa_get_key_bits"><code class="xref">psa_get_key_bits</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/locations.html#psa_get_key_id"><code class="xref">psa_get_key_id</code></a> <em>(function)</em></td><td>
+ <a href="api/keys/ids.html#psa_get_key_id"><code class="xref">psa_get_key_id</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/locations.html#psa_get_key_lifetime"><code class="xref">psa_get_key_lifetime</code></a> <em>(function)</em></td><td>
+ <a href="api/keys/lifetimes.html#psa_get_key_lifetime"><code class="xref">psa_get_key_lifetime</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/types.html#psa_get_key_type"><code class="xref">psa_get_key_type</code></a> <em>(function)</em></td><td>
+ <a href="api/keys/types.html#psa_get_key_type"><code class="xref">psa_get_key_type</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/usage.html#psa_get_key_usage_flags"><code class="xref">psa_get_key_usage_flags</code></a> <em>(function)</em></td><td>
+ <a href="api/keys/policy.html#psa_get_key_usage_flags"><code class="xref">psa_get_key_usage_flags</code></a></td><td>
<em></em></td></tr>
<tr class="pcap"><td></td><td> </td><td></td></tr>
<tr class="cap" id="cap-PSA_H"><td></td><td>
@@ -1051,107 +1057,107 @@
<tr>
<td></td>
<td>
- <a href="api/ops/hashes.html#PSA_HASH_BLOCK_LENGTH"><code class="xref">PSA_HASH_BLOCK_LENGTH</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/hashes.html#PSA_HASH_BLOCK_LENGTH"><code class="xref">PSA_HASH_BLOCK_LENGTH</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/hashes.html#PSA_HASH_LENGTH"><code class="xref">PSA_HASH_LENGTH</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/hashes.html#PSA_HASH_LENGTH"><code class="xref">PSA_HASH_LENGTH</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/hashes.html#PSA_HASH_MAX_SIZE"><code class="xref">PSA_HASH_MAX_SIZE</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/hashes.html#PSA_HASH_MAX_SIZE"><code class="xref">PSA_HASH_MAX_SIZE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/hashes.html#PSA_HASH_OPERATION_INIT"><code class="xref">PSA_HASH_OPERATION_INIT</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/hashes.html#PSA_HASH_OPERATION_INIT"><code class="xref">PSA_HASH_OPERATION_INIT</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/hashes.html#PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH"><code class="xref">PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/hashes.html#PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH"><code class="xref">PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/hashes.html#PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH"><code class="xref">PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/hashes.html#PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH"><code class="xref">PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/hashes.html#PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH"><code class="xref">PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/hashes.html#PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH"><code class="xref">PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/hashes.html#PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE"><code class="xref">PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/hashes.html#PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE"><code class="xref">PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/hashes.html#PSA_HASH_SUSPEND_OUTPUT_SIZE"><code class="xref">PSA_HASH_SUSPEND_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/hashes.html#PSA_HASH_SUSPEND_OUTPUT_SIZE"><code class="xref">PSA_HASH_SUSPEND_OUTPUT_SIZE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/hashes.html#psa_hash_abort"><code class="xref">psa_hash_abort</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/hashes.html#psa_hash_abort"><code class="xref">psa_hash_abort</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/hashes.html#psa_hash_clone"><code class="xref">psa_hash_clone</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/hashes.html#psa_hash_clone"><code class="xref">psa_hash_clone</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/hashes.html#psa_hash_compare"><code class="xref">psa_hash_compare</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/hashes.html#psa_hash_compare"><code class="xref">psa_hash_compare</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/hashes.html#psa_hash_compute"><code class="xref">psa_hash_compute</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/hashes.html#psa_hash_compute"><code class="xref">psa_hash_compute</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/hashes.html#psa_hash_finish"><code class="xref">psa_hash_finish</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/hashes.html#psa_hash_finish"><code class="xref">psa_hash_finish</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/hashes.html#psa_hash_operation_init"><code class="xref">psa_hash_operation_init</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/hashes.html#psa_hash_operation_init"><code class="xref">psa_hash_operation_init</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/hashes.html#psa_hash_operation_t"><code class="xref">psa_hash_operation_t</code></a> <em>(type)</em></td><td>
+ <a href="api/ops/hashes.html#psa_hash_operation_t"><code class="xref">psa_hash_operation_t</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/hashes.html#psa_hash_resume"><code class="xref">psa_hash_resume</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/hashes.html#psa_hash_resume"><code class="xref">psa_hash_resume</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/hashes.html#psa_hash_setup"><code class="xref">psa_hash_setup</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/hashes.html#psa_hash_setup"><code class="xref">psa_hash_setup</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/hashes.html#psa_hash_suspend"><code class="xref">psa_hash_suspend</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/hashes.html#psa_hash_suspend"><code class="xref">psa_hash_suspend</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/hashes.html#psa_hash_update"><code class="xref">psa_hash_update</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/hashes.html#psa_hash_update"><code class="xref">psa_hash_update</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/hashes.html#psa_hash_verify"><code class="xref">psa_hash_verify</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/hashes.html#psa_hash_verify"><code class="xref">psa_hash_verify</code></a></td><td>
<em></em></td></tr>
<tr class="pcap"><td></td><td> </td><td></td></tr>
<tr class="cap" id="cap-PSA_I"><td></td><td>
@@ -1159,7 +1165,7 @@
<tr>
<td></td>
<td>
- <a href="api/keys/management.html#psa_import_key"><code class="xref">psa_import_key</code></a> <em>(function)</em></td><td>
+ <a href="api/keys/management.html#psa_import_key"><code class="xref">psa_import_key</code></a></td><td>
<em></em></td></tr>
<tr class="pcap"><td></td><td> </td><td></td></tr>
<tr class="cap" id="cap-PSA_K"><td></td><td>
@@ -1167,372 +1173,432 @@
<tr>
<td></td>
<td>
- <a href="api/keys/attributes.html#PSA_KEY_ATTRIBUTES_INIT"><code class="xref">PSA_KEY_ATTRIBUTES_INIT</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/attributes.html#PSA_KEY_ATTRIBUTES_INIT"><code class="xref">PSA_KEY_ATTRIBUTES_INIT</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/kdf.html#PSA_KEY_DERIVATION_INPUT_CONTEXT"><code class="xref">PSA_KEY_DERIVATION_INPUT_CONTEXT</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/kdf.html#PSA_KEY_DERIVATION_INPUT_CONTEXT"><code class="xref">PSA_KEY_DERIVATION_INPUT_CONTEXT</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/kdf.html#PSA_KEY_DERIVATION_INPUT_INFO"><code class="xref">PSA_KEY_DERIVATION_INPUT_INFO</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/kdf.html#PSA_KEY_DERIVATION_INPUT_INFO"><code class="xref">PSA_KEY_DERIVATION_INPUT_INFO</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/kdf.html#PSA_KEY_DERIVATION_INPUT_LABEL"><code class="xref">PSA_KEY_DERIVATION_INPUT_LABEL</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/kdf.html#PSA_KEY_DERIVATION_INPUT_LABEL"><code class="xref">PSA_KEY_DERIVATION_INPUT_LABEL</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/kdf.html#PSA_KEY_DERIVATION_INPUT_SALT"><code class="xref">PSA_KEY_DERIVATION_INPUT_SALT</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/kdf.html#PSA_KEY_DERIVATION_INPUT_SALT"><code class="xref">PSA_KEY_DERIVATION_INPUT_SALT</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/kdf.html#PSA_KEY_DERIVATION_INPUT_SECRET"><code class="xref">PSA_KEY_DERIVATION_INPUT_SECRET</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/kdf.html#PSA_KEY_DERIVATION_INPUT_SECRET"><code class="xref">PSA_KEY_DERIVATION_INPUT_SECRET</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/kdf.html#PSA_KEY_DERIVATION_INPUT_SEED"><code class="xref">PSA_KEY_DERIVATION_INPUT_SEED</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/kdf.html#PSA_KEY_DERIVATION_INPUT_SEED"><code class="xref">PSA_KEY_DERIVATION_INPUT_SEED</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/kdf.html#PSA_KEY_DERIVATION_OPERATION_INIT"><code class="xref">PSA_KEY_DERIVATION_OPERATION_INIT</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/kdf.html#PSA_KEY_DERIVATION_OPERATION_INIT"><code class="xref">PSA_KEY_DERIVATION_OPERATION_INIT</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/kdf.html#PSA_KEY_DERIVATION_UNLIMITED_CAPACITY"><code class="xref">PSA_KEY_DERIVATION_UNLIMITED_CAPACITY</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/kdf.html#PSA_KEY_DERIVATION_UNLIMITED_CAPACITY"><code class="xref">PSA_KEY_DERIVATION_UNLIMITED_CAPACITY</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/locations.html#PSA_KEY_ID_NULL"><code class="xref">PSA_KEY_ID_NULL</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/ids.html#PSA_KEY_ID_NULL"><code class="xref">PSA_KEY_ID_NULL</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/locations.html#PSA_KEY_ID_USER_MAX"><code class="xref">PSA_KEY_ID_USER_MAX</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/ids.html#PSA_KEY_ID_USER_MAX"><code class="xref">PSA_KEY_ID_USER_MAX</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/locations.html#PSA_KEY_ID_USER_MIN"><code class="xref">PSA_KEY_ID_USER_MIN</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/ids.html#PSA_KEY_ID_USER_MIN"><code class="xref">PSA_KEY_ID_USER_MIN</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/locations.html#PSA_KEY_ID_VENDOR_MAX"><code class="xref">PSA_KEY_ID_VENDOR_MAX</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/ids.html#PSA_KEY_ID_VENDOR_MAX"><code class="xref">PSA_KEY_ID_VENDOR_MAX</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/locations.html#PSA_KEY_ID_VENDOR_MIN"><code class="xref">PSA_KEY_ID_VENDOR_MIN</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/ids.html#PSA_KEY_ID_VENDOR_MIN"><code class="xref">PSA_KEY_ID_VENDOR_MIN</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/locations.html#PSA_KEY_LIFETIME_PERSISTENT"><code class="xref">PSA_KEY_LIFETIME_PERSISTENT</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/lifetimes.html#PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION"><code class="xref">PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/locations.html#PSA_KEY_LIFETIME_VOLATILE"><code class="xref">PSA_KEY_LIFETIME_VOLATILE</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/lifetimes.html#PSA_KEY_LIFETIME_GET_LOCATION"><code class="xref">PSA_KEY_LIFETIME_GET_LOCATION</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/types.html#PSA_KEY_TYPE_AES"><code class="xref">PSA_KEY_TYPE_AES</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/lifetimes.html#PSA_KEY_LIFETIME_GET_PERSISTENCE"><code class="xref">PSA_KEY_LIFETIME_GET_PERSISTENCE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/types.html#PSA_KEY_TYPE_ARC4"><code class="xref">PSA_KEY_TYPE_ARC4</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/lifetimes.html#PSA_KEY_LIFETIME_IS_VOLATILE"><code class="xref">PSA_KEY_LIFETIME_IS_VOLATILE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/types.html#PSA_KEY_TYPE_CAMELLIA"><code class="xref">PSA_KEY_TYPE_CAMELLIA</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/lifetimes.html#PSA_KEY_LIFETIME_PERSISTENT"><code class="xref">PSA_KEY_LIFETIME_PERSISTENT</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/types.html#PSA_KEY_TYPE_CHACHA20"><code class="xref">PSA_KEY_TYPE_CHACHA20</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/lifetimes.html#PSA_KEY_LIFETIME_VOLATILE"><code class="xref">PSA_KEY_LIFETIME_VOLATILE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/types.html#PSA_KEY_TYPE_DERIVE"><code class="xref">PSA_KEY_TYPE_DERIVE</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/lifetimes.html#PSA_KEY_LOCATION_LOCAL_STORAGE"><code class="xref">PSA_KEY_LOCATION_LOCAL_STORAGE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/types.html#PSA_KEY_TYPE_DES"><code class="xref">PSA_KEY_TYPE_DES</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/lifetimes.html#PSA_KEY_LOCATION_PRIMARY_SECURE_ELEMENT"><code class="xref">PSA_KEY_LOCATION_PRIMARY_SECURE_ELEMENT</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/types.html#PSA_KEY_TYPE_DH_GET_FAMILY"><code class="xref">PSA_KEY_TYPE_DH_GET_FAMILY</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/lifetimes.html#PSA_KEY_PERSISTENCE_DEFAULT"><code class="xref">PSA_KEY_PERSISTENCE_DEFAULT</code></a></td><td>
+ <em></em></td></tr>
+ <tr>
+ <td></td>
+ <td>
+ <a href="api/keys/lifetimes.html#PSA_KEY_PERSISTENCE_READ_ONLY"><code class="xref">PSA_KEY_PERSISTENCE_READ_ONLY</code></a></td><td>
+ <em></em></td></tr>
+ <tr>
+ <td></td>
+ <td>
+ <a href="api/keys/lifetimes.html#PSA_KEY_PERSISTENCE_VOLATILE"><code class="xref">PSA_KEY_PERSISTENCE_VOLATILE</code></a></td><td>
+ <em></em></td></tr>
+ <tr>
+ <td></td>
+ <td>
+ <a href="api/keys/types.html#PSA_KEY_TYPE_AES"><code class="xref">PSA_KEY_TYPE_AES</code></a></td><td>
+ <em></em></td></tr>
+ <tr>
+ <td></td>
+ <td>
+ <a href="api/keys/types.html#PSA_KEY_TYPE_ARC4"><code class="xref">PSA_KEY_TYPE_ARC4</code></a></td><td>
+ <em></em></td></tr>
+ <tr>
+ <td></td>
+ <td>
+ <a href="api/keys/types.html#PSA_KEY_TYPE_CAMELLIA"><code class="xref">PSA_KEY_TYPE_CAMELLIA</code></a></td><td>
+ <em></em></td></tr>
+ <tr>
+ <td></td>
+ <td>
+ <a href="api/keys/types.html#PSA_KEY_TYPE_CHACHA20"><code class="xref">PSA_KEY_TYPE_CHACHA20</code></a></td><td>
+ <em></em></td></tr>
+ <tr>
+ <td></td>
+ <td>
+ <a href="api/keys/types.html#PSA_KEY_TYPE_DERIVE"><code class="xref">PSA_KEY_TYPE_DERIVE</code></a></td><td>
+ <em></em></td></tr>
+ <tr>
+ <td></td>
+ <td>
+ <a href="api/keys/types.html#PSA_KEY_TYPE_DES"><code class="xref">PSA_KEY_TYPE_DES</code></a></td><td>
+ <em></em></td></tr>
+ <tr>
+ <td></td>
+ <td>
+ <a href="api/keys/types.html#PSA_KEY_TYPE_DH_GET_FAMILY"><code class="xref">PSA_KEY_TYPE_DH_GET_FAMILY</code></a></td><td>
+ <em></em></td></tr>
+ <tr>
+ <td></td>
+ <td>
+ <a href="api/keys/types.html#PSA_KEY_TYPE_DH_KEY_PAIR"><code class="xref">PSA_KEY_TYPE_DH_KEY_PAIR</code></a></td><td>
+ <em></em></td></tr>
+ <tr>
+ <td></td>
+ <td>
+ <a href="api/keys/types.html#PSA_KEY_TYPE_DH_PUBLIC_KEY"><code class="xref">PSA_KEY_TYPE_DH_PUBLIC_KEY</code></a></td><td>
+ <em></em></td></tr>
+ <tr>
+ <td></td>
+ <td>
+ <a href="api/keys/types.html#PSA_KEY_TYPE_ECC_GET_FAMILY"><code class="xref">PSA_KEY_TYPE_ECC_GET_FAMILY</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/types.html#PSA_KEY_TYPE_DH_KEY_PAIR"><code class="xref">PSA_KEY_TYPE_DH_KEY_PAIR</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/types.html#PSA_KEY_TYPE_ECC_KEY_PAIR"><code class="xref">PSA_KEY_TYPE_ECC_KEY_PAIR</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/types.html#PSA_KEY_TYPE_DH_PUBLIC_KEY"><code class="xref">PSA_KEY_TYPE_DH_PUBLIC_KEY</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/types.html#PSA_KEY_TYPE_ECC_PUBLIC_KEY"><code class="xref">PSA_KEY_TYPE_ECC_PUBLIC_KEY</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/types.html#PSA_KEY_TYPE_ECC_GET_FAMILY"><code class="xref">PSA_KEY_TYPE_ECC_GET_FAMILY</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/types.html#PSA_KEY_TYPE_HMAC"><code class="xref">PSA_KEY_TYPE_HMAC</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/types.html#PSA_KEY_TYPE_ECC_KEY_PAIR"><code class="xref">PSA_KEY_TYPE_ECC_KEY_PAIR</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/types.html#PSA_KEY_TYPE_IS_ASYMMETRIC"><code class="xref">PSA_KEY_TYPE_IS_ASYMMETRIC</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/types.html#PSA_KEY_TYPE_ECC_PUBLIC_KEY"><code class="xref">PSA_KEY_TYPE_ECC_PUBLIC_KEY</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/types.html#PSA_KEY_TYPE_IS_DH"><code class="xref">PSA_KEY_TYPE_IS_DH</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/types.html#PSA_KEY_TYPE_HMAC"><code class="xref">PSA_KEY_TYPE_HMAC</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/types.html#PSA_KEY_TYPE_IS_DH_KEY_PAIR"><code class="xref">PSA_KEY_TYPE_IS_DH_KEY_PAIR</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/types.html#PSA_KEY_TYPE_IS_ASYMMETRIC"><code class="xref">PSA_KEY_TYPE_IS_ASYMMETRIC</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/types.html#PSA_KEY_TYPE_IS_DH_PUBLIC_KEY"><code class="xref">PSA_KEY_TYPE_IS_DH_PUBLIC_KEY</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/types.html#PSA_KEY_TYPE_IS_DH"><code class="xref">PSA_KEY_TYPE_IS_DH</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/types.html#PSA_KEY_TYPE_IS_ECC"><code class="xref">PSA_KEY_TYPE_IS_ECC</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/types.html#PSA_KEY_TYPE_IS_DH_KEY_PAIR"><code class="xref">PSA_KEY_TYPE_IS_DH_KEY_PAIR</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/types.html#PSA_KEY_TYPE_IS_ECC_KEY_PAIR"><code class="xref">PSA_KEY_TYPE_IS_ECC_KEY_PAIR</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/types.html#PSA_KEY_TYPE_IS_DH_PUBLIC_KEY"><code class="xref">PSA_KEY_TYPE_IS_DH_PUBLIC_KEY</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/types.html#PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY"><code class="xref">PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/types.html#PSA_KEY_TYPE_IS_ECC"><code class="xref">PSA_KEY_TYPE_IS_ECC</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/types.html#PSA_KEY_TYPE_IS_KEY_PAIR"><code class="xref">PSA_KEY_TYPE_IS_KEY_PAIR</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/types.html#PSA_KEY_TYPE_IS_ECC_KEY_PAIR"><code class="xref">PSA_KEY_TYPE_IS_ECC_KEY_PAIR</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/types.html#PSA_KEY_TYPE_IS_PUBLIC_KEY"><code class="xref">PSA_KEY_TYPE_IS_PUBLIC_KEY</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/types.html#PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY"><code class="xref">PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/types.html#PSA_KEY_TYPE_IS_RSA"><code class="xref">PSA_KEY_TYPE_IS_RSA</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/types.html#PSA_KEY_TYPE_IS_KEY_PAIR"><code class="xref">PSA_KEY_TYPE_IS_KEY_PAIR</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/types.html#PSA_KEY_TYPE_IS_UNSTRUCTURED"><code class="xref">PSA_KEY_TYPE_IS_UNSTRUCTURED</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/types.html#PSA_KEY_TYPE_IS_PUBLIC_KEY"><code class="xref">PSA_KEY_TYPE_IS_PUBLIC_KEY</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/types.html#PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY"><code class="xref">PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/types.html#PSA_KEY_TYPE_IS_RSA"><code class="xref">PSA_KEY_TYPE_IS_RSA</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/types.html#PSA_KEY_TYPE_NONE"><code class="xref">PSA_KEY_TYPE_NONE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/types.html#PSA_KEY_TYPE_IS_UNSTRUCTURED"><code class="xref">PSA_KEY_TYPE_IS_UNSTRUCTURED</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/types.html#PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR"><code class="xref">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/types.html#PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY"><code class="xref">PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/types.html#PSA_KEY_TYPE_RAW_DATA"><code class="xref">PSA_KEY_TYPE_RAW_DATA</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/types.html#PSA_KEY_TYPE_NONE"><code class="xref">PSA_KEY_TYPE_NONE</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/types.html#PSA_KEY_TYPE_RSA_KEY_PAIR"><code class="xref">PSA_KEY_TYPE_RSA_KEY_PAIR</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/types.html#PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR"><code class="xref">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/types.html#PSA_KEY_TYPE_RSA_PUBLIC_KEY"><code class="xref">PSA_KEY_TYPE_RSA_PUBLIC_KEY</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/types.html#PSA_KEY_TYPE_RAW_DATA"><code class="xref">PSA_KEY_TYPE_RAW_DATA</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/types.html#PSA_KEY_TYPE_SM4"><code class="xref">PSA_KEY_TYPE_SM4</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/types.html#PSA_KEY_TYPE_RSA_KEY_PAIR"><code class="xref">PSA_KEY_TYPE_RSA_KEY_PAIR</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/policy.html#PSA_KEY_USAGE_CACHE"><code class="xref">PSA_KEY_USAGE_CACHE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/types.html#PSA_KEY_TYPE_RSA_PUBLIC_KEY"><code class="xref">PSA_KEY_TYPE_RSA_PUBLIC_KEY</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/policy.html#PSA_KEY_USAGE_COPY"><code class="xref">PSA_KEY_USAGE_COPY</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/usage.html#PSA_KEY_USAGE_CACHE"><code class="xref">PSA_KEY_USAGE_CACHE</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/policy.html#PSA_KEY_USAGE_DECRYPT"><code class="xref">PSA_KEY_USAGE_DECRYPT</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/usage.html#PSA_KEY_USAGE_COPY"><code class="xref">PSA_KEY_USAGE_COPY</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/policy.html#PSA_KEY_USAGE_DERIVE"><code class="xref">PSA_KEY_USAGE_DERIVE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/usage.html#PSA_KEY_USAGE_DECRYPT"><code class="xref">PSA_KEY_USAGE_DECRYPT</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/policy.html#PSA_KEY_USAGE_ENCRYPT"><code class="xref">PSA_KEY_USAGE_ENCRYPT</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/usage.html#PSA_KEY_USAGE_DERIVE"><code class="xref">PSA_KEY_USAGE_DERIVE</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/policy.html#PSA_KEY_USAGE_EXPORT"><code class="xref">PSA_KEY_USAGE_EXPORT</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/usage.html#PSA_KEY_USAGE_ENCRYPT"><code class="xref">PSA_KEY_USAGE_ENCRYPT</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/policy.html#PSA_KEY_USAGE_SIGN_HASH"><code class="xref">PSA_KEY_USAGE_SIGN_HASH</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/usage.html#PSA_KEY_USAGE_EXPORT"><code class="xref">PSA_KEY_USAGE_EXPORT</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/policy.html#PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref">PSA_KEY_USAGE_SIGN_MESSAGE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/usage.html#PSA_KEY_USAGE_SIGN_HASH"><code class="xref">PSA_KEY_USAGE_SIGN_HASH</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/policy.html#PSA_KEY_USAGE_VERIFY_HASH"><code class="xref">PSA_KEY_USAGE_VERIFY_HASH</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/usage.html#PSA_KEY_USAGE_SIGN_MESSAGE"><code class="xref">PSA_KEY_USAGE_SIGN_MESSAGE</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/policy.html#PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="xref">PSA_KEY_USAGE_VERIFY_MESSAGE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/usage.html#PSA_KEY_USAGE_VERIFY_HASH"><code class="xref">PSA_KEY_USAGE_VERIFY_HASH</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/attributes.html#psa_key_attributes_init"><code class="xref">psa_key_attributes_init</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/usage.html#PSA_KEY_USAGE_VERIFY_MESSAGE"><code class="xref">PSA_KEY_USAGE_VERIFY_MESSAGE</code></a> <em>(macro)</em></td><td>
+ <a href="api/keys/attributes.html#psa_key_attributes_t"><code class="xref">psa_key_attributes_t</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/attributes.html#psa_key_attributes_init"><code class="xref">psa_key_attributes_init</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/kdf.html#psa_key_derivation_abort"><code class="xref">psa_key_derivation_abort</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/attributes.html#psa_key_attributes_t"><code class="xref">psa_key_attributes_t</code></a> <em>(type)</em></td><td>
+ <a href="api/ops/kdf.html#psa_key_derivation_get_capacity"><code class="xref">psa_key_derivation_get_capacity</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/kdf.html#psa_key_derivation_abort"><code class="xref">psa_key_derivation_abort</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/kdf.html#psa_key_derivation_input_bytes"><code class="xref">psa_key_derivation_input_bytes</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/kdf.html#psa_key_derivation_get_capacity"><code class="xref">psa_key_derivation_get_capacity</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/kdf.html#psa_key_derivation_input_key"><code class="xref">psa_key_derivation_input_key</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/kdf.html#psa_key_derivation_input_bytes"><code class="xref">psa_key_derivation_input_bytes</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/ka.html#psa_key_derivation_key_agreement"><code class="xref">psa_key_derivation_key_agreement</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/kdf.html#psa_key_derivation_input_key"><code class="xref">psa_key_derivation_input_key</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/kdf.html#psa_key_derivation_operation_init"><code class="xref">psa_key_derivation_operation_init</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/ka.html#psa_key_derivation_key_agreement"><code class="xref">psa_key_derivation_key_agreement</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/kdf.html#psa_key_derivation_operation_t"><code class="xref">psa_key_derivation_operation_t</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/kdf.html#psa_key_derivation_operation_init"><code class="xref">psa_key_derivation_operation_init</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/kdf.html#psa_key_derivation_output_bytes"><code class="xref">psa_key_derivation_output_bytes</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/kdf.html#psa_key_derivation_operation_t"><code class="xref">psa_key_derivation_operation_t</code></a> <em>(type)</em></td><td>
+ <a href="api/ops/kdf.html#psa_key_derivation_output_key"><code class="xref">psa_key_derivation_output_key</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/kdf.html#psa_key_derivation_output_bytes"><code class="xref">psa_key_derivation_output_bytes</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/kdf.html#psa_key_derivation_set_capacity"><code class="xref">psa_key_derivation_set_capacity</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/kdf.html#psa_key_derivation_output_key"><code class="xref">psa_key_derivation_output_key</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/kdf.html#psa_key_derivation_setup"><code class="xref">psa_key_derivation_setup</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/kdf.html#psa_key_derivation_set_capacity"><code class="xref">psa_key_derivation_set_capacity</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/kdf.html#psa_key_derivation_step_t"><code class="xref">psa_key_derivation_step_t</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/kdf.html#psa_key_derivation_setup"><code class="xref">psa_key_derivation_setup</code></a> <em>(function)</em></td><td>
+ <a href="api/keys/ids.html#psa_key_id_t"><code class="xref">psa_key_id_t</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/kdf.html#psa_key_derivation_step_t"><code class="xref">psa_key_derivation_step_t</code></a> <em>(type)</em></td><td>
+ <a href="api/keys/lifetimes.html#psa_key_lifetime_t"><code class="xref">psa_key_lifetime_t</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/attributes.html#psa_key_id_t"><code class="xref">psa_key_id_t</code></a> <em>(type)</em></td><td>
+ <a href="api/keys/lifetimes.html#psa_key_location_t"><code class="xref">psa_key_location_t</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/attributes.html#psa_key_lifetime_t"><code class="xref">psa_key_lifetime_t</code></a> <em>(type)</em></td><td>
+ <a href="api/keys/lifetimes.html#psa_key_persistence_t"><code class="xref">psa_key_persistence_t</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/attributes.html#psa_key_type_t"><code class="xref">psa_key_type_t</code></a> <em>(type)</em></td><td>
+ <a href="api/keys/types.html#psa_key_type_t"><code class="xref">psa_key_type_t</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/attributes.html#psa_key_usage_t"><code class="xref">psa_key_usage_t</code></a> <em>(type)</em></td><td>
+ <a href="api/keys/policy.html#psa_key_usage_t"><code class="xref">psa_key_usage_t</code></a></td><td>
<em></em></td></tr>
<tr class="pcap"><td></td><td> </td><td></td></tr>
<tr class="cap" id="cap-PSA_M"><td></td><td>
@@ -1540,67 +1606,67 @@
<tr>
<td></td>
<td>
- <a href="api/ops/macs.html#PSA_MAC_LENGTH"><code class="xref">PSA_MAC_LENGTH</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/macs.html#PSA_MAC_LENGTH"><code class="xref">PSA_MAC_LENGTH</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/macs.html#PSA_MAC_MAX_SIZE"><code class="xref">PSA_MAC_MAX_SIZE</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/macs.html#PSA_MAC_MAX_SIZE"><code class="xref">PSA_MAC_MAX_SIZE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/macs.html#PSA_MAC_OPERATION_INIT"><code class="xref">PSA_MAC_OPERATION_INIT</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/macs.html#PSA_MAC_OPERATION_INIT"><code class="xref">PSA_MAC_OPERATION_INIT</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/macs.html#psa_mac_abort"><code class="xref">psa_mac_abort</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/macs.html#psa_mac_abort"><code class="xref">psa_mac_abort</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/macs.html#psa_mac_compute"><code class="xref">psa_mac_compute</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/macs.html#psa_mac_compute"><code class="xref">psa_mac_compute</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/macs.html#psa_mac_operation_init"><code class="xref">psa_mac_operation_init</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/macs.html#psa_mac_operation_init"><code class="xref">psa_mac_operation_init</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/macs.html#psa_mac_operation_t"><code class="xref">psa_mac_operation_t</code></a> <em>(type)</em></td><td>
+ <a href="api/ops/macs.html#psa_mac_operation_t"><code class="xref">psa_mac_operation_t</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/macs.html#psa_mac_sign_finish"><code class="xref">psa_mac_sign_finish</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/macs.html#psa_mac_sign_finish"><code class="xref">psa_mac_sign_finish</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/macs.html#psa_mac_sign_setup"><code class="xref">psa_mac_sign_setup</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/macs.html#psa_mac_sign_setup"><code class="xref">psa_mac_sign_setup</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/macs.html#psa_mac_update"><code class="xref">psa_mac_update</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/macs.html#psa_mac_update"><code class="xref">psa_mac_update</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/macs.html#psa_mac_verify"><code class="xref">psa_mac_verify</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/macs.html#psa_mac_verify"><code class="xref">psa_mac_verify</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/macs.html#psa_mac_verify_finish"><code class="xref">psa_mac_verify_finish</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/macs.html#psa_mac_verify_finish"><code class="xref">psa_mac_verify_finish</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/macs.html#psa_mac_verify_setup"><code class="xref">psa_mac_verify_setup</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/macs.html#psa_mac_verify_setup"><code class="xref">psa_mac_verify_setup</code></a></td><td>
<em></em></td></tr>
<tr class="pcap"><td></td><td> </td><td></td></tr>
<tr class="cap" id="cap-PSA_P"><td></td><td>
@@ -1608,7 +1674,7 @@
<tr>
<td></td>
<td>
- <a href="api/keys/management.html#psa_purge_key"><code class="xref">psa_purge_key</code></a> <em>(function)</em></td><td>
+ <a href="api/keys/management.html#psa_purge_key"><code class="xref">psa_purge_key</code></a></td><td>
<em></em></td></tr>
<tr class="pcap"><td></td><td> </td><td></td></tr>
<tr class="cap" id="cap-PSA_R"><td></td><td>
@@ -1616,22 +1682,22 @@
<tr>
<td></td>
<td>
- <a href="api/ops/ka.html#PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE"><code class="xref">PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/ka.html#PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE"><code class="xref">PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/ka.html#PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE"><code class="xref">PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/ka.html#PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE"><code class="xref">PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/ka.html#psa_raw_key_agreement"><code class="xref">psa_raw_key_agreement</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/ka.html#psa_raw_key_agreement"><code class="xref">psa_raw_key_agreement</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/attributes.html#psa_reset_key_attributes"><code class="xref">psa_reset_key_attributes</code></a> <em>(function)</em></td><td>
+ <a href="api/keys/attributes.html#psa_reset_key_attributes"><code class="xref">psa_reset_key_attributes</code></a></td><td>
<em></em></td></tr>
<tr class="pcap"><td></td><td> </td><td></td></tr>
<tr class="cap" id="cap-PSA_S"><td></td><td>
@@ -1639,62 +1705,62 @@
<tr>
<td></td>
<td>
- <a href="api/ops/sign.html#PSA_SIGNATURE_MAX_SIZE"><code class="xref">PSA_SIGNATURE_MAX_SIZE</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/sign.html#PSA_SIGNATURE_MAX_SIZE"><code class="xref">PSA_SIGNATURE_MAX_SIZE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/sign.html#PSA_SIGN_OUTPUT_SIZE"><code class="xref">PSA_SIGN_OUTPUT_SIZE</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/sign.html#PSA_SIGN_OUTPUT_SIZE"><code class="xref">PSA_SIGN_OUTPUT_SIZE</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/library/status.html#PSA_SUCCESS"><code class="xref">PSA_SUCCESS</code></a> <em>(macro)</em></td><td>
+ <a href="api/library/status.html#PSA_SUCCESS"><code class="xref">PSA_SUCCESS</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/algorithms.html#psa_set_key_algorithm"><code class="xref">psa_set_key_algorithm</code></a> <em>(function)</em></td><td>
+ <a href="api/keys/policy.html#psa_set_key_algorithm"><code class="xref">psa_set_key_algorithm</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/types.html#psa_set_key_bits"><code class="xref">psa_set_key_bits</code></a> <em>(function)</em></td><td>
+ <a href="api/keys/types.html#psa_set_key_bits"><code class="xref">psa_set_key_bits</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/locations.html#psa_set_key_id"><code class="xref">psa_set_key_id</code></a> <em>(function)</em></td><td>
+ <a href="api/keys/ids.html#psa_set_key_id"><code class="xref">psa_set_key_id</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/locations.html#psa_set_key_lifetime"><code class="xref">psa_set_key_lifetime</code></a> <em>(function)</em></td><td>
+ <a href="api/keys/lifetimes.html#psa_set_key_lifetime"><code class="xref">psa_set_key_lifetime</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/types.html#psa_set_key_type"><code class="xref">psa_set_key_type</code></a> <em>(function)</em></td><td>
+ <a href="api/keys/types.html#psa_set_key_type"><code class="xref">psa_set_key_type</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/keys/usage.html#psa_set_key_usage_flags"><code class="xref">psa_set_key_usage_flags</code></a> <em>(function)</em></td><td>
+ <a href="api/keys/policy.html#psa_set_key_usage_flags"><code class="xref">psa_set_key_usage_flags</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/sign.html#psa_sign_hash"><code class="xref">psa_sign_hash</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/sign.html#psa_sign_hash"><code class="xref">psa_sign_hash</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/sign.html#psa_sign_message"><code class="xref">psa_sign_message</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/sign.html#psa_sign_message"><code class="xref">psa_sign_message</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/library/status.html#psa_status_t"><code class="xref">psa_status_t</code></a> <em>(type)</em></td><td>
+ <a href="api/library/status.html#psa_status_t"><code class="xref">psa_status_t</code></a></td><td>
<em></em></td></tr>
<tr class="pcap"><td></td><td> </td><td></td></tr>
<tr class="cap" id="cap-PSA_T"><td></td><td>
@@ -1702,7 +1768,7 @@
<tr>
<td></td>
<td>
- <a href="api/ops/kdf.html#PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE"><code class="xref">PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE</code></a> <em>(macro)</em></td><td>
+ <a href="api/ops/kdf.html#PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE"><code class="xref">PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE</code></a></td><td>
<em></em></td></tr>
<tr class="pcap"><td></td><td> </td><td></td></tr>
<tr class="cap" id="cap-PSA_V"><td></td><td>
@@ -1710,12 +1776,12 @@
<tr>
<td></td>
<td>
- <a href="api/ops/sign.html#psa_verify_hash"><code class="xref">psa_verify_hash</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/sign.html#psa_verify_hash"><code class="xref">psa_verify_hash</code></a></td><td>
<em></em></td></tr>
<tr>
<td></td>
<td>
- <a href="api/ops/sign.html#psa_verify_message"><code class="xref">psa_verify_message</code></a> <em>(function)</em></td><td>
+ <a href="api/ops/sign.html#psa_verify_message"><code class="xref">psa_verify_message</code></a></td><td>
<em></em></td></tr>
</table>
@@ -1724,13 +1790,34 @@
</div>
</div>
<div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper"><div class="relations">
-<h3>Related Topics</h3>
+ <div class="sphinxsidebarwrapper"><h3><a href="index.html"><b>PSA Crypto API</b></a></h3>
+IHI 0086<br/>
+Non-confidential<br/>
+Version 1.0.1
+<span style="color: red; font-weight: bold;"></span>
<ul>
- <li><a href="index.html">Documentation overview</a><ul>
- </ul></li>
+<li class="toctree-l1"><a class="reference internal" href="about.html">About this document</a></li>
</ul>
-</div>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="overview/intro.html">1. Introduction</a></li>
+<li class="toctree-l1"><a class="reference internal" href="overview/goals.html">2. Design goals</a></li>
+<li class="toctree-l1"><a class="reference internal" href="overview/functionality.html">3. Functionality overview</a></li>
+<li class="toctree-l1"><a class="reference internal" href="overview/sample-arch.html">4. Sample architectures</a></li>
+<li class="toctree-l1"><a class="reference internal" href="overview/conventions.html">5. Library conventions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="overview/implementation.html">6. Implementation considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="overview/usage.html">7. Usage considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="api/library/index.html">8. Library management reference</a></li>
+<li class="toctree-l1"><a class="reference internal" href="api/keys/index.html">9. Key management reference</a></li>
+<li class="toctree-l1"><a class="reference internal" href="api/ops/index.html">10. Cryptographic operation reference</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="appendix/example_header.html">Example header file</a></li>
+<li class="toctree-l1"><a class="reference internal" href="appendix/specdef_values.html">Example macro implementations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="appendix/history.html">Changes to the API</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="#">Index of API elements</a></li>
+</ul>
<div id="searchbox" style="display: none" role="search">
<h3>Quick search</h3>
<form class="search" action="search.html" method="get">
@@ -1746,7 +1833,7 @@
<div class="clearer"></div>
</div>
<div class="footer">
- © 2019-2020, Arm Limited or its affiliates. All rights reserved.
+ © 2018-2020, Arm Limited or its affiliates. All rights reserved.
|
Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
diff --git a/docs/html/search.html b/docs/html/search.html
index 9d9d60c..4fa149a 100644
--- a/docs/html/search.html
+++ b/docs/html/search.html
@@ -5,16 +5,16 @@
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>Search — PSA Crypto API 1.0.0 documentation</title>
+ <title>Search — PSA Crypto API 1.0.1 documentation</title>
<link rel="stylesheet" href="_static/alabaster.css" type="text/css" />
<link rel="stylesheet" href="_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: './',
- VERSION: '1.0.0',
+ VERSION: '1.0.1',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
- HAS_SOURCE: true,
+ HAS_SOURCE: false,
SOURCELINK_SUFFIX: '.txt'
};
</script>
@@ -22,6 +22,7 @@
<script type="text/javascript" src="_static/underscore.js"></script>
<script type="text/javascript" src="_static/doctools.js"></script>
<script type="text/javascript" src="_static/searchtools.js"></script>
+ <link rel="author" title="About these documents" href="about.html" />
<link rel="index" title="Index" href="genindex.html" />
<link rel="search" title="Search" href="#" />
<script type="text/javascript">
@@ -73,19 +74,40 @@
</div>
</div>
<div class="sphinxsidebar" role="navigation" aria-label="main navigation">
- <div class="sphinxsidebarwrapper"><div class="relations">
-<h3>Related Topics</h3>
+ <div class="sphinxsidebarwrapper"><h3><a href="index.html"><b>PSA Crypto API</b></a></h3>
+IHI 0086<br/>
+Non-confidential<br/>
+Version 1.0.1
+<span style="color: red; font-weight: bold;"></span>
<ul>
- <li><a href="index.html">Documentation overview</a><ul>
- </ul></li>
+<li class="toctree-l1"><a class="reference internal" href="about.html">About this document</a></li>
</ul>
-</div>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="overview/intro.html">1. Introduction</a></li>
+<li class="toctree-l1"><a class="reference internal" href="overview/goals.html">2. Design goals</a></li>
+<li class="toctree-l1"><a class="reference internal" href="overview/functionality.html">3. Functionality overview</a></li>
+<li class="toctree-l1"><a class="reference internal" href="overview/sample-arch.html">4. Sample architectures</a></li>
+<li class="toctree-l1"><a class="reference internal" href="overview/conventions.html">5. Library conventions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="overview/implementation.html">6. Implementation considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="overview/usage.html">7. Usage considerations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="api/library/index.html">8. Library management reference</a></li>
+<li class="toctree-l1"><a class="reference internal" href="api/keys/index.html">9. Key management reference</a></li>
+<li class="toctree-l1"><a class="reference internal" href="api/ops/index.html">10. Cryptographic operation reference</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="appendix/example_header.html">Example header file</a></li>
+<li class="toctree-l1"><a class="reference internal" href="appendix/specdef_values.html">Example macro implementations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="appendix/history.html">Changes to the API</a></li>
+</ul>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="psa_c-identifiers.html">Index of API elements</a></li>
+</ul>
</div>
</div>
<div class="clearer"></div>
</div>
<div class="footer">
- © 2019-2020, Arm Limited or its affiliates. All rights reserved.
+ © 2018-2020, Arm Limited or its affiliates. All rights reserved.
|
Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.7</a>
diff --git a/docs/html/searchindex.js b/docs/html/searchindex.js
index 674386f..47bbd19 100644
--- a/docs/html/searchindex.js
+++ b/docs/html/searchindex.js
@@ -1 +1 @@
-Search.setIndex({docnames:["api/keys/algorithms","api/keys/attributes","api/keys/index","api/keys/locations","api/keys/management","api/keys/types","api/keys/usage","api/library/index","api/library/library","api/library/status","api/ops/aead","api/ops/ciphers","api/ops/hashes","api/ops/index","api/ops/ka","api/ops/kdf","api/ops/macs","api/ops/pke","api/ops/rng","api/ops/sign","appendix/example_header","appendix/history","appendix/specdef_values","index","overview/conventions","overview/functionality","overview/goals","overview/implementation","overview/intro","overview/sample-arch","overview/usage"],envversion:53,filenames:["api/keys/algorithms.rst","api/keys/attributes.rst","api/keys/index.rst","api/keys/locations.rst","api/keys/management.rst","api/keys/types.rst","api/keys/usage.rst","api/library/index.rst","api/library/library.rst","api/library/status.rst","api/ops/aead.rst","api/ops/ciphers.rst","api/ops/hashes.rst","api/ops/index.rst","api/ops/ka.rst","api/ops/kdf.rst","api/ops/macs.rst","api/ops/pke.rst","api/ops/rng.rst","api/ops/sign.rst","appendix/example_header.rst","appendix/history.rst","appendix/specdef_values.rst","index.rst","overview/conventions.rst","overview/functionality.rst","overview/goals.rst","overview/implementation.rst","overview/intro.rst","overview/sample-arch.rst","overview/usage.rst"],objects:{"":{PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE:[10,0,1,"c.PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE"],PSA_AEAD_DECRYPT_OUTPUT_SIZE:[10,0,1,"c.PSA_AEAD_DECRYPT_OUTPUT_SIZE"],PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE:[10,0,1,"c.PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE"],PSA_AEAD_ENCRYPT_OUTPUT_SIZE:[10,0,1,"c.PSA_AEAD_ENCRYPT_OUTPUT_SIZE"],PSA_AEAD_FINISH_OUTPUT_MAX_SIZE:[10,0,1,"c.PSA_AEAD_FINISH_OUTPUT_MAX_SIZE"],PSA_AEAD_FINISH_OUTPUT_SIZE:[10,0,1,"c.PSA_AEAD_FINISH_OUTPUT_SIZE"],PSA_AEAD_NONCE_LENGTH:[10,0,1,"c.PSA_AEAD_NONCE_LENGTH"],PSA_AEAD_NONCE_MAX_SIZE:[10,0,1,"c.PSA_AEAD_NONCE_MAX_SIZE"],PSA_AEAD_OPERATION_INIT:[10,0,1,"c.PSA_AEAD_OPERATION_INIT"],PSA_AEAD_TAG_LENGTH:[10,0,1,"c.PSA_AEAD_TAG_LENGTH"],PSA_AEAD_TAG_MAX_SIZE:[10,0,1,"c.PSA_AEAD_TAG_MAX_SIZE"],PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE:[10,0,1,"c.PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE"],PSA_AEAD_UPDATE_OUTPUT_SIZE:[10,0,1,"c.PSA_AEAD_UPDATE_OUTPUT_SIZE"],PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE:[10,0,1,"c.PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE"],PSA_AEAD_VERIFY_OUTPUT_SIZE:[10,0,1,"c.PSA_AEAD_VERIFY_OUTPUT_SIZE"],PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG:[10,0,1,"c.PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG"],PSA_ALG_AEAD_WITH_SHORTENED_TAG:[10,0,1,"c.PSA_ALG_AEAD_WITH_SHORTENED_TAG"],PSA_ALG_ANY_HASH:[19,0,1,"c.PSA_ALG_ANY_HASH"],PSA_ALG_CBC_MAC:[16,0,1,"c.PSA_ALG_CBC_MAC"],PSA_ALG_CBC_NO_PADDING:[11,0,1,"c.PSA_ALG_CBC_NO_PADDING"],PSA_ALG_CBC_PKCS7:[11,0,1,"c.PSA_ALG_CBC_PKCS7"],PSA_ALG_CCM:[10,0,1,"c.PSA_ALG_CCM"],PSA_ALG_CFB:[11,0,1,"c.PSA_ALG_CFB"],PSA_ALG_CHACHA20_POLY1305:[10,0,1,"c.PSA_ALG_CHACHA20_POLY1305"],PSA_ALG_CMAC:[16,0,1,"c.PSA_ALG_CMAC"],PSA_ALG_CTR:[11,0,1,"c.PSA_ALG_CTR"],PSA_ALG_DETERMINISTIC_ECDSA:[19,0,1,"c.PSA_ALG_DETERMINISTIC_ECDSA"],PSA_ALG_ECB_NO_PADDING:[11,0,1,"c.PSA_ALG_ECB_NO_PADDING"],PSA_ALG_ECDH:[14,0,1,"c.PSA_ALG_ECDH"],PSA_ALG_ECDSA:[19,0,1,"c.PSA_ALG_ECDSA"],PSA_ALG_ECDSA_ANY:[19,0,1,"c.PSA_ALG_ECDSA_ANY"],PSA_ALG_FFDH:[14,0,1,"c.PSA_ALG_FFDH"],PSA_ALG_FULL_LENGTH_MAC:[16,0,1,"c.PSA_ALG_FULL_LENGTH_MAC"],PSA_ALG_GCM:[10,0,1,"c.PSA_ALG_GCM"],PSA_ALG_GET_HASH:[0,0,1,"c.PSA_ALG_GET_HASH"],PSA_ALG_HKDF:[15,0,1,"c.PSA_ALG_HKDF"],PSA_ALG_HMAC:[16,0,1,"c.PSA_ALG_HMAC"],PSA_ALG_IS_AEAD:[0,0,1,"c.PSA_ALG_IS_AEAD"],PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER:[10,0,1,"c.PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER"],PSA_ALG_IS_ASYMMETRIC_ENCRYPTION:[0,0,1,"c.PSA_ALG_IS_ASYMMETRIC_ENCRYPTION"],PSA_ALG_IS_BLOCK_CIPHER_MAC:[16,0,1,"c.PSA_ALG_IS_BLOCK_CIPHER_MAC"],PSA_ALG_IS_CIPHER:[0,0,1,"c.PSA_ALG_IS_CIPHER"],PSA_ALG_IS_DETERMINISTIC_ECDSA:[19,0,1,"c.PSA_ALG_IS_DETERMINISTIC_ECDSA"],PSA_ALG_IS_ECDH:[14,0,1,"c.PSA_ALG_IS_ECDH"],PSA_ALG_IS_ECDSA:[19,0,1,"c.PSA_ALG_IS_ECDSA"],PSA_ALG_IS_FFDH:[14,0,1,"c.PSA_ALG_IS_FFDH"],PSA_ALG_IS_HASH:[0,0,1,"c.PSA_ALG_IS_HASH"],PSA_ALG_IS_HASH_AND_SIGN:[19,0,1,"c.PSA_ALG_IS_HASH_AND_SIGN"],PSA_ALG_IS_HKDF:[15,0,1,"c.PSA_ALG_IS_HKDF"],PSA_ALG_IS_HMAC:[16,0,1,"c.PSA_ALG_IS_HMAC"],PSA_ALG_IS_KEY_AGREEMENT:[0,0,1,"c.PSA_ALG_IS_KEY_AGREEMENT"],PSA_ALG_IS_KEY_DERIVATION:[0,0,1,"c.PSA_ALG_IS_KEY_DERIVATION"],PSA_ALG_IS_MAC:[0,0,1,"c.PSA_ALG_IS_MAC"],PSA_ALG_IS_RANDOMIZED_ECDSA:[19,0,1,"c.PSA_ALG_IS_RANDOMIZED_ECDSA"],PSA_ALG_IS_RAW_KEY_AGREEMENT:[14,0,1,"c.PSA_ALG_IS_RAW_KEY_AGREEMENT"],PSA_ALG_IS_RSA_OAEP:[17,0,1,"c.PSA_ALG_IS_RSA_OAEP"],PSA_ALG_IS_RSA_PKCS1V15_SIGN:[19,0,1,"c.PSA_ALG_IS_RSA_PKCS1V15_SIGN"],PSA_ALG_IS_RSA_PSS:[19,0,1,"c.PSA_ALG_IS_RSA_PSS"],PSA_ALG_IS_SIGN:[0,0,1,"c.PSA_ALG_IS_SIGN"],PSA_ALG_IS_SIGN_HASH:[19,0,1,"c.PSA_ALG_IS_SIGN_HASH"],PSA_ALG_IS_SIGN_MESSAGE:[19,0,1,"c.PSA_ALG_IS_SIGN_MESSAGE"],PSA_ALG_IS_STREAM_CIPHER:[11,0,1,"c.PSA_ALG_IS_STREAM_CIPHER"],PSA_ALG_IS_TLS12_PRF:[15,0,1,"c.PSA_ALG_IS_TLS12_PRF"],PSA_ALG_IS_TLS12_PSK_TO_MS:[15,0,1,"c.PSA_ALG_IS_TLS12_PSK_TO_MS"],PSA_ALG_IS_WILDCARD:[0,0,1,"c.PSA_ALG_IS_WILDCARD"],PSA_ALG_KEY_AGREEMENT:[14,0,1,"c.PSA_ALG_KEY_AGREEMENT"],PSA_ALG_KEY_AGREEMENT_GET_BASE:[14,0,1,"c.PSA_ALG_KEY_AGREEMENT_GET_BASE"],PSA_ALG_KEY_AGREEMENT_GET_KDF:[14,0,1,"c.PSA_ALG_KEY_AGREEMENT_GET_KDF"],PSA_ALG_MD2:[12,0,1,"c.PSA_ALG_MD2"],PSA_ALG_MD4:[12,0,1,"c.PSA_ALG_MD4"],PSA_ALG_MD5:[12,0,1,"c.PSA_ALG_MD5"],PSA_ALG_NONE:[0,0,1,"c.PSA_ALG_NONE"],PSA_ALG_OFB:[11,0,1,"c.PSA_ALG_OFB"],PSA_ALG_RIPEMD160:[12,0,1,"c.PSA_ALG_RIPEMD160"],PSA_ALG_RSA_OAEP:[17,0,1,"c.PSA_ALG_RSA_OAEP"],PSA_ALG_RSA_PKCS1V15_CRYPT:[17,0,1,"c.PSA_ALG_RSA_PKCS1V15_CRYPT"],PSA_ALG_RSA_PKCS1V15_SIGN:[19,0,1,"c.PSA_ALG_RSA_PKCS1V15_SIGN"],PSA_ALG_RSA_PKCS1V15_SIGN_RAW:[19,0,1,"c.PSA_ALG_RSA_PKCS1V15_SIGN_RAW"],PSA_ALG_RSA_PSS:[19,0,1,"c.PSA_ALG_RSA_PSS"],PSA_ALG_SHA3_224:[12,0,1,"c.PSA_ALG_SHA3_224"],PSA_ALG_SHA3_256:[12,0,1,"c.PSA_ALG_SHA3_256"],PSA_ALG_SHA3_384:[12,0,1,"c.PSA_ALG_SHA3_384"],PSA_ALG_SHA3_512:[12,0,1,"c.PSA_ALG_SHA3_512"],PSA_ALG_SHA_1:[12,0,1,"c.PSA_ALG_SHA_1"],PSA_ALG_SHA_224:[12,0,1,"c.PSA_ALG_SHA_224"],PSA_ALG_SHA_256:[12,0,1,"c.PSA_ALG_SHA_256"],PSA_ALG_SHA_384:[12,0,1,"c.PSA_ALG_SHA_384"],PSA_ALG_SHA_512:[12,0,1,"c.PSA_ALG_SHA_512"],PSA_ALG_SHA_512_224:[12,0,1,"c.PSA_ALG_SHA_512_224"],PSA_ALG_SHA_512_256:[12,0,1,"c.PSA_ALG_SHA_512_256"],PSA_ALG_STREAM_CIPHER:[11,0,1,"c.PSA_ALG_STREAM_CIPHER"],PSA_ALG_TLS12_PRF:[15,0,1,"c.PSA_ALG_TLS12_PRF"],PSA_ALG_TLS12_PSK_TO_MS:[15,0,1,"c.PSA_ALG_TLS12_PSK_TO_MS"],PSA_ALG_TRUNCATED_MAC:[16,0,1,"c.PSA_ALG_TRUNCATED_MAC"],PSA_ALG_XTS:[11,0,1,"c.PSA_ALG_XTS"],PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE:[17,0,1,"c.PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE"],PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE:[17,0,1,"c.PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE"],PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE:[17,0,1,"c.PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE"],PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE:[17,0,1,"c.PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE"],PSA_BLOCK_CIPHER_BLOCK_LENGTH:[11,0,1,"c.PSA_BLOCK_CIPHER_BLOCK_LENGTH"],PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE:[11,0,1,"c.PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE"],PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE:[11,0,1,"c.PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE"],PSA_CIPHER_DECRYPT_OUTPUT_SIZE:[11,0,1,"c.PSA_CIPHER_DECRYPT_OUTPUT_SIZE"],PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE:[11,0,1,"c.PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE"],PSA_CIPHER_ENCRYPT_OUTPUT_SIZE:[11,0,1,"c.PSA_CIPHER_ENCRYPT_OUTPUT_SIZE"],PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE:[11,0,1,"c.PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE"],PSA_CIPHER_FINISH_OUTPUT_SIZE:[11,0,1,"c.PSA_CIPHER_FINISH_OUTPUT_SIZE"],PSA_CIPHER_IV_LENGTH:[11,0,1,"c.PSA_CIPHER_IV_LENGTH"],PSA_CIPHER_IV_MAX_SIZE:[11,0,1,"c.PSA_CIPHER_IV_MAX_SIZE"],PSA_CIPHER_OPERATION_INIT:[11,0,1,"c.PSA_CIPHER_OPERATION_INIT"],PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE:[11,0,1,"c.PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE"],PSA_CIPHER_UPDATE_OUTPUT_SIZE:[11,0,1,"c.PSA_CIPHER_UPDATE_OUTPUT_SIZE"],PSA_CRYPTO_API_VERSION_MAJOR:[8,0,1,"c.PSA_CRYPTO_API_VERSION_MAJOR"],PSA_CRYPTO_API_VERSION_MINOR:[8,0,1,"c.PSA_CRYPTO_API_VERSION_MINOR"],PSA_DH_FAMILY_RFC7919:[5,0,1,"c.PSA_DH_FAMILY_RFC7919"],PSA_ECC_FAMILY_BRAINPOOL_P_R1:[5,0,1,"c.PSA_ECC_FAMILY_BRAINPOOL_P_R1"],PSA_ECC_FAMILY_FRP:[5,0,1,"c.PSA_ECC_FAMILY_FRP"],PSA_ECC_FAMILY_MONTGOMERY:[5,0,1,"c.PSA_ECC_FAMILY_MONTGOMERY"],PSA_ECC_FAMILY_SECP_K1:[5,0,1,"c.PSA_ECC_FAMILY_SECP_K1"],PSA_ECC_FAMILY_SECP_R1:[5,0,1,"c.PSA_ECC_FAMILY_SECP_R1"],PSA_ECC_FAMILY_SECP_R2:[5,0,1,"c.PSA_ECC_FAMILY_SECP_R2"],PSA_ECC_FAMILY_SECT_K1:[5,0,1,"c.PSA_ECC_FAMILY_SECT_K1"],PSA_ECC_FAMILY_SECT_R1:[5,0,1,"c.PSA_ECC_FAMILY_SECT_R1"],PSA_ECC_FAMILY_SECT_R2:[5,0,1,"c.PSA_ECC_FAMILY_SECT_R2"],PSA_ERROR_ALREADY_EXISTS:[9,0,1,"c.PSA_ERROR_ALREADY_EXISTS"],PSA_ERROR_BAD_STATE:[9,0,1,"c.PSA_ERROR_BAD_STATE"],PSA_ERROR_BUFFER_TOO_SMALL:[9,0,1,"c.PSA_ERROR_BUFFER_TOO_SMALL"],PSA_ERROR_COMMUNICATION_FAILURE:[9,0,1,"c.PSA_ERROR_COMMUNICATION_FAILURE"],PSA_ERROR_CORRUPTION_DETECTED:[9,0,1,"c.PSA_ERROR_CORRUPTION_DETECTED"],PSA_ERROR_DATA_CORRUPT:[9,0,1,"c.PSA_ERROR_DATA_CORRUPT"],PSA_ERROR_DATA_INVALID:[9,0,1,"c.PSA_ERROR_DATA_INVALID"],PSA_ERROR_DOES_NOT_EXIST:[9,0,1,"c.PSA_ERROR_DOES_NOT_EXIST"],PSA_ERROR_GENERIC_ERROR:[9,0,1,"c.PSA_ERROR_GENERIC_ERROR"],PSA_ERROR_HARDWARE_FAILURE:[9,0,1,"c.PSA_ERROR_HARDWARE_FAILURE"],PSA_ERROR_INSUFFICIENT_DATA:[9,0,1,"c.PSA_ERROR_INSUFFICIENT_DATA"],PSA_ERROR_INSUFFICIENT_ENTROPY:[9,0,1,"c.PSA_ERROR_INSUFFICIENT_ENTROPY"],PSA_ERROR_INSUFFICIENT_MEMORY:[9,0,1,"c.PSA_ERROR_INSUFFICIENT_MEMORY"],PSA_ERROR_INSUFFICIENT_STORAGE:[9,0,1,"c.PSA_ERROR_INSUFFICIENT_STORAGE"],PSA_ERROR_INVALID_ARGUMENT:[9,0,1,"c.PSA_ERROR_INVALID_ARGUMENT"],PSA_ERROR_INVALID_HANDLE:[9,0,1,"c.PSA_ERROR_INVALID_HANDLE"],PSA_ERROR_INVALID_PADDING:[9,0,1,"c.PSA_ERROR_INVALID_PADDING"],PSA_ERROR_INVALID_SIGNATURE:[9,0,1,"c.PSA_ERROR_INVALID_SIGNATURE"],PSA_ERROR_NOT_PERMITTED:[9,0,1,"c.PSA_ERROR_NOT_PERMITTED"],PSA_ERROR_NOT_SUPPORTED:[9,0,1,"c.PSA_ERROR_NOT_SUPPORTED"],PSA_ERROR_STORAGE_FAILURE:[9,0,1,"c.PSA_ERROR_STORAGE_FAILURE"],PSA_EXPORT_KEY_OUTPUT_SIZE:[4,0,1,"c.PSA_EXPORT_KEY_OUTPUT_SIZE"],PSA_EXPORT_KEY_PAIR_MAX_SIZE:[4,0,1,"c.PSA_EXPORT_KEY_PAIR_MAX_SIZE"],PSA_EXPORT_PUBLIC_KEY_MAX_SIZE:[4,0,1,"c.PSA_EXPORT_PUBLIC_KEY_MAX_SIZE"],PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE:[4,0,1,"c.PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE"],PSA_HASH_BLOCK_LENGTH:[12,0,1,"c.PSA_HASH_BLOCK_LENGTH"],PSA_HASH_LENGTH:[12,0,1,"c.PSA_HASH_LENGTH"],PSA_HASH_MAX_SIZE:[12,0,1,"c.PSA_HASH_MAX_SIZE"],PSA_HASH_OPERATION_INIT:[12,0,1,"c.PSA_HASH_OPERATION_INIT"],PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH:[12,0,1,"c.PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH"],PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH:[12,0,1,"c.PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH"],PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH:[12,0,1,"c.PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH"],PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE:[12,0,1,"c.PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE"],PSA_HASH_SUSPEND_OUTPUT_SIZE:[12,0,1,"c.PSA_HASH_SUSPEND_OUTPUT_SIZE"],PSA_KEY_ATTRIBUTES_INIT:[1,0,1,"c.PSA_KEY_ATTRIBUTES_INIT"],PSA_KEY_DERIVATION_INPUT_CONTEXT:[15,0,1,"c.PSA_KEY_DERIVATION_INPUT_CONTEXT"],PSA_KEY_DERIVATION_INPUT_INFO:[15,0,1,"c.PSA_KEY_DERIVATION_INPUT_INFO"],PSA_KEY_DERIVATION_INPUT_LABEL:[15,0,1,"c.PSA_KEY_DERIVATION_INPUT_LABEL"],PSA_KEY_DERIVATION_INPUT_SALT:[15,0,1,"c.PSA_KEY_DERIVATION_INPUT_SALT"],PSA_KEY_DERIVATION_INPUT_SECRET:[15,0,1,"c.PSA_KEY_DERIVATION_INPUT_SECRET"],PSA_KEY_DERIVATION_INPUT_SEED:[15,0,1,"c.PSA_KEY_DERIVATION_INPUT_SEED"],PSA_KEY_DERIVATION_OPERATION_INIT:[15,0,1,"c.PSA_KEY_DERIVATION_OPERATION_INIT"],PSA_KEY_DERIVATION_UNLIMITED_CAPACITY:[15,0,1,"c.PSA_KEY_DERIVATION_UNLIMITED_CAPACITY"],PSA_KEY_ID_NULL:[3,0,1,"c.PSA_KEY_ID_NULL"],PSA_KEY_ID_USER_MAX:[3,0,1,"c.PSA_KEY_ID_USER_MAX"],PSA_KEY_ID_USER_MIN:[3,0,1,"c.PSA_KEY_ID_USER_MIN"],PSA_KEY_ID_VENDOR_MAX:[3,0,1,"c.PSA_KEY_ID_VENDOR_MAX"],PSA_KEY_ID_VENDOR_MIN:[3,0,1,"c.PSA_KEY_ID_VENDOR_MIN"],PSA_KEY_LIFETIME_PERSISTENT:[3,0,1,"c.PSA_KEY_LIFETIME_PERSISTENT"],PSA_KEY_LIFETIME_VOLATILE:[3,0,1,"c.PSA_KEY_LIFETIME_VOLATILE"],PSA_KEY_TYPE_AES:[5,0,1,"c.PSA_KEY_TYPE_AES"],PSA_KEY_TYPE_ARC4:[5,0,1,"c.PSA_KEY_TYPE_ARC4"],PSA_KEY_TYPE_CAMELLIA:[5,0,1,"c.PSA_KEY_TYPE_CAMELLIA"],PSA_KEY_TYPE_CHACHA20:[5,0,1,"c.PSA_KEY_TYPE_CHACHA20"],PSA_KEY_TYPE_DERIVE:[5,0,1,"c.PSA_KEY_TYPE_DERIVE"],PSA_KEY_TYPE_DES:[5,0,1,"c.PSA_KEY_TYPE_DES"],PSA_KEY_TYPE_DH_GET_FAMILY:[5,0,1,"c.PSA_KEY_TYPE_DH_GET_FAMILY"],PSA_KEY_TYPE_DH_KEY_PAIR:[5,0,1,"c.PSA_KEY_TYPE_DH_KEY_PAIR"],PSA_KEY_TYPE_DH_PUBLIC_KEY:[5,0,1,"c.PSA_KEY_TYPE_DH_PUBLIC_KEY"],PSA_KEY_TYPE_ECC_GET_FAMILY:[5,0,1,"c.PSA_KEY_TYPE_ECC_GET_FAMILY"],PSA_KEY_TYPE_ECC_KEY_PAIR:[5,0,1,"c.PSA_KEY_TYPE_ECC_KEY_PAIR"],PSA_KEY_TYPE_ECC_PUBLIC_KEY:[5,0,1,"c.PSA_KEY_TYPE_ECC_PUBLIC_KEY"],PSA_KEY_TYPE_HMAC:[5,0,1,"c.PSA_KEY_TYPE_HMAC"],PSA_KEY_TYPE_IS_ASYMMETRIC:[5,0,1,"c.PSA_KEY_TYPE_IS_ASYMMETRIC"],PSA_KEY_TYPE_IS_DH:[5,0,1,"c.PSA_KEY_TYPE_IS_DH"],PSA_KEY_TYPE_IS_DH_KEY_PAIR:[5,0,1,"c.PSA_KEY_TYPE_IS_DH_KEY_PAIR"],PSA_KEY_TYPE_IS_DH_PUBLIC_KEY:[5,0,1,"c.PSA_KEY_TYPE_IS_DH_PUBLIC_KEY"],PSA_KEY_TYPE_IS_ECC:[5,0,1,"c.PSA_KEY_TYPE_IS_ECC"],PSA_KEY_TYPE_IS_ECC_KEY_PAIR:[5,0,1,"c.PSA_KEY_TYPE_IS_ECC_KEY_PAIR"],PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY:[5,0,1,"c.PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY"],PSA_KEY_TYPE_IS_KEY_PAIR:[5,0,1,"c.PSA_KEY_TYPE_IS_KEY_PAIR"],PSA_KEY_TYPE_IS_PUBLIC_KEY:[5,0,1,"c.PSA_KEY_TYPE_IS_PUBLIC_KEY"],PSA_KEY_TYPE_IS_RSA:[5,0,1,"c.PSA_KEY_TYPE_IS_RSA"],PSA_KEY_TYPE_IS_UNSTRUCTURED:[5,0,1,"c.PSA_KEY_TYPE_IS_UNSTRUCTURED"],PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY:[5,0,1,"c.PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY"],PSA_KEY_TYPE_NONE:[5,0,1,"c.PSA_KEY_TYPE_NONE"],PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR:[5,0,1,"c.PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR"],PSA_KEY_TYPE_RAW_DATA:[5,0,1,"c.PSA_KEY_TYPE_RAW_DATA"],PSA_KEY_TYPE_RSA_KEY_PAIR:[5,0,1,"c.PSA_KEY_TYPE_RSA_KEY_PAIR"],PSA_KEY_TYPE_RSA_PUBLIC_KEY:[5,0,1,"c.PSA_KEY_TYPE_RSA_PUBLIC_KEY"],PSA_KEY_USAGE_CACHE:[6,0,1,"c.PSA_KEY_USAGE_CACHE"],PSA_KEY_USAGE_COPY:[6,0,1,"c.PSA_KEY_USAGE_COPY"],PSA_KEY_USAGE_DECRYPT:[6,0,1,"c.PSA_KEY_USAGE_DECRYPT"],PSA_KEY_USAGE_DERIVE:[6,0,1,"c.PSA_KEY_USAGE_DERIVE"],PSA_KEY_USAGE_ENCRYPT:[6,0,1,"c.PSA_KEY_USAGE_ENCRYPT"],PSA_KEY_USAGE_EXPORT:[6,0,1,"c.PSA_KEY_USAGE_EXPORT"],PSA_KEY_USAGE_SIGN_HASH:[6,0,1,"c.PSA_KEY_USAGE_SIGN_HASH"],PSA_KEY_USAGE_SIGN_MESSAGE:[6,0,1,"c.PSA_KEY_USAGE_SIGN_MESSAGE"],PSA_KEY_USAGE_VERIFY_HASH:[6,0,1,"c.PSA_KEY_USAGE_VERIFY_HASH"],PSA_KEY_USAGE_VERIFY_MESSAGE:[6,0,1,"c.PSA_KEY_USAGE_VERIFY_MESSAGE"],PSA_MAC_LENGTH:[16,0,1,"c.PSA_MAC_LENGTH"],PSA_MAC_MAX_SIZE:[16,0,1,"c.PSA_MAC_MAX_SIZE"],PSA_MAC_OPERATION_INIT:[16,0,1,"c.PSA_MAC_OPERATION_INIT"],PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE:[14,0,1,"c.PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE"],PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE:[14,0,1,"c.PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE"],PSA_SIGNATURE_MAX_SIZE:[19,0,1,"c.PSA_SIGNATURE_MAX_SIZE"],PSA_SIGN_OUTPUT_SIZE:[19,0,1,"c.PSA_SIGN_OUTPUT_SIZE"],PSA_SUCCESS:[9,0,1,"c.PSA_SUCCESS"],PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE:[15,0,1,"c.PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE"],psa_aead_abort:[10,1,1,"c.psa_aead_abort"],psa_aead_decrypt:[10,1,1,"c.psa_aead_decrypt"],psa_aead_decrypt_setup:[10,1,1,"c.psa_aead_decrypt_setup"],psa_aead_encrypt:[10,1,1,"c.psa_aead_encrypt"],psa_aead_encrypt_setup:[10,1,1,"c.psa_aead_encrypt_setup"],psa_aead_finish:[10,1,1,"c.psa_aead_finish"],psa_aead_generate_nonce:[10,1,1,"c.psa_aead_generate_nonce"],psa_aead_operation_init:[10,1,1,"c.psa_aead_operation_init"],psa_aead_operation_t:[10,2,1,"c.psa_aead_operation_t"],psa_aead_set_lengths:[10,1,1,"c.psa_aead_set_lengths"],psa_aead_set_nonce:[10,1,1,"c.psa_aead_set_nonce"],psa_aead_update:[10,1,1,"c.psa_aead_update"],psa_aead_update_ad:[10,1,1,"c.psa_aead_update_ad"],psa_aead_verify:[10,1,1,"c.psa_aead_verify"],psa_algorithm_t:[1,2,1,"c.psa_algorithm_t"],psa_asymmetric_decrypt:[17,1,1,"c.psa_asymmetric_decrypt"],psa_asymmetric_encrypt:[17,1,1,"c.psa_asymmetric_encrypt"],psa_cipher_abort:[11,1,1,"c.psa_cipher_abort"],psa_cipher_decrypt:[11,1,1,"c.psa_cipher_decrypt"],psa_cipher_decrypt_setup:[11,1,1,"c.psa_cipher_decrypt_setup"],psa_cipher_encrypt:[11,1,1,"c.psa_cipher_encrypt"],psa_cipher_encrypt_setup:[11,1,1,"c.psa_cipher_encrypt_setup"],psa_cipher_finish:[11,1,1,"c.psa_cipher_finish"],psa_cipher_generate_iv:[11,1,1,"c.psa_cipher_generate_iv"],psa_cipher_operation_init:[11,1,1,"c.psa_cipher_operation_init"],psa_cipher_operation_t:[11,2,1,"c.psa_cipher_operation_t"],psa_cipher_set_iv:[11,1,1,"c.psa_cipher_set_iv"],psa_cipher_update:[11,1,1,"c.psa_cipher_update"],psa_copy_key:[4,1,1,"c.psa_copy_key"],psa_crypto_init:[8,1,1,"c.psa_crypto_init"],psa_destroy_key:[4,1,1,"c.psa_destroy_key"],psa_dh_family_t:[5,2,1,"c.psa_dh_family_t"],psa_ecc_family_t:[5,2,1,"c.psa_ecc_family_t"],psa_export_key:[4,1,1,"c.psa_export_key"],psa_export_public_key:[4,1,1,"c.psa_export_public_key"],psa_generate_key:[4,1,1,"c.psa_generate_key"],psa_generate_random:[18,1,1,"c.psa_generate_random"],psa_get_key_algorithm:[0,1,1,"c.psa_get_key_algorithm"],psa_get_key_attributes:[1,1,1,"c.psa_get_key_attributes"],psa_get_key_bits:[5,1,1,"c.psa_get_key_bits"],psa_get_key_id:[3,1,1,"c.psa_get_key_id"],psa_get_key_lifetime:[3,1,1,"c.psa_get_key_lifetime"],psa_get_key_type:[5,1,1,"c.psa_get_key_type"],psa_get_key_usage_flags:[6,1,1,"c.psa_get_key_usage_flags"],psa_hash_abort:[12,1,1,"c.psa_hash_abort"],psa_hash_clone:[12,1,1,"c.psa_hash_clone"],psa_hash_compare:[12,1,1,"c.psa_hash_compare"],psa_hash_compute:[12,1,1,"c.psa_hash_compute"],psa_hash_finish:[12,1,1,"c.psa_hash_finish"],psa_hash_operation_init:[12,1,1,"c.psa_hash_operation_init"],psa_hash_operation_t:[12,2,1,"c.psa_hash_operation_t"],psa_hash_resume:[12,1,1,"c.psa_hash_resume"],psa_hash_setup:[12,1,1,"c.psa_hash_setup"],psa_hash_suspend:[12,1,1,"c.psa_hash_suspend"],psa_hash_update:[12,1,1,"c.psa_hash_update"],psa_hash_verify:[12,1,1,"c.psa_hash_verify"],psa_import_key:[4,1,1,"c.psa_import_key"],psa_key_attributes_init:[1,1,1,"c.psa_key_attributes_init"],psa_key_attributes_t:[1,2,1,"c.psa_key_attributes_t"],psa_key_derivation_abort:[15,1,1,"c.psa_key_derivation_abort"],psa_key_derivation_get_capacity:[15,1,1,"c.psa_key_derivation_get_capacity"],psa_key_derivation_input_bytes:[15,1,1,"c.psa_key_derivation_input_bytes"],psa_key_derivation_input_key:[15,1,1,"c.psa_key_derivation_input_key"],psa_key_derivation_key_agreement:[14,1,1,"c.psa_key_derivation_key_agreement"],psa_key_derivation_operation_init:[15,1,1,"c.psa_key_derivation_operation_init"],psa_key_derivation_operation_t:[15,2,1,"c.psa_key_derivation_operation_t"],psa_key_derivation_output_bytes:[15,1,1,"c.psa_key_derivation_output_bytes"],psa_key_derivation_output_key:[15,1,1,"c.psa_key_derivation_output_key"],psa_key_derivation_set_capacity:[15,1,1,"c.psa_key_derivation_set_capacity"],psa_key_derivation_setup:[15,1,1,"c.psa_key_derivation_setup"],psa_key_derivation_step_t:[15,2,1,"c.psa_key_derivation_step_t"],psa_key_id_t:[1,2,1,"c.psa_key_id_t"],psa_key_lifetime_t:[1,2,1,"c.psa_key_lifetime_t"],psa_key_type_t:[1,2,1,"c.psa_key_type_t"],psa_key_usage_t:[1,2,1,"c.psa_key_usage_t"],psa_mac_abort:[16,1,1,"c.psa_mac_abort"],psa_mac_compute:[16,1,1,"c.psa_mac_compute"],psa_mac_operation_init:[16,1,1,"c.psa_mac_operation_init"],psa_mac_operation_t:[16,2,1,"c.psa_mac_operation_t"],psa_mac_sign_finish:[16,1,1,"c.psa_mac_sign_finish"],psa_mac_sign_setup:[16,1,1,"c.psa_mac_sign_setup"],psa_mac_update:[16,1,1,"c.psa_mac_update"],psa_mac_verify:[16,1,1,"c.psa_mac_verify"],psa_mac_verify_finish:[16,1,1,"c.psa_mac_verify_finish"],psa_mac_verify_setup:[16,1,1,"c.psa_mac_verify_setup"],psa_purge_key:[4,1,1,"c.psa_purge_key"],psa_raw_key_agreement:[14,1,1,"c.psa_raw_key_agreement"],psa_reset_key_attributes:[1,1,1,"c.psa_reset_key_attributes"],psa_set_key_algorithm:[0,1,1,"c.psa_set_key_algorithm"],psa_set_key_bits:[5,1,1,"c.psa_set_key_bits"],psa_set_key_id:[3,1,1,"c.psa_set_key_id"],psa_set_key_lifetime:[3,1,1,"c.psa_set_key_lifetime"],psa_set_key_type:[5,1,1,"c.psa_set_key_type"],psa_set_key_usage_flags:[6,1,1,"c.psa_set_key_usage_flags"],psa_sign_hash:[19,1,1,"c.psa_sign_hash"],psa_sign_message:[19,1,1,"c.psa_sign_message"],psa_status_t:[9,2,1,"c.psa_status_t"],psa_verify_hash:[19,1,1,"c.psa_verify_hash"],psa_verify_message:[19,1,1,"c.psa_verify_message"]}},objnames:{"0":["c","macro","C macro"],"1":["c","function","C function"],"2":["c","type","C type"]},objtypes:{"0":"c:macro","1":"c:function","2":"c:type"},terms:{"0x04":4,"3de":5,"56a":15,"\u00e9lectroniqu":5,"byte":[4,5,10,11,12,14,15,16,17,18,19,24,25,26,27],"case":[4,9,11,15,16,19,21,23,24,25,27],"const":[0,3,4,5,6,10,11,12,14,15,16,17,19,20,24],"default":[0,1,3,5,6,10,11,24,25],"export":[0,1,2,6,23,25,29],"final":[12,21,25],"fran\u00e7ais":5,"function":[2,7,9,13,21,22,23,24,26,27,28,29,30],"import":[4,19,21,27,28,29],"long":[3,14,25,26,29],"new":[4,5,12,15,21,25],"null":[3,4,17,24],"param\u00e9trag":5,"public":[0,1,4,5,6,14,15,17,19,21,25,29],"return":[0,1,3,4,5,6,8,9,10,11,12,14,15,16,17,18,19,21,23,25,26,27,30],"s\u00e9curit\u00e9":5,"short":[17,19,25,29],"static":[0,1,3,5,6,10,11,12,15,16,24,25,26],"syst\u00e8m":5,"transient":[1,9,25],"true":[4,5,10,11,12,14,15,16,17,19,25],"try":27,"void":[0,1,3,5,6,8,10,11,12,15,16,20,24,30],"while":[1,9,14,24,25,26,28,29,30],AES:[5,11,24],Added:21,DES:[4,5,15],For:[1,4,6,9,10,11,12,14,15,16,17,19,21,24,25,26,27,29,30],IVs:21,Its:4,NOT:18,Such:24,TLS:[15,21,23],That:[14,15,25,30],The:[0,1,3,4,5,6,8,9,10,11,12,14,15,16,17,18,19,21,22,24,25,26,27,28,29],There:[4,9,15,24,25,26,27,29],These:[21,24,25,27,29],Use:[5,11,15,25],Using:[15,24,25],With:19,XTS:11,abil:26,abl:[10,21,24,25,27,29],abort:[10,11,12,14,15,16,24,25,27,30],about:[1,10,11,12,15,16,21,24,25],abov:25,abus:27,acceler:[27,29,30],accept:[10,11,14,15,19,21],access:[3,6,9,11,21,24,25,26,27,28,29,30],accessor:[2,23,25],accident:4,accord:[4,26],accordingli:[15,27],account:[11,27],achiev:[9,27],across:[9,21],act:25,action:[0,1,9,10,24,27],activ:[10,11,12,15,16,25,26],actual:[1,10,11,12,16,17,19,21],ad_length:[10,20],add:[12,15,16,21,25],added:21,addit:[1,4,5,6,9,10,15,23,24,25],addition:24,additional_data:[10,20],additional_data_length:[10,20],adequ:25,administr:5,adversari:10,aead:[0,5,6,11,13,21,23,24],aead_alg:[10,20,22],affect:[10,12,21,24],aforement:26,after:[1,9,10,11,12,15,16,23,24,25,27],again:[4,10,11,12,15,16,25],against:[9,12,16,25,29],agenc:5,agil:26,agreement:[0,6,13,15,21,23,26],aim:9,alarm:9,alg:[0,5,10,11,12,14,15,16,17,19,20,21,22],algorithm:[1,2,4,5,9,13,21,23,25,27,29,30],align:[10,21],all:[1,4,5,6,10,11,12,15,16,20,21,22,24,25,26,27,29,30],alloc:[1,4,10,11,12,16,21,24,25,27],allow:[0,1,4,6,10,11,12,14,15,16,17,19,21,24,25,26,27,28,29,30],almost:[24,25],alreadi:[4,9,15,19,21],also:[1,4,6,9,10,11,12,14,15,16,17,19,21,24,25,26,27,29],altern:[4,19,22,25,27],although:21,altogeth:27,alwai:[1,3,4,6,11,12,14,15,16,21,23,24,25],ambigu:21,among:26,amount:[10,25,26],analys:28,analysi:24,ani:[0,1,3,4,5,6,8,9,10,11,12,14,15,16,17,19,21,24,25,26,27,29,30],anoth:[4,6,9,10,11,12,15,16,24,26,27,29,30],ansi:19,apart:26,api:[6,7,9,11,12,20,22,24,26,27,28,29,30],appear:27,append:10,appendix:[5,20,22,27],appli:[1,4,10,11,19,21,24,25,26],applic:[1,3,4,5,6,8,9,10,11,12,15,16,21,22,23,24,25,26,27,28,30],approach:[0,3,5,6,25],appropri:[4,10,11,12,14,15,16,17,19,24,25],arbitrari:[5,15,25],arc4:[5,11],architectur:[9,23,28],area:[3,25,26],argument:[0,3,4,5,6,9,11,14,15,17,19,21,24,27],arm:[27,28,29],around:[6,24],arrai:[5,12,24,26],ask:9,aspect:23,assembl:25,asset:26,assign:[1,10,11,12,15,16,25],associ:[0,4,11,12,13,14,15,16,23,24,25,27],assum:[24,27],assumpt:[1,10,11,12,15,16,23,24],asymmetr:[0,4,5,6,13,21,23,24],atom:24,attack:[9,12,16,23],attempt:[4,9,15,21,24],attest:23,attribut:[2,4,14,15,16,19,20,21,23,25],authent:[0,6,9,11,12,13,21,23,26,29],author:[24,27],automat:[1,6,25],auxiliari:1,avail:[9,25,27],avoid:[21,24,26,27,30],awar:24,back:[6,24],backend:[26,27],bad:27,base:[1,4,5,10,11,15,16,19,26,27,28,29],becaus:[4,12,15,16,24,25],becom:[5,10,11,12,15,16,27],been:[1,4,8,9,10,11,12,14,15,16,17,18,19,21,24,25,26],befor:[1,8,9,10,11,12,15,16,19,21,24,25,27],behav:24,behavior:[1,4,6,8,9,10,11,12,14,15,16,17,19,21,23,25,30],being:[4,10,11,12,15,21,24,25,26],below:24,benefit:15,bernstein:5,best:[4,10,12,16,26,28],beta:23,between:[4,9,10,12,16,23,26,27,29,30],bewar:16,beyond:[1,4,11,26],bias:[14,25],big:[4,12,14,15,19],binari:[4,5,14],bit:[1,4,5,10,11,12,14,15,16,17,19,20,21,24,25,27],bitfield:1,bitmask:[24,25],bitwis:[1,4,11,25],block:[1,5,10,11,12,15,16,21,24,26,30],bluetooth:26,bodi:27,book:11,boot:23,both:[4,5,21,24,25,26,28],bound:[10,25],boundari:[10,15,25,26,29],brainpool:5,brainpoolp160r1:5,brainpoolp192r1:5,brainpoolp224r1:5,brainpoolp256r1:5,brainpoolp320r1:5,brainpoolp384r1:5,brainpoolp512r1:5,branch:27,breach:9,breakdown:9,broken:24,buffer:[4,9,10,11,12,14,15,16,17,18,19,21,23,27,30],buffer_length:4,buffer_s:4,build:[10,11,14,15,16,19,24],built:[0,11,19,26],burnt:29,bypass:[12,16],c89:21,c99:[21,27],cach:[6,21,25,27],cacheabl:25,calcul:[1,5,6,9,10,12,15,16,19,21,24,25,26],call:[0,1,3,4,5,6,8,9,10,11,12,14,15,16,19,21,23,25,26,27,29,30],caller:[15,18,24,25,26,27,29],calloc:25,camellia:5,can:[0,1,3,4,5,6,9,10,11,12,14,15,16,17,18,19,20,21,22,24,25,26,27,29,30],candid:15,cannot:[0,4,5,9,11,15,24,25,26,29,30],capabl:[21,29],capac:[15,20,24,25],care:[9,24],carefulli:[9,24,29,30],carri:[9,24,27],categori:[1,2,21,23,24,27],caus:[4,9,21,25,27,30],cbc:[11,16],ccm:[10,25],ceil:[4,14,15],certain:[9,21,27,29,30],certif:28,cfb:11,chacha20:[5,10,11],chacha20_poly1305:[5,10],chain:[11,14],chang:[1,15,23,24,25],channel:[26,27],characterist:25,check:[9,18,21,23,25,29],checksum:12,chip:[26,29],choic:[10,11,23,24],choos:[1,3,25,26],chosen:[3,4,10,11],chunk:25,cipher:[0,1,5,10,13,16,21,23,24,25],ciphersuit:15,ciphertext:[10,11,17,20,25],ciphertext_length:[10,20],ciphertext_s:[10,20],circumst:[11,26],clarif:21,clarifi:21,clariti:21,clean:[15,23,27],cleanup:23,clear:[1,24,25,27,30],clearli:4,client:[21,23,27],clienthello:15,clone:[12,25],close:27,cmac:16,code:[1,4,7,10,11,12,13,14,15,17,18,19,21,22,23,24,26,27,29],collect:25,collector:25,combin:[4,9,13,17,19,23,25,29],comment:[21,27],common:[4,21,25,27,30],commonli:[25,26],commun:[4,9,24,26,29,30],compact:1,companion:[26,27,28],compar:[12,16,25],comparison:[10,12,16],compat:[9,10,11,14,15,16,17,19,21,27],compil:[4,11,12,14,16,19,24,27],complement:21,complet:[1,9,15,21,24,25,27],complex:27,complianc:15,compliant:28,compon:[9,10,14,25,26,28],compos:29,composit:0,compris:[1,5],compromis:[4,9,25,27,29,30],comput:[4,9,10,11,12,14,15,16,21,22,25,27,29],concaten:[4,10,11,12,15,16,19],concept:21,conceptu:25,concern:[6,24],concurr:[21,23,25],condit:[4,21,24,25],confidenti:[1,9,10,11,21,24,25,27],configur:25,conflict:24,conform:[4,29],connect:26,consequ:[9,15,26],consequenti:26,conserv:[4,27],consid:[1,9,16,21,24,26,27],consider:[4,23,28,29],consist:[4,10,11,16,19,21,25,28,29],constant:[4,10,11,12,14,16,19,24,27],constrain:[23,25,27,28],constraint:[4,15,21,24,26,30],construct:[5,10,11,14,15,16,21,25],consum:[10,15],consumpt:27,contain:[1,4,5,10,11,12,14,16,19,21,24,25],content:[1,4,10,11,12,15,16,18,24,26,27,30],context:[15,24,27,30],continu:[15,21],control:[12,16,21,24,25,27],convei:[6,24],convent:23,convers:27,convert:[21,27],coordin:14,copi:[1,4,6,10,12,21,24,25,27,29],copyabl:25,corner:21,correct:[4,9,10,11,12,15,16,21,22,29],correctli:[4,24],correspond:[1,3,4,5,9,10,12,14,15,16,17,19,24,25,26,27,29],corrupt:[4,9,24,30],could:[9,10,12,16,29],counter:[11,25],countermeasur:9,courb:5,creat:[1,4,5,6,15,19,21,24,25,26],creation:[1,2,3,21,23,25],credenti:23,cross:21,crypto:[7,12,21,23,24,26,27,28,29],cryptograph:[0,1,4,5,9,11,14,15,21,23,24,25,26,28],cryptographi:[4,5,15,17,19,21,26,27,28,30],cryptoprocessor:[4,6,9,23,24,25,26,27],csprng:25,ctr:11,current:[1,3,4,9,12,15,19,21,24,27,30],curv:[2,4,14,15,19,20,21,22,23],curve25519:[4,5,14,15],curve448:[4,5,14,15],custom:[15,26],cyrpto:21,d_a:14,d_b:14,danger:26,data:[0,1,4,5,9,11,12,13,14,15,16,18,20,21,23,24,25,26,27,29,30],data_length:[4,15,20],data_s:[4,20],date:21,dbrg:15,debug:24,declar:[0,1,3,4,5,6,10,11,12,15,16,21],decreas:15,decrypt:[5,6,9,10,11,14,17,23],defend:29,defin:[0,1,3,4,5,6,8,9,10,11,12,14,15,16,17,19,20,21,22,24,25,26,27,28,29,30],definit:[12,21,22,25,27,28],delai:10,delet:27,deliveri:25,deni:9,depend:[1,4,9,10,11,12,14,15,16,17,18,19,24,25,27],deploi:26,deprec:[5,12],der:4,derefer:24,deriv:[0,1,5,6,13,21,23,24,27,29],des:5,describ:[1,4,10,11,12,15,16,21,24,25,27,28,29],descript:[0,1,3,4,5,6,8,9,10,11,12,14,15,16,17,18,19,21,22,24,25,26,27,28],design:[3,15,23,25,27,28,29],desir:[1,10,15,16,25,27],destroi:[1,3,4,21,24,25,27,30],destruct:[2,23,25],detail:[6,10,15,19,21,25,28,30],detect:[9,23,24],detector:9,determin:[4,5,9,10,11,12,14,15,16,17,19,21,24,25,26],determinist:[15,19,25],dev:21,develop:[24,26],devic:[3,23,25,28,29],dh_famili:15,diagnos:25,did:24,differ:[1,4,11,12,15,16,19,21,24,25,26,27,29,30],diffi:[2,4,14,15,21,23,25],difficult:25,digest:[13,23,26],digestinfo:19,digit:[15,19],direct:[11,15,24,25,26],directli:[4,14,25],discard:15,disclosur:27,discoveri:21,discret:15,dispatch:29,distinct:25,distinguish:[9,10,21],divid:[1,5,25],document:[1,4,6,10,11,12,14,15,16,23,24,25,26,27,28],doe:[0,1,3,4,5,6,9,10,11,12,14,15,16,17,19,21,22,24,25,26,27,28,29],doesn:9,domain:[5,15,27],done:[15,19],down:[9,24],draft:21,draw:15,drawn:15,driver:27,dss:15,due:[4,8,10,11,12,25,30],duplic:25,dure:[9,24,25,26,27,29,30],dynam:[26,27],each:[0,1,3,4,5,6,10,11,12,15,16,19,20,21,22,24,25,26,27,29],eas:[23,24],easi:25,easier:1,easiest:25,ecb:[11,21],ecc:[5,15,21],ecc_famili:15,ecdh:14,ecdsa:19,eci:21,ecpoint:4,ecprivatekei:4,ed448:5,eddsa:21,edit:21,effect:[4,10,11,12,14,16,17,19,25,27],effici:[0,3,4,5,6],effort:[4,10,12,16],either:[0,4,5,8,9,10,11,12,14,15,16,17,19,24,25,26,30],electron:11,element:[4,6,20,21,25,27,29],ellipt:[2,4,14,15,19,21,23],elliptiqu:5,elsewher:5,emiss:27,empti:15,enabl:[21,25,26],encod:[0,1,4,5,6,9,12,15,19,21,24,25,29],encompass:5,encourag:[8,11,24,27,30],encrypt:[0,4,5,6,9,11,13,21,23,24,26,29],end:[10,16,25],endian:[4,12,14,15,19],enforc:[6,10,26],enough:[4,9,12,15,24],ensur:[4,6,9,10,12,16,21,25,26,27,29],enter:[9,10,11,12,14,15,16,25],enterpris:26,entir:29,entri:[1,9],entropi:[9,25,30],enumer:[9,24],environ:[21,24,26,27,30],equal:[4,15,19],equival:[1,4,12,14,15,29],eras:[3,4],erron:4,error:[1,4,6,7,8,10,11,12,14,15,16,17,18,19,21,23,25],essenti:[4,9,25,27],establish:[15,26],etc:[9,25],europ:5,evalu:[0,3,4,5,6,10,11,12,14,16,17,19,21,28],even:[4,9,15,24,27,29,30],event:[10,11,12,24],eventu:[10,11,12,16],everi:25,exact:[4,10,16,19,27],exactli:[0,3,5,6,15,19,24,27],exampl:[0,1,3,4,8,9,10,11,12,14,15,16,19,21,23,24,27,29],except:[1,3,10,11,12,15,16,24,25,26,29],exchang:[4,21,26],exclud:19,exclus:24,execut:[9,24,27,29,30],exhaust:[25,26,29],exist:[1,3,9,21,25],expand:[4,12,14,15,16,19,25,29],expans:[15,25],expect:[1,10,11,12,16,24,25,27],explain:24,explicit:[1,10,11,12,15,16,25],explicitli:[3,9,24,25,26],exploit:27,expon:4,expos:[15,25,26],express:[11,12,25,27],extend:[15,22],extens:[3,26],extent:26,extern:[0,3,5,6,9,27],extra:4,extract:[4,5,12,14,15,21,25,26,29],extrem:11,f_p:14,f_q:4,facilit:26,fact:10,factori:[3,23],fail:[4,9,10,11,12,14,17,18,19,24,25,27,30],failur:[1,4,9,10,11,12,14,15,16,17,18,19,21,24,25,26,30],fals:14,famili:[4,5,12,14,15,16,21,24,28],far:[10,24],fashion:25,favor:24,featur:[21,25],feb:21,feedback:11,few:[24,30],fewer:10,field:[0,1,4,5,12,14,15,19,26],file:[21,23,26,27],fill:[12,21],fine:25,finish:[10,11,12,16,24,25,27,30],finit:[14,15,25],fip:15,firmwar:[26,28],first:[1,12,15,16,19,21,24,25,26],fit:[19,25],flag:[0,1,2,4,10,11,14,15,16,17,19,23,24,25],flaw:27,flow:[21,26],follow:[0,1,3,4,5,6,9,10,11,12,14,15,16,19,21,24,25,27],foo:24,foo_length:24,foo_siz:24,forbidden:[9,15],forc:15,forcibl:9,form:[0,3,5,6,10,11,12,15,16,19,21,26],formal:21,format:[4,9,11,12,14,21,25,26],forward:15,four:25,fragment:[10,11,12,16,25],franc:5,free:[1,4,10,11,12,15,16,24,26],freedom:[26,27],freeli:[1,25],freshli:1,friendli:[26,28],from:[0,1,3,4,5,6,9,10,11,12,14,15,16,19,21,24,25,26,27,29,30],frontend:26,frp256v1:[5,21],full:[1,9,11,14,16,24],fulli:27,further:[9,21,24,26],furthermor:10,futur:[1,5,11,15,22,23,24,25,27],garbag:25,gcm:[10,24],gener:[1,4,8,9,10,11,13,15,17,19,21,23,24,26,28,30],get:[0,1,14],give:[3,25,26,27],given:[1,3,4,10,11,12,14,15,21,26,30],glitch:27,global:[1,9,10,11,12,15,16,25],goal:[9,23,29],goldilock:5,good:25,greater:15,group:[5,20,21,22],guarante:[3,4,8,9,10,11,12,14,17,19,21,24,25,27,29,30],guess:[12,16,27],had:[8,24],half:21,halt:[12,21,24],hamburg:5,handl:[4,9,21,23,25],handle_error:4,handshak:15,happen:[9,24],harder:26,hardwar:[9,23,25,28,29,30],has:[1,3,4,6,9,10,11,12,14,15,16,17,18,19,21,24,25,26,27,28,29],hash:[0,5,6,9,13,15,16,17,19,20,21,23,24,26],hash_alg:[12,15,16,17,19,20,22],hash_length:[12,19,20],hash_siz:[12,20],hash_stat:[12,20],hash_state_length:[12,20],hash_state_s:[12,20],have:[1,4,5,6,8,9,10,11,12,14,15,16,17,19,21,22,24,25,26,27,29,30],header:[21,23,27],heap:[25,30],hellman:[2,4,14,15,21,23,25],here:[4,9,10,11,12,15,16,22,25],high:[25,27,28,29],higher:26,highest:24,highli:[1,25],hint:[6,27],histori:23,hkdf:15,hmac:[5,12,15,16],hold:[9,29],holist:28,host:9,how:[0,4,12,15,19,24,27],howev:[4,9,15,24,25,26,29,30],hsm:29,hybrid:21,iana:21,ident:[12,15,16,26,29],identif:[17,26],identifi:[0,1,2,4,5,9,10,11,12,14,15,16,17,19,21,23,24,26,27,28],ids:21,illeg:21,illustr:4,immedi:27,impact:[27,30],implement:[1,4,8,9,10,11,12,14,15,16,17,18,19,20,21,23,24,25,26,28,29,30],implic:8,imposs:[1,4,9,21,24],improp:8,improv:21,inact:[10,11,12,15,16,25,27],includ:[1,4,5,11,12,14,15,19,21,24,25,26,27,28,29,30],incompat:[4,10,11],incorrect:9,increas:21,independ:[11,12,21,27,28,29],index:23,indic:[1,3,4,9,10,14,17,21,23,24,25,26,27],indirect:[1,23],indirectli:[25,26],individu:[1,15,19,24],industri:28,ineffici:27,inescap:26,info:15,inform:[1,5,12,15,16,23,24,25],initi:[1,4,5,7,9,10,11,12,14,15,16,17,18,19,23,25],inlin:[0,3,5,6],input:[0,3,4,5,6,10,11,12,13,14,16,17,19,20,21,22,23,25,27,30],input_length:[10,11,12,16,17,19,20],insecur:[16,26],insid:[6,9,26,27,29],inspect:21,instanc:[24,26],instanti:[24,27],instead:[0,3,5,6,9,10,11,12,14,15,16,18,21,25,28],insuffici:[9,10,11,12,24],int32_t:[9,20],integ:[4,12,14,15,16,19,21,24,27],integr:[9,11,12,16,24,25,26],intend:[9,21,24],interchang:26,interfac:[6,11,14,21,23,24,25,28,29],intermedi:[9,12,21,25,26],intern:[9,12,21,24,25,26,29],interoper:26,interpret:[4,14,15],interrupt:[24,27],introduc:21,introduct:23,invalid:[0,1,3,4,5,9,10,24,25,26,27],involv:[12,25,26,29],iot:26,isol:[15,23,25,27,29],issu:[24,25,26],item:9,its:[0,1,3,4,5,6,9,10,11,14,15,17,19,21,24,25,29],itself:[1,9,10,11,12,15,16],iv_length:[11,20],iv_siz:[11,20],jan:21,just:6,ka_alg:[14,20,22],kdf:21,kdf_alg:[14,20,22],keep:[6,9,24,27,30],kei:[0,9,10,11,13,16,17,18,19,20,21,23,26,28,30],kept:[15,26,29],kernel:24,key_bit:[4,5,10,14,16,17,19,20],key_typ:[4,10,11,14,16,17,19,20],keystor:[5,9,23,29,30],kind:[6,25],known:[25,26,27],koblitz:5,label:[15,17],lack:[8,26,30],land:24,languag:26,larg:[10,11,12,16,25],larger:[9,15,16,26,27,29],last:[1,9,10,24],later:12,latest:27,latter:15,layer:29,lead:4,leak:[12,16,21,24,25,26,27,29,30],leakag:30,least:[4,10,11,12,15,16,21,29],leav:[24,27],led:9,left:[5,19],legaci:[5,11,12,25,26],length:[4,5,10,11,12,15,16,19,21,24,25],less:[10,15],level:[25,26,28,29],librari:[1,4,10,11,12,14,15,16,17,18,19,23,26],lie:27,lifetim:[1,2,4,6,20,21,23,25,29],like:[0,3,5,6,22,27],limit:[24,25,26,27],link:26,linkag:[0,3,5,6],list:[0,1,5,9,10,11,12,16,21,26,29],literatur:27,littl:[4,12,14,29],lnc:5,load:27,local:25,locat:[1,2,4,6,9,10,15,21,23,24,25,26,27],log:[9,24],log_2:14,logarithm:15,logic:[1,10,11,12,15,16,25,29,30],longer:[1,9,15,21,25,27,30],look:27,loss:9,low:[26,28],lowest:24,mac:[0,4,5,6,9,13,20,23,24],mac_alg:[16,20,22],mac_length:[16,20,22],mac_siz:[16,20],machin:26,macro:[2,7,13,21,23,24,25],made:[19,21],mai:21,main:[25,29],maintain:[25,27],mainten:6,major:[8,21,26],make:[1,3,4,6,9,10,11,12,14,15,16,17,19,21,24,26,27],malici:[10,29],malloc:4,manag:[6,11,21,23,24,26,29],mandat:21,mandatori:[9,15,25,28],mani:[1,9,16,21,25],manipul:27,manner:[24,26],manufactur:29,map:[21,27],marker:1,mask:19,master:[15,25,26],mastersecret:15,match:[4,11,12,25,27],materi:[1,3,4,6,14,15,19,21,23,25,26,28,29],maximum:[3,4,10,11,12,14,15,16,17,19,21,24],mbed:21,md2:12,md4:12,md5:12,mean:[1,10,11,12,14,15,16,24,25,26,27,29],meant:25,mechan:[3,19,21,26,27],media:9,meet:26,memcmp:[12,16],memori:[1,4,6,9,10,21,23,24,25,26,29],memset:[1,10,11,12,15,16],mention:24,mere:[3,9],merg:21,messag:[6,10,11,13,14,17,19,21,23,26],metadata:[1,4,15,21,25],method:[10,11,12,15,16,21,25,27],mgf1:[17,19],microcontrol:26,middl:15,might:[1,4,6,8,9,10,11,12,14,15,16,17,19,24,25,26,27,29,30],mind:9,minim:[4,27,30],minimum:[3,11,16,23,27,28,29],minor:[8,21],mistak:26,misus:[26,27],mod:4,mode:[1,10,11,16,21,24,25],model:[28,29],modern:28,modif:21,modifi:[1,9,15,19,24,30],modul:8,modular:[25,26],modulu:4,montgomeri:[5,14,15],more:[1,6,8,10,11,12,15,16,21,25,26,27,29,30],most:[14,16,19,21,24,25,26,27,30],move:25,much:[15,24],multi:[4,5,9,13,19,21,23,24,26,27],multipl:[1,4,9,10,11,14,17,19,24,25,26,27,29],multiprocess:26,multistep:21,multitask:24,multithread:[24,30],must:[0,1,3,4,5,6,8,9,10,11,12,14,15,16,17,18,19,20,21,24,25,26,27,28,29,30],mutual:29,name:[1,17,19,20,21,25],namespac:27,narrow:11,national:5,natur:21,necessari:[21,26],need:[1,9,10,11,12,15,16,21,22,24,25,26,27,29,30],neg:9,neither:4,network:23,never:[21,24,29],newer:[11,25],newli:[1,4,15],next:[15,24,27],nfc:26,nist:[5,15],non:[0,1,4,5,6,10,11,12,14,15,16,17,19,21,24,25,27,29,30],nonc:[5,9,10,11,20,21,25],nonce_length:[10,20],nonce_s:[10,20],none:9,nonzero:4,nor:[4,26],norm:29,normal:[9,15,24,30],note:[9,15,17,19,24,25],noth:4,novemb:5,now:[1,9,21,24,25],number:[4,8,10,11,12,13,14,15,16,17,19,21,23,24,25,26,27,29,30],oaep:17,obei:[24,27,30],object:[0,1,3,4,5,6,10,11,12,14,15,16,21,23,24,25,30],observ:[9,10,24],obsolet:21,obtain:[15,24,25,27],obviou:21,occur:[4,9,10,11,12,15,16,25,27,30],octet:[15,19,27],ofb:11,offer:[3,9,29],offset:24,often:[24,25,26],omit:[15,25],onc:[0,1,3,5,6,8,10,11,12,15,16,24,25,26],one:[1,4,5,9,10,11,12,14,16,19,21,24,25,26,27,29,30],ones:[26,29],ongo:[4,6,12,15,27],onli:[0,1,3,4,5,9,10,11,12,15,16,19,21,24,25,26,27,30],onward:15,opaqu:28,open:[27,28],oper:[0,4,5,6,8,9,14,15,17,19,20,21,23,24,26,27,28,29,30],opposit:24,optim:[24,26],option:[1,4,5,10,15,17,21,23,25,27],oracl:10,order:[1,4,12,14,15,16,19,24,25],origin:[1,4,5,10,24,25],other:[1,3,4,5,6,8,9,10,11,12,13,14,15,19,21,23,24,25,26,29,30],otherwis:[0,6,9,10,11,14,15,16,17,19,24,30],out:[9,10,24,27],outcom:24,output:[1,4,9,10,11,12,14,15,16,17,18,20,21,23,25,30],output_length:[10,11,14,15,17,20],output_s:[10,11,14,17,18,20],outsid:[1,4,6,15,25,26,27],over:[4,5,14,16,19,24,25,26,27],overal:27,overflow:10,overlap:23,overview:[23,28],overwrit:[0,5,6],own:[3,25],owner:27,ownership:21,pad:[1,9,11,14,15,19,21,25],pair:[4,5,6,15,17,19,23,25,29],paradigm:19,paramet:[0,1,3,4,5,6,9,10,11,12,14,15,16,17,18,19,21,23,25,26,27,29,30],parameter:21,parametr:[19,24],pariti:[4,15,21],part:[4,5,6,9,13,14,19,21,23,24,26,27,28],parti:[4,25],partial:[12,24,25,27],particular:[0,1,4,9,10,11,12,15,16,24,26,27],particularli:27,partit:[23,26],pass:[3,4,9,10,11,12,14,15,16,17,19,21,24,25,27,30],passeport:5,past:[27,30],pattern:[1,21,25,27],peer:[14,25],peer_kei:[14,20],peer_key_length:[14,20],per:[10,11,12,16,19],perform:[0,3,5,8,9,10,12,14,16,19,24,25,26,27,29],period:30,perman:[1,9,25],permiss:[6,24],permit:[0,1,3,4,6,8,9,10,11,14,15,16,17,19,21,24,25,26,27],persist:[1,3,4,9,15,23,27,29,30],person:15,phase:25,philosophi:23,physic:[4,26,29],pkc:[4,11,17,19],pkcs1:19,place:[1,10,27],plain:[6,9],plaintext:[10,11,20,25],plaintext_length:[10,20,21],plaintext_s:[10,20],plan:[23,26],platform:[23,24,28,29],pleas:27,plu:29,point:[14,15,19,20,24],pointer:[1,21,23],polici:[0,1,2,4,5,9,15,16,19,21,23,26,27],poly1305:[5,10],popul:[4,25,26],port:23,portabl:[1,4,10,11,12,14,15,16,17,19,27],possibl:[9,11,15,24,26,27,29],potenti:[21,24,29],power:[1,3,27],practic:[25,28],pre:[1,15,25,26,27],preced:[10,11,12,16],precis:[9,26,27],predefin:27,predict:27,prefer:11,prepar:[3,25],presenc:6,present:[4,6,9,26,29],preserv:[1,6],prevent:[24,26],previou:[1,10,21,24,29],previous:[0,1,4,5,6,9,10,11,12,14,15,16,17,18,19,21,25],prf:15,primari:29,primarili:[4,5],prime:[4,5,14,15],primit:[26,28],privat:[4,5,6,14,15,17,19,25,26],private_kei:[4,14,20],privatekei:4,privileg:21,prng:9,probabilist:4,procedur:29,process:[10,11,12,15,25,26,27,29,30],processor:[23,26,30],produc:[14,15,17,19,25],product:4,profil:[23,28],programm:29,progress:[24,25],proper:11,properli:24,proprietari:[6,25],protect:[9,11,25,26,27],protocol:[5,9,10,11,12,25,26],prototyp:21,prove:26,provid:[0,3,4,5,6,10,11,12,14,15,17,19,20,21,22,24,25,26,27,28,29],provis:[23,25,29],psa:[5,7,12,21,24,26,27,28,29],psa__alg_aead_with_default_tag_length__cas:21,psa_abort_xxx:24,psa_aead_abort:[13,20,25],psa_aead_decrypt:[6,13,20,25],psa_aead_decrypt_output_max_s:[13,20,21],psa_aead_decrypt_output_s:[13,20,21],psa_aead_decrypt_setup:[6,13,20,25],psa_aead_encrypt:[6,13,20,25],psa_aead_encrypt_output_max_s:[13,20,21],psa_aead_encrypt_output_s:[13,20,21],psa_aead_encrypt_setup:[6,13,20,25],psa_aead_finish:[13,20,25],psa_aead_finish_output_max_s:[13,20,21],psa_aead_finish_output_s:[13,20,21],psa_aead_generate_nonc:[13,20,25],psa_aead_nonce_length:[13,20,21],psa_aead_nonce_max_s:[13,20,21],psa_aead_operation_init:[13,20,25],psa_aead_operation_t:[13,20,25],psa_aead_set_length:[13,20,25],psa_aead_set_nonc:[13,20,25],psa_aead_tag_length:[13,20,21],psa_aead_tag_length_offset:21,psa_aead_tag_max_s:[13,20,21],psa_aead_upd:[13,20,21,25],psa_aead_update_ad:[13,20,25],psa_aead_update_output_max_s:[13,20,21],psa_aead_update_output_s:[13,20,21],psa_aead_verifi:[13,20,25],psa_aead_verify_output_max_s:[13,20,21],psa_aead_verify_output_s:[13,20,21],psa_alg_aead_from_block_flag:21,psa_alg_aead_tag_length_mask:21,psa_alg_aead_with_default_length_tag:[13,20,21,22],psa_alg_aead_with_default_tag_length:21,psa_alg_aead_with_shortened_tag:[13,20,21,22],psa_alg_aead_with_tag_length:21,psa_alg_any_hash:[0,13,20,21],psa_alg_arc4:21,psa_alg_category_aead:21,psa_alg_category_asymmetric_encrypt:21,psa_alg_category_ciph:21,psa_alg_category_hash:21,psa_alg_category_key_agr:21,psa_alg_category_key_deriv:21,psa_alg_category_mac:21,psa_alg_category_mask:21,psa_alg_category_sign:21,psa_alg_cbc_mac:[13,20,21],psa_alg_cbc_no_pad:[13,20,21],psa_alg_cbc_pkcs7:[13,20,21],psa_alg_ccm:[13,20,21,22],psa_alg_cfb:[13,20,21],psa_alg_chacha20:21,psa_alg_chacha20_poly1305:[13,20,21,22],psa_alg_cipher_from_block_flag:21,psa_alg_cipher_mac_bas:21,psa_alg_cipher_stream_flag:21,psa_alg_cmac:[13,20,21],psa_alg_ctr:[13,20,21],psa_alg_deterministic_ecdsa:[13,20,21,22],psa_alg_deterministic_ecdsa_bas:21,psa_alg_ecb_no_pad:[13,20,21],psa_alg_ecdh:[5,13,20,21],psa_alg_ecdsa:[0,13,20,21,22],psa_alg_ecdsa_ani:[13,20,21,22],psa_alg_ecdsa_bas:21,psa_alg_ecdsa_is_determinist:21,psa_alg_ffdh:[13,20,21],psa_alg_full_length_mac:[13,20,21,22],psa_alg_gcm:[13,20,21,22,24],psa_alg_get_hash:[2,19,20,21,22,25],psa_alg_gmac:21,psa_alg_hash_ani:22,psa_alg_hash_mask:21,psa_alg_hkdf:[0,13,20,21,22,25],psa_alg_hkdf_bas:21,psa_alg_hkdf_get_hash:21,psa_alg_hmac:[0,12,13,20,21,22],psa_alg_hmac_bas:21,psa_alg_hmac_get_hash:21,psa_alg_is_aead:[2,10,20,21,22],psa_alg_is_aead_on_block_ciph:[13,20,21,22],psa_alg_is_asymmetric_encrypt:[2,20,21,22],psa_alg_is_block_cipher_mac:[13,20,21,22],psa_alg_is_ciph:[2,11,20,21,22],psa_alg_is_deterministic_ecdsa:[13,20,21,22],psa_alg_is_ecdh:[13,20,21,22],psa_alg_is_ecdsa:[13,20,21,22],psa_alg_is_ffdh:[13,20,21,22],psa_alg_is_hash:[2,12,15,16,17,19,20,21,22],psa_alg_is_hash_and_sign:[13,20,21,22],psa_alg_is_hkdf:[13,20,21,22],psa_alg_is_hmac:[13,20,21,22],psa_alg_is_key_agr:[2,14,20,21,22],psa_alg_is_key_deriv:[2,14,15,20,21,22],psa_alg_is_key_derivation_or_agr:21,psa_alg_is_key_select:21,psa_alg_is_mac:[2,16,20,21,22],psa_alg_is_randomized_ecdsa:[13,20,21,22],psa_alg_is_raw_key_agr:[13,20,21,22],psa_alg_is_rsa_oaep:[13,20,21,22],psa_alg_is_rsa_pkcs1v15_sign:[0,13,20,21,22],psa_alg_is_rsa_pss:[13,20,21,22],psa_alg_is_sign:[2,20,21,22],psa_alg_is_sign_hash:[13,20,21,22],psa_alg_is_sign_messag:[13,20,21,22],psa_alg_is_stream_ciph:[13,20,21,22],psa_alg_is_tls12_prf:[13,20,21,22],psa_alg_is_tls12_psk_to_m:[13,20,21,22],psa_alg_is_vendor_defin:21,psa_alg_is_wildcard:[2,19,20,21,22],psa_alg_key_agr:[13,20,21,22],psa_alg_key_agreement_get_bas:[13,20,21,22],psa_alg_key_agreement_get_kdf:[13,20,21,22],psa_alg_key_agreement_mask:21,psa_alg_key_derivation_mask:21,psa_alg_mac_subcategory_mask:21,psa_alg_mac_truncation_mask:21,psa_alg_md2:[13,20,21,22],psa_alg_md4:[13,20,21,22],psa_alg_md5:[13,20,21,22],psa_alg_non:[1,2,20,22],psa_alg_ofb:[13,20,21],psa_alg_ripemd160:[13,20,21,22],psa_alg_rsa_oaep:[0,13,20,21,22],psa_alg_rsa_oaep_bas:21,psa_alg_rsa_oaep_get_hash:21,psa_alg_rsa_pkcs1v15_crypt:[13,20,21],psa_alg_rsa_pkcs1v15_sign:[13,20,21,22],psa_alg_rsa_pkcs1v15_sign_bas:21,psa_alg_rsa_pkcs1v15_sign_raw:[13,20,21,22],psa_alg_rsa_pss:[0,13,20,21,22],psa_alg_rsa_pss_bas:21,psa_alg_sha3_224:[13,20,21],psa_alg_sha3_256:[13,19,20,21],psa_alg_sha3_384:[13,20,21],psa_alg_sha3_512:[13,20,21],psa_alg_sha_1:[13,20,21,22],psa_alg_sha_224:[13,20,21,22],psa_alg_sha_256:[13,15,16,19,20,21,22],psa_alg_sha_384:[13,20,21,22],psa_alg_sha_512:[13,19,20,21,22],psa_alg_sha_512_224:[13,20,21],psa_alg_sha_512_256:[13,20,21,22],psa_alg_sign_get_hash:21,psa_alg_stream_ciph:[5,13,20,21],psa_alg_tls12_prf:[0,13,20,21,22],psa_alg_tls12_prf_bas:21,psa_alg_tls12_prf_get_hash:21,psa_alg_tls12_psk_to_m:[0,13,20,21,22],psa_alg_tls12_psk_to_ms_bas:21,psa_alg_tls12_psk_to_ms_get_hash:21,psa_alg_tls12_psk_to_ms_max_psk_len:21,psa_alg_truncated_mac:[13,20,21,22],psa_alg_vendor_flag:21,psa_alg_xt:[13,20,21],psa_alg_xxx:[10,11,12,14,15,16,17,19,21],psa_alg_xxxx_get_hash:21,psa_algorithm_t:[0,2,10,11,12,14,15,16,17,19,20,21,22,24],psa_asymmetric_decrypt:[6,13,20,25],psa_asymmetric_decrypt_output_max_s:[13,20,21],psa_asymmetric_decrypt_output_s:[13,20],psa_asymmetric_encrypt:[6,13,20,25],psa_asymmetric_encrypt_output_max_s:[13,20,21],psa_asymmetric_encrypt_output_s:[13,20],psa_asymmetric_sign:21,psa_asymmetric_sign_output_s:21,psa_asymmetric_signature_max_s:21,psa_asymmetric_verifi:21,psa_bits_to_byt:21,psa_block_cipher_block_length:[13,20,21,22],psa_block_cipher_block_max_s:[13,20,21],psa_block_cipher_block_s:21,psa_bytes_to_bit:21,psa_cipher_abort:[13,20,25],psa_cipher_decrypt:[6,13,20,21,25],psa_cipher_decrypt_output_max_s:[13,20,21],psa_cipher_decrypt_output_s:[13,20,21],psa_cipher_decrypt_setup:[6,13,20,25],psa_cipher_encrypt:[6,13,20,21,25],psa_cipher_encrypt_output_max_s:[13,20,21],psa_cipher_encrypt_output_s:[13,20,21],psa_cipher_encrypt_setup:[6,13,20,25],psa_cipher_finish:[13,20,25],psa_cipher_finish_output_max_s:[13,20,21],psa_cipher_finish_output_s:[13,20,21],psa_cipher_generate_iv:[5,13,20,25],psa_cipher_iv_length:[13,20,21],psa_cipher_iv_max_s:[13,20,21],psa_cipher_operation_init:[13,20,25],psa_cipher_operation_t:[13,20,25],psa_cipher_set_iv:[5,13,20,21,25],psa_cipher_upd:[13,20,21,25],psa_cipher_update_output_max_s:[13,20,21],psa_cipher_update_output_s:[13,20,21],psa_close_kei:21,psa_copy_kei:[1,2,3,6,20,21,25],psa_create_kei:21,psa_crypto_api_version_major:[7,20,21],psa_crypto_api_version_minor:[7,20,21],psa_crypto_generator_init:21,psa_crypto_generator_t:21,psa_crypto_init:[1,4,7,9,10,11,12,14,15,16,17,18,19,20,25,30],psa_destroy_kei:[2,3,20,21,25],psa_dh_family_rfc7919:[2,20,21],psa_dh_family_t:[2,20,21,22],psa_dh_group_ffdhe2048:21,psa_dh_group_ffdhe3072:21,psa_dh_group_ffdhe4096:21,psa_dh_group_ffdhe6144:21,psa_dh_group_ffdhe8192:21,psa_dh_group_t:21,psa_ecc_curve_bit:21,psa_ecc_curve_brainpool_p256r1:21,psa_ecc_curve_brainpool_p384r1:21,psa_ecc_curve_brainpool_p512r1:21,psa_ecc_curve_curve25519:21,psa_ecc_curve_curve448:21,psa_ecc_curve_secp160k1:21,psa_ecc_curve_secp160r1:21,psa_ecc_curve_secp160r2:21,psa_ecc_curve_secp192k1:21,psa_ecc_curve_secp192r1:21,psa_ecc_curve_secp224k1:21,psa_ecc_curve_secp224r1:21,psa_ecc_curve_secp256k1:21,psa_ecc_curve_secp256r1:21,psa_ecc_curve_secp384r1:21,psa_ecc_curve_secp521r1:21,psa_ecc_curve_sect163k1:21,psa_ecc_curve_sect163r1:21,psa_ecc_curve_sect163r2:21,psa_ecc_curve_sect193r1:21,psa_ecc_curve_sect193r2:21,psa_ecc_curve_sect233k1:21,psa_ecc_curve_sect233r1:21,psa_ecc_curve_sect239k1:21,psa_ecc_curve_sect283k1:21,psa_ecc_curve_sect283r1:21,psa_ecc_curve_sect409k1:21,psa_ecc_curve_sect409r1:21,psa_ecc_curve_sect571k1:21,psa_ecc_curve_sect571r1:21,psa_ecc_curve_t:21,psa_ecc_family_brainpool_p_r1:[2,4,14,20,21],psa_ecc_family_frp:[2,4,14,20,21],psa_ecc_family_montgomeri:[2,4,14,15,20,21],psa_ecc_family_secp_k1:[2,20,21],psa_ecc_family_secp_r1:[2,20,21],psa_ecc_family_secp_r2:[2,20,21],psa_ecc_family_secp_xx:[4,14],psa_ecc_family_sect_k1:[2,20,21],psa_ecc_family_sect_r1:[2,20,21],psa_ecc_family_sect_r2:[2,20,21],psa_ecc_family_sect_xx:[4,14],psa_ecc_family_t:[2,20,21,22],psa_ecdsa_signature_s:21,psa_error_already_exist:[4,7,15,20,21],psa_error_bad_st:[1,4,7,8,10,11,12,14,15,16,17,18,19,20,24,25],psa_error_buffer_too_smal:[4,7,10,11,12,14,16,17,19,20,24],psa_error_communication_failur:[1,4,7,8,10,11,12,14,15,16,17,18,19,20,24],psa_error_corruption_detect:[1,4,7,8,10,11,12,14,15,16,17,18,19,20,21,24,25],psa_error_data_corrupt:[1,4,7,10,11,14,15,16,17,19,20,21,24],psa_error_data_invalid:[1,4,7,10,11,14,15,16,17,19,20,21],psa_error_does_not_exist:[7,20,21],psa_error_empty_slot:21,psa_error_generic_error:[7,20,21],psa_error_hardware_failur:[4,7,8,10,11,12,14,15,16,17,18,19,20,24],psa_error_insufficient_capac:21,psa_error_insufficient_data:[7,15,20,21,24],psa_error_insufficient_entropi:[4,7,8,17,18,19,20],psa_error_insufficient_memori:[1,4,7,8,10,11,12,14,15,16,17,18,19,20,27],psa_error_insufficient_storag:[4,7,15,20],psa_error_invalid_argu:[4,7,10,11,12,14,15,16,17,19,20],psa_error_invalid_handl:[1,4,7,10,11,14,15,16,17,19,20,25],psa_error_invalid_pad:[7,11,17,20],psa_error_invalid_signatur:[7,10,12,16,19,20],psa_error_not_permit:[4,7,10,11,14,15,16,17,19,20],psa_error_not_support:[4,7,10,11,12,14,15,16,17,18,19,20],psa_error_occupied_slot:21,psa_error_storage_failur:[1,4,7,10,11,14,15,16,17,19,20,21,24],psa_error_tampering_detect:21,psa_error_unknown_error:21,psa_error_xxx:9,psa_export_kei:[2,6,15,20,25],psa_export_key_output_s:[2,20,21],psa_export_key_pair_max_s:[2,20,21],psa_export_public_kei:[2,14,20,25],psa_export_public_key_max_s:[2,20,21],psa_export_public_key_output_s:[2,20,21],psa_generate_derived_kei:21,psa_generate_kei:[1,2,3,18,20,21,25],psa_generate_random:[11,13,20,25],psa_generator_abort:21,psa_generator_import_kei:21,psa_generator_read:21,psa_generator_unbridled_capac:21,psa_get_generator_capac:21,psa_get_key_algorithm:[2,20],psa_get_key_attribut:[2,4,20,21,25],psa_get_key_bit:[2,4,20],psa_get_key_id:[2,20],psa_get_key_inform:21,psa_get_key_lifetim:[2,20],psa_get_key_typ:[2,4,20],psa_get_key_usage_flag:[2,20],psa_get_key_xxx:[1,25],psa_hash_abort:[13,20,25],psa_hash_block_length:[13,20,21,22],psa_hash_clon:[13,20,25],psa_hash_compar:[13,20,25],psa_hash_comput:[13,19,20,25],psa_hash_finish:[13,20,25],psa_hash_length:[5,13,20,21],psa_hash_max_s:[13,20],psa_hash_operation_init:[13,20,25],psa_hash_operation_t:[13,20,25],psa_hash_resum:[13,20,21,25],psa_hash_s:21,psa_hash_setup:[13,20,25],psa_hash_suspend:[13,20,21,25],psa_hash_suspend_algorithm_field_length:[13,20,21,22],psa_hash_suspend_hash_state_field_length:[13,20,21,22],psa_hash_suspend_input_length_field_length:[13,20,21,22],psa_hash_suspend_output_max_s:[13,20,21],psa_hash_suspend_output_s:[13,20,21,22],psa_hash_upd:[13,20,25],psa_hash_verifi:[13,20,25],psa_hmac_max_hash_block_s:21,psa_import_kei:[1,2,3,14,15,20,21,25],psa_kdf_step_xxx:21,psa_key_agr:21,psa_key_agreement_raw_shared_secret:21,psa_key_attributes_init:[2,4,20],psa_key_attributes_t:[0,2,3,4,5,6,15,20,21,25],psa_key_derivation_abort:[13,14,20,21,25],psa_key_derivation_get_capac:[13,20,21],psa_key_derivation_input_byt:[13,20,21,25],psa_key_derivation_input_context:[13,20,21],psa_key_derivation_input_info:[13,20,25],psa_key_derivation_input_kei:[6,13,20,21,25],psa_key_derivation_input_label:[13,20],psa_key_derivation_input_salt:[13,20],psa_key_derivation_input_se:[13,20],psa_key_derivation_input_secret:[13,20,25],psa_key_derivation_input_xxx:[15,21],psa_key_derivation_key_agr:[6,13,15,20,21,25],psa_key_derivation_operation_init:[13,20,21,25],psa_key_derivation_operation_t:[13,14,20,21,25],psa_key_derivation_output_byt:[13,20,21,25],psa_key_derivation_output_kei:[1,3,13,20,21,25],psa_key_derivation_set_capac:[13,20,21,25],psa_key_derivation_setup:[13,14,20,25],psa_key_derivation_step_t:[13,14,20],psa_key_derivation_unlimited_capac:[13,20,21],psa_key_export_asn1_integer_max_s:21,psa_key_export_dsa_key_pair_max_s:21,psa_key_export_dsa_public_key_max_s:21,psa_key_export_ecc_key_pair_max_s:21,psa_key_export_ecc_public_key_max_s:21,psa_key_export_max_s:21,psa_key_export_rsa_key_pair_max_s:21,psa_key_export_rsa_public_key_max_s:21,psa_key_handle_t:21,psa_key_id_nul:[1,2,4,15,20,21,25],psa_key_id_t:[2,3,4,10,11,14,15,16,17,19,20,21,25],psa_key_id_user_max:[1,2,20,25],psa_key_id_user_min:[1,2,20,25],psa_key_id_vendor_max:[1,2,20,25],psa_key_id_vendor_min:[1,2,20,25],psa_key_lifetime_persist:[2,4,6,20,25],psa_key_lifetime_t:[2,3,20],psa_key_lifetime_volatil:[1,2,4,6,20,25],psa_key_policy_t:21,psa_key_type_a:[2,11,15,20,21,24],psa_key_type_arc4:[2,11,15,20,21],psa_key_type_camellia:[2,15,20,21],psa_key_type_category_flag_pair:21,psa_key_type_category_key_pair:21,psa_key_type_category_mask:21,psa_key_type_category_public_kei:21,psa_key_type_category_raw:21,psa_key_type_category_symmetr:21,psa_key_type_chacha20:[2,11,20,21],psa_key_type_d:[2,15,20,21],psa_key_type_der:[2,15,20,21],psa_key_type_dh_get_famili:[2,20,21,22],psa_key_type_dh_group_mask:21,psa_key_type_dh_key_pair:[2,15,20,21,22],psa_key_type_dh_key_pair_bas:21,psa_key_type_dh_public_kei:[2,20,21,22],psa_key_type_dh_public_key_bas:21,psa_key_type_ecc_curve_mask:21,psa_key_type_ecc_get_famili:[2,20,21,22],psa_key_type_ecc_key_pair:[2,15,20,21,22],psa_key_type_ecc_key_pair_bas:21,psa_key_type_ecc_public_kei:[2,20,21,22],psa_key_type_ecc_public_key_bas:21,psa_key_type_get_curv:21,psa_key_type_get_group:21,psa_key_type_hmac:[2,15,20,21],psa_key_type_is_asymmetr:[2,20,21,22],psa_key_type_is_dh:[2,20,21,22],psa_key_type_is_dh_key_pair:[2,4,20,21,22],psa_key_type_is_dh_public_kei:[2,4,20,21,22],psa_key_type_is_ecc:[2,20,21,22],psa_key_type_is_ecc_key_pair:[2,4,20,21,22],psa_key_type_is_ecc_public_kei:[2,4,20,21,22],psa_key_type_is_key_pair:[2,20,21,22],psa_key_type_is_public_kei:[2,4,20,21,22],psa_key_type_is_rsa:[2,20,21,22],psa_key_type_is_unstructur:[2,20,21,22],psa_key_type_is_vendor_defin:21,psa_key_type_key_pair_of_public_kei:[2,20,21,22],psa_key_type_non:[1,2,20,21],psa_key_type_public_key_of_key_pair:[2,4,20,21,22],psa_key_type_raw_data:[2,15,20,21],psa_key_type_rsa_key_pair:[2,4,15,20,21],psa_key_type_rsa_public_kei:[2,4,20,21],psa_key_type_t:[2,4,5,11,20,21,22,24],psa_key_type_vendor_flag:21,psa_key_usage_cach:[2,4,20,21,25,27],psa_key_usage_copi:[2,4,20,25],psa_key_usage_decrypt:[2,10,11,17,20],psa_key_usage_der:[2,14,15,20,21],psa_key_usage_encrypt:[2,10,11,17,20,25],psa_key_usage_export:[2,4,20,25],psa_key_usage_sign:21,psa_key_usage_sign_hash:[2,19,20,21],psa_key_usage_sign_messag:[2,16,19,20,21,25],psa_key_usage_t:[2,6,20,25],psa_key_usage_verifi:21,psa_key_usage_verify_hash:[2,19,20,21],psa_key_usage_verify_messag:[2,16,19,20,21],psa_mac_abort:[13,20,25],psa_mac_comput:[6,13,20,25],psa_mac_final_s:[16,21],psa_mac_length:[13,20,21],psa_mac_max_s:[13,20],psa_mac_operation_init:[13,20,25],psa_mac_operation_t:[13,20,25],psa_mac_sign_finish:[13,20,25],psa_mac_sign_setup:[6,13,20,25],psa_mac_truncated_length:21,psa_mac_truncation_offset:21,psa_mac_upd:[13,20,25],psa_mac_verifi:[6,13,20,25],psa_mac_verify_finish:[13,20,25],psa_mac_verify_setup:[6,13,20,25],psa_max_block_cipher_block_s:21,psa_open_kei:21,psa_purge_kei:[2,6,20,21,25,27],psa_raw_key_agr:[6,13,20,21,25],psa_raw_key_agreement_output_max_s:[13,20,21],psa_raw_key_agreement_output_s:[13,20,21],psa_reset_key_attribut:[2,4,20],psa_round_up_to_multipl:21,psa_rsa_minimum_padding_s:21,psa_set_generator_capac:21,psa_set_key_algorithm:[1,2,19,20],psa_set_key_bit:[1,2,20],psa_set_key_id:[1,2,20],psa_set_key_lifetim:[1,2,20],psa_set_key_polici:21,psa_set_key_typ:[1,2,20],psa_set_key_usage_flag:[1,2,19,20],psa_set_key_xxx:1,psa_sign_hash:[6,13,20,21,25],psa_sign_messag:[6,13,20,21,25],psa_sign_output_s:[13,20,21],psa_signature_max_s:[13,20,21],psa_status_t:[1,4,7,8,10,11,12,14,15,16,17,18,19,20,24,30],psa_success:[1,3,4,7,8,10,11,12,14,15,16,17,18,19,20,21,24,25],psa_tls12_psk_to_ms_psk_max_s:[13,20,21],psa_vendor_ecc_max_curve_bit:21,psa_vendor_rsa_max_key_bit:21,psa_verify_hash:[6,13,20,21,25],psa_verify_messag:[6,13,20,21,25],psa_xxx_abort:[21,25],psa_xxx_init:25,psa_xxx_key_pair:21,psa_xxx_keypair:21,psa_xxx_signatur:19,psa_xxx_siz:9,pseudo:[22,25,27],pseudorandom:[9,15,25],psk:[15,21],pss:19,publish:21,pure:15,purg:4,purpos:[4,6,9,15,16,25,26,29],put:25,q_a:14,q_b:14,qualiti:[24,25],queri:[0,1,3,4,5,6,15,25],quot:15,radio:27,rais:25,ram:25,random:[1,5,8,9,10,11,13,15,19,23,24,26,30],randomli:4,rang:[1,5,15,21,25,26,27],rate:25,rather:[9,26],rational:[27,28],raw:[4,5,14,19],rc4:5,reach:[24,25],read:[1,4,6,9,14,15,21,24,25,30],readabl:[9,24],reader:30,readi:14,realiz:29,realloc:21,realm:9,reason:[9,29],reassign:21,receiv:[9,24,26],recip:28,recod:21,recogn:[9,10,11,12,16],recommend:[1,4,5,9,10,11,12,14,15,16,19,23,24],record:5,recov:[4,10,16,25],recover:4,reduc:[15,26,27],refer:[1,4,6,9,10,12,15,16,20,21,23,24,25,28,30],referenc:21,refurbish:3,regard:21,regardless:[4,6],registri:21,regul:25,reject:[4,10,15],relat:[1,21,26,27],relax:21,releas:[23,25],relev:27,reli:27,reload:27,remain:[3,9,10,11,15,16,25],remot:29,remov:[4,6,21,25,29],renam:21,reorgan:21,repeat:[6,15],replac:[21,22],report:[1,6,9,10,21,24],repres:[1,15,19,26,27],represent:[1,4,19,22,26],request:[6,9,10,11,14,15,16,17,19,24,27,29],requir:[0,1,3,4,5,6,9,10,11,12,14,15,16,17,19,21,23,25,26,28,30],research:26,reseed:[9,30],reserv:[1,5,25],reset:[1,3,10,11,12,15,16,21,25],resid:26,resist:23,resort:9,resourc:[1,4,9,10,11,12,15,16,21,23,25,28,30],respect:[1,10,11,16,17,19,24,27],rest:[10,12],restart:[1,25],restrict:[4,6,15,25,27],restructur:21,result:[1,4,9,10,11,12,14,15,16,17,18,19,21,22,24,25,26,27],resum:[12,21,25],retain:[12,25,26,29],retent:25,retriev:[0,1,3,5,6,15,16,21,25],reus:[10,11,12,15,16,21,25,27],reveal:[9,25],rewound:25,rfc:[4,5,10,11,15,17,19,25],ripemd:12,risk:[4,24,26,27],riski:[12,16],robust:27,roll:24,rsa:[2,4,17,19,23],rsae:17,rsaprivatekei:4,rsapublickei:4,rsassa:19,rule:[10,21,27],run:[26,29,30],runtim:[4,9],safe:[9,10,11,12,16,23,24,25],safeti:9,said:1,salt:[15,17,19,20],salt_length:[17,20],same:[4,5,6,10,12,14,16,19,21,24,25,26,27,29,30],sampl:23,save:[4,15],scalabl:26,scalar:4,schedul:15,scheme:[0,15,17,19,28],scope:26,search:23,sec:[4,5],secp160r2:5,secp192k1:5,secp192r1:5,secp224k1:5,secp224r1:5,secp256k1:5,secp256r1:5,secp384r1:5,secp521r1:5,secret:[4,5,14,15,19,21,25,27,29],sect163k1:5,sect163r1:5,sect163r2:5,sect233k1:5,sect233r1:5,sect239k1:5,sect283k1:5,sect283r1:5,sect409k1:5,sect409r1:5,sect571k1:5,sect571r1:5,section:[21,24,25,26,27,29,30],secur:[4,6,8,9,12,15,16,23,24,25,28,29],see:[0,1,4,5,6,9,10,11,12,14,15,16,17,19,25,27],seed:[8,15,25,30],segment:29,select:[10,11,12,15,16,17,19,25],semant:21,sensibl:[4,14,17,19],sensit:[27,30],separ:[10,19,21,24,25,26,29,30],sequenc:[1,9,10,11,12,15,16,19,24,25],sequenti:27,seri:25,serv:[26,29],server:26,serverhello:15,servic:[13,23,26,28,29],session:21,set:[0,1,3,4,5,6,10,11,12,14,15,16,19,21,24,25,28],setup:[10,11,15,25],sever:[26,27,29],sha3:12,sha:[12,15,16],share:[4,10,14,15,23,24,25,26,27,29],shorten:10,show:19,side:[4,14,17,19,27],sign:[6,16,19,21,23,26],signatur:[0,6,9,13,15,17,20,21,23,25],signature_length:[19,20],signature_s:[19,20],signific:[14,19],similar:[10,21,25,29],simpl:[0,1,3,5,6,24],simpler:[22,27],simpli:29,simultan:30,sinc:[1,25,29],singl:[4,5,13,15,19,21,23,26,27],situat:[4,8,9,15,25],siv:25,size:[1,4,5,9,10,11,12,14,15,16,17,19,21,23,25,26,27],size_t:[4,5,10,11,12,14,15,16,17,18,19,20,24],sizeof:[1,10,11,12,15,16],skip:1,slg:12,small:[4,9,10,11,12,14,16,17,19],smaller:[10,11,12,14,15,16,17,19],smartcard:29,snippet:21,softwar:29,sole:4,some:[4,8,9,15,19,21,24,25,26,27,29,30],someth:21,sometim:25,soon:[6,27],sourc:[4,25,28],source_kei:[4,20],source_oper:[12,20],space:[9,10,29],special:[1,15,25,26],specif:[0,1,3,4,5,9,10,11,12,14,15,16,17,19,20,21,22,23,24,25,26,28,29,30],specifi:[0,4,10,11,12,14,15,16,17,19,21,24,25,26,27,30],speed:5,split:25,spuriou:21,stabil:[23,27,30],stack:[24,25,27,30],stage:25,stakehold:29,standalon:[13,23],standard:[1,4,5,9,14,15,21,23,27,30],start:[15,20,25],startup:27,state:[1,9,10,11,13,14,15,16,21,23,24,25,26,27],statu:[4,7,8,10,11,12,14,15,16,18,23,25],status:24,stdint:27,stem:27,step:[1,10,11,12,13,14,16,19,20,21,23,25,27],still:[0,4,6,9,28],storag:[1,3,4,6,9,10,15,16,21,23,25,27,28,30],store:[0,1,3,5,6,9,10,11,15,25,26,27,29,30],strategi:[25,27],stream:[5,11,15,21,25,26],strength:15,strict:27,string:[4,15,16,19],strip:4,strongli:[5,25],struct:[21,27],structur:[1,19,21,23],style:25,subject:4,subsequ:[8,9,10,12,15,25],subset:[5,9,26,27,28,29],subtl:26,succe:[8,9,10,15],succeed:9,success:[1,4,7,8,10,11,12,14,15,16,17,19,23,24,25],successfulli:[9,10,11,12,16,19,24],suffer:9,suffici:[4,6,9,10,11,12,14,17,19,24,27,30],suitabl:[0,1,10,11,12,14,15,16,23,24,25],summari:26,supersed:5,suppli:[25,29],support:[0,1,4,5,6,9,13,21,22,23,25,26,29],suppos:19,suspend:[13,21,23,25,27],symmetr:[0,1,2,4,6,10,11,23,24],synonym:27,system:[1,24,26,27,29,30],systemat:24,tabl:[12,21],tag:[10,20,25],tag_length:[10,20,22],tag_siz:[10,20],take:[9,10,11,14,15,21,25,26,27],taken:[4,12,15,16],tamper:9,target:[4,27,29],target_kei:[4,20],target_oper:[12,20],task:24,technolog:26,temporari:[24,27,30],tend:27,tent:10,term:[25,27,29],termin:[1,9,10,11,12,16,24,25],terminolog:21,test:[15,26],text:25,than:[1,8,9,10,12,14,15,16,19,24,26,27],thei:[4,5,6,9,10,11,12,24,25,26,27,29,30],them:[15,21,25,27],themselv:26,theoret:27,therebi:[12,16],therefor:[1,15,25,29],thi:[0,1,3,4,5,6,8,9,10,11,12,14,15,16,17,18,19,20,21,22,24,25,26,27,28,29,30],thin:29,those:[15,26,27],though:[24,29],thread:24,threat:[27,28],three:[4,15,26],through:[6,10,15,16,25,26,29],thu:[15,29,30],time:[1,4,9,10,11,12,14,15,16,17,19,24,25,26,27,29],titl:15,tls1:21,token:[23,26],too:[4,9,10,11,12,14,16,17,19,25],took:10,top:[11,26],total:[10,11,12],trail:10,transfer:12,translat:29,tripl:[4,5,15],trng:[25,29],truncat:[4,10,16,19],trust:[9,10,24,26,29],turn:10,twice:15,two:[4,10,12,14,15,25,29,30],type:[0,2,4,6,7,13,14,17,19,20,21,23,25,26,30],typedef:[1,5,9,10,11,12,15,16,20,27],typic:[1,5,9,15,26,27,28,29],uint16_t:[1,15,20,27],uint32_t:[1,20,27],uint8_t:[4,5,10,11,12,14,15,16,17,18,19,20,24,27],unalloc:[1,5],unambigu:4,unauthent:[5,9,13,23,25],unbound:26,unchang:[5,15,24,27],uncompress:4,undefin:[5,8,11,24,25,30],under:[17,19,24],underli:[0,5,10,11,14,24,27,29],undetermin:[9,24],undon:10,unexpect:4,uninstal:3,uniqu:[25,26,29],unless:[4,10,11,24,25,30],unlik:29,unlock:27,unmodifi:24,unpack:12,unprocess:12,unsign:[12,27],unspecifi:[1,3,4,5,9,10,14,15,16,17,19,24],unstructur:5,unsupport:[9,27],unsur:9,until:[3,10,11,12,15,16,24,25],untrunc:16,untrustworthi:29,unusu:21,updat:[21,25],upon:26,usabl:25,usag:[0,1,2,4,10,11,12,14,15,16,17,19,21,23],usage_flag:[6,20],use:[1,4,5,6,9,10,11,12,14,15,16,17,18,19,21,23,24,25,27,28,29],used:[0,1,3,4,5,6,9,10,11,12,14,15,16,17,19,20,21,24,25,26,27,28,29,30],useful:[4,25,29],user:[24,26,28],uses:[0,15,21,24,27,28],using:[0,3,4,5,6,9,10,11,12,14,15,16,17,19,21,24,25,27,29,30],usual:[14,15,19,25],v1_5:19,valid:[0,1,3,4,5,6,9,10,11,12,14,15,16,17,19,21,22,24,25,26,27],valu:[0,1,3,4,5,6,9,10,11,12,14,15,16,17,19,20,21,22,24,25,27,29],variabl:[19,25],variant:[5,10,24,29],variou:[21,26],vast:[26,27],vector:[5,11,25],vendor:[10,22,24,27],veri:26,verif:[6,9,16,19,25],verifi:[6,9,12,16,19,24,25,27],verify_messag:19,versa:24,version:[4,5,7,15,19,22,23,24,25,27],via:[1,15,25],vice:24,view:15,violat:24,virtual:26,visant:5,visibl:[25,26],volatil:[1,3,4,6,9,21,23,27,29],vulner:[10,27],wai:[4,10,15,21,24,25,27,30],warn:[10,26],weak:[5,12,15,26],weierstrass:[4,14,15],well:[9,14,21,26,30],were:[10,11,24,26],what:[6,15,24,25],when:[1,3,4,5,6,9,10,11,12,14,15,16,19,21,24,25,26,27,30],whenev:9,where:[1,4,5,6,9,10,11,12,14,15,16,17,19,24,25,26,27,29,30],whether:[0,1,4,5,6,9,10,11,12,14,15,16,17,18,19,24,25],which:[0,1,3,4,5,6,9,10,11,12,14,15,16,20,21,24,25,26,27,29,30],whilst:21,who:29,whole:[4,10,11,15,25,26],whose:[9,11,15,19,27],wide:26,wildcard:[0,4,19],wipe:[3,25,27,30],wireless:26,wise:15,wish:24,within:[5,21,25,27],without:[1,3,4,10,11,12,15,16,19,21,25,27],word:[12,19,30],work:25,workshop:5,world:24,would:[9,21,29],wrap:[6,21],writabl:24,write:[0,1,3,5,6,9,24,25],writer:[9,30],written:[3,4,9,10,11,12,14,15,16,17,19,27,30],wrong:[4,25],wrote:24,x00000000:[1,3,20],x00000001:[1,3,6,20],x00000002:[6,20],x00000004:[6,20],x000000ff:22,x00000100:[6,20],x000001ff:22,x00000200:[6,20],x00000400:[6,20],x00000800:[6,20],x00001000:[6,20],x00002000:[6,20],x00004000:[6,20],x0000:[5,20],x0001:1,x003f0000:22,x00:5,x00ff:22,x02000000:22,x02000001:[12,20],x02000002:[12,20],x02000003:[12,20],x02000004:[12,20],x02000005:[12,20],x02000008:[12,20],x02000009:[12,20],x0200000a:[12,20],x0200000b:[12,20],x0200000c:[12,20],x0200000d:[12,20],x02000010:[12,20],x02000011:[12,20],x02000012:[12,20],x02000013:[12,20],x020000ff:[19,20],x03000000:22,x03800000:22,x03:[5,20],x03c00000:22,x03c00100:[16,20],x03c00200:[16,20],x04404000:[11,20],x04404100:[11,20],x04404400:[11,20],x0440ff00:[11,20],x04800000:22,x04800100:[11,20],x04c01000:[11,20],x04c01100:[11,20],x04c01200:[11,20],x05000000:22,x05000500:22,x05100500:[10,20],x05400000:22,x05400100:22,x05400200:22,x05500100:[10,20],x05500200:[10,20],x06000000:22,x06000200:[19,20,22],x06000300:22,x06000600:[19,20,22],x06000700:22,x07000000:22,x07000200:[17,20],x07000300:22,x08000000:22,x08000100:22,x08000200:22,x08000300:22,x09000000:22,x09010000:[14,20,22],x09020000:[14,20,22],x1000:22,x1001:[5,20],x1100:[5,20],x1200:[5,20],x12:[5,20],x17:[5,20],x1b:[5,20],x2000:22,x2002:[5,20],x2004:[5,20],x22:[5,20],x2301:[5,20],x2400:[5,20],x2403:[5,20],x25519:[4,5],x27:[5,20],x2b:[5,20],x3000:22,x30:[5,20],x33:[5,20],x3f:22,x3fffffff:[3,20],x40000000:[3,20],x4000:22,x4001:[5,20,22],x4100:22,x41:[5,20],x4200:22,x448:[4,5],x7000:22,x7001:[5,20],x7100:22,x7200:22,x7f000000:22,x7f00ffff:22,x7f400000:22,x7f800000:22,x7f:5,x7fc00000:22,x7fc0ff00:22,x7fff0000:22,x7fff:1,x7fffffff:[1,3,20],x80000000:1,x8000:1,x80:5,x_p:4,xfe00ffff:22,xff00:22,xff:5,xffff0000:22,xffff:1,xffffffff:1,xor:11,y_p:4,yet:[10,11,12,15,16,24],zero:[0,1,4,5,9,10,11,12,14,15,16,17,19,21,25,27]},titles:["Algorithms","Key attributes","Key management reference","Key locations","Key management functions","Key types","Key policies","Library management reference","PSA Crypto library","PSA status codes","Authenticated encryption with associated data (AEAD)","Unauthenticated ciphers","Message digests","Cryptographic operation reference","Key agreement","Key derivation","Message authentication codes (MAC)","Asymmetric encryption","Other cryptographic services","Asymmetric signature","Example header file","Changes to the API","Example macro implementations","PSA Cryptography API 1.0","Library conventions","Functionality overview","Design goals","Implementation considerations","Introduction","Sample architectures","Usage considerations"],titleterms:{"case":26,"export":4,"function":[0,1,3,4,5,6,8,10,11,12,14,15,16,17,18,19,25],"return":24,TLS:26,accessor:[0,3,5,6],addit:21,aead:[10,25],after:30,agreement:[14,25],algorithm:[0,10,11,12,14,15,16,17,19,22,24,26],alwai:30,api:[8,21,23,25],applic:29,architectur:29,aspect:27,associ:10,assumpt:27,asymmetr:[17,19,25],attack:27,attest:26,attribut:[0,1,3,5,6],authent:[10,16,25],behavior:24,beta:21,between:[21,24],boot:26,buffer:24,call:24,categori:[0,5],chang:21,check:30,choic:26,cipher:11,clean:30,cleanup:27,client:29,code:[9,16,25],combin:14,concurr:[24,30],consider:[27,30],constrain:26,convent:24,creation:4,credenti:26,crypto:[8,20],cryptograph:[13,18,27,29],cryptographi:[23,25],cryptoprocessor:29,curv:5,data:10,decrypt:25,deriv:[14,15,25],design:26,destruct:4,detect:27,devic:26,diffi:5,digest:[12,25],document:21,eas:26,ellipt:5,encrypt:[10,17,25],error:[9,24,27,30],exampl:[20,22,25,26],factori:26,file:20,flag:6,futur:21,gener:[18,25],goal:26,handl:24,hardwar:27,hash:[12,22,25],header:20,hellman:5,histori:21,identifi:[3,25],implement:[0,3,5,6,22,27],indirect:27,inform:21,initi:8,input:[15,24],interfac:[26,27],introduct:28,isol:26,kei:[1,2,3,4,5,6,14,15,22,24,25,27,29],keystor:26,librari:[7,8,24,25],lifetim:3,locat:3,mac:[16,25],macro:[0,1,3,4,5,6,8,9,10,11,12,14,15,16,17,19,22,27],manag:[1,2,4,7,25,27],materi:27,memori:[27,30],messag:[12,16,25],minimum:25,multi:[10,11,12,16,25,29],network:26,note:[0,3,5,6],number:18,object:27,oper:[10,11,12,13,16,25],option:26,other:[18,27],output:[24,27],overlap:24,overview:25,pair:26,paramet:24,part:[10,11,12,16,25],partit:29,persist:25,philosophi:27,plan:21,platform:27,pointer:24,polici:[6,25],port:27,processor:29,profil:27,provis:26,psa:[8,9,20,23],psa_aead_abort:10,psa_aead_decrypt:10,psa_aead_decrypt_output_max_s:10,psa_aead_decrypt_output_s:10,psa_aead_decrypt_setup:10,psa_aead_encrypt:10,psa_aead_encrypt_output_max_s:10,psa_aead_encrypt_output_s:10,psa_aead_encrypt_setup:10,psa_aead_finish:10,psa_aead_finish_output_max_s:10,psa_aead_finish_output_s:10,psa_aead_generate_nonc:10,psa_aead_nonce_length:10,psa_aead_nonce_max_s:10,psa_aead_operation_init:10,psa_aead_operation_t:10,psa_aead_set_length:10,psa_aead_set_nonc:10,psa_aead_tag_length:10,psa_aead_tag_max_s:10,psa_aead_upd:10,psa_aead_update_ad:10,psa_aead_update_output_max_s:10,psa_aead_update_output_s:10,psa_aead_verifi:10,psa_aead_verify_output_max_s:10,psa_aead_verify_output_s:10,psa_alg_aead_with_default_length_tag:10,psa_alg_aead_with_shortened_tag:10,psa_alg_any_hash:19,psa_alg_cbc_mac:16,psa_alg_cbc_no_pad:11,psa_alg_cbc_pkcs7:11,psa_alg_ccm:10,psa_alg_cfb:11,psa_alg_chacha20_poly1305:10,psa_alg_cmac:16,psa_alg_ctr:11,psa_alg_deterministic_ecdsa:19,psa_alg_ecb_no_pad:11,psa_alg_ecdh:14,psa_alg_ecdsa:19,psa_alg_ecdsa_ani:19,psa_alg_ffdh:14,psa_alg_full_length_mac:16,psa_alg_gcm:10,psa_alg_get_hash:0,psa_alg_hkdf:15,psa_alg_hmac:16,psa_alg_is_aead:0,psa_alg_is_aead_on_block_ciph:10,psa_alg_is_asymmetric_encrypt:0,psa_alg_is_block_cipher_mac:16,psa_alg_is_ciph:0,psa_alg_is_deterministic_ecdsa:19,psa_alg_is_ecdh:14,psa_alg_is_ecdsa:19,psa_alg_is_ffdh:14,psa_alg_is_hash:0,psa_alg_is_hash_and_sign:19,psa_alg_is_hkdf:15,psa_alg_is_hmac:16,psa_alg_is_key_agr:0,psa_alg_is_key_deriv:0,psa_alg_is_mac:0,psa_alg_is_randomized_ecdsa:19,psa_alg_is_raw_key_agr:14,psa_alg_is_rsa_oaep:17,psa_alg_is_rsa_pkcs1v15_sign:19,psa_alg_is_rsa_pss:19,psa_alg_is_sign:0,psa_alg_is_sign_hash:19,psa_alg_is_sign_messag:19,psa_alg_is_stream_ciph:11,psa_alg_is_tls12_prf:15,psa_alg_is_tls12_psk_to_m:15,psa_alg_is_wildcard:0,psa_alg_key_agr:14,psa_alg_key_agreement_get_bas:14,psa_alg_key_agreement_get_kdf:14,psa_alg_md2:12,psa_alg_md4:12,psa_alg_md5:12,psa_alg_non:0,psa_alg_ofb:11,psa_alg_ripemd160:12,psa_alg_rsa_oaep:17,psa_alg_rsa_pkcs1v15_crypt:17,psa_alg_rsa_pkcs1v15_sign:19,psa_alg_rsa_pkcs1v15_sign_raw:19,psa_alg_rsa_pss:19,psa_alg_sha3_224:12,psa_alg_sha3_256:12,psa_alg_sha3_384:12,psa_alg_sha3_512:12,psa_alg_sha_1:12,psa_alg_sha_224:12,psa_alg_sha_256:12,psa_alg_sha_384:12,psa_alg_sha_512:12,psa_alg_sha_512_224:12,psa_alg_sha_512_256:12,psa_alg_stream_ciph:11,psa_alg_tls12_prf:15,psa_alg_tls12_psk_to_m:15,psa_alg_truncated_mac:16,psa_alg_xt:11,psa_algorithm_t:1,psa_asymmetric_decrypt:17,psa_asymmetric_decrypt_output_max_s:17,psa_asymmetric_decrypt_output_s:17,psa_asymmetric_encrypt:17,psa_asymmetric_encrypt_output_max_s:17,psa_asymmetric_encrypt_output_s:17,psa_block_cipher_block_length:11,psa_block_cipher_block_max_s:11,psa_cipher_abort:11,psa_cipher_decrypt:11,psa_cipher_decrypt_output_max_s:11,psa_cipher_decrypt_output_s:11,psa_cipher_decrypt_setup:11,psa_cipher_encrypt:11,psa_cipher_encrypt_output_max_s:11,psa_cipher_encrypt_output_s:11,psa_cipher_encrypt_setup:11,psa_cipher_finish:11,psa_cipher_finish_output_max_s:11,psa_cipher_finish_output_s:11,psa_cipher_generate_iv:11,psa_cipher_iv_length:11,psa_cipher_iv_max_s:11,psa_cipher_operation_init:11,psa_cipher_operation_t:11,psa_cipher_set_iv:11,psa_cipher_upd:11,psa_cipher_update_output_max_s:11,psa_cipher_update_output_s:11,psa_copy_kei:4,psa_crypto_api_version_major:8,psa_crypto_api_version_minor:8,psa_crypto_init:8,psa_destroy_kei:4,psa_dh_family_rfc7919:5,psa_dh_family_t:5,psa_ecc_family_brainpool_p_r1:5,psa_ecc_family_frp:5,psa_ecc_family_montgomeri:5,psa_ecc_family_secp_k1:5,psa_ecc_family_secp_r1:5,psa_ecc_family_secp_r2:5,psa_ecc_family_sect_k1:5,psa_ecc_family_sect_r1:5,psa_ecc_family_sect_r2:5,psa_ecc_family_t:5,psa_error_already_exist:9,psa_error_bad_st:9,psa_error_buffer_too_smal:9,psa_error_communication_failur:9,psa_error_corruption_detect:9,psa_error_data_corrupt:9,psa_error_data_invalid:9,psa_error_does_not_exist:9,psa_error_generic_error:9,psa_error_hardware_failur:9,psa_error_insufficient_data:9,psa_error_insufficient_entropi:9,psa_error_insufficient_memori:9,psa_error_insufficient_storag:9,psa_error_invalid_argu:9,psa_error_invalid_handl:9,psa_error_invalid_pad:9,psa_error_invalid_signatur:9,psa_error_not_permit:9,psa_error_not_support:9,psa_error_storage_failur:9,psa_export_kei:4,psa_export_key_output_s:4,psa_export_key_pair_max_s:4,psa_export_public_kei:4,psa_export_public_key_max_s:4,psa_export_public_key_output_s:4,psa_generate_kei:4,psa_generate_random:18,psa_get_key_algorithm:0,psa_get_key_attribut:1,psa_get_key_bit:5,psa_get_key_id:3,psa_get_key_lifetim:3,psa_get_key_typ:5,psa_get_key_usage_flag:6,psa_hash_abort:12,psa_hash_block_length:12,psa_hash_clon:12,psa_hash_compar:12,psa_hash_comput:12,psa_hash_finish:12,psa_hash_length:12,psa_hash_max_s:12,psa_hash_operation_init:12,psa_hash_operation_t:12,psa_hash_resum:12,psa_hash_setup:12,psa_hash_suspend:12,psa_hash_suspend_algorithm_field_length:12,psa_hash_suspend_hash_state_field_length:12,psa_hash_suspend_input_length_field_length:12,psa_hash_suspend_output_max_s:12,psa_hash_suspend_output_s:12,psa_hash_upd:12,psa_hash_verifi:12,psa_import_kei:4,psa_key_attributes_init:1,psa_key_attributes_t:1,psa_key_derivation_abort:15,psa_key_derivation_get_capac:15,psa_key_derivation_input_byt:15,psa_key_derivation_input_context:15,psa_key_derivation_input_info:15,psa_key_derivation_input_kei:15,psa_key_derivation_input_label:15,psa_key_derivation_input_salt:15,psa_key_derivation_input_se:15,psa_key_derivation_input_secret:15,psa_key_derivation_key_agr:14,psa_key_derivation_operation_init:15,psa_key_derivation_operation_t:15,psa_key_derivation_output_byt:15,psa_key_derivation_output_kei:15,psa_key_derivation_set_capac:15,psa_key_derivation_setup:15,psa_key_derivation_step_t:15,psa_key_derivation_unlimited_capac:15,psa_key_id_nul:3,psa_key_id_t:1,psa_key_id_user_max:3,psa_key_id_user_min:3,psa_key_id_vendor_max:3,psa_key_id_vendor_min:3,psa_key_lifetime_persist:3,psa_key_lifetime_t:1,psa_key_lifetime_volatil:3,psa_key_type_a:5,psa_key_type_arc4:5,psa_key_type_camellia:5,psa_key_type_chacha20:5,psa_key_type_d:5,psa_key_type_der:5,psa_key_type_dh_get_famili:5,psa_key_type_dh_key_pair:5,psa_key_type_dh_public_kei:5,psa_key_type_ecc_get_famili:5,psa_key_type_ecc_key_pair:5,psa_key_type_ecc_public_kei:5,psa_key_type_hmac:5,psa_key_type_is_asymmetr:5,psa_key_type_is_dh:5,psa_key_type_is_dh_key_pair:5,psa_key_type_is_dh_public_kei:5,psa_key_type_is_ecc:5,psa_key_type_is_ecc_key_pair:5,psa_key_type_is_ecc_public_kei:5,psa_key_type_is_key_pair:5,psa_key_type_is_public_kei:5,psa_key_type_is_rsa:5,psa_key_type_is_unstructur:5,psa_key_type_key_pair_of_public_kei:5,psa_key_type_non:5,psa_key_type_public_key_of_key_pair:5,psa_key_type_raw_data:5,psa_key_type_rsa_key_pair:5,psa_key_type_rsa_public_kei:5,psa_key_type_t:1,psa_key_usage_cach:6,psa_key_usage_copi:6,psa_key_usage_decrypt:6,psa_key_usage_der:6,psa_key_usage_encrypt:6,psa_key_usage_export:6,psa_key_usage_sign_hash:6,psa_key_usage_sign_messag:6,psa_key_usage_t:1,psa_key_usage_verify_hash:6,psa_key_usage_verify_messag:6,psa_mac_abort:16,psa_mac_comput:16,psa_mac_length:16,psa_mac_max_s:16,psa_mac_operation_init:16,psa_mac_operation_t:16,psa_mac_sign_finish:16,psa_mac_sign_setup:16,psa_mac_upd:16,psa_mac_verifi:16,psa_mac_verify_finish:16,psa_mac_verify_setup:16,psa_purge_kei:4,psa_raw_key_agr:14,psa_raw_key_agreement_output_max_s:14,psa_raw_key_agreement_output_s:14,psa_reset_key_attribut:1,psa_set_key_algorithm:0,psa_set_key_bit:5,psa_set_key_id:3,psa_set_key_lifetim:3,psa_set_key_typ:5,psa_set_key_usage_flag:6,psa_sign_hash:19,psa_sign_messag:19,psa_sign_output_s:19,psa_signature_max_s:19,psa_status_t:9,psa_success:9,psa_tls12_psk_to_ms_psk_max_s:15,psa_verify_hash:19,psa_verify_messag:19,random:[18,25],recommend:[25,27,30],refer:[2,7,13,27],releas:21,requir:27,resist:27,resourc:27,rsa:5,safe:27,sampl:29,secur:[26,27,30],servic:18,share:30,sign:25,signatur:19,singl:[10,11,12,16,25,29],size:24,specif:27,stabil:24,standalon:14,standard:25,state:[12,22],statu:[9,24],step:15,storag:[26,29],structur:24,success:9,suitabl:26,support:[10,11,12,14,15,16,17,19,27],suspend:[12,22],symmetr:[5,25],token:29,type:[1,5,9,10,11,12,15,16,22,24,27],unauthent:11,usag:[6,25,30],use:[26,30],version:[8,21],volatil:25}})
\ No newline at end of file
+Search.setIndex({docnames:["about","api/keys/attributes","api/keys/ids","api/keys/index","api/keys/lifetimes","api/keys/management","api/keys/policy","api/keys/types","api/library/index","api/library/library","api/library/status","api/ops/aead","api/ops/algorithms","api/ops/ciphers","api/ops/hashes","api/ops/index","api/ops/ka","api/ops/kdf","api/ops/macs","api/ops/pke","api/ops/rng","api/ops/sign","appendix/example_header","appendix/history","appendix/specdef_values","index","overview/conventions","overview/functionality","overview/goals","overview/implementation","overview/intro","overview/sample-arch","overview/usage"],envversion:53,filenames:["about.rst","api/keys/attributes.rst","api/keys/ids.rst","api/keys/index.rst","api/keys/lifetimes.rst","api/keys/management.rst","api/keys/policy.rst","api/keys/types.rst","api/library/index.rst","api/library/library.rst","api/library/status.rst","api/ops/aead.rst","api/ops/algorithms.rst","api/ops/ciphers.rst","api/ops/hashes.rst","api/ops/index.rst","api/ops/ka.rst","api/ops/kdf.rst","api/ops/macs.rst","api/ops/pke.rst","api/ops/rng.rst","api/ops/sign.rst","appendix/example_header.rst","appendix/history.rst","appendix/specdef_values.rst","index.rst","overview/conventions.rst","overview/functionality.rst","overview/goals.rst","overview/implementation.rst","overview/intro.rst","overview/sample-arch.rst","overview/usage.rst"],objects:{"":{PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE:[11,0,1,"c.PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE"],PSA_AEAD_DECRYPT_OUTPUT_SIZE:[11,0,1,"c.PSA_AEAD_DECRYPT_OUTPUT_SIZE"],PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE:[11,0,1,"c.PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE"],PSA_AEAD_ENCRYPT_OUTPUT_SIZE:[11,0,1,"c.PSA_AEAD_ENCRYPT_OUTPUT_SIZE"],PSA_AEAD_FINISH_OUTPUT_MAX_SIZE:[11,0,1,"c.PSA_AEAD_FINISH_OUTPUT_MAX_SIZE"],PSA_AEAD_FINISH_OUTPUT_SIZE:[11,0,1,"c.PSA_AEAD_FINISH_OUTPUT_SIZE"],PSA_AEAD_NONCE_LENGTH:[11,0,1,"c.PSA_AEAD_NONCE_LENGTH"],PSA_AEAD_NONCE_MAX_SIZE:[11,0,1,"c.PSA_AEAD_NONCE_MAX_SIZE"],PSA_AEAD_OPERATION_INIT:[11,0,1,"c.PSA_AEAD_OPERATION_INIT"],PSA_AEAD_TAG_LENGTH:[11,0,1,"c.PSA_AEAD_TAG_LENGTH"],PSA_AEAD_TAG_MAX_SIZE:[11,0,1,"c.PSA_AEAD_TAG_MAX_SIZE"],PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE:[11,0,1,"c.PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE"],PSA_AEAD_UPDATE_OUTPUT_SIZE:[11,0,1,"c.PSA_AEAD_UPDATE_OUTPUT_SIZE"],PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE:[11,0,1,"c.PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE"],PSA_AEAD_VERIFY_OUTPUT_SIZE:[11,0,1,"c.PSA_AEAD_VERIFY_OUTPUT_SIZE"],PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG:[11,0,1,"c.PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG"],PSA_ALG_AEAD_WITH_SHORTENED_TAG:[11,0,1,"c.PSA_ALG_AEAD_WITH_SHORTENED_TAG"],PSA_ALG_ANY_HASH:[21,0,1,"c.PSA_ALG_ANY_HASH"],PSA_ALG_CBC_MAC:[18,0,1,"c.PSA_ALG_CBC_MAC"],PSA_ALG_CBC_NO_PADDING:[13,0,1,"c.PSA_ALG_CBC_NO_PADDING"],PSA_ALG_CBC_PKCS7:[13,0,1,"c.PSA_ALG_CBC_PKCS7"],PSA_ALG_CCM:[11,0,1,"c.PSA_ALG_CCM"],PSA_ALG_CFB:[13,0,1,"c.PSA_ALG_CFB"],PSA_ALG_CHACHA20_POLY1305:[11,0,1,"c.PSA_ALG_CHACHA20_POLY1305"],PSA_ALG_CMAC:[18,0,1,"c.PSA_ALG_CMAC"],PSA_ALG_CTR:[13,0,1,"c.PSA_ALG_CTR"],PSA_ALG_DETERMINISTIC_ECDSA:[21,0,1,"c.PSA_ALG_DETERMINISTIC_ECDSA"],PSA_ALG_ECB_NO_PADDING:[13,0,1,"c.PSA_ALG_ECB_NO_PADDING"],PSA_ALG_ECDH:[16,0,1,"c.PSA_ALG_ECDH"],PSA_ALG_ECDSA:[21,0,1,"c.PSA_ALG_ECDSA"],PSA_ALG_ECDSA_ANY:[21,0,1,"c.PSA_ALG_ECDSA_ANY"],PSA_ALG_FFDH:[16,0,1,"c.PSA_ALG_FFDH"],PSA_ALG_FULL_LENGTH_MAC:[18,0,1,"c.PSA_ALG_FULL_LENGTH_MAC"],PSA_ALG_GCM:[11,0,1,"c.PSA_ALG_GCM"],PSA_ALG_GET_HASH:[12,0,1,"c.PSA_ALG_GET_HASH"],PSA_ALG_HKDF:[17,0,1,"c.PSA_ALG_HKDF"],PSA_ALG_HMAC:[18,0,1,"c.PSA_ALG_HMAC"],PSA_ALG_IS_AEAD:[12,0,1,"c.PSA_ALG_IS_AEAD"],PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER:[11,0,1,"c.PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER"],PSA_ALG_IS_ASYMMETRIC_ENCRYPTION:[12,0,1,"c.PSA_ALG_IS_ASYMMETRIC_ENCRYPTION"],PSA_ALG_IS_BLOCK_CIPHER_MAC:[18,0,1,"c.PSA_ALG_IS_BLOCK_CIPHER_MAC"],PSA_ALG_IS_CIPHER:[12,0,1,"c.PSA_ALG_IS_CIPHER"],PSA_ALG_IS_DETERMINISTIC_ECDSA:[21,0,1,"c.PSA_ALG_IS_DETERMINISTIC_ECDSA"],PSA_ALG_IS_ECDH:[16,0,1,"c.PSA_ALG_IS_ECDH"],PSA_ALG_IS_ECDSA:[21,0,1,"c.PSA_ALG_IS_ECDSA"],PSA_ALG_IS_FFDH:[16,0,1,"c.PSA_ALG_IS_FFDH"],PSA_ALG_IS_HASH:[12,0,1,"c.PSA_ALG_IS_HASH"],PSA_ALG_IS_HASH_AND_SIGN:[21,0,1,"c.PSA_ALG_IS_HASH_AND_SIGN"],PSA_ALG_IS_HKDF:[17,0,1,"c.PSA_ALG_IS_HKDF"],PSA_ALG_IS_HMAC:[18,0,1,"c.PSA_ALG_IS_HMAC"],PSA_ALG_IS_KEY_AGREEMENT:[12,0,1,"c.PSA_ALG_IS_KEY_AGREEMENT"],PSA_ALG_IS_KEY_DERIVATION:[12,0,1,"c.PSA_ALG_IS_KEY_DERIVATION"],PSA_ALG_IS_MAC:[12,0,1,"c.PSA_ALG_IS_MAC"],PSA_ALG_IS_RANDOMIZED_ECDSA:[21,0,1,"c.PSA_ALG_IS_RANDOMIZED_ECDSA"],PSA_ALG_IS_RAW_KEY_AGREEMENT:[16,0,1,"c.PSA_ALG_IS_RAW_KEY_AGREEMENT"],PSA_ALG_IS_RSA_OAEP:[19,0,1,"c.PSA_ALG_IS_RSA_OAEP"],PSA_ALG_IS_RSA_PKCS1V15_SIGN:[21,0,1,"c.PSA_ALG_IS_RSA_PKCS1V15_SIGN"],PSA_ALG_IS_RSA_PSS:[21,0,1,"c.PSA_ALG_IS_RSA_PSS"],PSA_ALG_IS_SIGN:[12,0,1,"c.PSA_ALG_IS_SIGN"],PSA_ALG_IS_SIGN_HASH:[21,0,1,"c.PSA_ALG_IS_SIGN_HASH"],PSA_ALG_IS_SIGN_MESSAGE:[21,0,1,"c.PSA_ALG_IS_SIGN_MESSAGE"],PSA_ALG_IS_STREAM_CIPHER:[13,0,1,"c.PSA_ALG_IS_STREAM_CIPHER"],PSA_ALG_IS_TLS12_PRF:[17,0,1,"c.PSA_ALG_IS_TLS12_PRF"],PSA_ALG_IS_TLS12_PSK_TO_MS:[17,0,1,"c.PSA_ALG_IS_TLS12_PSK_TO_MS"],PSA_ALG_IS_WILDCARD:[12,0,1,"c.PSA_ALG_IS_WILDCARD"],PSA_ALG_KEY_AGREEMENT:[16,0,1,"c.PSA_ALG_KEY_AGREEMENT"],PSA_ALG_KEY_AGREEMENT_GET_BASE:[16,0,1,"c.PSA_ALG_KEY_AGREEMENT_GET_BASE"],PSA_ALG_KEY_AGREEMENT_GET_KDF:[16,0,1,"c.PSA_ALG_KEY_AGREEMENT_GET_KDF"],PSA_ALG_MD2:[14,0,1,"c.PSA_ALG_MD2"],PSA_ALG_MD4:[14,0,1,"c.PSA_ALG_MD4"],PSA_ALG_MD5:[14,0,1,"c.PSA_ALG_MD5"],PSA_ALG_NONE:[12,0,1,"c.PSA_ALG_NONE"],PSA_ALG_OFB:[13,0,1,"c.PSA_ALG_OFB"],PSA_ALG_RIPEMD160:[14,0,1,"c.PSA_ALG_RIPEMD160"],PSA_ALG_RSA_OAEP:[19,0,1,"c.PSA_ALG_RSA_OAEP"],PSA_ALG_RSA_PKCS1V15_CRYPT:[19,0,1,"c.PSA_ALG_RSA_PKCS1V15_CRYPT"],PSA_ALG_RSA_PKCS1V15_SIGN:[21,0,1,"c.PSA_ALG_RSA_PKCS1V15_SIGN"],PSA_ALG_RSA_PKCS1V15_SIGN_RAW:[21,0,1,"c.PSA_ALG_RSA_PKCS1V15_SIGN_RAW"],PSA_ALG_RSA_PSS:[21,0,1,"c.PSA_ALG_RSA_PSS"],PSA_ALG_SHA3_224:[14,0,1,"c.PSA_ALG_SHA3_224"],PSA_ALG_SHA3_256:[14,0,1,"c.PSA_ALG_SHA3_256"],PSA_ALG_SHA3_384:[14,0,1,"c.PSA_ALG_SHA3_384"],PSA_ALG_SHA3_512:[14,0,1,"c.PSA_ALG_SHA3_512"],PSA_ALG_SHA_1:[14,0,1,"c.PSA_ALG_SHA_1"],PSA_ALG_SHA_224:[14,0,1,"c.PSA_ALG_SHA_224"],PSA_ALG_SHA_256:[14,0,1,"c.PSA_ALG_SHA_256"],PSA_ALG_SHA_384:[14,0,1,"c.PSA_ALG_SHA_384"],PSA_ALG_SHA_512:[14,0,1,"c.PSA_ALG_SHA_512"],PSA_ALG_SHA_512_224:[14,0,1,"c.PSA_ALG_SHA_512_224"],PSA_ALG_SHA_512_256:[14,0,1,"c.PSA_ALG_SHA_512_256"],PSA_ALG_SM3:[14,0,1,"c.PSA_ALG_SM3"],PSA_ALG_STREAM_CIPHER:[13,0,1,"c.PSA_ALG_STREAM_CIPHER"],PSA_ALG_TLS12_PRF:[17,0,1,"c.PSA_ALG_TLS12_PRF"],PSA_ALG_TLS12_PSK_TO_MS:[17,0,1,"c.PSA_ALG_TLS12_PSK_TO_MS"],PSA_ALG_TRUNCATED_MAC:[18,0,1,"c.PSA_ALG_TRUNCATED_MAC"],PSA_ALG_XTS:[13,0,1,"c.PSA_ALG_XTS"],PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE:[19,0,1,"c.PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE"],PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE:[19,0,1,"c.PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE"],PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE:[19,0,1,"c.PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE"],PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE:[19,0,1,"c.PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE"],PSA_BLOCK_CIPHER_BLOCK_LENGTH:[13,0,1,"c.PSA_BLOCK_CIPHER_BLOCK_LENGTH"],PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE:[13,0,1,"c.PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE"],PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE:[13,0,1,"c.PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE"],PSA_CIPHER_DECRYPT_OUTPUT_SIZE:[13,0,1,"c.PSA_CIPHER_DECRYPT_OUTPUT_SIZE"],PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE:[13,0,1,"c.PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE"],PSA_CIPHER_ENCRYPT_OUTPUT_SIZE:[13,0,1,"c.PSA_CIPHER_ENCRYPT_OUTPUT_SIZE"],PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE:[13,0,1,"c.PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE"],PSA_CIPHER_FINISH_OUTPUT_SIZE:[13,0,1,"c.PSA_CIPHER_FINISH_OUTPUT_SIZE"],PSA_CIPHER_IV_LENGTH:[13,0,1,"c.PSA_CIPHER_IV_LENGTH"],PSA_CIPHER_IV_MAX_SIZE:[13,0,1,"c.PSA_CIPHER_IV_MAX_SIZE"],PSA_CIPHER_OPERATION_INIT:[13,0,1,"c.PSA_CIPHER_OPERATION_INIT"],PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE:[13,0,1,"c.PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE"],PSA_CIPHER_UPDATE_OUTPUT_SIZE:[13,0,1,"c.PSA_CIPHER_UPDATE_OUTPUT_SIZE"],PSA_CRYPTO_API_VERSION_MAJOR:[9,0,1,"c.PSA_CRYPTO_API_VERSION_MAJOR"],PSA_CRYPTO_API_VERSION_MINOR:[9,0,1,"c.PSA_CRYPTO_API_VERSION_MINOR"],PSA_DH_FAMILY_RFC7919:[7,0,1,"c.PSA_DH_FAMILY_RFC7919"],PSA_ECC_FAMILY_BRAINPOOL_P_R1:[7,0,1,"c.PSA_ECC_FAMILY_BRAINPOOL_P_R1"],PSA_ECC_FAMILY_FRP:[7,0,1,"c.PSA_ECC_FAMILY_FRP"],PSA_ECC_FAMILY_MONTGOMERY:[7,0,1,"c.PSA_ECC_FAMILY_MONTGOMERY"],PSA_ECC_FAMILY_SECP_K1:[7,0,1,"c.PSA_ECC_FAMILY_SECP_K1"],PSA_ECC_FAMILY_SECP_R1:[7,0,1,"c.PSA_ECC_FAMILY_SECP_R1"],PSA_ECC_FAMILY_SECP_R2:[7,0,1,"c.PSA_ECC_FAMILY_SECP_R2"],PSA_ECC_FAMILY_SECT_K1:[7,0,1,"c.PSA_ECC_FAMILY_SECT_K1"],PSA_ECC_FAMILY_SECT_R1:[7,0,1,"c.PSA_ECC_FAMILY_SECT_R1"],PSA_ECC_FAMILY_SECT_R2:[7,0,1,"c.PSA_ECC_FAMILY_SECT_R2"],PSA_ERROR_ALREADY_EXISTS:[10,0,1,"c.PSA_ERROR_ALREADY_EXISTS"],PSA_ERROR_BAD_STATE:[10,0,1,"c.PSA_ERROR_BAD_STATE"],PSA_ERROR_BUFFER_TOO_SMALL:[10,0,1,"c.PSA_ERROR_BUFFER_TOO_SMALL"],PSA_ERROR_COMMUNICATION_FAILURE:[10,0,1,"c.PSA_ERROR_COMMUNICATION_FAILURE"],PSA_ERROR_CORRUPTION_DETECTED:[10,0,1,"c.PSA_ERROR_CORRUPTION_DETECTED"],PSA_ERROR_DATA_CORRUPT:[10,0,1,"c.PSA_ERROR_DATA_CORRUPT"],PSA_ERROR_DATA_INVALID:[10,0,1,"c.PSA_ERROR_DATA_INVALID"],PSA_ERROR_DOES_NOT_EXIST:[10,0,1,"c.PSA_ERROR_DOES_NOT_EXIST"],PSA_ERROR_GENERIC_ERROR:[10,0,1,"c.PSA_ERROR_GENERIC_ERROR"],PSA_ERROR_HARDWARE_FAILURE:[10,0,1,"c.PSA_ERROR_HARDWARE_FAILURE"],PSA_ERROR_INSUFFICIENT_DATA:[10,0,1,"c.PSA_ERROR_INSUFFICIENT_DATA"],PSA_ERROR_INSUFFICIENT_ENTROPY:[10,0,1,"c.PSA_ERROR_INSUFFICIENT_ENTROPY"],PSA_ERROR_INSUFFICIENT_MEMORY:[10,0,1,"c.PSA_ERROR_INSUFFICIENT_MEMORY"],PSA_ERROR_INSUFFICIENT_STORAGE:[10,0,1,"c.PSA_ERROR_INSUFFICIENT_STORAGE"],PSA_ERROR_INVALID_ARGUMENT:[10,0,1,"c.PSA_ERROR_INVALID_ARGUMENT"],PSA_ERROR_INVALID_HANDLE:[10,0,1,"c.PSA_ERROR_INVALID_HANDLE"],PSA_ERROR_INVALID_PADDING:[10,0,1,"c.PSA_ERROR_INVALID_PADDING"],PSA_ERROR_INVALID_SIGNATURE:[10,0,1,"c.PSA_ERROR_INVALID_SIGNATURE"],PSA_ERROR_NOT_PERMITTED:[10,0,1,"c.PSA_ERROR_NOT_PERMITTED"],PSA_ERROR_NOT_SUPPORTED:[10,0,1,"c.PSA_ERROR_NOT_SUPPORTED"],PSA_ERROR_STORAGE_FAILURE:[10,0,1,"c.PSA_ERROR_STORAGE_FAILURE"],PSA_EXPORT_KEY_OUTPUT_SIZE:[5,0,1,"c.PSA_EXPORT_KEY_OUTPUT_SIZE"],PSA_EXPORT_KEY_PAIR_MAX_SIZE:[5,0,1,"c.PSA_EXPORT_KEY_PAIR_MAX_SIZE"],PSA_EXPORT_PUBLIC_KEY_MAX_SIZE:[5,0,1,"c.PSA_EXPORT_PUBLIC_KEY_MAX_SIZE"],PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE:[5,0,1,"c.PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE"],PSA_HASH_BLOCK_LENGTH:[14,0,1,"c.PSA_HASH_BLOCK_LENGTH"],PSA_HASH_LENGTH:[14,0,1,"c.PSA_HASH_LENGTH"],PSA_HASH_MAX_SIZE:[14,0,1,"c.PSA_HASH_MAX_SIZE"],PSA_HASH_OPERATION_INIT:[14,0,1,"c.PSA_HASH_OPERATION_INIT"],PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH:[14,0,1,"c.PSA_HASH_SUSPEND_ALGORITHM_FIELD_LENGTH"],PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH:[14,0,1,"c.PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH"],PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH:[14,0,1,"c.PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH"],PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE:[14,0,1,"c.PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE"],PSA_HASH_SUSPEND_OUTPUT_SIZE:[14,0,1,"c.PSA_HASH_SUSPEND_OUTPUT_SIZE"],PSA_KEY_ATTRIBUTES_INIT:[1,0,1,"c.PSA_KEY_ATTRIBUTES_INIT"],PSA_KEY_DERIVATION_INPUT_CONTEXT:[17,0,1,"c.PSA_KEY_DERIVATION_INPUT_CONTEXT"],PSA_KEY_DERIVATION_INPUT_INFO:[17,0,1,"c.PSA_KEY_DERIVATION_INPUT_INFO"],PSA_KEY_DERIVATION_INPUT_LABEL:[17,0,1,"c.PSA_KEY_DERIVATION_INPUT_LABEL"],PSA_KEY_DERIVATION_INPUT_SALT:[17,0,1,"c.PSA_KEY_DERIVATION_INPUT_SALT"],PSA_KEY_DERIVATION_INPUT_SECRET:[17,0,1,"c.PSA_KEY_DERIVATION_INPUT_SECRET"],PSA_KEY_DERIVATION_INPUT_SEED:[17,0,1,"c.PSA_KEY_DERIVATION_INPUT_SEED"],PSA_KEY_DERIVATION_OPERATION_INIT:[17,0,1,"c.PSA_KEY_DERIVATION_OPERATION_INIT"],PSA_KEY_DERIVATION_UNLIMITED_CAPACITY:[17,0,1,"c.PSA_KEY_DERIVATION_UNLIMITED_CAPACITY"],PSA_KEY_ID_NULL:[2,0,1,"c.PSA_KEY_ID_NULL"],PSA_KEY_ID_USER_MAX:[2,0,1,"c.PSA_KEY_ID_USER_MAX"],PSA_KEY_ID_USER_MIN:[2,0,1,"c.PSA_KEY_ID_USER_MIN"],PSA_KEY_ID_VENDOR_MAX:[2,0,1,"c.PSA_KEY_ID_VENDOR_MAX"],PSA_KEY_ID_VENDOR_MIN:[2,0,1,"c.PSA_KEY_ID_VENDOR_MIN"],PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION:[4,0,1,"c.PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION"],PSA_KEY_LIFETIME_GET_LOCATION:[4,0,1,"c.PSA_KEY_LIFETIME_GET_LOCATION"],PSA_KEY_LIFETIME_GET_PERSISTENCE:[4,0,1,"c.PSA_KEY_LIFETIME_GET_PERSISTENCE"],PSA_KEY_LIFETIME_IS_VOLATILE:[4,0,1,"c.PSA_KEY_LIFETIME_IS_VOLATILE"],PSA_KEY_LIFETIME_PERSISTENT:[4,0,1,"c.PSA_KEY_LIFETIME_PERSISTENT"],PSA_KEY_LIFETIME_VOLATILE:[4,0,1,"c.PSA_KEY_LIFETIME_VOLATILE"],PSA_KEY_LOCATION_LOCAL_STORAGE:[4,0,1,"c.PSA_KEY_LOCATION_LOCAL_STORAGE"],PSA_KEY_LOCATION_PRIMARY_SECURE_ELEMENT:[4,0,1,"c.PSA_KEY_LOCATION_PRIMARY_SECURE_ELEMENT"],PSA_KEY_PERSISTENCE_DEFAULT:[4,0,1,"c.PSA_KEY_PERSISTENCE_DEFAULT"],PSA_KEY_PERSISTENCE_READ_ONLY:[4,0,1,"c.PSA_KEY_PERSISTENCE_READ_ONLY"],PSA_KEY_PERSISTENCE_VOLATILE:[4,0,1,"c.PSA_KEY_PERSISTENCE_VOLATILE"],PSA_KEY_TYPE_AES:[7,0,1,"c.PSA_KEY_TYPE_AES"],PSA_KEY_TYPE_ARC4:[7,0,1,"c.PSA_KEY_TYPE_ARC4"],PSA_KEY_TYPE_CAMELLIA:[7,0,1,"c.PSA_KEY_TYPE_CAMELLIA"],PSA_KEY_TYPE_CHACHA20:[7,0,1,"c.PSA_KEY_TYPE_CHACHA20"],PSA_KEY_TYPE_DERIVE:[7,0,1,"c.PSA_KEY_TYPE_DERIVE"],PSA_KEY_TYPE_DES:[7,0,1,"c.PSA_KEY_TYPE_DES"],PSA_KEY_TYPE_DH_GET_FAMILY:[7,0,1,"c.PSA_KEY_TYPE_DH_GET_FAMILY"],PSA_KEY_TYPE_DH_KEY_PAIR:[7,0,1,"c.PSA_KEY_TYPE_DH_KEY_PAIR"],PSA_KEY_TYPE_DH_PUBLIC_KEY:[7,0,1,"c.PSA_KEY_TYPE_DH_PUBLIC_KEY"],PSA_KEY_TYPE_ECC_GET_FAMILY:[7,0,1,"c.PSA_KEY_TYPE_ECC_GET_FAMILY"],PSA_KEY_TYPE_ECC_KEY_PAIR:[7,0,1,"c.PSA_KEY_TYPE_ECC_KEY_PAIR"],PSA_KEY_TYPE_ECC_PUBLIC_KEY:[7,0,1,"c.PSA_KEY_TYPE_ECC_PUBLIC_KEY"],PSA_KEY_TYPE_HMAC:[7,0,1,"c.PSA_KEY_TYPE_HMAC"],PSA_KEY_TYPE_IS_ASYMMETRIC:[7,0,1,"c.PSA_KEY_TYPE_IS_ASYMMETRIC"],PSA_KEY_TYPE_IS_DH:[7,0,1,"c.PSA_KEY_TYPE_IS_DH"],PSA_KEY_TYPE_IS_DH_KEY_PAIR:[7,0,1,"c.PSA_KEY_TYPE_IS_DH_KEY_PAIR"],PSA_KEY_TYPE_IS_DH_PUBLIC_KEY:[7,0,1,"c.PSA_KEY_TYPE_IS_DH_PUBLIC_KEY"],PSA_KEY_TYPE_IS_ECC:[7,0,1,"c.PSA_KEY_TYPE_IS_ECC"],PSA_KEY_TYPE_IS_ECC_KEY_PAIR:[7,0,1,"c.PSA_KEY_TYPE_IS_ECC_KEY_PAIR"],PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY:[7,0,1,"c.PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY"],PSA_KEY_TYPE_IS_KEY_PAIR:[7,0,1,"c.PSA_KEY_TYPE_IS_KEY_PAIR"],PSA_KEY_TYPE_IS_PUBLIC_KEY:[7,0,1,"c.PSA_KEY_TYPE_IS_PUBLIC_KEY"],PSA_KEY_TYPE_IS_RSA:[7,0,1,"c.PSA_KEY_TYPE_IS_RSA"],PSA_KEY_TYPE_IS_UNSTRUCTURED:[7,0,1,"c.PSA_KEY_TYPE_IS_UNSTRUCTURED"],PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY:[7,0,1,"c.PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY"],PSA_KEY_TYPE_NONE:[7,0,1,"c.PSA_KEY_TYPE_NONE"],PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR:[7,0,1,"c.PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR"],PSA_KEY_TYPE_RAW_DATA:[7,0,1,"c.PSA_KEY_TYPE_RAW_DATA"],PSA_KEY_TYPE_RSA_KEY_PAIR:[7,0,1,"c.PSA_KEY_TYPE_RSA_KEY_PAIR"],PSA_KEY_TYPE_RSA_PUBLIC_KEY:[7,0,1,"c.PSA_KEY_TYPE_RSA_PUBLIC_KEY"],PSA_KEY_TYPE_SM4:[7,0,1,"c.PSA_KEY_TYPE_SM4"],PSA_KEY_USAGE_CACHE:[6,0,1,"c.PSA_KEY_USAGE_CACHE"],PSA_KEY_USAGE_COPY:[6,0,1,"c.PSA_KEY_USAGE_COPY"],PSA_KEY_USAGE_DECRYPT:[6,0,1,"c.PSA_KEY_USAGE_DECRYPT"],PSA_KEY_USAGE_DERIVE:[6,0,1,"c.PSA_KEY_USAGE_DERIVE"],PSA_KEY_USAGE_ENCRYPT:[6,0,1,"c.PSA_KEY_USAGE_ENCRYPT"],PSA_KEY_USAGE_EXPORT:[6,0,1,"c.PSA_KEY_USAGE_EXPORT"],PSA_KEY_USAGE_SIGN_HASH:[6,0,1,"c.PSA_KEY_USAGE_SIGN_HASH"],PSA_KEY_USAGE_SIGN_MESSAGE:[6,0,1,"c.PSA_KEY_USAGE_SIGN_MESSAGE"],PSA_KEY_USAGE_VERIFY_HASH:[6,0,1,"c.PSA_KEY_USAGE_VERIFY_HASH"],PSA_KEY_USAGE_VERIFY_MESSAGE:[6,0,1,"c.PSA_KEY_USAGE_VERIFY_MESSAGE"],PSA_MAC_LENGTH:[18,0,1,"c.PSA_MAC_LENGTH"],PSA_MAC_MAX_SIZE:[18,0,1,"c.PSA_MAC_MAX_SIZE"],PSA_MAC_OPERATION_INIT:[18,0,1,"c.PSA_MAC_OPERATION_INIT"],PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE:[16,0,1,"c.PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE"],PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE:[16,0,1,"c.PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE"],PSA_SIGNATURE_MAX_SIZE:[21,0,1,"c.PSA_SIGNATURE_MAX_SIZE"],PSA_SIGN_OUTPUT_SIZE:[21,0,1,"c.PSA_SIGN_OUTPUT_SIZE"],PSA_SUCCESS:[10,0,1,"c.PSA_SUCCESS"],PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE:[17,0,1,"c.PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE"],psa_aead_abort:[11,1,1,"c.psa_aead_abort"],psa_aead_decrypt:[11,1,1,"c.psa_aead_decrypt"],psa_aead_decrypt_setup:[11,1,1,"c.psa_aead_decrypt_setup"],psa_aead_encrypt:[11,1,1,"c.psa_aead_encrypt"],psa_aead_encrypt_setup:[11,1,1,"c.psa_aead_encrypt_setup"],psa_aead_finish:[11,1,1,"c.psa_aead_finish"],psa_aead_generate_nonce:[11,1,1,"c.psa_aead_generate_nonce"],psa_aead_operation_init:[11,1,1,"c.psa_aead_operation_init"],psa_aead_operation_t:[11,2,1,"c.psa_aead_operation_t"],psa_aead_set_lengths:[11,1,1,"c.psa_aead_set_lengths"],psa_aead_set_nonce:[11,1,1,"c.psa_aead_set_nonce"],psa_aead_update:[11,1,1,"c.psa_aead_update"],psa_aead_update_ad:[11,1,1,"c.psa_aead_update_ad"],psa_aead_verify:[11,1,1,"c.psa_aead_verify"],psa_algorithm_t:[12,2,1,"c.psa_algorithm_t"],psa_asymmetric_decrypt:[19,1,1,"c.psa_asymmetric_decrypt"],psa_asymmetric_encrypt:[19,1,1,"c.psa_asymmetric_encrypt"],psa_cipher_abort:[13,1,1,"c.psa_cipher_abort"],psa_cipher_decrypt:[13,1,1,"c.psa_cipher_decrypt"],psa_cipher_decrypt_setup:[13,1,1,"c.psa_cipher_decrypt_setup"],psa_cipher_encrypt:[13,1,1,"c.psa_cipher_encrypt"],psa_cipher_encrypt_setup:[13,1,1,"c.psa_cipher_encrypt_setup"],psa_cipher_finish:[13,1,1,"c.psa_cipher_finish"],psa_cipher_generate_iv:[13,1,1,"c.psa_cipher_generate_iv"],psa_cipher_operation_init:[13,1,1,"c.psa_cipher_operation_init"],psa_cipher_operation_t:[13,2,1,"c.psa_cipher_operation_t"],psa_cipher_set_iv:[13,1,1,"c.psa_cipher_set_iv"],psa_cipher_update:[13,1,1,"c.psa_cipher_update"],psa_copy_key:[5,1,1,"c.psa_copy_key"],psa_crypto_init:[9,1,1,"c.psa_crypto_init"],psa_destroy_key:[5,1,1,"c.psa_destroy_key"],psa_dh_family_t:[7,2,1,"c.psa_dh_family_t"],psa_ecc_family_t:[7,2,1,"c.psa_ecc_family_t"],psa_export_key:[5,1,1,"c.psa_export_key"],psa_export_public_key:[5,1,1,"c.psa_export_public_key"],psa_generate_key:[5,1,1,"c.psa_generate_key"],psa_generate_random:[20,1,1,"c.psa_generate_random"],psa_get_key_algorithm:[6,1,1,"c.psa_get_key_algorithm"],psa_get_key_attributes:[1,1,1,"c.psa_get_key_attributes"],psa_get_key_bits:[7,1,1,"c.psa_get_key_bits"],psa_get_key_id:[2,1,1,"c.psa_get_key_id"],psa_get_key_lifetime:[4,1,1,"c.psa_get_key_lifetime"],psa_get_key_type:[7,1,1,"c.psa_get_key_type"],psa_get_key_usage_flags:[6,1,1,"c.psa_get_key_usage_flags"],psa_hash_abort:[14,1,1,"c.psa_hash_abort"],psa_hash_clone:[14,1,1,"c.psa_hash_clone"],psa_hash_compare:[14,1,1,"c.psa_hash_compare"],psa_hash_compute:[14,1,1,"c.psa_hash_compute"],psa_hash_finish:[14,1,1,"c.psa_hash_finish"],psa_hash_operation_init:[14,1,1,"c.psa_hash_operation_init"],psa_hash_operation_t:[14,2,1,"c.psa_hash_operation_t"],psa_hash_resume:[14,1,1,"c.psa_hash_resume"],psa_hash_setup:[14,1,1,"c.psa_hash_setup"],psa_hash_suspend:[14,1,1,"c.psa_hash_suspend"],psa_hash_update:[14,1,1,"c.psa_hash_update"],psa_hash_verify:[14,1,1,"c.psa_hash_verify"],psa_import_key:[5,1,1,"c.psa_import_key"],psa_key_attributes_init:[1,1,1,"c.psa_key_attributes_init"],psa_key_attributes_t:[1,2,1,"c.psa_key_attributes_t"],psa_key_derivation_abort:[17,1,1,"c.psa_key_derivation_abort"],psa_key_derivation_get_capacity:[17,1,1,"c.psa_key_derivation_get_capacity"],psa_key_derivation_input_bytes:[17,1,1,"c.psa_key_derivation_input_bytes"],psa_key_derivation_input_key:[17,1,1,"c.psa_key_derivation_input_key"],psa_key_derivation_key_agreement:[16,1,1,"c.psa_key_derivation_key_agreement"],psa_key_derivation_operation_init:[17,1,1,"c.psa_key_derivation_operation_init"],psa_key_derivation_operation_t:[17,2,1,"c.psa_key_derivation_operation_t"],psa_key_derivation_output_bytes:[17,1,1,"c.psa_key_derivation_output_bytes"],psa_key_derivation_output_key:[17,1,1,"c.psa_key_derivation_output_key"],psa_key_derivation_set_capacity:[17,1,1,"c.psa_key_derivation_set_capacity"],psa_key_derivation_setup:[17,1,1,"c.psa_key_derivation_setup"],psa_key_derivation_step_t:[17,2,1,"c.psa_key_derivation_step_t"],psa_key_id_t:[2,2,1,"c.psa_key_id_t"],psa_key_lifetime_t:[4,2,1,"c.psa_key_lifetime_t"],psa_key_location_t:[4,2,1,"c.psa_key_location_t"],psa_key_persistence_t:[4,2,1,"c.psa_key_persistence_t"],psa_key_type_t:[7,2,1,"c.psa_key_type_t"],psa_key_usage_t:[6,2,1,"c.psa_key_usage_t"],psa_mac_abort:[18,1,1,"c.psa_mac_abort"],psa_mac_compute:[18,1,1,"c.psa_mac_compute"],psa_mac_operation_init:[18,1,1,"c.psa_mac_operation_init"],psa_mac_operation_t:[18,2,1,"c.psa_mac_operation_t"],psa_mac_sign_finish:[18,1,1,"c.psa_mac_sign_finish"],psa_mac_sign_setup:[18,1,1,"c.psa_mac_sign_setup"],psa_mac_update:[18,1,1,"c.psa_mac_update"],psa_mac_verify:[18,1,1,"c.psa_mac_verify"],psa_mac_verify_finish:[18,1,1,"c.psa_mac_verify_finish"],psa_mac_verify_setup:[18,1,1,"c.psa_mac_verify_setup"],psa_purge_key:[5,1,1,"c.psa_purge_key"],psa_raw_key_agreement:[16,1,1,"c.psa_raw_key_agreement"],psa_reset_key_attributes:[1,1,1,"c.psa_reset_key_attributes"],psa_set_key_algorithm:[6,1,1,"c.psa_set_key_algorithm"],psa_set_key_bits:[7,1,1,"c.psa_set_key_bits"],psa_set_key_id:[2,1,1,"c.psa_set_key_id"],psa_set_key_lifetime:[4,1,1,"c.psa_set_key_lifetime"],psa_set_key_type:[7,1,1,"c.psa_set_key_type"],psa_set_key_usage_flags:[6,1,1,"c.psa_set_key_usage_flags"],psa_sign_hash:[21,1,1,"c.psa_sign_hash"],psa_sign_message:[21,1,1,"c.psa_sign_message"],psa_status_t:[10,2,1,"c.psa_status_t"],psa_verify_hash:[21,1,1,"c.psa_verify_hash"],psa_verify_message:[21,1,1,"c.psa_verify_message"]}},objnames:{"0":["c","macro","C macro"],"1":["c","function","C function"],"2":["c","type","C type"]},objtypes:{"0":"c:macro","1":"c:function","2":"c:type"},terms:{"0x0100":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32],"0x04":5,"0x7fffff":4,"0x800000":4,"0xffff0000":0,"0xffff_0000_0000_0000":0,"0xffffff":4,"20x9":0,"38a":[0,13],"38b":[0,18],"38d":[0,11],"3de":[7,17],"45b1a67f20f3bf339211c391e9278f5":0,"56a":[0,16,17],"56ar3":0,"64gb":13,"67r2":0,"7803de42d3bc5e80b0c3e5d8e873d56a":0,"9nj":0,"\u00e9lectroniqu":[0,7],"break":0,"byte":[0,5,7,11,13,14,16,17,18,19,20,21,26,27,28,29],"case":[0,2,5,10,13,17,18,21,23,25,26,27,29],"const":[2,4,5,6,7,11,13,14,16,17,18,19,21,22,26],"default":[1,2,4,6,7,11,13,26,27],"export":[0,1,3,6,23,25,27,31],"final":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32],"fran\u00e7ais":[0,7],"function":[0,3,8,10,12,15,23,24,25,26,28,29,30,31,32],"import":[5,21,23,29,30,31],"long":[0,4,16,23,27,28,31],"new":[0,5,6,7,14,16,17,23,27],"null":[2,5,19,26],"param\u00e9trag":[0,7],"public":[0,1,5,6,7,11,12,13,14,16,17,18,19,21,27,31],"return":[0,1,2,4,5,6,7,9,10,11,12,13,14,16,17,18,19,20,21,23,25,27,28,29,32],"s\u00e9curit\u00e9":0,"short":[0,19,21,27,31],"static":[1,2,4,6,7,11,13,14,16,17,18,26,27,28],"syst\u00e8m":0,"transient":[2,4,10,27],"true":[5,7,11,13,14,16,17,18,19,21,27],"try":29,"void":[1,2,4,6,7,9,11,13,14,17,18,22,26,32],"while":[10,12,16,26,27,28,30,31,32],AES:[0,7,13,17,18,26],AND:0,Added:23,And:[0,7],DES:[5,7,17],FOR:0,For:[0,1,2,4,5,6,7,10,11,12,13,14,16,17,18,19,21,23,26,27,28,29,31,32],ITS:[0,10],IVs:23,Its:[0,5,7],LES:0,NOT:[0,20],ONE:0,One:16,SHS:[0,14],Such:26,THE:0,TLS:[0,7,17,23,25],That:[2,16,17,27,32],The:[0,1,2,4,5,6,7,9,10,11,12,13,14,16,17,18,19,20,21,23,24,26,27,28,29,30,31],There:[4,5,10,11,17,26,27,28,29,31],These:[1,7,12,13,17,23,26,27,29,31],USE:0,Use:[7,13,17,27],Used:0,Using:[0,16,17,27],WILL:0,WITH:0,With:21,XTS:[0,7,13],abbrevi:25,abil:28,abl:[4,6,11,23,26,27,29,31],abort:[11,13,14,16,17,18,26,27,29,32],about:[1,4,11,13,14,17,18,23,25,26,27],abov:[0,27],abus:29,acceler:[29,31,32],accept:[11,13,16,21,23],access:[2,4,6,10,13,23,26,27,28,29,30,31,32],accessor:[3,6,23,25,27],accident:5,accompani:0,accord:[5,28],accordingli:[17,29],account:[13,29],achiev:[10,13,29],acquir:0,across:[10,13,23],act:[0,2,4,27],action:[4,6,10,11,26,27,29],activ:[11,13,14,17,18,27,28],actual:[1,11,13,14,18,19,21,23],ad_length:[11,22],add:[14,18,23,27],added:23,addit:[0,1,2,4,5,6,7,10,11,12,17,25,26,27],addition:26,additional_data:[11,22],additional_data_length:[11,22],adequ:27,administr:[0,7],advanc:[0,7],adversari:11,aead:[0,6,7,12,13,15,23,25,26],aead_alg:[11,22,24],affect:[0,4,11,14,23,26],affili:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32],aforement:28,after:[0,1,2,5,10,11,13,14,17,18,25,26,29],again:[5,11,13,14,17,18,27],against:[0,4,6,10,14,18,27,31],agenc:0,agil:28,agre:0,agreement:[0,6,7,12,15,17,23,25,28],aim:10,alarm:10,alg:[6,7,11,12,13,14,16,17,18,19,21,22,23,24],algorithm:[0,1,3,5,7,10,15,23,25,27,29,31,32],align:[11,23],all:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32],alloc:[1,2,5,11,13,14,18,23,26,27,29],allow:[1,4,5,6,11,13,14,16,17,18,19,21,23,26,27,28,29,30,31,32],almost:[26,27],alongsid:12,alreadi:[5,10,17,21,23],also:[0,1,4,5,6,7,10,11,12,13,14,16,17,18,19,21,23,26,27,28,29,31],altern:[5,21,24,27,29],although:[5,23],altogeth:29,alwai:[2,5,6,7,12,13,14,16,17,18,23,25,26,27],ambigu:23,among:[13,28],amount:[11,27,28],analys:30,analysi:[0,26],analyz:5,ani:[0,1,2,4,5,6,7,9,10,11,12,13,14,16,17,18,19,21,23,26,27,28,29,31,32],anoth:[0,5,6,10,11,13,14,17,18,26,28,29,31,32],ansi:0,anyth:0,apart:28,api:[0,1,2,3,4,5,6,7,8,10,11,12,13,14,15,16,17,18,19,20,21,22,24,26,28,29,30,31,32],appear:[0,29],append:11,appendix:[7,13,19,21,22,24,29],appli:[0,5,6,11,12,13,21,23,26,28],applic:[0,1,2,4,5,6,7,9,10,11,13,14,17,18,23,24,25,26,27,28,29,30,32],approach:[2,4,6,7,27],appropri:[4,5,6,11,13,14,16,17,18,19,21,26,27],april:0,arbitrari:[7,17,27],arbitrarili:5,arc4:[7,13,17],architectur:[0,10,25,30],archiv:0,area:[4,28],argument:[2,4,5,6,7,10,13,16,17,19,21,23,26,29],arm:[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32],around:[6,26],arrai:[7,14,26,28],articl:0,ask:10,aspect:25,assembl:[25,27],asset:28,assign:[1,4,11,13,14,17,18,27],associ:[0,4,5,6,12,13,14,15,16,17,18,25,26,27,29],assum:[26,29],assumpt:[1,11,13,14,17,18,25,26],assur:0,asymmetr:[0,5,6,7,12,15,17,23,25,26],atom:26,attach:4,attack:[0,4,10,14,18,25],attempt:[5,10,17,23,26],attest:25,attribut:[3,5,6,16,17,18,21,22,23,25,27],august:0,authent:[0,6,7,10,12,13,14,15,23,25,28,31],author:[26,29],automat:[0,4,6,27],auxiliari:1,avail:[4,10,27,29],avoid:[0,23,26,28,29,32],awar:26,back:[6,26],backend:[28,29],bad:29,base:[0,5,7,11,12,13,14,17,18,21,28,29,30,31],basic:4,becaus:[0,5,14,17,18,26,27],becom:[7,11,13,14,18,29],been:[0,1,2,5,9,10,11,13,14,16,17,18,19,20,21,23,26,27,28],befor:[1,7,9,10,11,13,14,17,18,21,23,26,27,29],behav:26,behavior:[0,1,5,6,9,10,11,13,14,16,17,18,19,21,23,25,27,32],being:[0,5,11,13,14,17,23,26,27,28],below:26,benefit:[4,17],bernstein:0,best:[5,11,14,18,28,30],beta:[0,25],between:[0,2,5,7,10,11,13,14,18,25,28,29,31,32],bewar:18,beyond:[1,5,13,28],bias:[16,27],big:[5,13,14,16,17,21],binari:[0,5,7,16],bit:[0,1,4,5,7,11,12,13,14,16,17,18,19,21,22,23,26,27,29],bitfield:[7,12],bitmask:[6,26],bitwis:[5,7,12,13,27],block:[0,5,7,11,12,13,14,17,18,23,26,28,32],blockciph:[0,7],blue:0,bluetooth:28,bodi:29,boot:25,bossela:0,both:[0,5,6,7,21,23,26,27,28,30],bound:[0,11,27],boundari:[11,17,27,28,31],brainpool:[0,7],brainpoolp160r1:7,brainpoolp192r1:7,brainpoolp224r1:7,brainpoolp256r1:7,brainpoolp320r1:7,brainpoolp384r1:7,brainpoolp512r1:7,branch:29,brand:0,breach:[0,10],breakdown:10,broken:26,buffer:[5,10,11,13,14,16,17,18,19,20,21,23,25,29,32],buffer_length:5,buffer_s:5,build:[11,13,16,17,18,21,26],built:[0,6,13,21,27,28],burnt:31,bypass:[14,18],bzgk:0,c89:23,c99:[23,29],cach:[4,6,23,29],cacheabl:6,calcul:[1,6,10,11,14,16,17,18,21,23,26,27,28],call:[0,1,2,4,5,6,7,9,10,11,13,14,16,17,18,21,23,25,27,28,29,31,32],caller:[2,17,20,26,27,28,29,31],calloc:27,cam:[0,7],cambridg:0,camellia:[0,7,17],can:[0,1,2,4,5,6,7,10,11,12,13,14,16,17,18,19,20,21,22,23,24,26,27,28,29,31,32],candid:17,cannot:[4,5,6,7,10,12,13,17,26,27,28,31,32],capabl:[23,31],capac:[17,22,26,27],capit:0,care:[10,26],carefulli:[10,26,31,32],carri:[10,26,29],categori:[3,15,23,25,26,29],caus:[4,5,10,23,27,29,32],cb1:0,cbc:[0,11,13,18],ccm:[0,11,27],cdh:16,ceas:0,ceil:[5,16,17],certain:[0,10,23,29,31,32],certif:[0,5,30],cfb:13,cfrg:0,chacha20:[0,7,11,13,17],chacha:[0,11,13],chain:[13,16],chang:[1,17,25,26,27],channel:[4,28,29],chapter:23,charact:0,characterist:4,check:[6,10,20,23,25,27,31],checksum:14,china:0,chip:[28,31],choic:[4,5,11,13,25,26],choos:[2,4,28],chosen:[2,5,11,13],chunk:27,cipher:[0,7,11,12,15,17,18,23,25,26,27],ciphersuit:[0,17],ciphertext:[11,13,19,22,27],ciphertext_length:[11,22],ciphertext_s:[11,22],circul:0,circumst:[13,28],citat:[0,23],claim:0,clarif:0,clarifi:23,clariti:23,clean:[17,25,29],cleanup:[4,25],clear:[1,7,12,17,26,27,29,32],clearli:5,cleartext:4,client:[23,25,29],clienthello:17,clone:[14,27],close:29,cmac:[0,18],code:[0,1,5,6,8,11,13,14,15,16,17,19,20,21,23,24,25,26,28,29,31],codebook:13,coeffici:5,cofactor:16,collect:27,collector:27,com:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32],combin:[5,10,15,19,21,23,25,27,31],comment:[0,29],commerci:0,common:[0,5,6,23,27,29,32],commonli:[27,28],commun:[5,10,26,28,31,32],compact:1,compani:0,companion:[28,29,30],compar:[14,18,27],comparison:[11,14,18],compat:[0,10,11,13,16,17,18,19,21,23,29],compil:[5,13,14,16,18,21,26,29],complement:23,complet:[10,17,23,26,27,29],complex:29,compli:0,complianc:17,compliant:[0,30],compon:[0,10,11,16,27,28,30],compos:[4,6,31],composit:12,compris:[0,1,7],compromis:[5,10,27,29,31,32],comput:[5,10,11,13,14,16,17,18,23,24,27,29,31],concaten:[5,11,13,14,17,18,21],concept:23,conceptu:4,concern:[6,26],concis:0,concurr:[23,25,27],condit:[0,5,23,26,27],confidenti:[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32],configur:27,conflict:[0,26],conform:[5,31],connect:[0,28],consequ:[10,17,28],consequenti:28,conserv:[5,29],consid:[1,10,18,23,26,28,29],consider:[5,25,30,31],consist:[0,5,6,11,13,18,21,23,27,30,31],constant:[5,11,13,14,16,18,21,26,29],constrain:[6,25,27,29],constraint:[23,26,28,32],construct:[0,4,11,13,16,17,18,23,27],consum:[11,17],consumpt:29,contain:[0,1,4,5,7,11,13,14,16,18,21,23,26,27],content:[0,1,5,11,13,14,17,18,20,25,26,28,29,32],context:[0,17,26,29,32],continu:[17,23],contract:0,contrari:0,control:[0,14,18,23,26,27,29],convei:[6,26],conveni:0,convent:25,convers:29,convert:[17,23,29],coordin:16,copi:[0,1,5,6,11,14,23,26,27,29,31],copyabl:6,copyright:[0,25],corner:23,corpor:0,correct:[5,10,11,13,14,17,18,23,24,31],correctli:[5,26],correl:0,correspond:[1,2,4,5,6,7,10,11,14,16,17,18,19,21,26,27,28,29,31],corrupt:[5,10,26,32],could:[10,11,14,18,31],counter:[0,11,13,27],countermeasur:[0,10],courb:[0,7],creat:[0,1,2,4,5,6,7,13,17,21,23,26,27,28],creation:[1,2,3,4,23,25,27],credenti:25,crl:[0,5],cross:[0,23],crypt:0,crypto:[0,4,5,8,14,23,25,26,28,29,30,31],cryptograph:[0,1,5,6,7,10,12,13,14,16,17,23,25,26,27,28,30],cryptographi:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,26,28,29,30,31,32],cryptoprocessor:[0,4,5,6,10,25,26,27,28,29],csprng:27,ctr:[0,13],current:[1,2,4,5,10,14,17,21,23,26,29,32],curv:[0,3,5,16,17,21,22,23,24,25],curve25519:[0,5,7,16,17],curve448:[0,5,7,16,17],custom:[17,28],d_a:16,d_b:16,damag:0,danger:28,data:[0,1,4,5,7,10,12,13,14,15,16,17,18,20,22,23,25,26,27,28,29,31,32],data_length:[5,17,22],data_s:[5,22],date:[0,25],dbrg:17,debug:26,decemb:0,decim:0,declar:[1,2,4,5,6,7,11,13,14,17,18,23],decod:17,decodescalar25519:5,decodescalar448:5,decreas:17,decrypt:[0,6,7,10,11,13,19,25],dedic:[0,14],defend:31,defin:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32],definit:[4,13,14,23,24,27,29,30],delai:11,deleg:4,delet:29,deliveri:27,demand:0,deni:10,denot:0,depend:[1,4,5,10,11,13,14,16,17,18,19,20,21,26,27,29],deploi:28,deprec:[7,13,14],der:[5,21],derefer:26,deriv:[0,1,5,6,7,12,15,23,25,26,29,31],des:[0,7],describ:[0,1,5,6,7,11,12,13,14,17,18,23,26,27,29,30,31],descript:[1,2,4,5,6,7,9,10,11,12,13,14,16,17,18,19,20,21,23,24,25,26,27,28,29,30],design:[0,4,13,17,25,27,29,30,31],desir:[1,4,11,17,18,27,29],destroi:[0,4,5,23,26,27,29,32],destruct:[3,25],detail:[0,6,7,11,17,21,23,27,30,32],detect:[10,25,26],detector:10,determin:[0,5,6,7,10,11,13,14,16,17,18,19,21,23,26,27,28],determinist:[0,17,21,27],dev:0,develop:[0,26,28],devic:[0,4,13,25,27,31],dh_famili:17,dhephem:16,dhoneflow:16,dhstatic:16,diagnos:27,did:26,differ:[1,2,4,5,6,13,14,17,18,21,23,26,27,28,29,31,32],diffi:[0,3,5,16,17,23,25,27],difficult:27,digest:[0,15,21,25,28],digestinfo:21,digit:[0,17,21],direct:[13,17,26,27,28],directli:[0,5,16,27],discard:[13,17],disclosur:[0,29],discoveri:23,discret:[0,16,17],disk:13,dispatch:31,distinct:[2,27],distinguish:[4,10,11,23],distribut:0,divid:[2,7,12],dobbertin:0,document:[1,5,11,13,14,16,17,18,25,26,27,28,29,30],doe:[1,2,4,5,6,10,11,12,13,14,16,17,18,19,21,23,24,26,27,28,29,30,31],doesn:10,doi:0,domain:[0,7,17,29],done:[17,21],doubt:0,down:[10,26],draft:[0,23],draw:17,driver:29,dsa:[0,21],dss:[0,17],due:[4,5,9,11,13,14,27,32],duplic:[0,5,27],dure:[0,10,13,26,27,28,29,31,32],dynam:[28,29],each:[0,1,2,4,5,6,7,11,13,14,16,17,18,21,22,23,24,26,27,28,29,31],eas:[25,26],easi:27,easier:[7,12],easiest:27,ecb:[13,23],ecc:[0,7,16,17,23],ecc_famili:17,ecdh:16,ecdsa:[0,21],eci:23,ecprivatekei:5,ed448:[0,7,16],eddsa:23,edit:23,effect:[0,2,5,11,13,14,16,18,19,21,29],effici:[0,2,4,6,7],effort:[5,11,14,18],eight:0,either:[4,5,7,9,10,11,12,13,14,16,17,18,19,21,26,27,28,32],electr:0,electron:13,element:[4,5,6,22,23,29,31],ellipt:[0,3,5,16,17,21,23,25],elliptiqu:[0,7],elsewher:[0,7],embodi:0,emiss:29,empti:17,emsa:21,enabl:[4,23,27,28],encod:[1,3,5,6,10,11,13,14,15,17,21,23,25,26,27,31],encompass:7,encourag:[9,13,26,29,32],encrypt:[0,5,6,7,10,12,13,15,23,25,26,28,31],end:[11,18,27],endian:[5,13,14,16,17,21],enforc:[6,11,28],eng:0,england:0,english:0,engrav:4,enlarg:0,enough:[5,10,14,17,26],ensur:[0,5,6,10,11,14,18,23,27,28,29,31],enter:[10,11,13,14,16,17,18,27],enterpris:28,entir:31,entitl:0,entri:[1,10],entropi:[10,27,32],enumer:[10,26],environ:[4,23,26,28,29,32],ephemer:[0,7,16],eprint:0,equal:[5,13,17,21],equival:[1,5,14,16,17,31],eras:[4,5],erron:5,error:[0,1,5,6,8,9,11,13,14,16,17,18,19,20,21,23,25,27],esat:0,essenti:[5,6,10,29],establish:[0,16,17,28],etc:[10,27],europ:7,evalu:[2,4,5,6,7,11,13,14,16,18,19,21,23,30],even:[4,5,10,17,26,27,29,31,32],event:[0,4,11,13,14,26,27],eventu:[11,13,14,18],everi:[0,27],exact:[5,11,18,21,29],exactli:[2,4,6,7,17,21,26,29],exampl:[0,1,4,5,6,9,10,11,12,13,14,16,17,18,21,23,25,26,29,31],except:[0,1,2,7,11,13,14,17,18,26,27,28,31],excess:[0,23],exchang:[5,23,28],exclud:[5,21],exclus:[0,26],execut:[10,26,29,31,32],exhaust:[27,28,31],exist:[0,1,4,5,10,23],expand:[0,5,14,16,17,18,21,27,31],expans:[17,27],expect:[0,1,11,13,14,18,26,27,29],explain:26,explan:0,explicit:[1,11,13,14,17,18,27],explicitli:[4,10,26,27,28],exploit:29,expon:5,exponent1:5,exponent2:5,expos:[4,17,27,28],express:[0,6,13,14,29],expressli:0,extend:[0,13,14,17,24],extens:[4,28],extent:[0,28],extern:[2,4,6,7,10,29],extra:5,extract:[0,4,5,6,7,14,16,17,23,27,28,31],extrem:13,f_p:16,f_q:5,facilit:28,fact:[0,11],factori:[4,25,27],fail:[5,10,11,13,14,16,19,20,21,26,27,29,32],failur:[1,5,10,11,13,14,16,17,18,19,20,21,23,26,27,28,32],fals:16,famili:[5,7,14,16,17,18,23,26,30],far:[11,26],fashion:27,favor:26,featur:[0,4,23,27],februari:0,feedback:[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32],few:[0,26,32],fewer:11,ffc:16,field:[0,1,5,7,12,15,16,17,28],file:[23,25,28,29],fill:[14,23],financi:[0,21],fine:27,finish:[11,13,14,18,26,27,29,32],finit:[0,7,16,17,27],fip:[0,7,14,17],fips180:[0,14],fips186:[0,17],fips197:[0,7],fips202:[0,14],firmwar:[28,30],first:[0,1,13,14,17,18,21,23,26,27,28],fit:[0,21,27],fix:[0,1],flag:[1,3,5,11,13,16,17,18,19,21,23,25,26,27,29],flaw:29,flow:[23,28],follow:[0,1,2,4,5,6,7,10,11,12,13,14,16,17,18,21,23,26,27,29],font:0,foo:26,foo_length:26,foo_siz:26,forbidden:[10,17],forc:[0,5],forcibl:10,form:[0,2,4,6,7,11,13,14,17,18,21,23,28],formal:23,format:[5,10,13,15,16,23,27,28],forward:17,found:[1,5],four:[0,6,13],fragment:[11,13,14,18,27],franc:7,free:[0,1,5,11,13,14,17,18,26,28],freedom:[28,29],freeli:[2,4],frequent:4,freshli:1,friendli:[28,30],from:[0,1,2,4,5,6,7,10,11,13,14,16,17,18,21,23,26,27,28,29,31,32],frontend:28,frp256v1:[7,23],frp:[0,7],fulbourn:0,full:[10,13,16,18,26],fullest:0,fulli:[0,29],further:[10,23,26,28],furthermor:11,futur:[2,4,7,12,13,17,24,25,26,27,29],galoi:[0,11],garbag:27,gb688:0,gcm:[0,11,26],gener:[0,1,5,7,9,10,11,13,15,17,19,21,23,25,26,28,30,32],get:[1,12,16],give:[0,4,27,28,29],given:[1,2,4,5,11,13,14,16,17,23,28,32],glitch:29,global:[1,10,11,13,14,17,18,27],globalspec:0,glossari:23,gmac:[0,11],goal:[10,25,31],goldilock:[0,7,16],good:6,gouv:0,govern:0,grant:0,greater:17,group:[7,22,23,24],guarante:[0,4,5,9,10,11,13,14,16,19,21,23,26,27,29,31,32],guess:[14,18,29],guidelin:4,had:[9,26],half:23,halt:[14,23,26],hamburg:0,handl:[5,10,23,25,27],handle_error:5,handshak:17,happen:[10,17,26],harder:28,hardwar:[0,10,25,27,30,31,32],has:[0,1,2,4,5,6,10,11,13,14,16,17,18,19,20,21,23,26,27,28,29,30,31],hash:[0,5,6,7,10,12,15,17,18,19,21,22,23,25,26,28],hash_alg:[14,17,18,19,21,22,24],hash_length:[14,21,22],hash_siz:[14,22],hash_stat:[14,22],hash_state_length:[14,22],hash_state_s:[14,22],have:[0,1,2,4,5,6,7,9,10,11,12,13,14,16,17,18,19,21,23,24,26,27,28,29,31,32],hcno:0,header:[23,25,29],heap:[27,32],hellman:[0,3,5,16,17,23,25,27],here:[5,10,11,13,14,17,18,24,27],hereaft:0,herebi:0,hereund:0,hexadecim:0,high:[27,29,30,31],higher:[4,28],highest:26,highli:[1,6,27],hint:[6,29],histori:[0,25],hkdf:[0,17,23],hmac:[0,5,7,14,17,18,23],hold:[10,31],holist:30,home:0,host:10,how:[4,5,12,14,17,21,23,26,27,29],howev:[4,5,10,17,26,27,28,31,32],hsm:31,html:0,http:0,hybrid:23,iacr:0,iana:23,ident:[14,17,18,21,28,31],identif:[19,28],identifi:[0,1,3,4,5,6,7,10,11,12,13,14,16,17,18,19,21,23,25,26,28,29,30],ids:23,iec:[0,14,18],ieee:[0,13],ieeexplor:0,ietf:[0,7,11,13,14],ignor:0,ihi:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32],illeg:23,illustr:5,immedi:[0,29],immut:5,impact:[29,32],implement:[0,1,3,5,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,25,26,27,28,30,31,32],impli:0,implic:9,imposs:[1,5,10,21,23,26],improp:9,improv:[0,23],inact:[11,13,14,17,18,27,29],includ:[0,1,5,7,13,14,16,17,21,23,27,28,29,30,31,32],incompat:[5,11,13],incomplet:13,incorrect:10,increas:23,increment:13,independ:[13,14,23,29,30,31],indic:[0,1,5,10,11,16,19,23,26,27,28,29],indirect:[1,25],indirectli:[0,27,28],individu:[0,1,17,21,23,26],industri:[0,21,30],ineffici:29,inescap:28,info:[0,17],infocent:0,inform:[1,4,7,14,17,18,23,25,26,27],infrastructur:[0,5],infring:0,initi:[0,1,5,8,10,11,13,14,16,17,18,19,20,21,23,25,27],inlin:[2,4,6,7],input:[0,2,4,5,6,7,11,13,14,15,16,18,19,21,22,23,24,25,27,29,32],input_length:[11,13,14,18,19,21,22],insecur:[18,28],insid:[4,6,10,28,29,31],inspect:23,instanc:[0,4,26,27,28],instanti:[26,29],instead:[2,4,6,7,10,11,13,14,16,17,18,20,23,27,30],instruct:0,insuffici:[10,11,13,14,26],int32_t:[10,22],integ:[0,5,11,12,13,14,16,17,18,21,23,26,29],integr:[2,10,13,14,18,26,27,28],intellectu:0,intend:[10,23,26],interchang:28,interest:0,interfac:[0,4,6,13,16,23,25,26,27,30,31],intermedi:[10,14,23,27,28],intern:[14,23,26,27,28,31],internet:[0,5],interoper:28,interpret:[0,5,16],interrupt:[26,29],introduc:[0,23],introduct:25,introductori:23,invalid:[1,2,5,7,10,11,12,17,26,28,29],invers:5,invoc:21,involv:[14,27,28,31],iot:28,isl:0,iso10118:[0,14],iso9797:[0,18],iso:[0,14,18],isol:[2,17,25,27,29,31],issu:[0,25,26,27,28],ital:0,item:[0,5,10],iter:13,its:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32],itself:[0,1,10,11,12,13,14,17,18],iv_length:[13,22],iv_siz:[13,22],januari:0,juli:0,june:0,just:6,ka_alg:[16,22,24],kdf:[0,23],kdf_alg:[16,22,24],keep:[6,10,26,29,32],kei:[0,10,11,12,13,15,18,19,20,21,22,23,25,28,30,32],kept:[17,28,31],kernel:26,key_bit:[5,7,11,16,18,19,21,22],key_typ:[5,11,13,16,18,19,21,22],keypair:0,keystor:[0,7,10,25,31,32],kind:6,known:[12,27,28,29],koblitz:7,kuleuven:0,label:[17,19],lack:[9,28,32],land:26,languag:[0,28],larg:[5,11,13,14,18,27],larger:[10,17,18,28,29,31],last:[1,10,11,26],later:14,latest:29,latter:17,law:0,layer:[0,7,17,31],lead:5,leak:[14,18,23,26,27,28,29,31,32],leakag:32,least:[4,5,11,13,14,17,18,23,31],leav:[13,26,29],led:10,left:[7,21],legaci:[7,13,14,27,28],legal:0,length:[5,11,13,14,17,18,21,23,26,27],less:[11,17],let:17,level:[27,28,30,31],lexer:5,liabil:0,liabl:0,librari:[1,5,11,13,14,16,17,18,19,20,21,25,28],licenc:25,licens:0,license:0,lie:29,lifespan:0,lifetim:[0,1,2,3,5,6,17,22,23,25,31],like:[2,4,6,7,24,29],limit:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32],link:[0,28],linkag:[2,4,6,7],list:[0,5,7,10,11,12,13,14,18,28,31],literatur:29,littl:[5,13,14,16,31],lnc:0,load:29,local:[2,4,27],locat:[0,1,5,6,10,11,17,22,23,26,27,28,29],log:[10,26],log_2:16,logarithm:[0,16,17],logic:[1,11,13,14,17,18,27,31,32],logo:0,longer:[1,5,7,10,17,23,27,29,32],look:29,loss:10,low:[28,30],lower:4,lowest:26,mac:[0,6,7,10,11,12,15,22,25,26],mac_alg:[18,22,24],mac_length:[18,22,24],mac_siz:[18,22],machin:28,macro:[3,8,15,23,25,26,27],made:[0,21,23],mai:[0,4,17],mail:0,main:[0,4,27,31],maintain:[27,29],mainten:6,major:[0,9,23,28],make:[0,1,4,5,6,10,11,13,14,16,17,18,19,21,23,26,28,29],malici:[11,31],malloc:5,manag:[0,4,6,13,23,25,26,28,31],mandat:23,mandatori:[10,17,27,30],mani:[1,10,18,27],manipul:29,manner:[26,28],manual:0,manufactur:[0,31],map:[23,29],march:0,mark:0,marker:1,mask:[19,21],master:[17,27,28],mastersecret:17,match:[4,5,13,14,23,29],materi:[0,1,4,5,6,16,17,21,23,25,27,28,30,31],matter:0,maximum:[2,5,7,11,13,14,16,17,18,19,21,23,26],mbed:23,md2:[0,14],md4:[0,14],md5:[0,14],mean:[0,1,4,11,13,14,16,17,18,26,27,28,29,31],meant:27,mechan:[0,4,18,21,23,28,29],media:10,meet:[13,28],memcmp:[14,18],memori:[0,1,4,5,6,10,11,23,25,26,27,28,31],memset:[1,11,13,14,17,18],mention:[0,26],merchant:0,mere:[2,4,10],merg:23,messag:[0,6,11,13,15,19,21,23,25,28],met:4,metadata:[0,1,4,5,17,23,27],method:[0,11,13,14,17,18,23,27,29],mgf1:[19,21],microcontrol:28,middl:17,might:[0,1,5,6,9,10,11,13,14,16,17,18,19,21,26,27,28,29,31,32],mind:10,minim:[5,29,32],minimum:[2,13,18,25,29,30,31],minor:[0,9,23],mistak:28,misus:[28,29],mitsubishi:0,mnemon:0,mod:5,mode:[0,7,11,12,13,18,23,26,27],model:[16,30,31],modern:30,modif:23,modifi:[1,10,17,21,26,32],modul:9,modular:[27,28],modulu:5,monospac:0,montgomeri:[7,16,17],more:[0,1,4,5,6,9,11,13,14,17,18,23,26,27,28,29,31,32],most:[16,17,18,21,23,26,27,28,29,32],move:[23,27],much:[17,26],multi:[0,5,10,15,16,21,23,25,26,28,29],multipl:[5,7,10,11,12,13,16,17,19,21,23,26,27,28,29,31],multiprocess:28,multitask:26,multithread:[26,32],must:[0,1,2,4,5,6,7,9,10,11,12,13,14,16,17,18,19,20,21,22,23,26,27,28,29,30,31,32],mutual:31,name:[0,2,4,16,19,21,22,23,27],namespac:29,narrow:13,national:0,natur:23,necessari:[23,28],need:[1,4,5,10,11,13,14,17,18,23,24,26,27,28,29,31,32],neg:10,negoti:[0,7],neither:[5,17],network:25,never:[4,23,26,31],newer:[13,27],newgbinfo:0,newli:[1,5,17],next:[17,26,29],nfc:28,nist:[0,7,11,13,16,17,18],non:[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32],nonc:[0,10,11,13,22,23,27],nonce_length:[11,22],nonce_s:[11,22],none:[5,10],nonzero:5,nor:[5,17,28],norm:31,normal:[0,10,13,17,21,26,32],note:[10,13,17,19,21,26,27],noth:5,notic:0,notwithstand:0,novemb:0,now:[0,1,10,23,26,27],ntt:[0,7],number:[5,9,11,13,14,15,16,17,18,19,21,23,25,26,27,28,29,31,32],oaep:19,obei:[26,29,32],object:[1,2,4,5,6,7,11,13,14,16,17,18,23,25,26,27,32],oblig:0,observ:[10,11,26],obsolet:23,obtain:[17,26,27,29],obviou:23,occur:[4,5,10,11,13,14,17,18,27,29,32],octet:[0,5,11,17,21,29],octob:0,ofb:13,offer:[4,10,31],offset:26,often:[26,27,28],omit:[17,27],onc:[1,2,4,6,7,9,11,13,14,17,18,26,27,28],one:[0,1,2,4,5,7,10,11,13,14,16,18,21,23,26,27,28,29,31,32],ones:[28,31],ongo:[5,6,14,17,29],onli:[0,1,4,5,6,7,10,11,12,13,14,17,18,21,23,26,27,28,29,32],onward:[17,21],opac:0,opaqu:30,open:[0,29,30],oper:[0,4,5,6,7,9,10,12,16,17,19,21,22,23,25,26,28,29,30,31,32],opposit:26,optim:[26,28],option:[0,1,5,11,13,17,19,21,23,25,27,29],oracl:11,order:[1,5,14,16,17,18,21,26,27],ordinari:0,org:0,orient:[0,13],origin:[1,5,7,11,13,26,27],oscca:0,other:[1,4,5,6,9,10,11,13,14,15,16,17,21,25,26,27,28,31,32],otherwis:[0,4,6,10,11,12,13,16,17,18,19,21,26,32],out:[10,11,17,26,29],outcom:26,output:[0,1,2,4,5,7,10,11,13,14,16,17,18,19,20,22,23,25,27,32],output_length:[11,13,16,17,19,22],output_s:[11,13,16,19,20,22],outsid:[2,4,5,6,17,27,28,29],ouvrag:0,over:[5,7,16,18,21,26,27,28,29],overal:29,overflow:11,overlap:25,overview:[23,25,30],overwrit:[6,7],own:[0,4,23,27],owner:[0,29],ownership:[4,23],pad:[10,12,13,16,17,21,23,27],page:0,pair:[0,5,6,7,16,17,19,21,25,27,31],paradigm:21,paramet:[0,1,2,4,5,6,7,10,11,12,13,14,16,17,18,19,20,21,23,25,27,28,29,31,32],parameter:23,parametr:[21,26],pariti:[5,17,23],part:[0,5,6,7,10,15,16,21,23,25,26,28,29,30],parti:[0,4,5,27],partial:[13,14,26,27,29],particip:16,particular:[0,1,4,5,6,10,11,13,14,17,18,21,26,28,29],particularli:29,partit:[25,28],pass:[2,4,5,10,11,13,14,16,17,18,19,21,23,26,27,29,32],passeport:[0,7],past:[29,32],patent:0,pattern:[1,23,27,29],pdf:0,peer:[16,27],peer_kei:[16,22],peer_key_length:[16,22],peopl:0,per:[11,13,14,18,21],perform:[0,4,9,10,11,12,14,16,18,21,26,27,28,29,31],period:[0,32],perman:[2,4,10,27],permiss:[6,26],permit:[0,1,3,4,5,9,10,11,12,13,16,17,18,19,21,23,25,26,27,28,29],permut:[0,14],persist:[0,1,2,3,5,6,10,17,22,25,27,29,31,32],person:17,phase:27,philosophi:25,physic:[0,4,5,28,31],piec:0,pkc2006:0,pkc:[0,5,13,19,21],pkcs1:21,place:[1,11,23,29],plain:[0,6,10],plaintext:[11,13,19,22,27],plaintext_length:[11,22,23],plaintext_s:[11,22],plan:[25,28],platform:[0,25,26,30,31],pleas:29,plen:11,plu:31,point:[5,16,17,21,22,26],pointer:[1,23,25],polici:[0,1,3,4,5,7,10,12,17,18,21,23,25,28,29],poly1305:[0,7,11,13],popul:[4,5,27,28],port:25,portabl:[1,5,11,13,14,16,17,18,19,21,29,30],portion:0,possess:0,possibl:[5,10,13,17,21,26,28,29,31],potenti:[23,25,26,31],power:[4,27,29],practic:[6,30],prc:[0,7,14],pre:[0,1,17,27,28,29],preced:[0,11,13,14,18],precis:[0,10,23,28,29],predefin:29,predict:29,prefer:[4,13],prefix:0,prejudic:0,preneel:0,prepar:[4,27],presenc:6,present:[5,6,10,28,31],preserv:[4,6,27],prevail:0,prevent:[0,26,28],previou:[1,11,23,26,31],previous:[1,5,6,7,10,11,13,14,16,17,18,19,20,21,23,27],prf:17,primari:[4,31],primarili:[5,7],prime1:5,prime2:5,prime:[5,7,16,17],primit:[16,28,30],privat:[0,5,6,7,16,17,19,21,27,28],private_kei:[5,16,22],privateexpon:5,privatekei:5,privileg:[4,23],prng:10,probabilist:5,procedur:[17,31],process:[4,5,11,13,14,27,28,29,31,32],processor:[25,28,32],produc:[0,16,17,19,21,27],product:[0,5],profil:[0,5,25,30],program:0,programm:31,progress:[26,27],proper:13,properli:26,properti:0,proprietari:[6,27],protect:[0,10,13,27,28,29],protocol:[0,7,10,11,13,14,17,27,28],prototyp:23,prove:28,provid:[0,2,4,5,6,7,11,13,14,16,17,19,21,22,23,24,26,27,28,29,30,31],provis:[25,27,31],psa:[0,1,2,3,4,5,6,7,8,11,12,13,14,15,16,17,18,19,20,21,23,24,26,27,28,29,30,31,32],psa__alg_aead_with_default_tag_length__cas:23,psa_abort_xxx:26,psa_aead_abort:[15,22,27],psa_aead_decrypt:[6,15,22,27],psa_aead_decrypt_output_max_s:[15,22,23],psa_aead_decrypt_output_s:[15,22,23],psa_aead_decrypt_setup:[6,15,22,27],psa_aead_encrypt:[6,15,22,27],psa_aead_encrypt_output_max_s:[15,22,23],psa_aead_encrypt_output_s:[15,22,23],psa_aead_encrypt_setup:[6,15,22,27],psa_aead_finish:[15,22,27],psa_aead_finish_output_max_s:[15,22,23],psa_aead_finish_output_s:[15,22,23],psa_aead_generate_nonc:[15,22,27],psa_aead_nonce_length:[15,22,23],psa_aead_nonce_max_s:[15,22,23],psa_aead_operation_init:[15,22,27],psa_aead_operation_t:[15,22,27],psa_aead_set_length:[15,22,27],psa_aead_set_nonc:[15,22,27],psa_aead_tag_length:[15,22,23],psa_aead_tag_length_offset:23,psa_aead_tag_max_s:[15,22,23],psa_aead_upd:[15,22,23,27],psa_aead_update_ad:[15,22,27],psa_aead_update_output_max_s:[15,22,23],psa_aead_update_output_s:[15,22,23],psa_aead_verifi:[15,22,27],psa_aead_verify_output_max_s:[15,22,23],psa_aead_verify_output_s:[15,22,23],psa_alg_aead_from_block_flag:23,psa_alg_aead_tag_length_mask:23,psa_alg_aead_with_default_length_tag:[15,22,23,24],psa_alg_aead_with_default_tag_length:23,psa_alg_aead_with_shortened_tag:[15,22,23,24],psa_alg_aead_with_tag_length:23,psa_alg_any_hash:[6,12,15,22,23],psa_alg_arc4:23,psa_alg_category_aead:23,psa_alg_category_asymmetric_encrypt:23,psa_alg_category_ciph:23,psa_alg_category_hash:23,psa_alg_category_key_agr:23,psa_alg_category_key_deriv:23,psa_alg_category_mac:23,psa_alg_category_mask:23,psa_alg_category_sign:23,psa_alg_cbc_mac:[15,22,23],psa_alg_cbc_no_pad:[15,22,23],psa_alg_cbc_pkcs7:[15,22,23],psa_alg_ccm:[15,22,23,24],psa_alg_cfb:[15,22,23],psa_alg_chacha20:23,psa_alg_chacha20_poly1305:[7,15,22,23,24],psa_alg_cipher_from_block_flag:23,psa_alg_cipher_mac_bas:23,psa_alg_cipher_stream_flag:23,psa_alg_cmac:[15,22,23],psa_alg_ctr:[15,22,23],psa_alg_deterministic_ecdsa:[15,22,23,24],psa_alg_deterministic_ecdsa_bas:23,psa_alg_ecb_no_pad:[15,22,23],psa_alg_ecdh:[7,15,22,23],psa_alg_ecdsa:[12,15,22,23,24],psa_alg_ecdsa_ani:[15,22,23,24],psa_alg_ecdsa_bas:23,psa_alg_ecdsa_is_determinist:23,psa_alg_ffdh:[7,15,22,23],psa_alg_full_length_mac:[15,22,23,24],psa_alg_gcm:[15,22,23,24,26],psa_alg_get_hash:[15,21,22,23,24,27],psa_alg_gmac:23,psa_alg_hash_ani:24,psa_alg_hash_mask:23,psa_alg_hkdf:[12,15,22,23,24,27],psa_alg_hkdf_bas:23,psa_alg_hkdf_get_hash:23,psa_alg_hmac:[12,14,15,22,23,24],psa_alg_hmac_bas:23,psa_alg_hmac_get_hash:23,psa_alg_is_aead:[11,15,22,23,24],psa_alg_is_aead_on_block_ciph:[15,22,23,24],psa_alg_is_asymmetric_encrypt:[15,22,23,24],psa_alg_is_block_cipher_mac:[15,22,23,24],psa_alg_is_ciph:[13,15,22,23,24],psa_alg_is_deterministic_ecdsa:[15,22,23,24],psa_alg_is_ecdh:[15,22,23,24],psa_alg_is_ecdsa:[15,22,23,24],psa_alg_is_ffdh:[15,22,23,24],psa_alg_is_hash:[14,15,17,18,19,21,22,23,24],psa_alg_is_hash_and_sign:[15,22,23,24],psa_alg_is_hkdf:[15,22,23,24],psa_alg_is_hmac:[15,22,23,24],psa_alg_is_key_agr:[15,16,22,23,24],psa_alg_is_key_deriv:[15,16,17,22,23,24],psa_alg_is_key_derivation_or_agr:23,psa_alg_is_key_select:23,psa_alg_is_mac:[15,18,22,23,24],psa_alg_is_randomized_ecdsa:[15,22,23,24],psa_alg_is_raw_key_agr:[15,22,23,24],psa_alg_is_rsa_oaep:[15,22,23,24],psa_alg_is_rsa_pkcs1v15_sign:[12,15,22,23,24],psa_alg_is_rsa_pss:[15,22,23,24],psa_alg_is_sign:[15,22,23,24],psa_alg_is_sign_hash:[15,22,23,24],psa_alg_is_sign_messag:[15,22,23,24],psa_alg_is_stream_ciph:[15,22,23,24],psa_alg_is_tls12_prf:[15,22,23,24],psa_alg_is_tls12_psk_to_m:[15,22,23,24],psa_alg_is_vendor_defin:23,psa_alg_is_wildcard:[15,21,22,23,24],psa_alg_key_agr:[15,22,23,24],psa_alg_key_agreement_get_bas:[15,22,23,24],psa_alg_key_agreement_get_kdf:[15,22,23,24],psa_alg_key_agreement_mask:23,psa_alg_key_derivation_mask:23,psa_alg_mac_subcategory_mask:23,psa_alg_mac_truncation_mask:23,psa_alg_md2:[15,22,23,24],psa_alg_md4:[15,22,23,24],psa_alg_md5:[15,22,23,24],psa_alg_non:[1,6,15,22,24],psa_alg_ofb:[15,22,23],psa_alg_ripemd160:[15,22,23,24],psa_alg_rsa_oaep:[12,15,22,23,24],psa_alg_rsa_oaep_bas:23,psa_alg_rsa_oaep_get_hash:23,psa_alg_rsa_pkcs1v15_crypt:[15,22,23],psa_alg_rsa_pkcs1v15_sign:[15,22,23,24],psa_alg_rsa_pkcs1v15_sign_bas:23,psa_alg_rsa_pkcs1v15_sign_raw:[15,22,23,24],psa_alg_rsa_pss:[12,15,22,23,24],psa_alg_rsa_pss_bas:23,psa_alg_sha3_224:[15,22,23],psa_alg_sha3_256:[15,21,22,23],psa_alg_sha3_384:[15,22,23],psa_alg_sha3_512:[15,22,23],psa_alg_sha_1:[15,22,23,24],psa_alg_sha_224:[15,22,23,24],psa_alg_sha_256:[15,17,18,21,22,23,24],psa_alg_sha_384:[15,22,23,24],psa_alg_sha_512:[15,21,22,23,24],psa_alg_sha_512_224:[15,22,23],psa_alg_sha_512_256:[15,22,23,24],psa_alg_sign_get_hash:23,psa_alg_sm3:[15,22,23],psa_alg_stream_ciph:[7,15,22,23],psa_alg_tls12_prf:[12,15,22,23,24],psa_alg_tls12_prf_bas:23,psa_alg_tls12_prf_get_hash:23,psa_alg_tls12_psk_to_m:[12,15,22,23,24],psa_alg_tls12_psk_to_ms_bas:23,psa_alg_tls12_psk_to_ms_get_hash:23,psa_alg_tls12_psk_to_ms_max_psk_len:23,psa_alg_truncated_mac:[15,22,23,24],psa_alg_vendor_flag:23,psa_alg_xt:[7,15,22,23],psa_alg_xxx:[11,13,14,16,17,18,19,21,23],psa_alg_xxxx_get_hash:23,psa_algorithm_t:[6,11,13,14,15,16,17,18,19,21,22,23,24,26],psa_asymmetric_decrypt:[6,15,22,27],psa_asymmetric_decrypt_output_max_s:[15,22,23],psa_asymmetric_decrypt_output_s:[15,22],psa_asymmetric_encrypt:[6,15,22,27],psa_asymmetric_encrypt_output_max_s:[15,22,23],psa_asymmetric_encrypt_output_s:[15,22],psa_asymmetric_sign:23,psa_asymmetric_sign_output_s:23,psa_asymmetric_signature_max_s:23,psa_asymmetric_verifi:23,psa_bits_to_byt:23,psa_block_cipher_block_length:[15,22,23,24],psa_block_cipher_block_max_s:[15,22,23],psa_block_cipher_block_s:23,psa_bytes_to_bit:23,psa_cipher_abort:[15,22,27],psa_cipher_decrypt:[6,15,22,23,27],psa_cipher_decrypt_output_max_s:[15,22,23],psa_cipher_decrypt_output_s:[15,22,23],psa_cipher_decrypt_setup:[6,15,22,27],psa_cipher_encrypt:[6,15,22,23,27],psa_cipher_encrypt_output_max_s:[15,22,23],psa_cipher_encrypt_output_s:[15,22,23],psa_cipher_encrypt_setup:[6,15,22,27],psa_cipher_finish:[15,22,27],psa_cipher_finish_output_max_s:[15,22,23],psa_cipher_finish_output_s:[15,22,23],psa_cipher_generate_iv:[15,22,27],psa_cipher_iv_length:[15,22,23],psa_cipher_iv_max_s:[15,22,23],psa_cipher_operation_init:[15,22,27],psa_cipher_operation_t:[15,22,27],psa_cipher_set_iv:[15,22,23,27],psa_cipher_upd:[15,22,23,27],psa_cipher_update_output_max_s:[15,22,23],psa_cipher_update_output_s:[15,22,23],psa_close_kei:23,psa_copy_kei:[1,2,3,4,6,22,23,27],psa_create_kei:23,psa_crypto_api_version_major:[8,22,23],psa_crypto_api_version_minor:[8,22,23],psa_crypto_generator_init:23,psa_crypto_generator_t:23,psa_crypto_init:[1,5,8,10,11,13,14,16,17,18,19,20,21,22,27,32],psa_destroy_kei:[2,3,4,22,23,27],psa_dh_family_rfc7919:[3,22,23],psa_dh_family_t:[3,22,23,24],psa_dh_group_ffdhe2048:23,psa_dh_group_ffdhe3072:23,psa_dh_group_ffdhe4096:23,psa_dh_group_ffdhe6144:23,psa_dh_group_ffdhe8192:23,psa_dh_group_t:23,psa_ecc_curve_bit:23,psa_ecc_curve_brainpool_p256r1:23,psa_ecc_curve_brainpool_p384r1:23,psa_ecc_curve_brainpool_p512r1:23,psa_ecc_curve_curve25519:23,psa_ecc_curve_curve448:23,psa_ecc_curve_secp160k1:23,psa_ecc_curve_secp160r1:23,psa_ecc_curve_secp160r2:23,psa_ecc_curve_secp192k1:23,psa_ecc_curve_secp192r1:23,psa_ecc_curve_secp224k1:23,psa_ecc_curve_secp224r1:23,psa_ecc_curve_secp256k1:23,psa_ecc_curve_secp256r1:23,psa_ecc_curve_secp384r1:23,psa_ecc_curve_secp521r1:23,psa_ecc_curve_sect163k1:23,psa_ecc_curve_sect163r1:23,psa_ecc_curve_sect163r2:23,psa_ecc_curve_sect193r1:23,psa_ecc_curve_sect193r2:23,psa_ecc_curve_sect233k1:23,psa_ecc_curve_sect233r1:23,psa_ecc_curve_sect239k1:23,psa_ecc_curve_sect283k1:23,psa_ecc_curve_sect283r1:23,psa_ecc_curve_sect409k1:23,psa_ecc_curve_sect409r1:23,psa_ecc_curve_sect571k1:23,psa_ecc_curve_sect571r1:23,psa_ecc_curve_t:23,psa_ecc_family_brainpool_p_r1:[3,5,16,22,23],psa_ecc_family_frp:[3,5,16,22,23],psa_ecc_family_montgomeri:[3,5,16,17,22,23],psa_ecc_family_secp_k1:[3,22,23],psa_ecc_family_secp_r1:[3,22,23],psa_ecc_family_secp_r2:[3,22,23],psa_ecc_family_secp_xx:[5,16],psa_ecc_family_sect_k1:[3,22,23],psa_ecc_family_sect_r1:[3,22,23],psa_ecc_family_sect_r2:[3,22,23],psa_ecc_family_sect_xx:[5,16],psa_ecc_family_t:[3,22,23,24],psa_ecdsa_signature_s:23,psa_error_already_exist:[5,8,17,22,23],psa_error_bad_st:[1,5,8,9,11,13,14,16,17,18,19,20,21,22,26,27],psa_error_buffer_too_smal:[5,8,11,13,14,16,18,19,21,22,26],psa_error_communication_failur:[1,5,8,9,11,13,14,16,17,18,19,20,21,22,26],psa_error_corruption_detect:[1,5,8,9,11,13,14,16,17,18,19,20,21,22,23,26,27],psa_error_data_corrupt:[1,5,8,11,13,16,17,18,19,21,22,23,26],psa_error_data_invalid:[1,5,8,11,13,16,17,18,19,21,22,23],psa_error_does_not_exist:[8,22,23],psa_error_empty_slot:23,psa_error_generic_error:[8,22,23],psa_error_hardware_failur:[5,8,9,11,13,14,16,17,18,19,20,21,22,26],psa_error_insufficient_capac:23,psa_error_insufficient_data:[8,17,22,23,26],psa_error_insufficient_entropi:[5,8,9,19,20,21,22],psa_error_insufficient_memori:[1,5,8,9,11,13,14,16,17,18,19,20,21,22,29],psa_error_insufficient_storag:[5,8,17,22],psa_error_invalid_argu:[5,8,11,13,14,16,17,18,19,21,22],psa_error_invalid_handl:[1,2,5,8,11,13,16,17,18,19,21,22],psa_error_invalid_pad:[8,13,19,22],psa_error_invalid_signatur:[8,11,14,18,21,22],psa_error_not_permit:[5,8,11,13,16,17,18,19,21,22,23],psa_error_not_support:[5,8,11,13,14,16,17,18,19,20,21,22],psa_error_occupied_slot:23,psa_error_storage_failur:[1,5,8,11,13,16,17,18,19,21,22,23,26],psa_error_tampering_detect:23,psa_error_unknown_error:23,psa_error_xxx:10,psa_export_kei:[3,6,22,23,27],psa_export_key_output_s:[3,22,23],psa_export_key_pair_max_s:[3,22,23],psa_export_public_kei:[3,16,22,27],psa_export_public_key_max_s:[3,22,23],psa_export_public_key_output_s:[3,22,23],psa_generate_derived_kei:23,psa_generate_kei:[1,2,3,4,20,22,23,27],psa_generate_random:[13,15,22,27],psa_generator_abort:23,psa_generator_import_kei:23,psa_generator_read:23,psa_generator_unbridled_capac:23,psa_get_generator_capac:23,psa_get_key_algorithm:[3,22],psa_get_key_attribut:[3,5,7,17,22,23,27],psa_get_key_bit:[3,5,22],psa_get_key_id:[3,22],psa_get_key_inform:23,psa_get_key_lifetim:[3,22],psa_get_key_typ:[3,5,22],psa_get_key_usage_flag:[3,22],psa_get_key_xxx:[1,27],psa_hash_abort:[15,22,27],psa_hash_block_length:[7,15,22,23,24],psa_hash_clon:[15,22,27],psa_hash_compar:[15,22,27],psa_hash_comput:[15,21,22,27],psa_hash_finish:[15,22,27],psa_hash_length:[7,15,22,23],psa_hash_max_s:[15,22],psa_hash_operation_init:[15,22,27],psa_hash_operation_t:[15,22,27],psa_hash_resum:[15,22,23,27],psa_hash_s:23,psa_hash_setup:[15,22,27],psa_hash_suspend:[15,22,23,27],psa_hash_suspend_algorithm_field_length:[15,22,23,24],psa_hash_suspend_hash_state_field_length:[15,22,23,24],psa_hash_suspend_input_length_field_length:[15,22,23,24],psa_hash_suspend_output_max_s:[15,22,23],psa_hash_suspend_output_s:[15,22,23,24],psa_hash_upd:[15,22,27],psa_hash_verifi:[15,22,27],psa_hmac_max_hash_block_s:23,psa_import_kei:[1,2,3,4,16,17,22,23,27],psa_kdf_step_xxx:23,psa_key_agr:23,psa_key_agreement_raw_shared_secret:23,psa_key_attributes_init:[3,5,22],psa_key_attributes_t:[2,3,4,5,6,7,17,22,23,27],psa_key_derivation_abort:[15,16,22,23,27],psa_key_derivation_get_capac:[15,22,23],psa_key_derivation_input_byt:[15,22,23,27],psa_key_derivation_input_context:[15,22,23],psa_key_derivation_input_info:[15,22,27],psa_key_derivation_input_kei:[6,15,22,23,27],psa_key_derivation_input_label:[15,22],psa_key_derivation_input_salt:[15,22],psa_key_derivation_input_se:[15,22],psa_key_derivation_input_secret:[15,16,22,23,27],psa_key_derivation_input_xxx:[17,23],psa_key_derivation_key_agr:[6,15,17,22,23,27],psa_key_derivation_operation_init:[15,22,23,27],psa_key_derivation_operation_t:[15,16,22,23,27],psa_key_derivation_output_byt:[15,22,23,27],psa_key_derivation_output_kei:[1,2,4,5,15,22,23,27],psa_key_derivation_set_capac:[15,22,23,27],psa_key_derivation_setup:[15,16,22,27],psa_key_derivation_step_t:[15,16,22],psa_key_derivation_unlimited_capac:[15,22,23],psa_key_export_asn1_integer_max_s:23,psa_key_export_dsa_key_pair_max_s:23,psa_key_export_dsa_public_key_max_s:23,psa_key_export_ecc_key_pair_max_s:23,psa_key_export_ecc_public_key_max_s:23,psa_key_export_max_s:23,psa_key_export_rsa_key_pair_max_s:23,psa_key_export_rsa_public_key_max_s:23,psa_key_handle_t:23,psa_key_id_nul:[1,3,4,5,17,22,23],psa_key_id_t:[1,3,4,5,11,13,16,17,18,19,21,22,23],psa_key_id_user_max:[3,22],psa_key_id_user_min:[3,22],psa_key_id_vendor_max:[3,22],psa_key_id_vendor_min:[3,22],psa_key_lifetime_from_persistence_and_loc:[3,22],psa_key_lifetime_get_loc:[3,22],psa_key_lifetime_get_persist:[3,22],psa_key_lifetime_is_volatil:[3,22],psa_key_lifetime_persist:[2,3,5,6,22],psa_key_lifetime_t:[3,22],psa_key_lifetime_volatil:[1,3,5,6,22],psa_key_location_local_storag:[3,22],psa_key_location_primary_secure_el:[3,22],psa_key_location_t:[3,22,23],psa_key_persistence_default:[3,22],psa_key_persistence_read_onli:[3,22],psa_key_persistence_t:[3,22,23],psa_key_persistence_volatil:[3,22],psa_key_policy_t:23,psa_key_type_a:[3,13,17,18,22,23,26],psa_key_type_arc4:[3,13,17,22,23],psa_key_type_camellia:[3,17,22,23],psa_key_type_category_flag_pair:23,psa_key_type_category_key_pair:23,psa_key_type_category_mask:23,psa_key_type_category_public_kei:23,psa_key_type_category_raw:23,psa_key_type_category_symmetr:23,psa_key_type_chacha20:[3,13,17,22,23],psa_key_type_d:[3,17,22,23],psa_key_type_der:[3,17,22,23],psa_key_type_dh_get_famili:[3,22,23,24],psa_key_type_dh_group_mask:23,psa_key_type_dh_key_pair:[3,17,22,23,24],psa_key_type_dh_key_pair_bas:23,psa_key_type_dh_public_kei:[3,22,23,24],psa_key_type_dh_public_key_bas:23,psa_key_type_ecc_curve_mask:23,psa_key_type_ecc_get_famili:[3,22,23,24],psa_key_type_ecc_key_pair:[3,17,22,23,24],psa_key_type_ecc_key_pair_bas:23,psa_key_type_ecc_public_kei:[3,22,23,24],psa_key_type_ecc_public_key_bas:23,psa_key_type_get_curv:23,psa_key_type_get_group:23,psa_key_type_hmac:[3,5,17,22,23],psa_key_type_is_asymmetr:[3,22,23,24],psa_key_type_is_dh:[3,22,23,24],psa_key_type_is_dh_key_pair:[3,5,22,23,24],psa_key_type_is_dh_public_kei:[3,5,22,23,24],psa_key_type_is_ecc:[3,22,23,24],psa_key_type_is_ecc_key_pair:[3,5,22,23,24],psa_key_type_is_ecc_public_kei:[3,5,22,23,24],psa_key_type_is_key_pair:[3,22,23,24],psa_key_type_is_public_kei:[3,5,22,23,24],psa_key_type_is_rsa:[3,22,23,24],psa_key_type_is_unstructur:[3,22,23,24],psa_key_type_is_vendor_defin:23,psa_key_type_key_pair_of_public_kei:[3,22,23,24],psa_key_type_non:[1,3,22,23],psa_key_type_public_key_of_key_pair:[3,5,22,23,24],psa_key_type_raw_data:[3,17,22,23],psa_key_type_rsa_key_pair:[3,5,17,22,23],psa_key_type_rsa_public_kei:[3,5,22,23],psa_key_type_sm4:[3,17,22,23],psa_key_type_t:[3,5,12,13,22,23,24,26],psa_key_type_vendor_flag:23,psa_key_usage_cach:[3,4,5,22,23,29],psa_key_usage_copi:[3,5,22],psa_key_usage_decrypt:[3,11,13,19,22],psa_key_usage_der:[3,16,17,22,23],psa_key_usage_encrypt:[3,11,13,19,22],psa_key_usage_export:[3,5,22],psa_key_usage_sign:23,psa_key_usage_sign_hash:[3,21,22,23],psa_key_usage_sign_messag:[3,18,21,22,23],psa_key_usage_t:[3,22],psa_key_usage_verifi:23,psa_key_usage_verify_hash:[3,21,22,23],psa_key_usage_verify_messag:[3,18,21,22,23],psa_mac_abort:[15,22,27],psa_mac_comput:[6,15,22,27],psa_mac_final_s:[18,23],psa_mac_length:[15,22,23],psa_mac_max_s:[15,22],psa_mac_operation_init:[15,22,27],psa_mac_operation_t:[15,22,27],psa_mac_sign_finish:[15,22,27],psa_mac_sign_setup:[6,15,22,27],psa_mac_truncated_length:23,psa_mac_truncation_offset:23,psa_mac_upd:[15,22,27],psa_mac_verifi:[6,15,22,27],psa_mac_verify_finish:[15,22,27],psa_mac_verify_setup:[6,15,22,27],psa_max_block_cipher_block_s:23,psa_open_kei:23,psa_purge_kei:[3,4,6,22,23,29],psa_raw_key_agr:[6,15,22,23,27],psa_raw_key_agreement_output_max_s:[15,22,23],psa_raw_key_agreement_output_s:[15,22,23],psa_reset_key_attribut:[3,5,22],psa_round_up_to_multipl:23,psa_rsa_minimum_padding_s:23,psa_set_generator_capac:23,psa_set_key_algorithm:[1,3,21,22],psa_set_key_bit:[1,3,22],psa_set_key_id:[1,3,4,22],psa_set_key_lifetim:[1,3,22],psa_set_key_polici:23,psa_set_key_typ:[1,3,22],psa_set_key_usage_flag:[1,3,21,22],psa_set_key_xxx:1,psa_sign_hash:[6,15,22,23,27],psa_sign_messag:[6,15,22,23,27],psa_sign_output_s:[15,22,23],psa_signature_max_s:[15,22,23],psa_status_t:[1,5,8,9,11,13,14,16,17,18,19,20,21,22,26,32],psa_success:[1,2,5,8,9,11,13,14,16,17,18,19,20,21,22,23,26],psa_tls12_psk_to_ms_psk_max_s:[15,22,23],psa_vendor_ecc_max_curve_bit:23,psa_vendor_rsa_max_key_bit:23,psa_verify_hash:[6,15,22,23,27],psa_verify_messag:[6,15,22,23,27],psa_xxx_abort:[23,27],psa_xxx_init:27,psa_xxx_key_pair:23,psa_xxx_keypair:23,psa_xxx_signatur:21,psa_xxx_siz:10,pseudo:[0,24,27,29],pseudocod:25,pseudorandom:[5,10,17,27],psk:[17,23],pss:21,publicexpon:5,publish:23,punumb:0,pure:17,purg:5,purpos:[0,5,6,10,12,17,18,27,28,31],put:27,pygment:5,q_a:16,q_b:16,qualiti:[0,25,26,27],queri:[1,2,4,5,6,7,17,27],quot:17,radio:29,rais:27,ram:[4,6],random:[1,7,9,10,11,13,15,17,21,25,26,28,32],randomli:5,rang:[0,2,4,7,12,17,23,28,29,30],rate:27,rather:[4,10,28],rational:[29,30],raw:[5,7,16,21],rayonn:0,reach:[26,27],read:[0,1,4,5,6,10,16,17,23,26,27,32],readabl:[0,10,26],reader:32,readi:16,realiz:31,realm:10,reason:[10,31],reassign:23,receiv:[10,26,28],recip:30,recogn:[10,11,13,14,18],recommend:[0,1,5,7,10,11,13,14,16,17,18,21,25,26],reconstruct:5,record:[0,7,16],recov:[5,11,18,27],recover:5,red:0,reduc:[17,28,29],ref:0,refer:[1,2,5,10,11,12,14,17,18,22,23,25,26,27,30,32],referenc:23,reflect:0,refurbish:4,regard:23,regardless:[5,6],regist:0,registri:23,regul:[0,6,27],reject:[5,11,17],relat:[0,7,12,23,28,29],relax:23,releas:[4,25,27],relev:[0,23,29],reli:29,reload:29,remain:[0,2,4,10,11,13,17,18,27],remot:31,remov:[4,5,6,23,31],renam:23,reorgan:23,repeat:[6,17],replac:[23,24],report:[1,6,7,10,11,23,26],repres:[1,17,21,28,29],represent:[0,1,5,21,24,28],republ:0,request:[6,10,11,13,16,17,18,19,21,26,29,31],requir:[1,2,4,5,6,7,10,11,12,13,14,16,17,18,19,21,23,25,27,28,30,32],research:28,reseed:[10,32],reserv:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32],reset:[1,4,11,13,14,17,18,23,27],resid:28,resist:[4,25],resort:10,resourc:[1,4,5,10,11,13,14,17,18,23,25,27,32],respect:[0,7,11,12,13,18,19,21,26,29],respons:0,rest:[11,14],restart:[0,27],restrict:[0,4,5,6,17,27,29],restructur:23,result:[1,5,10,11,13,14,16,17,18,19,20,21,23,24,26,27,28,29],resum:[14,23,27],retain:[6,14,28,31],retent:4,retriev:[1,2,4,6,7,17,18,23,27],reus:[0,11,13,14,17,18,23,27,29],reveal:[10,27],revoc:[0,5],rewound:27,rfc1319:[0,14],rfc1320:[0,14],rfc1321:[0,14],rfc2104:[0,18],rfc2315:[0,13],rfc3279:[0,5],rfc3610:[0,11],rfc3713:[0,7],rfc4279:[0,17],rfc5116:[0,27],rfc5246:[0,17],rfc5639:[0,7],rfc5869:[0,17],rfc5915:[0,5],rfc6979:[0,21],rfc7539:[0,11,13],rfc7748:[0,5,17],rfc7919:[0,7],rfc8017:[0,5,19,21],rfc:7,ribos:0,right:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32],ripemd160:0,ripemd:[0,14],risk:[5,26,28,29],riski:[14,18],road:0,robust:29,roll:26,rom:4,royalti:0,rsa:[0,3,5,19,21,25],rsae:19,rsaprivatekei:5,rsapublickei:5,rsassa:21,rule:[0,11,23,29],run:[28,31,32],runtim:[5,10],safe:[10,11,13,14,18,25,26,27],safeti:10,salsa20:[0,11,13],salt:[0,17,19,21,22],salt_length:[19,22],same:[0,2,4,5,6,7,11,13,14,16,18,21,23,26,27,28,29,31,32],sampl:25,satisfactori:0,save:[5,17],scalabl:28,scalar:5,schedul:17,scheme:[0,6,13,16,17,19,21,30],scientifiqu:0,scope:[0,4,28],sec1:[0,5,16,21],sec2:[0,7],sec2v1:[0,7],sec:[0,5,7,16,21],secg:0,secp160r2:7,secp192k1:7,secp192r1:7,secp224k1:7,secp224r1:7,secp256k1:7,secp256r1:7,secp384r1:7,secp521r1:7,secret:[0,5,7,16,17,21,23,27,29,31],sect163k1:7,sect163r1:7,sect163r2:7,sect233k1:7,sect233r1:7,sect239k1:7,sect283k1:7,sect283r1:7,sect409k1:7,sect409r1:7,sect571k1:7,sect571r1:7,section:[1,23,26,27,28,29,31,32],sector:13,secur:[0,4,5,6,7,9,10,14,17,18,25,26,27,30,31],see:[0,2,4,5,6,7,10,11,12,13,14,16,17,18,19,21,27,29],seed:[9,17,27,32],segment:[13,31],select:[11,13,14,17,18,19,21,27],sell:0,semant:23,send:0,sensibl:[5,16,19,21],sensit:[29,32],separ:[0,11,21,23,26,27,28,31,32],septemb:0,sequenc:[0,1,5,10,11,13,14,17,18,21,26,27],sequenti:29,seri:27,serv:[28,31],server:28,serverhello:17,servic:[0,15,21,25,28,30,31],servlet:0,session:23,set:[1,2,4,5,6,7,11,12,13,14,16,17,18,21,23,26,27,30],setup:[11,13,17,27],sever:[0,28,29,31],sha3:14,sha:[0,14,17,18],shall:0,share:[0,5,11,16,17,25,26,27,28,29,31],shorten:11,shorter:5,should:4,show:21,shown:[0,4],side:[4,5,16,19,21,29],sign:[6,18,21,23,25,28],signatur:[0,6,10,12,15,17,22,23,25,27],signature_length:[21,22],signature_s:[21,22],signific:[0,16,17,21],similar:[11,23,27,31],similarli:21,simpl:[1,2,4,6,7,26],simpler:[24,29],simpli:31,simultan:32,sinc:[1,27,31],singl:[0,4,5,6,7,15,16,21,23,25,28,29],situat:[5,9,10,17,27],siv:27,size:[0,1,4,5,7,10,11,13,15,16,17,18,19,21,23,25,27,28,29],size_t:[5,7,11,13,14,16,17,18,19,20,21,22,26],sizeof:[1,11,13,14,17,18],skip:[1,21],slg:14,sm3:[0,14],sm4:[0,7,17],small:[0,5,10,11,13,14,16,18,19,21],smaller:[11,13,14,16,17,18,19,21],smallest:11,smartcard:31,snippet:23,softwar:[0,31],sole:[0,5],some:[0,5,9,10,17,21,23,26,27,28,29,31,32],someth:23,sometim:27,soon:[6,29],sourc:[0,5,27,30],source_kei:[5,22],source_oper:[14,22],sp800:[0,7,11,13,16,17,18],space:[10,11,31],special:[0,1,2,7,11,13,16,17,18,27,28],specif:[0,1,4,5,6,7,10,11,12,13,14,16,17,18,19,21,22,23,24,25,26,27,28,30,31,32],specifi:[0,2,4,5,6,11,12,13,14,16,17,18,19,21,23,26,27,28,29,32],speed:[0,7,16],split:[0,13,27],spuriou:23,ssi:0,stabil:[25,29,32],stabl:0,stack:[26,27,29,32],stage:27,stakehold:31,standalon:[15,25],standard:[0,5,7,10,12,13,14,16,23,25,29,32],start:[17,22,27],startup:29,state:[1,10,11,13,15,16,17,18,23,25,26,27,28,29],statement:0,statu:[5,8,9,11,13,14,16,17,18,20,25,27],status:26,statutori:0,std:0,stdint:29,steal:13,stem:29,step:[0,1,4,11,13,14,15,16,18,21,22,23,25,26,27,29],still:[5,6,10,30],stop:0,storag:[0,1,2,4,5,6,10,11,13,17,18,23,25,29,30,32],store:[0,1,2,4,5,6,7,10,11,13,17,23,27,28,29,31,32],strategi:[27,29],stream:[0,7,13,17,23,27,28],strength:17,strengthen:[0,14],strict:29,string:[0,5,17,18,21,23],strip:5,strongli:[7,27],struct:[23,29],structur:[0,1,4,5,7,12,21,23,25],style:27,sub:0,subject:[0,5],subsequ:[9,10,11,14,17,27],subset:[5,7,10,28,29,30,31],subsidiari:0,subsystem:4,subtl:28,subtyp:23,succe:[9,10,11,17],succeed:10,success:[1,2,4,5,8,9,11,13,14,16,17,18,19,21,25,26,27],successfulli:[10,11,13,14,18,21,26],suffer:10,suffici:[5,6,10,11,13,14,16,19,21,26,29,32],suggest:0,suit:[0,17],suitabl:[1,11,12,13,14,16,17,18,25,26,27],summari:28,supersed:7,suppli:[0,6,27,31],support:[1,3,5,6,7,10,12,15,23,24,25,27,28,31],suppos:21,surviv:[0,4],suspend:[15,23,25,27,29],symmetr:[0,3,5,6,11,12,13,25,26],synonym:29,syntax:[13,25],system:[0,4,26,27,28,29,31,32],systemat:26,tabl:[0,4,14,17,23],tag:[11,22,27],tag_length:[11,22,24],tag_siz:[11,22],take:[10,11,13,16,17,23,27,28,29],taken:[5,14,17,18],tamper:[0,10],target:[5,29,31],target_kei:[5,22],target_oper:[14,22],task:26,tdea:[0,7],technic:0,techniqu:[0,13,14,18],technolog:[0,7,18,28],temporari:[26,29,32],tend:29,tent:11,term:[23,25,27,29,31],termin:[0,4,10,11,13,14,18,26,27],terminolog:[0,23],test:[17,28],text:[0,27],than:[0,4,5,7,9,10,11,14,16,17,18,21,26,28,29],thei:[4,6,7,10,11,12,13,14,26,27,28,29,31,32],them:[4,17,23,27,29],themselv:28,theoret:29,therebi:[14,18],therefor:[1,17,27,31],therein:0,thereof:0,thereon:0,thi:[1,2,4,5,6,7,9,10,11,12,13,14,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32],thin:31,third:[0,4],those:[17,28,29],though:[26,31],thread:26,threat:[29,30],three:[5,17,28],through:[4,6,11,17,18,27,28,31],throughout:[4,27],thu:[17,31,32],time:[0,1,5,10,11,13,14,16,17,18,19,21,26,27,28,29,31],titl:[0,17],tls1:23,token:[25,28],too:[5,10,11,13,14,16,18,19,21,27],took:11,tool:0,top:[13,28],tort:0,total:[11,13,14],trade:0,trademark:0,trail:11,transfer:[0,4,14],translat:[0,31],transport:[0,7,17],treat:13,tripl:[0,5,7],trng:[27,31],truncat:[5,11,18,21],trust:[11,26,28,31],turn:11,twice:[13,17],two:[0,2,4,5,6,7,11,12,13,14,16,17,26,27,31,32],type:[0,3,5,8,15,16,19,21,22,23,25,27,28,32],typedef:[1,2,4,6,7,10,11,12,13,14,17,18,22,29],typic:[1,4,7,10,13,17,28,29,30,31],uint16_t:[7,17,22,29],uint32_t:[2,4,6,12,22,29],uint8_t:[4,5,7,11,13,14,16,17,18,19,20,21,22,26,29],unalloc:[7,12],unambigu:5,unauthent:[7,10,15,23,25,27],unbound:28,unchang:[7,17,26,29],uncompress:5,undefin:[7,9,13,26,27,32],under:[0,16,19,21,26],underli:[5,7,11,12,13,16,18,26,29,31],underscor:0,understand:0,undertaken:0,undetermin:[10,26],undon:11,unexpect:5,unifi:16,uninstal:4,uniqu:[13,27,28,31],unit:0,unless:[5,11,13,26,27,32],unlik:31,unlock:29,unmodifi:26,unpack:14,unprocess:14,unsign:[14,29],unspecifi:[1,2,5,7,10,11,16,17,18,19,21,26],unstructur:7,unsupport:[10,29],unsur:10,until:[0,2,4,11,13,14,18,26,27],untrunc:18,untrustworthi:31,unusu:23,updat:[0,5,13,17,23,27],upon:[0,28],upper:4,url:0,usabl:27,usag:[0,1,3,5,11,13,14,16,17,18,19,21,23,25,27,29],usage_flag:[6,22],use:[0,1,2,4,5,6,7,10,11,12,13,14,16,17,18,19,20,21,23,25,26,27,29,30,31],used:[0,1,2,4,5,6,7,10,11,12,13,14,16,17,18,19,21,22,23,26,27,28,29,30,31,32],useful:[5,27,31],user:[26,28,30],uses:[0,5,7,12,13,17,23,26,27,29,30],using:[0,1,2,4,5,6,7,10,11,13,14,16,17,18,19,21,23,26,27,29,31,32],usual:[16,17,21,27],v1_5:[19,21],valid:[0,1,2,4,5,6,7,10,11,13,14,16,17,18,19,21,23,24,26,27,28,29],valu:[0,1,2,3,5,6,7,10,11,12,13,14,16,17,18,19,21,22,23,24,25,26,27,29,31],variabl:[21,27],variant:[0,7,11,13,26,31],variou:[23,28],vast:[28,29],vector:[0,13,23,27],vendor:[4,11,24,26,29],ver:0,veri:28,verif:[6,10,18,21,27],verifi:[0,6,10,14,18,21,26,27,29],verify_messag:21,versa:26,version:[0,4,5,7,8,13,14,17,19,21,24,25,26,27,29],via:[12,17,27],vice:26,view:17,violat:[0,26],virtual:28,visant:[0,7],visibl:[27,28],visit:0,volatil:[0,2,3,5,6,10,23,25,27,29,31],vote:0,vulner:[11,29],wai:[5,11,13,17,23,26,27,29,32],warn:[11,28],warranti:0,weak:[7,13,14,17,28],websit:0,weierstrass:[5,16,17],welcom:0,well:[10,16,23,28,32],were:[0,11,13,26,28],what:[0,4,5,6,17,23,26,27],when:[0,1,2,4,5,6,7,10,11,13,14,16,17,18,21,23,26,27,28,29,32],whenev:10,where:[1,4,5,6,10,11,13,14,16,17,18,19,21,26,27,28,29,31,32],whether:[1,4,5,6,7,10,11,12,13,14,16,17,18,19,20,21,26],which:[0,1,2,4,5,6,7,10,11,12,13,14,16,17,18,22,23,26,27,28,29,31,32],whilst:23,who:[0,31],whole:[5,11,13,17,27,28],whose:[0,10,13,17,21,23,26,29],wide:[28,30],wildcard:[5,6,12,21],wipe:[4,29,32],wireless:28,wise:[0,16,17],wish:26,within:[0,2,4,7,23,27,29],without:[0,1,2,4,5,11,13,14,17,18,21,23,27,29],word:[0,14,32],work:27,workshop:0,world:26,worldwid:0,would:[10,23,31],wrap:[4,6,23],writabl:26,write:[2,4,6,7,10,12,26,27],writer:[10,32],written:[0,2,4,5,10,11,13,14,16,17,18,19,21,29,32],wrong:[5,27],wrote:26,www:0,x00000000:[4,12,22],x00000001:[2,4,6,12,22],x00000002:[6,22],x00000004:[6,22],x000000:[4,22],x000000ff:[4,22,24],x00000100:[6,22],x000001:[4,22],x000001ff:24,x00000200:[6,22],x00000400:[6,22],x00000800:[6,22],x00001000:[6,22],x00002000:[6,22],x00004000:[6,22],x0000:[7,22],x0001:7,x003f0000:24,x00:[4,7,22],x00ff:24,x01:[4,22],x02000000:24,x02000001:[14,22],x02000002:[14,22],x02000003:[14,22],x02000004:[14,22],x02000005:[14,22],x02000008:[14,22],x02000009:[14,22],x0200000a:[14,22],x0200000b:[14,22],x0200000c:[14,22],x0200000d:[14,22],x02000010:[14,22],x02000011:[14,22],x02000012:[14,22],x02000013:[14,22],x02000014:[14,22],x020000ff:[21,22],x03000000:24,x03800000:24,x03:[7,22],x03c00000:24,x03c00100:[18,22],x03c00200:[18,22],x04404000:[13,22],x04404100:[13,22],x04404400:[13,22],x0440ff00:[13,22],x04800000:24,x04800100:[13,22],x04c01000:[13,22],x04c01100:[13,22],x04c01200:[13,22],x05000000:24,x05000500:24,x05100500:[11,22],x05400000:24,x05400100:24,x05400200:24,x05500100:[11,22],x05500200:[11,22],x06000000:24,x06000200:[21,22,24],x06000300:24,x06000600:[21,22,24],x06000700:24,x07000000:24,x07000200:[19,22],x07000300:24,x08000000:24,x08000100:24,x08000200:24,x08000300:24,x09000000:24,x09010000:[16,22,24],x09020000:[16,22,24],x1000:24,x1001:[7,22],x1100:[7,22],x1200:[7,22],x12:[7,22],x17:[7,22],x1b:[7,22],x2000:24,x2002:[7,22],x2004:[7,22],x22:[7,22],x2301:[7,22],x2400:[7,22],x2403:[7,22],x2405:[7,22],x25519:[5,16],x27:[7,22],x2b:[7,22],x3000:24,x30:[7,22],x33:[7,22],x3f:24,x3fffffff:[2,22],x40000000:[2,22],x4000:24,x4001:[7,22,24],x4100:24,x41:[7,22],x4200:24,x448:[5,16],x7000:24,x7001:[7,22],x7100:24,x7200:24,x7f000000:24,x7f00ffff:24,x7f400000:24,x7f800000:24,x7f:7,x7fc00000:24,x7fc0ff00:24,x7fff0000:24,x7fff:7,x7fffffff:[2,12,22],x80000000:12,x8000:7,x80:7,x_p:5,xex:13,xfe00ffff:24,xff00:24,xff:[4,7,22],xffff0000:24,xffff:7,xffffffff:12,xor:13,y_p:5,yet:[11,13,14,17,18,26],you:0,your:0,zero:[1,5,7,10,11,12,13,14,16,17,18,19,21,23,27,29]},titles:["About this document","9.1. Key attributes","9.4. Key identifiers","9. Key management reference","9.3. Key lifetimes","9.6. Key management functions","9.5. Key policies","9.2. Key types","8. Library management reference","8.2. PSA Crypto library","8.1. PSA status codes","10.5. Authenticated encryption with associated data (AEAD)","10.1. Algorithms","10.4. Unauthenticated ciphers","10.2. Message digests","10. Cryptographic operation reference","10.9. Key agreement","10.6. Key derivation","10.3. Message authentication codes (MAC)","10.8. Asymmetric encryption","10.10. Other cryptographic services","10.7. Asymmetric signature","Example header file","Changes to the API","Example macro implementations","PSA Cryptography API 1.0","5. Library conventions","3. Functionality overview","2. Design goals","6. Implementation considerations","1. Introduction","4. Sample architectures","7. Usage considerations"],titleterms:{"case":28,"export":5,"function":[1,2,4,5,6,7,9,11,13,14,16,17,18,19,20,21,27],"return":26,TLS:28,abbrevi:0,about:0,accessor:[2,4,7],addit:23,aead:[11,27],after:32,agreement:[16,27],algorithm:[6,11,12,13,14,16,17,18,19,21,24,26,28],alwai:32,api:[9,23,25,27],applic:31,architectur:31,arm:0,aspect:29,assembl:0,associ:11,assumpt:29,asymmetr:[19,21,27],attack:29,attest:28,attribut:[1,2,4,7],authent:[11,18,27],behavior:26,beta:23,between:[23,26],book:0,boot:28,buffer:26,call:26,categori:[7,12],chang:[0,23],check:32,choic:28,cipher:13,clarif:23,clean:32,cleanup:29,client:31,code:[10,18,27],combin:16,concurr:[26,32],confidenti:0,consider:[29,32],constrain:28,convent:[0,26],creation:5,credenti:28,crypto:[9,22],cryptograph:[15,20,29,31],cryptographi:[25,27],cryptoprocessor:31,curv:7,data:11,decrypt:27,deriv:[16,17,27],descript:0,design:28,destruct:5,detect:29,devic:28,diffi:7,digest:[14,27],document:[0,23],eas:28,ellipt:7,encod:[4,7,12],encrypt:[11,19,27],error:[10,26,29,32],exampl:[22,24,27,28],factori:28,feedback:0,field:14,file:22,fix:23,flag:6,format:14,futur:23,gener:[20,27],goal:28,handl:26,hardwar:29,hash:[14,24,27],header:22,hellman:7,histori:23,identifi:[2,27],implement:[2,4,6,7,24,29],indic:4,indirect:29,inform:0,initi:9,input:[17,26],interfac:[28,29],introduct:30,isol:28,kei:[1,2,3,4,5,6,7,16,17,24,26,27,29,31],keystor:28,level:4,librari:[8,9,26,27],licenc:0,lifetim:[4,27],locat:4,mac:[18,27],macro:[1,2,4,5,6,7,9,10,11,12,13,14,16,17,18,19,21,24,29],manag:[1,3,5,8,27,29],materi:29,memori:[29,32],messag:[14,18,27],minimum:27,multi:[11,13,14,18,27,31],network:28,non:0,note:[2,4,6,7],number:[0,20],object:29,oper:[11,13,14,15,18,27],option:28,other:[0,20,23,29],output:[26,29],overlap:26,overview:27,pair:28,paramet:26,part:[11,13,14,18,27],partit:31,permit:6,persist:4,philosophi:29,plan:23,platform:29,pointer:26,polici:[6,27],port:29,potenti:0,process:17,processor:31,profil:29,provis:28,psa:[9,10,22,25],psa_aead_abort:11,psa_aead_decrypt:11,psa_aead_decrypt_output_max_s:11,psa_aead_decrypt_output_s:11,psa_aead_decrypt_setup:11,psa_aead_encrypt:11,psa_aead_encrypt_output_max_s:11,psa_aead_encrypt_output_s:11,psa_aead_encrypt_setup:11,psa_aead_finish:11,psa_aead_finish_output_max_s:11,psa_aead_finish_output_s:11,psa_aead_generate_nonc:11,psa_aead_nonce_length:11,psa_aead_nonce_max_s:11,psa_aead_operation_init:11,psa_aead_operation_t:11,psa_aead_set_length:11,psa_aead_set_nonc:11,psa_aead_tag_length:11,psa_aead_tag_max_s:11,psa_aead_upd:11,psa_aead_update_ad:11,psa_aead_update_output_max_s:11,psa_aead_update_output_s:11,psa_aead_verifi:11,psa_aead_verify_output_max_s:11,psa_aead_verify_output_s:11,psa_alg_aead_with_default_length_tag:11,psa_alg_aead_with_shortened_tag:11,psa_alg_any_hash:21,psa_alg_cbc_mac:18,psa_alg_cbc_no_pad:13,psa_alg_cbc_pkcs7:13,psa_alg_ccm:11,psa_alg_cfb:13,psa_alg_chacha20_poly1305:11,psa_alg_cmac:18,psa_alg_ctr:13,psa_alg_deterministic_ecdsa:21,psa_alg_ecb_no_pad:13,psa_alg_ecdh:16,psa_alg_ecdsa:21,psa_alg_ecdsa_ani:21,psa_alg_ffdh:16,psa_alg_full_length_mac:18,psa_alg_gcm:11,psa_alg_get_hash:12,psa_alg_hkdf:17,psa_alg_hmac:18,psa_alg_is_aead:12,psa_alg_is_aead_on_block_ciph:11,psa_alg_is_asymmetric_encrypt:12,psa_alg_is_block_cipher_mac:18,psa_alg_is_ciph:12,psa_alg_is_deterministic_ecdsa:21,psa_alg_is_ecdh:16,psa_alg_is_ecdsa:21,psa_alg_is_ffdh:16,psa_alg_is_hash:12,psa_alg_is_hash_and_sign:21,psa_alg_is_hkdf:17,psa_alg_is_hmac:18,psa_alg_is_key_agr:12,psa_alg_is_key_deriv:12,psa_alg_is_mac:12,psa_alg_is_randomized_ecdsa:21,psa_alg_is_raw_key_agr:16,psa_alg_is_rsa_oaep:19,psa_alg_is_rsa_pkcs1v15_sign:21,psa_alg_is_rsa_pss:21,psa_alg_is_sign:12,psa_alg_is_sign_hash:21,psa_alg_is_sign_messag:21,psa_alg_is_stream_ciph:13,psa_alg_is_tls12_prf:17,psa_alg_is_tls12_psk_to_m:17,psa_alg_is_wildcard:12,psa_alg_key_agr:16,psa_alg_key_agreement_get_bas:16,psa_alg_key_agreement_get_kdf:16,psa_alg_md2:14,psa_alg_md4:14,psa_alg_md5:14,psa_alg_non:12,psa_alg_ofb:13,psa_alg_ripemd160:14,psa_alg_rsa_oaep:19,psa_alg_rsa_pkcs1v15_crypt:19,psa_alg_rsa_pkcs1v15_sign:21,psa_alg_rsa_pkcs1v15_sign_raw:21,psa_alg_rsa_pss:21,psa_alg_sha3_224:14,psa_alg_sha3_256:14,psa_alg_sha3_384:14,psa_alg_sha3_512:14,psa_alg_sha_1:14,psa_alg_sha_224:14,psa_alg_sha_256:14,psa_alg_sha_384:14,psa_alg_sha_512:14,psa_alg_sha_512_224:14,psa_alg_sha_512_256:14,psa_alg_sm3:14,psa_alg_stream_ciph:13,psa_alg_tls12_prf:17,psa_alg_tls12_psk_to_m:17,psa_alg_truncated_mac:18,psa_alg_xt:13,psa_algorithm_t:12,psa_asymmetric_decrypt:19,psa_asymmetric_decrypt_output_max_s:19,psa_asymmetric_decrypt_output_s:19,psa_asymmetric_encrypt:19,psa_asymmetric_encrypt_output_max_s:19,psa_asymmetric_encrypt_output_s:19,psa_block_cipher_block_length:13,psa_block_cipher_block_max_s:13,psa_cipher_abort:13,psa_cipher_decrypt:13,psa_cipher_decrypt_output_max_s:13,psa_cipher_decrypt_output_s:13,psa_cipher_decrypt_setup:13,psa_cipher_encrypt:13,psa_cipher_encrypt_output_max_s:13,psa_cipher_encrypt_output_s:13,psa_cipher_encrypt_setup:13,psa_cipher_finish:13,psa_cipher_finish_output_max_s:13,psa_cipher_finish_output_s:13,psa_cipher_generate_iv:13,psa_cipher_iv_length:13,psa_cipher_iv_max_s:13,psa_cipher_operation_init:13,psa_cipher_operation_t:13,psa_cipher_set_iv:13,psa_cipher_upd:13,psa_cipher_update_output_max_s:13,psa_cipher_update_output_s:13,psa_copy_kei:5,psa_crypto_api_version_major:9,psa_crypto_api_version_minor:9,psa_crypto_init:9,psa_destroy_kei:5,psa_dh_family_rfc7919:7,psa_dh_family_t:7,psa_ecc_family_brainpool_p_r1:7,psa_ecc_family_frp:7,psa_ecc_family_montgomeri:7,psa_ecc_family_secp_k1:7,psa_ecc_family_secp_r1:7,psa_ecc_family_secp_r2:7,psa_ecc_family_sect_k1:7,psa_ecc_family_sect_r1:7,psa_ecc_family_sect_r2:7,psa_ecc_family_t:7,psa_error_already_exist:10,psa_error_bad_st:10,psa_error_buffer_too_smal:10,psa_error_communication_failur:10,psa_error_corruption_detect:10,psa_error_data_corrupt:10,psa_error_data_invalid:10,psa_error_does_not_exist:10,psa_error_generic_error:10,psa_error_hardware_failur:10,psa_error_insufficient_data:10,psa_error_insufficient_entropi:10,psa_error_insufficient_memori:10,psa_error_insufficient_storag:10,psa_error_invalid_argu:10,psa_error_invalid_handl:10,psa_error_invalid_pad:10,psa_error_invalid_signatur:10,psa_error_not_permit:10,psa_error_not_support:10,psa_error_storage_failur:10,psa_export_kei:5,psa_export_key_output_s:5,psa_export_key_pair_max_s:5,psa_export_public_kei:5,psa_export_public_key_max_s:5,psa_export_public_key_output_s:5,psa_generate_kei:5,psa_generate_random:20,psa_get_key_algorithm:6,psa_get_key_attribut:1,psa_get_key_bit:7,psa_get_key_id:2,psa_get_key_lifetim:4,psa_get_key_typ:7,psa_get_key_usage_flag:6,psa_hash_abort:14,psa_hash_block_length:14,psa_hash_clon:14,psa_hash_compar:14,psa_hash_comput:14,psa_hash_finish:14,psa_hash_length:14,psa_hash_max_s:14,psa_hash_operation_init:14,psa_hash_operation_t:14,psa_hash_resum:14,psa_hash_setup:14,psa_hash_suspend:14,psa_hash_suspend_algorithm_field_length:14,psa_hash_suspend_hash_state_field_length:14,psa_hash_suspend_input_length_field_length:14,psa_hash_suspend_output_max_s:14,psa_hash_suspend_output_s:14,psa_hash_upd:14,psa_hash_verifi:14,psa_import_kei:5,psa_key_attributes_init:1,psa_key_attributes_t:1,psa_key_derivation_abort:17,psa_key_derivation_get_capac:17,psa_key_derivation_input_byt:17,psa_key_derivation_input_context:17,psa_key_derivation_input_info:17,psa_key_derivation_input_kei:17,psa_key_derivation_input_label:17,psa_key_derivation_input_salt:17,psa_key_derivation_input_se:17,psa_key_derivation_input_secret:17,psa_key_derivation_key_agr:16,psa_key_derivation_operation_init:17,psa_key_derivation_operation_t:17,psa_key_derivation_output_byt:17,psa_key_derivation_output_kei:17,psa_key_derivation_set_capac:17,psa_key_derivation_setup:17,psa_key_derivation_step_t:17,psa_key_derivation_unlimited_capac:17,psa_key_id_nul:2,psa_key_id_t:2,psa_key_id_user_max:2,psa_key_id_user_min:2,psa_key_id_vendor_max:2,psa_key_id_vendor_min:2,psa_key_lifetime_from_persistence_and_loc:4,psa_key_lifetime_get_loc:4,psa_key_lifetime_get_persist:4,psa_key_lifetime_is_volatil:4,psa_key_lifetime_persist:4,psa_key_lifetime_t:4,psa_key_lifetime_volatil:4,psa_key_location_local_storag:4,psa_key_location_primary_secure_el:4,psa_key_location_t:4,psa_key_persistence_default:4,psa_key_persistence_read_onli:4,psa_key_persistence_t:4,psa_key_persistence_volatil:4,psa_key_type_a:7,psa_key_type_arc4:7,psa_key_type_camellia:7,psa_key_type_chacha20:7,psa_key_type_d:7,psa_key_type_der:7,psa_key_type_dh_get_famili:7,psa_key_type_dh_key_pair:7,psa_key_type_dh_public_kei:7,psa_key_type_ecc_get_famili:7,psa_key_type_ecc_key_pair:7,psa_key_type_ecc_public_kei:7,psa_key_type_hmac:7,psa_key_type_is_asymmetr:7,psa_key_type_is_dh:7,psa_key_type_is_dh_key_pair:7,psa_key_type_is_dh_public_kei:7,psa_key_type_is_ecc:7,psa_key_type_is_ecc_key_pair:7,psa_key_type_is_ecc_public_kei:7,psa_key_type_is_key_pair:7,psa_key_type_is_public_kei:7,psa_key_type_is_rsa:7,psa_key_type_is_unstructur:7,psa_key_type_key_pair_of_public_kei:7,psa_key_type_non:7,psa_key_type_public_key_of_key_pair:7,psa_key_type_raw_data:7,psa_key_type_rsa_key_pair:7,psa_key_type_rsa_public_kei:7,psa_key_type_sm4:7,psa_key_type_t:7,psa_key_usage_cach:6,psa_key_usage_copi:6,psa_key_usage_decrypt:6,psa_key_usage_der:6,psa_key_usage_encrypt:6,psa_key_usage_export:6,psa_key_usage_sign_hash:6,psa_key_usage_sign_messag:6,psa_key_usage_t:6,psa_key_usage_verify_hash:6,psa_key_usage_verify_messag:6,psa_mac_abort:18,psa_mac_comput:18,psa_mac_length:18,psa_mac_max_s:18,psa_mac_operation_init:18,psa_mac_operation_t:18,psa_mac_sign_finish:18,psa_mac_sign_setup:18,psa_mac_upd:18,psa_mac_verifi:18,psa_mac_verify_finish:18,psa_mac_verify_setup:18,psa_purge_kei:5,psa_raw_key_agr:16,psa_raw_key_agreement_output_max_s:16,psa_raw_key_agreement_output_s:16,psa_reset_key_attribut:1,psa_set_key_algorithm:6,psa_set_key_bit:7,psa_set_key_id:2,psa_set_key_lifetim:4,psa_set_key_typ:7,psa_set_key_usage_flag:6,psa_sign_hash:21,psa_sign_messag:21,psa_sign_output_s:21,psa_signature_max_s:21,psa_status_t:10,psa_success:10,psa_tls12_psk_to_ms_psk_max_s:17,psa_verify_hash:21,psa_verify_messag:21,pseudocod:0,random:[20,27],recommend:[27,29,32],refer:[0,3,8,15,29],referenc:0,releas:0,requir:29,resist:29,resourc:29,rsa:7,safe:29,sampl:31,secur:[28,29,32],servic:20,share:32,sign:27,signatur:21,singl:[11,13,14,18,27,31],size:[14,26],specif:29,stabil:26,standalon:16,standard:[17,27],state:[14,24],statu:[10,26],step:17,storag:[28,31],structur:26,success:10,suitabl:28,support:[4,11,13,14,16,17,18,19,21,29],suspend:[14,24],symmetr:[7,27],syntax:0,term:0,thi:0,token:31,type:[1,2,4,6,7,10,11,12,13,14,17,18,24,26,29],typograph:0,unauthent:13,usag:[6,32],use:[28,32],valu:4,version:[9,23],volatil:4}})
\ No newline at end of file
